mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 18:07:41 +00:00
Code Issues Releases Wiki Activity

postfix-2.8-20101204

Browse Source
This commit is contained in:
Wietse Venema 2010-12-04 00:00:00 -05:00 committed by Viktor Dukhovni
parent 556b04bfed
commit e31ae1582b
28 changed files with 720 additions and 270 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
postfix/HISTORY
View File

@ -16205,3 +16205,30 @@ Apologies for any names omitted.
Workaround: BSD-ish mkdir() ignores the effective GID
and copies group ownership from the parent directory.
File: util/make_dirs.c.
20101202
Feature: the LDAP client can now authenticate to LDAP servers
via SASL. This is tested with SASL GSSAPI and Kerberos 5.
Code by Victor Duchovni. Files: global/dict_ldap.c,
proto/LDAP_README.html, proto/ldap_table.
Cleanup: the cleanup server now reports a temporary delivery
error when it reaches the virtual_alias_expansion_limit or
virtual_alias_recursion_limit. Previously, it would silently
ignore the excess recipients and deliver the message. File:
cleanup/cleanup_map1n.c.
20101204
Cleanup: sache_clnt_create() had an unnecessary data
dependency on the non-library var_scache_service variable,
causing problems with shared library builds. Instead, it
should use its service argument (which has the same value).
File: global/scache.c.
Cleanup: pipe_command.c had an unnecessary data dependency
on the non-library var_command_maxtime variable, causing
problems with shared library builds. The dependency was not
necessary because the callers already specify an explicit
time limit. File: global/pipe_command.c.

11
postfix/README_FILES/LDAP_README
View File

@ -81,6 +81,11 @@ AUXLIBS line to point to libldap10.so or libldapssl30.so or whatever you have,
and you may need to use the appropriate linker option (e.g. '-R') so the
executables can find it at runtime.
If you are using OpenLDAP, and the libraries were built with SASL support, you
can add -DUSE_LDAP_SASL to the CCARGS to enable SASL support. For example:
CCARGS="-I/usr/local/include -DHAS_LDAP -DUSE_LDAP_SASL"
CCoonnffiigguurriinngg LLDDAAPP llooookkuuppss
In order to use LDAP lookups, define an LDAP source as a table lookup in
@ -89,8 +94,8 @@ main.cf, for example:
alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf
The file /etc/postfix/ldap-aliases.cf can specify a great number of parameters,
including parameters that enable LDAP SSL and STARTTLS. For a complete
description, see the ldap_table(5) manual page.
including parameters that enable LDAP SSL or STARTTLS, and LDAP SASL. For a
complete description, see the ldap_table(5) manual page.
EExxaammppllee:: llooccaall((88)) aalliiaasseess
@ -440,6 +445,8 @@ CCrreeddiittss
* Gunnar Wrobel provided a first implementation of a feature to limit LDAP
search results to leaf nodes only. Victor generalized this into the Postfix
2.4 "leaf_result_attribute" feature.
* Quanah Gibson-Mount contributed support for advanced LDAP SASL mechanisms,
beyond the password-based LDAP "simple" bind.
And of course Wietse.

32
postfix/README_FILES/POSTSCREEN_README
View File

@ -39,7 +39,9 @@ The main challenge for postscreen(8) is to make an is-it-a-zombie decision
based on a single measurement. This is necessary because many zombies avoid
spamming the same site repeatedly, in an attempt to fly under the radar. Once
postscreen(8) decides that a client is not-a-zombie, it whitelists the client
temporarily to avoid further delays for legitimate mail.
temporarily to avoid further delays for legitimate mail. Clients that pass
postscreen(8) are still subject to the checks that are built into Postfix smtpd
(8), Postfix built-in content filters, and external content filters.
Zombies have challenges too: they have only a limited amount of time to deliver
spam before their IP address becomes blacklisted. To speed up spam deliveries,
@ -50,23 +52,22 @@ continue sending mail even when the server tells them to go away.
postscreen(8) uses a variety of measurements to recognize zombies. First,
postscreen(8) determines if the remote SMTP client IP address is blacklisted.
Second, postscreen(8) looks for protocol compromises that are made to speed up
delivery. The results of such measurements don't change with each delivery
attempt, and are therefore good for making an is-it-a-zombie decision based on
a single measurement.
delivery. These are good indicators for making is-it-a-zombie decisions based
on single measurements.
postscreen(8) does not inspect message content. Message content can vary widely
with each delivery attempt, especially with clients that (also) send legitimate
email. Content is therefore not good for making an is-it-a-zombie decision
based on a single measurement, and that is the problem that postscreen(8) is
postscreen(8) does not inspect message content. Message content can vary from
one delivery to the next, especially with clients that (also) send legitimate
email. Content is not a good indicator for making is-it-a-zombie decisions
based on single measurements, and that is the problem that postscreen(8) is
focused on.
GGeenneerraall ooppeerraattiioonn
The postscreen(8) triage process involves a number of tests, in the order as
described below. Some tests introduce a delay of a few seconds. Once a client
passes all tests, its IP address is temporarily excluded from any tests,
typically 24 hours for simple tests or 1 week for complex tests. This minimizes
the impact of the tests on legitimate mail clients.
passes a test, its IP address is whitelisted from 24 hours for simple tests, to
1 week for complex tests. Whitelisting minimizes the impact of postscreen(8)'s
tests on legitimate mail clients.
After logging its findings, postscreen(8) by default hands off all connections
to a Postfix SMTP server process. This mode is useful for non-destructive
@ -252,11 +253,12 @@ discussed next.
* postscreen(8)'s built-in SMTP engine does not implement the AUTH, STARTTLS,
XCLIENT, and XFORWARD features. STARTTLS and AUTH support may be added in a
future version.
future version. In the mean time, if you need to make these services
available on port 25, then do not enable the tests after the 220 server
greeting.
End-user clients should connect directly to the submission service. Other
systems that require the above features should directly connect to a Postfix
SMTP server, or they should be placed on the postscreen(8) whitelist.
End-user clients should connect directly to the submission service, so that
they never have to deal with postscreen(8)'s tests.
* Command pipelining test
* Non-SMTP command test

8
postfix/RELEASE_NOTES
View File

@ -33,6 +33,14 @@ This is supported only when the default value is stress-dependent
postscreen parameters always evaluate as if the stress value is
equal to the empty string.
Incompatibility with snapshot 20101202
======================================
Postfix now reports a temporary delivery error when the result of
virtual alias expansion would exceed the virtual_alias_recursion_limit
or virtual_alias_expansion_limit. Previously, Postfix would silently
drop the excess recipients and deliver the message.
Incompatibility with snapshot 20101130
======================================

13
postfix/WISHLIST
View File

@ -6,9 +6,10 @@ Wish list:
smtpd xclient option for sasl_username.
Use different ipc_timeout settings for email message
transactions (smtpd, pickup)->cleanup and for quick query/reply
transactions such as address rewriting/resolution.
Use different ipc time limits for email message transactions
(smtpd, pickup)->cleanup and for quick query/reply transactions
such as address rewriting/resolution. Beware of large time
limits for local or virtual alias expansion.
permit_tempfail_action (default: defer_if_reject) to be
used as the default value for dnswl_tempfail_action and
@ -22,9 +23,11 @@ Wish list:
Replace sscanf() numerical conversions by strto[dl]()
for better error reporting.
Consistency: in postconf.proto make <dt>..</dt> tags bold.
As postscreen implements more ESMTP keywords, need to copy
inter-operability features from smtpd to filter keywords
and command syntax.
Milter addrcpt - use Sendmail-compatible default DSN settings.
Consistency: in postconf.proto make <dt>..</dt> tags bold.
postscreen(8): listen on multiple IP addresses and enforce
that the client contacts the primary MX address first (i.e.

