From d8907e698e80e99a6fbcec77e4015949d197f8d9 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Thu, 31 Mar 2005 00:00:00 -0500 Subject: [PATCH] postfix-2.3-20050331 --- postfix/COMPATIBILITY | 4 +- postfix/HISTORY | 9 +++ postfix/conf/header_checks | 99 +++++++++++++++---------------- postfix/html/header_checks.5.html | 97 +++++++++++++++--------------- postfix/makedefs | 8 ++- postfix/man/man5/header_checks.5 | 7 +-- postfix/proto/header_checks | 7 +-- postfix/src/global/dsn_util.h | 4 +- postfix/src/global/mail_version.h | 2 +- postfix/src/smtpstone/smtp-sink.c | 21 ++++--- postfix/src/tls/tls_client.c | 10 +++- postfix/src/util/sys_defs.h | 5 ++ 12 files changed, 150 insertions(+), 123 deletions(-) diff --git a/postfix/COMPATIBILITY b/postfix/COMPATIBILITY index 7cce6106f..354931975 100644 --- a/postfix/COMPATIBILITY +++ b/postfix/COMPATIBILITY @@ -13,7 +13,7 @@ content filter yes (before and after queue, internal and external) db tables yes (compile time option) dbm tables yes (compile time option) delivered-to yes (configurable with prepend_delivered_header) -dsn not yet (bounces have DSN form) +dsn almost (supports enhanced status codes and DSN format bounces) errors-to: yes (disabled by default since Postfix 2.1) esmtp yes etrn support yes (per-destination log for authorized destinations only) @@ -60,7 +60,7 @@ sendmail.cf no (uses table-driven address rewriting) size option yes, server and client smarthost yes (specify relayhost in main.cf) spf yes (delegated policy script) -starttls yes +starttls yes (compile time option) tcp wrapper no (use built-in blacklist facility) user+extension yes (also: .forward+extension) user-extension yes (also: .forward-extension) diff --git a/postfix/HISTORY b/postfix/HISTORY index 4a5479cef..e9128c38d 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -10574,6 +10574,15 @@ Apologies for any names omitted. Bug introduced 20050329 while polishing working code. Files: smtp/smtp_chat.c, lmtp/lmtp_chat.c. + Feature: add enhanced status code support to the smtp-sink + test program. File: smtpstone/smtp-sink.c. + +20050331 + + Workarounds for ancient gcc compilers that can't handle + valid C. Bugs reported by Victor Duchovni. Files: + util/sys_defs.h, global/dsn_util.h, tls/tls_client.c. + Open problems: Med: disable header address rewriting after XCLIENT? diff --git a/postfix/conf/header_checks b/postfix/conf/header_checks index 10dcea1d0..0389acf58 100644 --- a/postfix/conf/header_checks +++ b/postfix/conf/header_checks @@ -203,14 +203,13 @@ # triggered the PREPEND action. # # o The prepended text is not considered part of -# the input stream. Unlike the result from the -# REPLACE action, prepended text is not sub- -# ject to header/body checks or address -# rewriting, and does not affect the way that -# Postfix adds missing message headers. +# the input stream: it is not subject to +# header/body checks or address rewriting, and +# it does not affect the way that Postfix adds +# missing message headers. # # o When prepending text before a message header -# line, the prepended text must begin with a +# line, the prepended text must begin with a # valid message header label. # # o This action cannot be used to prepend multi- @@ -219,46 +218,46 @@ # This feature is available in Postfix 2.1 and later. # # REDIRECT user@domain -# Write a message redirection request to the queue -# file and inspect the next input line. After the +# Write a message redirection request to the queue +# file and inspect the next input line. After the # message is queued, it will be sent to the specified # address instead of the intended recipient(s). # -# Note: this action overrides the FILTER action, and -# affects all recipients of the message. If multiple -# REDIRECT actions fire, only the last one is exe- +# Note: this action overrides the FILTER action, and +# affects all recipients of the message. If multiple +# REDIRECT actions fire, only the last one is exe- # cuted. # # This feature is available in Postfix 2.1 and later. # # REPLACE text... -# Replace the current line with the specified text +# Replace the