19
postfix/html/LDAP_README.html
View File

@ -128,6 +128,16 @@ change the AUXLIBS line to point to libldap10.so or libldapssl30.so
or whatever you have, and you may need to use the appropriate linker
option (e.g. '-R') so the executables can find it at runtime. </p>
<p> If you are using OpenLDAP, and the libraries were built with SASL
support, you can add -DUSE_LDAP_SASL to the CCARGS to enable SASL support.
For example: </p>
<blockquote>
<pre>
CCARGS="-I/usr/local/include -DHAS_LDAP -DUSE_LDAP_SASL"
</pre>
</blockquote>
<h2><a name="config">Configuring LDAP lookups</a></h2>
<p> In order to use LDAP lookups, define an LDAP source
@ -140,9 +150,9 @@ as a table lookup in <a href="postconf.5.html">main.cf</a>, for example: </p>
</blockquote>
<p> The file /etc/postfix/ldap-aliases.cf can specify a great number
of parameters, including parameters that enable LDAP SSL and
STARTTLS. For a complete description, see the <a href="ldap_table.5.html">ldap_table(5)</a> manual
page. </p>
of parameters, including parameters that enable LDAP SSL or STARTTLS,
and LDAP SASL. For a complete description, see the <a href="ldap_table.5.html">ldap_table(5)</a>
manual page. </p>
<h2><a name="example_alias">Example: local(8) aliases</a></h2>
@ -591,6 +601,9 @@ expansion_limit interface for LDAP, MySQL and PosgreSQL.</li>
limit LDAP search results to leaf nodes only. Victor generalized
this into the Postfix 2.4 "leaf_result_attribute" feature. </li>
<li>Quanah Gibson-Mount contributed support for advanced LDAP SASL
mechanisms, beyond the password-based LDAP "simple" bind. </li>
</ul>
And of course Wietse.

35
postfix/html/POSTSCREEN_README.html
View File

@ -67,7 +67,10 @@ decision based on a single measurement. This is necessary because
many zombies avoid spamming the same site repeatedly, in an attempt
to fly under the radar. Once <a href="postscreen.8.html">postscreen(8)</a> decides that a client
is not-a-zombie, it whitelists the client temporarily to avoid
further delays for legitimate mail. </p>
further delays for legitimate mail. Clients that pass <a href="postscreen.8.html">postscreen(8)</a>
are still subject to the checks that are built into Postfix <a href="smtpd.8.html">smtpd(8)</a>,
Postfix built-in content filters, and external content filters.
</p>
<p> Zombies have challenges too: they have only a limited amount
of time to deliver spam before their IP address becomes blacklisted.
@ -79,25 +82,24 @@ mail even when the server tells them to go away. </p>
<p> <a href="postscreen.8.html">postscreen(8)</a> uses a variety of measurements to recognize
zombies. First, <a href="postscreen.8.html">postscreen(8)</a> determines if the remote SMTP client
IP address is blacklisted. Second, <a href="postscreen.8.html">postscreen(8)</a> looks for protocol
compromises that are made to speed up delivery. The results of
such measurements don't change with each delivery attempt, and are
therefore good for making an is-it-a-zombie decision based on a
single measurement. </p>
compromises that are made to speed up delivery. These are good
indicators for making is-it-a-zombie decisions based on single
measurements. </p>
<p> <a href="postscreen.8.html">postscreen(8)</a> does not inspect message content. Message content
can vary widely with each delivery attempt, especially with clients
that (also) send legitimate email. Content is therefore not good
for making an is-it-a-zombie decision based on a single measurement,
can vary from one delivery to the next, especially with clients
that (also) send legitimate email. Content is not a good indicator
for making is-it-a-zombie decisions based on single measurements,
and that is the problem that <a href="postscreen.8.html">postscreen(8)</a> is focused on. </p>
<h2> <a name="general"> General operation </a> </h2>
<p> The <a href="postscreen.8.html">postscreen(8)</a> triage process involves a number of tests,
in the order as described below. Some tests introduce a delay of
a few seconds. Once a client passes all tests, its IP address is
temporarily excluded from any tests, typically 24 hours for simple
tests or 1 week for complex tests. This minimizes the impact of
the tests on legitimate mail clients. </p>
a few seconds. Once a client passes a test, its IP address is
whitelisted from 24 hours for simple tests, to 1 week for complex
tests. Whitelisting minimizes the impact of <a href="postscreen.8.html">postscreen(8)</a>'s tests
on legitimate mail clients. </p>
<p> After logging its findings, <a href="postscreen.8.html">postscreen(8)</a> by default hands off
all connections to a Postfix SMTP server process. This mode is
@ -340,14 +342,15 @@ a relatively long expiration time. </p>
<li> <p> <a href="postscreen.8.html">postscreen(8)</a>'s built-in SMTP engine does not implement
the AUTH, STARTTLS, XCLIENT, and XFORWARD features. STARTTLS and
AUTH support may be added in a future version. </p>
AUTH support may be added in a future version. In the mean time,
if you need to make these services available on port 25, then do
not enable the tests after the 220 server greeting. </p>
</ul>
<p> End-user clients should connect directly to the submission
service. Other systems that require the above features
should directly connect to a Postfix SMTP server, or they
should be placed on the <a href="postscreen.8.html">postscreen(8)</a> whitelist. </p>
service, so that they never have to deal with <a href="postscreen.8.html">postscreen(8)</a>'s tests.
</p>
<ul>

74
postfix/html/ldap_table.5.html
View File

@ -451,11 +451,26 @@ LDAP_TABLE(5) LDAP_TABLE(5)
and LDAP_SCOPE_ONELEVEL.
<b>bind (default: yes)</b>
Whether or not to bind to the LDAP server. Newer
Whether or how to bind to the LDAP server. Newer
LDAP implementations don't require clients to bind,
which saves time. Example:
# Don't bind
bind = no
# Use SIMPLE bind
bind = yes
# Use SASL bind
bind = sasl
Postfix versions prior to 2.8 only support "bind =
no" which means don't bind, and "bind = yes" which
means do a SIMPLE bind. Postfix 2.8 and later also
supports "bind = SASL" when compiled with LDAP SASL
support as described in <a href="LDAP_README.html">LDAP_README</a>, it also adds
the synonyms "bind = none" and "bind = simple" for
"bind = no" and "bind = yes" respectively. See the
SASL section below for additional parameters avail-
able with "bind = sasl".
If you do need to bind, you might consider config-
uring Postfix to connect to the local machine on a
@ -470,6 +485,9 @@ LDAP_TABLE(5) LDAP_TABLE(5)
guished name. Example:
bind_dn = uid=postfix, dc=your, dc=com
With "bind = sasl" (see above) the DN may be
optional for some SASL mechanisms, don't specify a
DN if not needed.
<b>bind_pw (default: empty)</b>
The password for the distinguished name above. If
@ -483,6 +501,9 @@ LDAP_TABLE(5) LDAP_TABLE(5)
mand. Example:
bind_pw = postfixpw
With "bind = sasl" (see above) the password may be
optional for some SASL mechanisms, don't specify a
password if not needed.
<b>cache (IGNORED with a warning)</b>
@ -553,6 +574,57 @@ LDAP_TABLE(5) LDAP_TABLE(5)
What level to set for debugging in the OpenLDAP
libraries.
<b>LDAP SASL PARAMETERS</b>
If you're using the OpenLDAP libraries compiled with SASL
support, Postfix 2.8 and later built with LDAP SASL sup-
port as described in <a href="LDAP_README.html">LDAP_README</a> can authenticate to LDAP
servers via SASL.
This enables authentication to the LDAP server via mecha-
nisms other than a simple password. The added flexibility
has a cost: it is no longer practical to set an explicit
timeout on the duration of an LDAP bind operation. Under
adverse conditions, whether a SASL bind times out, or if
it does, the duration of the timeout is determined by the
LDAP and SASL libraries.
It is best to use tables that use SASL binds via <a href="proxymap.8.html">prox-</a>
<a href="proxymap.8.html">ymap(8)</a>, this way the requesting process can time-out the
proxymap request. This also lets you tailer the process
environment by overriding the <a href="proxymap.8.html">proxymap(8)</a> import_environ-
ment setting in <a href="master.5.html">master.cf</a>(5). Special environment settings
may be needed to configure GSSAPI credential caches or
other SASL mechanism specific options. The GSSAPI creden-
tials used for LDAP lookups may need to be different than
say those used for the Postfix SMTP client to authenticate
to remote servers.
Using SASL mechanisms requires LDAP protocol version 3,
the default protocol version is 2 for backwards compati-
bility. You must set "version = 3" in addition to "bind =
sasl".
The following parameters are relevant to using LDAP with
SASL
<b>sasl (default: no)</b>
Whether or not to use SASL binds to the server.
Can be yes or no.
<b>sasl_mechs (default: empty)</b>
Space separated list of SASL mechanism(s) to try.
<b>sasl_realm (default: empty)</b>
SASL Realm to use, if applicable.
<b>sasl_authz_id (default: empty)</b>
The SASL authorization identity to assert, if
applicable.
<b>sasl_minssf (default: 0)</b>
The minimum required sasl security factor required
to establish a connection.
<b>LDAP SSL AND STARTTLS PARAMETERS</b>
If you're using the OpenLDAP libraries compiled with SSL
support, Postfix can connect to LDAP SSL servers and can

17
postfix/html/postscreen.8.html
View File

@ -55,7 +55,14 @@ POSTSCREEN(8) POSTSCREEN(8)
Problems and transactions are logged to <b>syslogd</b>(8).
<b>BUGS</b>
Some of the non-default protocol tests involve
The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> built-in SMTP protocol engine does not
announce support for STARTTLS, AUTH, XCLIENT or XFORWARD.
Support for STARTTLS and AUTH may be added in the future.
In the mean time, if you need to make these services
available on port 25, then do not enable the optional
"after 220 server greeting" tests.
The optional "after 220 server greeting" tests involve
<a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine. When these
tests succeed, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> adds the client to the tempo-
rary whitelist but it cannot not hand off the "live" con-
@ -68,14 +75,6 @@ POSTSCREEN(8) POSTSCREEN(8)
this limitation by giving such tests a long expiration
time.
The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> built-in SMTP protocol engine does not
announce support for STARTTLS, AUTH, XCLIENT or XFORWARD
(support for STARTTLS and AUTH may be added in the
future). End-user clients should connect directly to the
submission service; other systems that require the above
features should directly connect to a Postfix SMTP server,
or they should be placed on the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> whitelist.
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html">main.cf</a> are not picked up automatically, as
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> processes may run for several hours. Use

62
postfix/man/man5/ldap_table.5
View File

@ -422,14 +422,27 @@ The LDAP search scope: \fBsub\fR, \fBbase\fR, or \fBone\fR.
These translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE,
and LDAP_SCOPE_ONELEVEL.
.IP "\fBbind (default: yes)\fR"
Whether or not to bind to the LDAP server. Newer LDAP
Whether or how to bind to the LDAP server. Newer LDAP
implementations don't require clients to bind, which saves
time. Example:
.nf
# Don't bind
bind = no
# Use SIMPLE bind
bind = yes
# Use SASL bind
bind = sasl
.fi
Postfix versions prior to 2.8 only support "bind = no" which
means don't bind, and "bind = yes" which means do a SIMPLE bind.
Postfix 2.8 and later also supports "bind = SASL" when compiled
with LDAP SASL support as described in LDAP_README, it also adds
the synonyms "bind = none" and "bind = simple" for "bind = no"
and "bind = yes" respectively. See the SASL section below for
additional parameters available with "bind = sasl".
If you do need to bind, you might consider configuring
Postfix to connect to the local machine on a port that's
an SSL tunnel to your LDAP server. If your LDAP server
@ -443,6 +456,8 @@ If you do have to bind, do it with this distinguished name. Example:
.nf
bind_dn = uid=postfix, dc=your, dc=com
.fi
With "bind = sasl" (see above) the DN may be optional for some SASL
mechanisms, don't specify a DN if not needed.
.IP "\fBbind_pw (default: empty)\fR"
The password for the distinguished name above. If you have
to use this, you probably want to make the map configuration
@ -456,6 +471,8 @@ command. Example:
.nf
bind_pw = postfixpw
.fi
With "bind = sasl" (see above) the password may be optional
for some SASL mechanisms, don't specify a password if not needed.
.IP "\fBcache (IGNORED with a warning)\fR"
.IP "\fBcache_expiry (IGNORED with a warning)\fR"
.IP "\fBcache_size (IGNORED with a warning)\fR"
@ -512,6 +529,49 @@ Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP version
Specifies the LDAP protocol version to use.
.IP "\fBdebuglevel (default: 0)\fR"
What level to set for debugging in the OpenLDAP libraries.
.SH "LDAP SASL PARAMETERS"
.na
.nf
.ad
.fi
If you're using the OpenLDAP libraries compiled with SASL
support, Postfix 2.8 and later built with LDAP SASL support
as described in LDAP_README can authenticate to LDAP servers
via SASL.
This enables authentication to the LDAP server via mechanisms
other than a simple password. The added flexibility has a cost:
it is no longer practical to set an explicit timeout on the duration
of an LDAP bind operation. Under adverse conditions, whether a SASL
bind times out, or if it does, the duration of the timeout is
determined by the LDAP and SASL libraries.
It is best to use tables that use SASL binds via proxymap(8), this
way the requesting process can time-out the proxymap request. This
also lets you tailer the process environment by overriding the
proxymap(8) import_environment setting in master.cf(5). Special
environment settings may be needed to configure GSSAPI credential
caches or other SASL mechanism specific options. The GSSAPI
credentials used for LDAP lookups may need to be different than
say those used for the Postfix SMTP client to authenticate to remote
servers.
Using SASL mechanisms requires LDAP protocol version 3, the default
protocol version is 2 for backwards compatibility. You must set
"version = 3" in addition to "bind = sasl".
The following parameters are relevant to using LDAP with SASL
.IP "\fBsasl (default: no)\fR"
Whether or not to use SASL binds to the server. Can be yes or no.
.IP "\fBsasl_mechs (default: empty)\fR"
Space separated list of SASL mechanism(s) to try.
.IP "\fBsasl_realm (default: empty)\fR"
SASL Realm to use, if applicable.
.IP "\fBsasl_authz_id (default: empty)\fR"
The SASL authorization identity to assert, if applicable.
.IP "\fBsasl_minssf (default: 0)\fR"
The minimum required sasl security factor required to establish a
connection.
.SH "LDAP SSL AND STARTTLS PARAMETERS"
.na
.nf