current line with the specified text # and inspect the next input line. # # This feature is available in Postfix 2.2 and later. -# The description below applies to Postfix 2.2.2 and +# The description below applies to Postfix 2.2.2 and # later. # # Notes: # -# o When replacing a message header line, the -# replacement text must begin with a valid +# o When replacing a message header line, the +# replacement text must begin with a valid # header label. # -# o The replaced text remains part of the input -# stream. Unlike the result from the PREPEND -# action, a replaced message header may be -# subject to address rewriting and may affect -# the way that Postfix adds missing message +# o The replaced text remains part of the input +# stream. Unlike the result from the PREPEND +# action, a replaced message header may be +# subject to address rewriting and may affect +# the way that Postfix adds missing message # headers. # # REJECT optional text... -# Reject the entire message. Reply with optional +# Reject the entire message. Reply with optional # text... when the optional text is specified, other- # wise reply with a generic error message. # -# Note: this action disables further header or -# body_checks inspection of the current message and +# Note: this action disables further header or +# body_checks inspection of the current message and # affects all recipients. # # Postfix version 2.3 and later support enhanced sta- @@ -267,26 +266,26 @@ # enhanced status code of "5.7.1". # # WARN optional text... -# Log a warning with the optional text... (or log a -# generic message) and inspect the next input line. +# Log a warning with the optional text... (or log a +# generic message) and inspect the next input line. # This action is useful for debugging and for testing # a pattern before applying more drastic actions. # # BUGS -# Many people overlook the main limitations of header and -# body_checks rules. These rules operate on one logical -# message header or one body line at a time, and a decision -# made for one line is not carried over to the next line. +# Many people overlook the main limitations of header and +# body_checks rules. These rules operate on one logical +# message header or one body line at a time, and a decision +# made for one line is not carried over to the next line. # If text in the message body is encoded (RFC 2045) then the -# rules have to specified for the encoded form. Likewise, +# rules have to specified for the encoded form. Likewise, # when message headers are encoded (RFC 2047) then the rules # need to be specified for the encoded form. # -# Message headers added by the cleanup(8) daemon itself are +# Message headers added by the cleanup(8) daemon itself are # excluded from inspection. Examples of such message headers # are From:, To:, Message-ID:, Date:. # -# Message headers deleted by the cleanup(8) daemon will be +# Message headers deleted by the cleanup(8) daemon will be # examined before they are deleted. Examples are: Bcc:, Con- # tent-Length:, Return-Path:. # @@ -294,11 +293,11 @@ # body_checks # Lookup tables with content filter rules for message # body lines. These filters see one physical line at -# a time, in chunks of at most $line_length_limit +# a time, in chunks of at most $line_length_limit # bytes. # # body_checks_size_limit -# The amount of content per message body segment +# The amount of content per message body segment # (attachment) that is subjected to $body_checks fil- # tering. # @@ -308,32 +307,32 @@ # # nested_header_checks (default: $header_checks) # Lookup tables with content filter rules for message -# header lines: respectively, these are applied to -# the initial message headers (not including MIME -# headers), to the MIME headers anywhere in the mes- -# sage, and to the initial headers of attached mes- +# header lines: respectively, these are applied to +# the initial message headers (not including MIME +# headers), to the MIME headers anywhere in the mes- +# sage, and to the initial headers of attached mes- # sages. # -# Note: these filters see one logical message header -# at a time, even when a message header spans multi- -# ple lines. Message headers that are longer than +# Note: these filters see one logical message header +# at a time, even when a message header spans multi- +# ple lines. Message headers that are longer than # $header_size_limit characters are truncated. # # disable_mime_input_processing -# While receiving mail, give no special treatment to -# MIME related message headers; all text after the +# While receiving mail, give no special treatment to +# MIME related message headers; all text after the # initial message headers is considered to be part of -# the message body. This means that header_checks is -# applied to all the initial message headers, and +# the message body. This means that header_checks is +# applied to all the initial message headers, and # that body_checks is applied to the remainder of the # message. # -# Note: when used in this manner, body_checks will -# process a multi-line message header one line at a +# Note: when used in this manner, body_checks will +# process a multi-line message header one line at a # time. # # EXAMPLES -# Header pattern to block attachments with bad file name +# Header pattern to block attachments with bad file name # extensions. # # /etc/postfix/main.cf: @@ -365,7 +364,7 @@ # RFC 2047, message header encoding for non-ASCII text # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # DATABASE_README, Postfix lookup table overview # CONTENT_INSPECTION_README, Postfix content inspection overview @@ -373,7 +372,7 @@ # BACKSCATTER_README, blocking returned forged mail # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/postfix/html/header_checks.5.html b/postfix/html/header_checks.5.html index 89e533ecb..38dfa8eb4 100644 --- a/postfix/html/header_checks.5.html +++ b/postfix/html/header_checks.5.html @@ -209,14 +209,13 @@ HEADER_CHECKS(5) HEADER_CHECKS(5) triggered the PREPEND action. o The prepended text is not considered part of - the input stream. Unlike the result from the - REPLACE action, prepended text is not sub- - ject to header/body checks or address - rewriting, and does not affect the way that - Postfix adds missing message headers. + the input stream: it is not subject to + header/body checks or address rewriting, and + it does not affect the way that Postfix adds + missing message headers. o When prepending text before a message header - line, the prepended text must begin with a + line, the prepended text must begin with a valid message header label. o This action cannot be used to prepend multi- @@ -225,46 +224,46 @@ HEADER_CHECKS(5) HEADER_CHECKS(5) This feature is available in Postfix 2.1 and later. REDIRECT user@domain - Write a message redirection request to the queue - file and inspect the next input line. After the + Write a message redirection request to the queue + file and inspect the next input line. After the message is queued, it will be sent to the specified address instead of the intended recipient(s). - Note: this action overrides the FILTER action, and - affects all recipients of the message. If multiple - REDIRECT actions fire, only the last one is exe- + Note: this action overrides the FILTER action, and + affects all recipients of the message. If multiple + REDIRECT actions fire, only the last one is exe- cuted. This feature is available in Postfix 2.1 and later. REPLACE text... - Replace the current line with the specified text + Replace the current line with the specified text and inspect the next input line. This feature is available in Postfix 2.2 and later. - The description below applies to Postfix 2.2.2 and + The description below applies to Postfix 2.2.2 and later. Notes: - o When replacing a message header line, the - replacement text must begin with a valid + o When replacing a message header line, the + replacement text must begin with a valid header label. - o The replaced text remains part of the input - stream. Unlike the result from the PREPEND - action, a replaced message header may be - subject to address rewriting and may affect - the way that Postfix adds missing message + o The