17
postfix/man/man8/postscreen.8
View File

@ -60,7 +60,14 @@ Problems and transactions are logged to \fBsyslogd\fR(8).
.SH BUGS
.ad
.fi
Some of the non-default protocol tests involve
The \fBpostscreen\fR(8) built-in SMTP protocol engine does
not announce support for STARTTLS, AUTH, XCLIENT or XFORWARD.
Support for STARTTLS and AUTH may be added in the future.
In the mean time, if you need to make these services available
on port 25, then do not enable the optional "after 220
server greeting" tests.
The optional "after 220 server greeting" tests involve
\fBpostscreen\fR(8)'s built-in SMTP protocol engine. When
these tests succeed, \fBpostscreen\fR(8) adds the client
to the temporary whitelist but it cannot not hand off the
@ -72,14 +79,6 @@ connects, it will be allowed to talk to a Postfix SMTP
server process to deliver mail. \fBpostscreen\fR(8) mitigates
the impact of this limitation by giving such tests a long
expiration time.
The \fBpostscreen\fR(8) built-in SMTP protocol engine does
not announce support for STARTTLS, AUTH, XCLIENT or XFORWARD
(support for STARTTLS and AUTH may be added in the future).
End-user clients should connect directly to the submission
service; other systems that require the above features
should directly connect to a Postfix SMTP server, or they
should be placed on the \fBpostscreen\fR(8) whitelist.
.SH "CONFIGURATION PARAMETERS"
.na
.nf

19
postfix/proto/LDAP_README.html
View File

@ -128,6 +128,16 @@ change the AUXLIBS line to point to libldap10.so or libldapssl30.so
or whatever you have, and you may need to use the appropriate linker
option (e.g. '-R') so the executables can find it at runtime. </p>
<p> If you are using OpenLDAP, and the libraries were built with SASL
support, you can add -DUSE_LDAP_SASL to the CCARGS to enable SASL support.
For example: </p>
<blockquote>
<pre>
CCARGS="-I/usr/local/include -DHAS_LDAP -DUSE_LDAP_SASL"
</pre>
</blockquote>
<h2><a name="config">Configuring LDAP lookups</a></h2>
<p> In order to use LDAP lookups, define an LDAP source
@ -140,9 +150,9 @@ alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf
</blockquote>
<p> The file /etc/postfix/ldap-aliases.cf can specify a great number
of parameters, including parameters that enable LDAP SSL and
STARTTLS. For a complete description, see the ldap_table(5) manual
page. </p>
of parameters, including parameters that enable LDAP SSL or STARTTLS,
and LDAP SASL. For a complete description, see the ldap_table(5)
manual page. </p>
<h2><a name="example_alias">Example: local(8) aliases</a></h2>
@ -591,6 +601,9 @@ expansion_limit interface for LDAP, MySQL and PosgreSQL.</li>
limit LDAP search results to leaf nodes only. Victor generalized
this into the Postfix 2.4 "leaf_result_attribute" feature. </li>
<li>Quanah Gibson-Mount contributed support for advanced LDAP SASL
mechanisms, beyond the password-based LDAP "simple" bind. </li>
</ul>
And of course Wietse.

35
postfix/proto/POSTSCREEN_README.html
View File

@ -67,7 +67,10 @@ decision based on a single measurement. This is necessary because
many zombies avoid spamming the same site repeatedly, in an attempt
to fly under the radar. Once postscreen(8) decides that a client
is not-a-zombie, it whitelists the client temporarily to avoid
further delays for legitimate mail. </p>
further delays for legitimate mail. Clients that pass postscreen(8)
are still subject to the checks that are built into Postfix smtpd(8),
Postfix built-in content filters, and external content filters.
</p>
<p> Zombies have challenges too: they have only a limited amount
of time to deliver spam before their IP address becomes blacklisted.
@ -79,25 +82,24 @@ mail even when the server tells them to go away. </p>
<p> postscreen(8) uses a variety of measurements to recognize
zombies. First, postscreen(8) determines if the remote SMTP client
IP address is blacklisted. Second, postscreen(8) looks for protocol
compromises that are made to speed up delivery. The results of
such measurements don't change with each delivery attempt, and are
therefore good for making an is-it-a-zombie decision based on a
single measurement. </p>
compromises that are made to speed up delivery. These are good
indicators for making is-it-a-zombie decisions based on single
measurements. </p>
<p> postscreen(8) does not inspect message content. Message content
can vary widely with each delivery attempt, especially with clients
that (also) send legitimate email. Content is therefore not good
for making an is-it-a-zombie decision based on a single measurement,
can vary from one delivery to the next, especially with clients
that (also) send legitimate email. Content is not a good indicator
for making is-it-a-zombie decisions based on single measurements,
and that is the problem that postscreen(8) is focused on. </p>
<h2> <a name="general"> General operation </a> </h2>
<p> The postscreen(8) triage process involves a number of tests,
in the order as described below. Some tests introduce a delay of
a few seconds. Once a client passes all tests, its IP address is
temporarily excluded from any tests, typically 24 hours for simple
tests or 1 week for complex tests. This minimizes the impact of
the tests on legitimate mail clients. </p>
a few seconds. Once a client passes a test, its IP address is
whitelisted from 24 hours for simple tests, to 1 week for complex
tests. Whitelisting minimizes the impact of postscreen(8)'s tests
on legitimate mail clients. </p>
<p> After logging its findings, postscreen(8) by default hands off
all connections to a Postfix SMTP server process. This mode is
@ -340,14 +342,15 @@ a relatively long expiration time. </p>
<li> <p> postscreen(8)'s built-in SMTP engine does not implement
the AUTH, STARTTLS, XCLIENT, and XFORWARD features. STARTTLS and
AUTH support may be added in a future version. </p>
AUTH support may be added in a future version. In the mean time,
if you need to make these services available on port 25, then do
not enable the tests after the 220 server greeting. </p>
</ul>
<p> End-user clients should connect directly to the submission
service. Other systems that require the above features
should directly connect to a Postfix SMTP server, or they
should be placed on the postscreen(8) whitelist. </p>
service, so that they never have to deal with postscreen(8)'s tests.
</p>
<ul>

60
postfix/proto/ldap_table
View File

@ -410,14 +410,27 @@
# These translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE,
# and LDAP_SCOPE_ONELEVEL.
# .IP "\fBbind (default: yes)\fR"
# Whether or not to bind to the LDAP server. Newer LDAP
# Whether or how to bind to the LDAP server. Newer LDAP
# implementations don't require clients to bind, which saves
# time. Example:
#
# .nf
# # Don't bind
# bind = no
# # Use SIMPLE bind
# bind = yes
# # Use SASL bind
# bind = sasl
# .fi
#
# Postfix versions prior to 2.8 only support "bind = no" which
# means don't bind, and "bind = yes" which means do a SIMPLE bind.
# Postfix 2.8 and later also supports "bind = SASL" when compiled
# with LDAP SASL support as described in LDAP_README, it also adds
# the synonyms "bind = none" and "bind = simple" for "bind = no"
# and "bind = yes" respectively. See the SASL section below for
# additional parameters available with "bind = sasl".
#
# If you do need to bind, you might consider configuring
# Postfix to connect to the local machine on a port that's
# an SSL tunnel to your LDAP server. If your LDAP server
@ -431,6 +444,8 @@
# .nf
# bind_dn = uid=postfix, dc=your, dc=com
# .fi
# With "bind = sasl" (see above) the DN may be optional for some SASL
# mechanisms, don't specify a DN if not needed.
# .IP "\fBbind_pw (default: empty)\fR"
# The password for the distinguished name above. If you have
# to use this, you probably want to make the map configuration
@ -444,6 +459,8 @@
# .nf
# bind_pw = postfixpw
# .fi
# With "bind = sasl" (see above) the password may be optional
# for some SASL mechanisms, don't specify a password if not needed.
# .IP "\fBcache (IGNORED with a warning)\fR"
# .IP "\fBcache_expiry (IGNORED with a warning)\fR"
# .IP "\fBcache_size (IGNORED with a warning)\fR"
@ -500,6 +517,47 @@
# Specifies the LDAP protocol version to use.
# .IP "\fBdebuglevel (default: 0)\fR"
# What level to set for debugging in the OpenLDAP libraries.
# LDAP SASL PARAMETERS
# .ad
# .fi
# If you're using the OpenLDAP libraries compiled with SASL
# support, Postfix 2.8 and later built with LDAP SASL support
# as described in LDAP_README can authenticate to LDAP servers
# via SASL.
#
# This enables authentication to the LDAP server via mechanisms
# other than a simple password. The added flexibility has a cost:
# it is no longer practical to set an explicit timeout on the duration
# of an LDAP bind operation. Under adverse conditions, whether a SASL
# bind times out, or if it does, the duration of the timeout is
# determined by the LDAP and SASL libraries.
#
# It is best to use tables that use SASL binds via proxymap(8), this
# way the requesting process can time-out the proxymap request. This
# also lets you tailer the process environment by overriding the
# proxymap(8) import_environment setting in master.cf(5). Special
# environment settings may be needed to configure GSSAPI credential
# caches or other SASL mechanism specific options. The GSSAPI
# credentials used for LDAP lookups may need to be different than
# say those used for the Postfix SMTP client to authenticate to remote
# servers.
#
# Using SASL mechanisms requires LDAP protocol version 3, the default
# protocol version is 2 for backwards compatibility. You must set
# "version = 3" in addition to "bind = sasl".
#
# The following parameters are relevant to using LDAP with SASL
# .IP "\fBsasl (default: no)\fR"
# Whether or not to use SASL binds to the server. Can be yes or no.
# .IP "\fBsasl_mechs (default: empty)\fR"
# Space separated list of SASL mechanism(s) to try.
# .IP "\fBsasl_realm (default: empty)\fR"
# SASL Realm to use, if applicable.
# .IP "\fBsasl_authz_id (default: empty)\fR"
# The SASL authorization identity to assert, if applicable.
# .IP "\fBsasl_minssf (default: 0)\fR"
# The minimum required sasl security factor required to establish a
# connection.
# LDAP SSL AND STARTTLS PARAMETERS
# .ad
# .fi

43
postfix/src/cleanup/cleanup_map1n.c
View File

@ -15,13 +15,18 @@
/* This module implements one-to-many table mapping via table lookup.
/* Table lookups are done with quoted (externalized) address forms.
/* The process is recursive. The recursion terminates when the
/* left-hand side appears in its own expansion, or when a maximal
/* nesting level is reached.
/* left-hand side appears in its own expansion.
/*
/* cleanup_map1n_internal() is the interface for addresses in
/* internal (unquoted) form.
/* DIAGNOSTICS
/* Recoverable errors: the global \fIcleanup_errs\fR flag is updated.
/* When the maximal expansion or recursion limit is reached,
/* the alias is not expanded and the CLEANUP_STAT_DEFER error
/* is raised with reason "4.6.0 Alias expansion error".
/*
/* When table lookup fails, the alias is not expanded and the
/* CLEANUP_STAT_WRITE error is raised with reason "4.6.0 Alias
/* expansion error".
/* SEE ALSO
/* mail_addr_map(3) address mappings
/* mail_addr_find(3) address lookups
@ -93,15 +98,26 @@ ARGV *cleanup_map1n_internal(CLEANUP_STATE *state, const char *addr,
* must index the array explicitly, instead of running along it with a
* pointer.
*/
#define UPDATE(ptr,new) { myfree(ptr); ptr = mystrdup(new); }
#define UPDATE(ptr,new) do { \
if (ptr) myfree(ptr); ptr = mystrdup(new); \
} while (0)
#define STR vstring_str
#define RETURN(x) { been_here_free(been_here); return (x); }
#define RETURN(x) do { \
been_here_free(been_here); return (x); \
} while (0)
#define UNEXPAND(argv, addr) do { \
argv_truncate((argv), 0); argv_add((argv), (addr), (char *) 0); \
} while (0)
for (arg = 0; arg < argv->argc; arg++) {
if (argv->argc > var_virt_expan_limit) {
msg_warn("%s: unreasonable %s map expansion size for %s",
msg_warn("%s: unreasonable %s map expansion size for %s -- "
"deferring delivery",
state->queue_id, maps->title, addr);
break;
state->errs |= CLEANUP_STAT_DEFER;
UPDATE(state->reason, "4.6.0 Alias expansion error");
UNEXPAND(argv, addr);
RETURN(argv);
}
for (count = 0; /* void */ ; count++) {
@ -111,9 +127,13 @@ ARGV *cleanup_map1n_internal(CLEANUP_STATE *state, const char *addr,
if (been_here_check_fixed(been_here, argv->argv[arg]) != 0)
break;
if (count >= var_virt_recur_limit) {
msg_warn("%s: unreasonable %s map nesting for %s",
msg_warn("%s: unreasonable %s map nesting for %s -- "
"deferring delivery",
state->queue_id, maps->title, addr);
break;
state->errs |= CLEANUP_STAT_DEFER;
UPDATE(state->reason, "4.6.0 Alias expansion error");
UNEXPAND(argv, addr);
RETURN(argv);
}
quote_822_local(state->temp1, argv->argv[arg]);
if ((lookup = mail_addr_map(maps, STR(state->temp1), propagate)) != 0) {
@ -136,9 +156,12 @@ ARGV *cleanup_map1n_internal(CLEANUP_STATE *state, const char *addr,
myfree(saved_lhs);
argv_free(lookup);
} else if (dict_errno != 0) {
msg_warn("%s: %s map lookup problem for %s",
msg_warn("%s: %s map lookup problem for %s -- "
"deferring delivery",
state->queue_id, maps->title, addr);
state->errs |= CLEANUP_STAT_WRITE;
UPDATE(state->reason, "4.6.0 Alias expansion error");
UNEXPAND(argv, addr);
RETURN(argv);
} else {
break;