replaced text remains part of the input + stream. Unlike the result from the PREPEND + action, a replaced message header may be + subject to address rewriting and may affect + the way that Postfix adds missing message headers. REJECT optional text... - Reject the entire message. Reply with optional + Reject the entire message. Reply with optional text... when the optional text is specified, other- wise reply with a generic error message. - Note: this action disables further header or - body_checks inspection of the current message and + Note: this action disables further header or + body_checks inspection of the current message and affects all recipients. Postfix version 2.3 and later support enhanced sta- @@ -273,26 +272,26 @@ HEADER_CHECKS(5) HEADER_CHECKS(5) enhanced status code of "5.7.1". WARN optional text... - Log a warning with the optional text... (or log a - generic message) and inspect the next input line. + Log a warning with the optional text... (or log a + generic message) and inspect the next input line. This action is useful for debugging and for testing a pattern before applying more drastic actions. BUGS - Many people overlook the main limitations of header and - body_checks rules. These rules operate on one logical - message header or one body line at a time, and a decision - made for one line is not carried over to the next line. + Many people overlook the main limitations of header and + body_checks rules. These rules operate on one logical + message header or one body line at a time, and a decision + made for one line is not carried over to the next line. If text in the message body is encoded (RFC 2045) then the - rules have to specified for the encoded form. Likewise, + rules have to specified for the encoded form. Likewise, when message headers are encoded (RFC 2047) then the rules need to be specified for the encoded form. - Message headers added by the cleanup(8) daemon itself are + Message headers added by the cleanup(8) daemon itself are excluded from inspection. Examples of such message headers are From:, To:, Message-ID:, Date:. - Message headers deleted by the cleanup(8) daemon will be + Message headers deleted by the cleanup(8) daemon will be examined before they are deleted. Examples are: Bcc:, Con- tent-Length:, Return-Path:. @@ -300,11 +299,11 @@ HEADER_CHECKS(5) HEADER_CHECKS(5) body_checks Lookup tables with content filter rules for message body lines. These filters see one physical line at - a time, in chunks of at most $line_length_limit + a time, in chunks of at most $line_length_limit bytes. body_checks_size_limit - The amount of content per message body segment + The amount of content per message body segment (attachment) that is subjected to $body_checks fil- tering. @@ -314,32 +313,32 @@ HEADER_CHECKS(5) HEADER_CHECKS(5) nested_header_checks (default: $header_checks) Lookup tables with content filter rules for message - header lines: respectively, these are applied to - the initial message headers (not including MIME - headers), to the MIME headers anywhere in the mes- - sage, and to the initial headers of attached mes- + header lines: respectively, these are applied to + the initial message headers (not including MIME + headers), to the MIME headers anywhere in the mes- + sage, and to the initial headers of attached mes- sages. - Note: these filters see one logical message header - at a time, even when a message header spans multi- - ple lines. Message headers that are longer than + Note: these filters see one logical message header + at a time, even when a message header spans multi- + ple lines. Message headers that are longer than $header_size_limit characters are truncated. disable_mime_input_processing - While receiving mail, give no special treatment to - MIME related message headers; all text after the + While receiving mail, give no special treatment to + MIME related message headers; all text after the initial message headers is considered to be part of - the message body. This means that header_checks is - applied to all the initial message headers, and + the message body. This