192
postfix/src/global/dict_ldap.c
View File

@ -103,6 +103,16 @@
/* .IP version
/* Specifies the LDAP protocol version to use. Default is version
/* \fI2\fR.
/* .IP "\fBsasl (no)\fR"
/* Whether or not to use SASL binds with the server.
/* .IP "\fBsasl_mechs (empty)\fR"
/* Specifies a space-separated list of LDAP SASL Mechanisms.
/* .IP "\fBsasl_realm (empty)\fR"
/* The realm to use for SASL binds.
/* .IP "\fBsasl_authz_id (empty)\fR"
/* The SASL Authorization Identity to assert.
/* .IP "\fBsasl_minssf (0)\fR"
/* The minimum SASL SSF to allow.
/* .IP start_tls
/* Whether or not to issue STARTTLS upon connection to the server.
/* At this time, STARTTLS and LDAP SSL are only available if the
@ -208,16 +218,44 @@
#include <dict.h>
#include <stringops.h>
#include <binhash.h>
#include <name_code.h>
/* Global library. */
#include "cfg_parser.h"
#include "db_common.h"
#include "mail_conf.h"
#if defined(USE_LDAP_SASL) && defined(LDAP_API_FEATURE_X_OPENLDAP)
/*
* SASL headers, for sasl_interact_t. Either SASL v1 or v2 should be fine.
*/
#include <sasl.h>
#endif
/* Application-specific. */
#include "dict_ldap.h"
#define DICT_LDAP_BIND_NONE 0
#define DICT_LDAP_BIND_SIMPLE 1
#define DICT_LDAP_BIND_SASL 2
#define DICT_LDAP_DO_BIND(d) ((d)->bind != DICT_LDAP_BIND_NONE)
#define DICT_LDAP_DO_SASL(d) ((d)->bind == DICT_LDAP_BIND_SASL)
static const NAME_CODE bindopt_table[] = {
CONFIG_BOOL_NO, DICT_LDAP_BIND_NONE,
"none", DICT_LDAP_BIND_NONE,
CONFIG_BOOL_YES, DICT_LDAP_BIND_SIMPLE,
"simple", DICT_LDAP_BIND_SIMPLE,
#ifdef LDAP_API_FEATURE_X_OPENLDAP
#if defined(USE_LDAP_SASL)
"sasl", DICT_LDAP_BIND_SASL,
#endif
#endif
0, -1,
};
typedef struct {
LDAP *conn_ld;
int conn_refcount;
@ -254,6 +292,13 @@ typedef struct {
int debuglevel;
int version;
#ifdef LDAP_API_FEATURE_X_OPENLDAP
#if defined(USE_LDAP_SASL)
int sasl;
char *sasl_mechs;
char *sasl_realm;
char *sasl_authz;
int sasl_minssf;
#endif
int ldap_ssl;
int start_tls;
int tls_require_cert;
@ -407,6 +452,49 @@ static int dict_ldap_set_errno(LDAP *ld, int rc)
return rc;
}
#if defined(USE_LDAP_SASL) && defined(LDAP_API_FEATURE_X_OPENLDAP)
/*
* Context structure for SASL property callback.
*/
typedef struct bind_props {
char *authcid;
char *passwd;
char *realm;
char *authzid;
} bind_props;
static int
ldap_b2_interact(LDAP *ld, unsigned flags, void *props, void *inter)
{
sasl_interact_t *in;
bind_props *ctx = (bind_props *)props;
for (in = inter; in->id != SASL_CB_LIST_END; in++)
{
in->result = NULL;
switch(in->id)
{
case SASL_CB_GETREALM:
in->result = ctx->realm;
break;
case SASL_CB_AUTHNAME:
in->result = ctx->authcid;
break;
case SASL_CB_USER:
in->result = ctx->authzid;
break;
case SASL_CB_PASS:
in->result = ctx->passwd;
break;
}
if (in->result)
in->len = strlen(in->result);
}
return LDAP_SUCCESS;
}
#endif
/* dict_ldap_result - Read and parse LDAP result */
static int dict_ldap_result(LDAP *ld, int msgid, int timeout, LDAPMessage **res)
@ -427,6 +515,40 @@ static int dict_ldap_result(LDAP *ld, int msgid, int timeout, LDAPMessage **res)
return LDAP_SUCCESS;
}
#if defined(USE_LDAP_SASL) && defined(LDAP_API_FEATURE_X_OPENLDAP)
/* Asynchronous SASL auth if SASL is enabled */
static int dict_ldap_bind_sasl(DICT_LDAP *dict_ldap)
{
int rc;
bind_props props;
static VSTRING *minssf = 0;
if (minssf == 0)
minssf = vstring_alloc(12);
vstring_sprintf(minssf, "minssf=%d", dict_ldap->sasl_minssf);
if ((rc = ldap_set_option(dict_ldap->ld, LDAP_OPT_X_SASL_SECPROPS,
(char *) minssf)) != LDAP_OPT_SUCCESS)
return (rc);
props.authcid = dict_ldap->bind_dn;
props.passwd = dict_ldap->bind_pw;
props.realm = dict_ldap->sasl_realm;
props.authzid = dict_ldap->sasl_authz;
if ((rc = ldap_sasl_interactive_bind_s(dict_ldap->ld, NULL,
dict_ldap->sasl_mechs, NULL, NULL,
LDAP_SASL_QUIET, ldap_b2_interact,
&props)) != LDAP_SUCCESS)
return (rc);
return (LDAP_SUCCESS);
}
#endif
/* dict_ldap_bind_st - Synchronous simple auth with timeout */
static int dict_ldap_bind_st(DICT_LDAP *dict_ldap)
@ -746,26 +868,36 @@ static int dict_ldap_connect(DICT_LDAP *dict_ldap)
}
#endif
#define DN_LOG_VAL(dict_ldap) \
((dict_ldap)->bind_dn[0] ? (dict_ldap)->bind_dn : "empty or implicit")
/*
* If this server requires a bind, do so. Thanks to Sam Tardieu for
* noticing that the original bind call was broken.
*/
if (dict_ldap->bind) {
if (DICT_LDAP_DO_BIND(dict_ldap)) {
if (msg_verbose)
msg_info("%s: Binding to server %s as dn %s",
myname, dict_ldap->server_host, dict_ldap->bind_dn);
msg_info("%s: Binding to server %s with dn %s",
myname, dict_ldap->server_host, DN_LOG_VAL(dict_ldap));