means that header_checks is + applied to all the initial message headers, and that body_checks is applied to the remainder of the message. - Note: when used in this manner, body_checks will - process a multi-line message header one line at a + Note: when used in this manner, body_checks will + process a multi-line message header one line at a time. EXAMPLES - Header pattern to block attachments with bad file name + Header pattern to block attachments with bad file name extensions. /etc/postfix/main.cf: @@ -377,7 +376,7 @@ HEADER_CHECKS(5) HEADER_CHECKS(5) BACKSCATTER_README, blocking returned forged mail LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/makedefs b/postfix/makedefs index ee5508c5b..5565f25d4 100644 --- a/postfix/makedefs +++ b/postfix/makedefs @@ -379,9 +379,15 @@ case "$CC" in *CC) error "Don't use CC. That's the C++ compiler";; *) : ${OPT='-O'};; esac +# +# "gcc -W" 3.4.2 no longer reports functions that fail to return a +# result. Use "gcc -Wall -Wno-comment" instead. We'll figure out +# later if the other -Wmumble options are really redundant. Having +# een burned once by a compiler that lies about what warnings it +# produces, not taking that chance again. : ${CC='gcc $(WARN)'} ${OPT='-O'} ${DEBUG='-g'} ${AWK=awk} \ -${WARN='-W -Wformat -Wimplicit -Wmissing-prototypes \ +${WARN='-Wall -Wno-comment -Wformat -Wimplicit -Wmissing-prototypes \ -Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \ -Wunused'} diff --git a/postfix/man/man5/header_checks.5 b/postfix/man/man5/header_checks.5 index e8954116d..a376859a0 100644 --- a/postfix/man/man5/header_checks.5 +++ b/postfix/man/man5/header_checks.5 @@ -195,10 +195,9 @@ The prepended text is output on a separate line, immediately before the input that triggered the \fBPREPEND\fR action. .IP \(bu The prepended text is not considered part of the input -stream. Unlike the result from the \fBREPLACE\fR action, -prepended text is not subject to header/body checks or -address rewriting, and does not affect the way that Postfix -adds missing message headers. +stream: it is not subject to header/body checks or address +rewriting, and it does not affect the way that Postfix adds +missing message headers. .IP \(bu When prepending text before a message header line, the prepended text must begin with a valid message header label. diff --git a/postfix/proto/header_checks b/postfix/proto/header_checks index 45133981c..8ae1b465a 100644 --- a/postfix/proto/header_checks +++ b/postfix/proto/header_checks @@ -181,10 +181,9 @@ # before the input that triggered the \fBPREPEND\fR action. # .IP \(bu # The prepended text is not considered part of the input -# stream. Unlike the result from the \fBREPLACE\fR action, -# prepended text is not subject to header/body checks or -# address rewriting, and does not affect the way that Postfix -# adds missing message headers. +# stream: it is not subject to header/body checks or address +# rewriting, and it does not affect the way that Postfix adds +# missing message headers. # .IP \(bu # When prepending text before a message header line, the prepended # text must begin with a valid message header label. diff --git a/postfix/src/global/dsn_util.h b/postfix/src/global/dsn_util.h index f49aff9e2..eadb0975d 100644 --- a/postfix/src/global/dsn_util.h +++ b/postfix/src/global/dsn_util.h @@ -28,6 +28,8 @@ /* * Storage for an enhanced status code. Avoid using malloc for itty-bitty * strings with a known size limit. + * + * XXX gcc version 2 complains about sizeof() as format width specifier. */ typedef struct { char data[DSN_SIZE]; /* NOT a public interface */ @@ -36,7 +38,7 @@ typedef struct { #define DSN_UPDATE(dsn_buf, dsn, len) do { \ if (len >= sizeof((dsn_buf).data)) \ msg_panic("DSN_UPDATE: bad DSN code \"%.*s...