#if defined(USE_LDAP_SASL) && defined(LDAP_API_FEATURE_X_OPENLDAP)
if (DICT_LDAP_DO_SASL(dict_ldap)) {
rc = dict_ldap_bind_sasl(dict_ldap);
} else {
rc = dict_ldap_bind_st(dict_ldap);
}
#else
rc = dict_ldap_bind_st(dict_ldap);
#endif
if (rc != LDAP_SUCCESS) {
msg_warn("%s: Unable to bind to server %s as %s: %d (%s)",
myname, dict_ldap->server_host, dict_ldap->bind_dn,
msg_warn("%s: Unable to bind to server %s with dn %s: %d (%s)",
myname, dict_ldap->server_host, DN_LOG_VAL(dict_ldap),
rc, ldap_err2string(rc));
DICT_LDAP_UNBIND_RETURN(dict_ldap->ld, DICT_ERR_RETRY, -1);
}
if (msg_verbose)
msg_info("%s: Successful bind to server %s as %s ",
myname, dict_ldap->server_host, dict_ldap->bind_dn);
msg_info("%s: Successful bind to server %s with dn %s",
myname, dict_ldap->server_host, DN_LOG_VAL(dict_ldap));
}
/* Save connection handle in shared container */
DICT_LDAP_CONN(dict_ldap)->conn_ld = dict_ldap->ld;
@ -798,13 +930,19 @@ static void dict_ldap_conn_find(DICT_LDAP *dict_ldap)
ADDSTR(keybuf, dict_ldap->server_host);
ADDINT(keybuf, dict_ldap->server_port);
ADDINT(keybuf, dict_ldap->bind);
ADDSTR(keybuf, dict_ldap->bind ? dict_ldap->bind_dn : "");
ADDSTR(keybuf, dict_ldap->bind ? dict_ldap->bind_pw : "");
ADDSTR(keybuf, DICT_LDAP_DO_BIND(dict_ldap) ? dict_ldap->bind_dn : "");
ADDSTR(keybuf, DICT_LDAP_DO_BIND(dict_ldap) ? dict_ldap->bind_pw : "");
ADDINT(keybuf, dict_ldap->dereference);
ADDINT(keybuf, dict_ldap->chase_referrals);
ADDINT(keybuf, dict_ldap->debuglevel);
ADDINT(keybuf, dict_ldap->version);
#ifdef LDAP_API_FEATURE_X_OPENLDAP
#if defined(USE_LDAP_SASL)
ADDSTR(keybuf, DICT_LDAP_DO_SASL(dict_ldap) ? dict_ldap->sasl_mechs : "");
ADDSTR(keybuf, DICT_LDAP_DO_SASL(dict_ldap) ? dict_ldap->sasl_realm : "");
ADDSTR(keybuf, DICT_LDAP_DO_SASL(dict_ldap) ? dict_ldap->sasl_authz : "");
ADDINT(keybuf, DICT_LDAP_DO_SASL(dict_ldap) ? dict_ldap->sasl_minssf : 0);
#endif
ADDINT(keybuf, dict_ldap->ldap_ssl);
ADDINT(keybuf, dict_ldap->start_tls);
ADDINT(keybuf, sslon ? dict_ldap->tls_require_cert : 0);
@ -1437,6 +1575,13 @@ static void dict_ldap_close(DICT *dict)
if (dict_ldap->ctx)
db_common_free_ctx(dict_ldap->ctx);
#ifdef LDAP_API_FEATURE_X_OPENLDAP
#if defined(USE_LDAP_SASL)
if (DICT_LDAP_DO_SASL(dict_ldap)) {
myfree(dict_ldap->sasl_mechs);
myfree(dict_ldap->sasl_realm);
myfree(dict_ldap->sasl_authz);
}
#endif
myfree(dict_ldap->tls_ca_cert_file);
myfree(dict_ldap->tls_ca_cert_dir);
myfree(dict_ldap->tls_cert);
@ -1461,6 +1606,7 @@ DICT *dict_ldap_open(const char *ldapsource, int dummy, int dict_flags)
char *server_host;
char *scope;
char *attr;
char *bindopt;
int tmp;
int vendor_version = dict_ldap_vendor_version();
@ -1666,9 +1812,14 @@ DICT *dict_ldap_open(const char *ldapsource, int dummy, int dict_flags)
myfree(attr);
/*
* get configured value of "bind"; default to true
* get configured value of "bind"; default to simple bind
*/
dict_ldap->bind = cfg_get_bool(dict_ldap->parser, "bind", 1);
bindopt = cfg_get_str(dict_ldap->parser, "bind", CONFIG_BOOL_YES, 1, 0);
dict_ldap->bind = name_code(bindopt_table, NAME_CODE_FLAG_NONE, bindopt);
if (dict_ldap->bind < 0)
msg_fatal("%s: unsupported parameter value: %s = %s",
dict_ldap->parser->name, "bind", bindopt);
myfree(bindopt);
/*
* get configured value of "bind_dn"; default to ""
@ -1723,6 +1874,25 @@ DICT *dict_ldap_open(const char *ldapsource, int dummy, int dict_flags)
"chase_referrals", 0);
#ifdef LDAP_API_FEATURE_X_OPENLDAP
#if defined(USE_LDAP_SASL)
/*
* SASL options
*/
if (DICT_LDAP_DO_SASL(dict_ldap)) {
dict_ldap->sasl_mechs =
cfg_get_str(dict_ldap->parser, "sasl_mechs", "", 0, 0);
dict_ldap->sasl_realm =
cfg_get_str(dict_ldap->parser, "sasl_realm", "", 0, 0);
dict_ldap->sasl_authz =
cfg_get_str(dict_ldap->parser, "sasl_authz_id", "", 0, 0);
dict_ldap->sasl_minssf =
cfg_get_int(dict_ldap->parser, "sasl_minssf", 0, 0, 4096);
} else {
dict_ldap->sasl_mechs = 0;
dict_ldap->sasl_realm = 0;
dict_ldap->sasl_authz = 0;
}
#endif
/*
* TLS options

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20101201"
#define MAIL_RELEASE_DATE "20101204"
#define MAIL_VERSION_NUMBER "2.8"
#ifdef SNAPSHOT

2
postfix/src/global/mime_state.c
View File

@ -49,7 +49,7 @@
/*
/* In order to fend off denial of service attacks, message headers
/* are truncated at or above var_header_limit bytes, message boundary
/* strings are truncated at var_boundary_len bytes, and the multipart
/* strings are truncated at var_mime_bound_len bytes, and the multipart
/* nesting level is limited to var_mime_maxdepth levels.
/*
/* mime_state_alloc() creates a MIME state machine. The machine