\" length %d", \ - sizeof((dsn_buf).data) - 1, dsn, len); \ + INT_SIZEOF((dsn_buf).data) - 1, dsn, len); \ strncpy((dsn_buf).data, (dsn), (len)); \ (dsn_buf).data[len] = 0; \ } while (0) diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index de38eed80..93f5e8bd5 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change the patchlevel and the release date. Snapshots change the * release date only. */ -#define MAIL_RELEASE_DATE "20050330" +#define MAIL_RELEASE_DATE "20050331" #define MAIL_VERSION_NUMBER "2.3" #define VAR_MAIL_VERSION "mail_version" diff --git a/postfix/src/smtpstone/smtp-sink.c b/postfix/src/smtpstone/smtp-sink.c index f42e453c0..a385cfe0e 100644 --- a/postfix/src/smtpstone/smtp-sink.c +++ b/postfix/src/smtpstone/smtp-sink.c @@ -195,7 +195,7 @@ static void helo_response(SINK_STATE *state) static void ok_response(SINK_STATE *state) { - smtp_printf(state->stream, "250 Ok"); + smtp_printf(state->stream, "250 2.0.0 Ok"); smtp_flush(state->stream); } @@ -204,7 +204,8 @@ static void ok_response(SINK_STATE *state) static void mail_response(SINK_STATE *state) { state->rcpts = 0; - ok_response(state); + smtp_printf(state->stream, "250 2.1.0 Ok"); + smtp_flush(state->stream); } /* rcpt_response - bump recipient count, send 250 OK */ @@ -212,7 +213,8 @@ static void mail_response(SINK_STATE *state) static void rcpt_response(SINK_STATE *state) { state->rcpts++; - ok_response(state); + smtp_printf(state->stream, "250 2.1.5 Ok"); + smtp_flush(state->stream); } /* data_response - respond to DATA command */ @@ -240,10 +242,11 @@ static void dot_response(SINK_STATE *state) { if (enable_lmtp) { while (state->rcpts-- > 0) /* XXX this could block */ - ok_response(state); /* XXX this flushes too often */ + smtp_printf(state->stream, "250 2.2.0 Ok"); } else { - ok_response(state); + smtp_printf(state->stream, "250 2.0.0 Ok"); } + smtp_flush(state->stream); } /* quit_response - respond to QUIT command */ @@ -478,7 +481,7 @@ static int command_read(SINK_STATE *state) if (msg_verbose) msg_info("%s", ptr); if ((command = mystrtok(&ptr, " \t")) == 0) { - smtp_printf(state->stream, "500 Error: unknown command"); + smtp_printf(state->stream, "500 5.5.2 Error: unknown command"); smtp_flush(state->stream); return (0); } @@ -486,19 +489,19 @@ static int command_read(SINK_STATE *state) if (strcasecmp(command, cmdp->name) == 0) break; if (cmdp->name == 0 || (cmdp->flags & FLAG_ENABLE) == 0) { - smtp_printf(state->stream, "500 Error: unknown command"); + smtp_printf(state->stream, "500 5.5.1 Error: unknown command"); smtp_flush(state->stream); return (0); } if (cmdp->flags & FLAG_DISCONNECT) return (-1); if (cmdp->flags & FLAG_HARD_ERR) { - smtp_printf(state->stream, "500 Error: command failed"); + smtp_printf(state->stream, "500 5.3.0 Error: command failed"); smtp_flush(state->stream); return (0); } if (cmdp->flags & FLAG_SOFT_ERR) { - smtp_printf(state->stream, "450 Error: command failed"); + smtp_printf(state->stream, "450 4.3.0 Error: command failed"); smtp_flush(state->stream); return (0); } diff --git a/postfix/src/tls/tls_client.c b/postfix/src/tls/tls_client.c index 61b04eadb..263837129 100644 --- a/postfix/src/tls/tls_client.c +++ b/postfix/src/tls/tls_client.c @@ -396,12 +396,18 @@ SSL_CTX *tls_client_init(int unused_verifydepth) * OpenSSL can, however, automatically save newly created sessions for * us by callback (we create the session name in the call-back * function). + * + * XXX gcc 2.95 can't compile #ifdef .. #endif in the expansion of + * SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL_STORE | + * SSL_SESS_CACHE_NO_AUTO_CLEAR. */ +#ifndef SSL_SESS_CACHE_NO_INTERNAL_STORE +#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0 +#endif + SSL_CTX_set_session_cache_mode(client_ctx, SSL_SESS_CACHE_CLIENT | -#ifdef SSL_SESS_CACHE_NO_INTERNAL_STORE SSL_SESS_CACHE_NO_INTERNAL_STORE | -#endif SSL_SESS_CACHE_NO_AUTO_CLEAR); SSL_CTX_sess_set_new_cb(client_ctx, new_client_session_cb); } diff --git a/postfix/src/util/sys_defs.h b/postfix/src/util/sys_defs.h index 42a365896..9676882ef 100644 --- a/postfix/src/util/sys_defs.h +++ b/postfix/src/util/sys_defs.h @@ -1123,6 +1123,11 @@ typedef int WAIT_STATUS_T; #define OCTAL_TO_UNSIGNED(res, str) ((res) = strtoul((str), (char **) 0, 8)) #endif + /* + * Avoid useless type mis-matches when using sizeof in an integer context. + */ +#define INT_SIZEOF(foo) ((int) sizeof(foo)) + /* * Turn on the compatibility stuff. */