5
postfix/src/global/pipe_command.c
View File

@ -85,8 +85,7 @@
/* configuration parameter. The group ID must be non-zero.
/* .IP "PIPE_CMD_TIME_LIMIT (int)"
/* The amount of time the command is allowed to run before it
/* is terminated with SIGKILL. The default is the limit given
/* with the \fIcommand_time_limit\fR configuration parameter.
/* is terminated with SIGKILL. The default is DEF_COMMAND_MAXTIME.
/* .IP "PIPE_CMD_SHELL (char *)"
/* The shell to use when executing the command specified with
/* PIPE_CMD_COMMAND. This shell is invoked regardless of the
@ -211,7 +210,7 @@ static void get_pipe_args(struct pipe_args * args, va_list ap)
args->cwd = 0;
args->chroot = 0;
pipe_command_maxtime = var_command_maxtime;
pipe_command_maxtime = DEF_COMMAND_MAXTIME;
/*
* Then, override the defaults with user-supplied inputs.

2
postfix/src/global/scache_clnt.c
View File

@ -414,7 +414,7 @@ SCACHE *scache_clnt_create(const char *server, int timeout,
sp->scache->size = scache_clnt_size;
sp->scache->free = scache_clnt_free;
service = concatenate("local:private/", var_scache_service, (char *) 0);
service = concatenate("local:private/", server, (char *) 0);
sp->auto_clnt = auto_clnt_create(service, timeout, idle_limit, ttl_limit);
myfree(service);

2
postfix/src/local/local.c
View File

@ -626,7 +626,7 @@ char *var_allow_commands;
char *var_allow_files;
char *var_alias_maps;
int var_dup_filter_limit;
int var_command_maxtime;
int var_command_maxtime; /* You can now leave this here. */
char *var_home_mailbox;
char *var_mailbox_command;
char *var_mailbox_cmd_maps;

5
postfix/src/pickup/pickup.c
View File

@ -196,8 +196,9 @@ static int cleanup_service_error_reason(PICKUP_INFO *info, int status,
* -r" when a message is already delivered (or bounced). The Postfix
* sendmail command rejects submissions without recipients.
*/
if (reason == 0)
msg_warn("%s: %s", info->path, cleanup_strerror(status));
if (reason == 0 || *reason == 0)
msg_warn("%s: error writing %s: %s",
info->path, info->id, cleanup_strerror(status));
return ((status & (CLEANUP_STAT_BAD | CLEANUP_STAT_RCPT)) ?
REMOVE_MESSAGE_FILE : KEEP_MESSAGE_FILE);
}

2
postfix/src/pipe/pipe.c
View File

@ -530,7 +530,7 @@
* Tunable parameters. Values are taken from the config file, after
* prepending the service name to _name, and so on.
*/
int var_command_maxtime; /* system-wide */
int var_command_maxtime; /* You can now leave this here. */
/*
* For convenience. Instead of passing around lists of parameters, bundle

17
postfix/src/postscreen/postscreen.c
View File

@ -46,7 +46,14 @@
/* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8).
/* BUGS
/* Some of the non-default protocol tests involve
/* The \fBpostscreen\fR(8) built-in SMTP protocol engine does
/* not announce support for STARTTLS, AUTH, XCLIENT or XFORWARD.
/* Support for STARTTLS and AUTH may be added in the future.
/* In the mean time, if you need to make these services available
/* on port 25, then do not enable the optional "after 220
/* server greeting" tests.
/*
/* The optional "after 220 server greeting" tests involve
/* \fBpostscreen\fR(8)'s built-in SMTP protocol engine. When
/* these tests succeed, \fBpostscreen\fR(8) adds the client
/* to the temporary whitelist but it cannot not hand off the
@ -58,14 +65,6 @@
/* server process to deliver mail. \fBpostscreen\fR(8) mitigates
/* the impact of this limitation by giving such tests a long
/* expiration time.
/*
/* The \fBpostscreen\fR(8) built-in SMTP protocol engine does
/* not announce support for STARTTLS, AUTH, XCLIENT or XFORWARD
/* (support for STARTTLS and AUTH may be added in the future).
/* End-user clients should connect directly to the submission
/* service; other systems that require the above features
/* should directly connect to a Postfix SMTP server, or they
/* should be placed on the \fBpostscreen\fR(8) whitelist.
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi

4
postfix/src/postscreen/postscreen_early.c
View File

@ -258,9 +258,7 @@ void ps_early_tests(PS_STATE *state)
*/
if ((state->flags & PS_STATE_FLAG_PREGR_TODO) != 0
&& ps_teaser_greeting != 0
&& ps_send_reply(vstream_fileno(state->smtp_client_stream),
state->smtp_client_addr, state->smtp_client_port,
ps_teaser_greeting) != 0) {
&& PS_SEND_REPLY(state, ps_teaser_greeting) != 0) {
ps_hangup_event(state);
return;
}

4
postfix/src/postscreen/postscreen_misc.c
View File

@ -125,9 +125,7 @@ void ps_conclude(PS_STATE *state)
ps_send_socket(state);
} else {
if ((state->flags & PS_STATE_FLAG_HANGUP) == 0)
(void) ps_send_reply(vstream_fileno(state->smtp_client_stream),
state->smtp_client_addr, state->smtp_client_port,
state->final_reply);
(void) PS_SEND_REPLY(state, state->final_reply);
msg_info("DISCONNECT [%s]:%s", PS_CLIENT_ADDR_PORT(state));
ps_free_session_state(state);
}

13
postfix/src/postscreen/postscreen_send.c
View File

@ -85,9 +85,8 @@ int ps_send_reply(int smtp_client_fd, const char *smtp_client_addr,
* XXX Need to make sure that the TCP send buffer is large enough for any
* response, so that a nasty client can't cause this process to block.
*/
ret = (write_buf(smtp_client_fd, text, strlen(text),
PS_SEND_TEXT_TIMEOUT) < 0);
if (ret != 0 && errno != EPIPE)
ret = write_buf(smtp_client_fd, text, strlen(text), PS_SEND_TEXT_TIMEOUT);
if (ret < 0 && errno != EPIPE)
msg_warn("write [%s]:%s: %m", smtp_client_addr, smtp_client_port);
return (ret);
}
@ -164,9 +163,7 @@ void ps_send_socket(PS_STATE *state)
LOCAL_CONNECT(ps_smtpd_service_name, NON_BLOCKING,
PS_SEND_SOCK_CONNECT_TIMEOUT)) < 0) {
msg_warn("cannot connect to service %s: %m", ps_smtpd_service_name);
ps_send_reply(vstream_fileno(state->smtp_client_stream),
state->smtp_client_addr, state->smtp_client_port,
"421 4.3.2 All server ports are busy\r\n");
PS_SEND_REPLY(state, "421 4.3.2 All server ports are busy\r\n");
ps_free_session_state(state);
return;
}
@ -175,9 +172,7 @@ void ps_send_socket(PS_STATE *state)
vstream_fileno(state->smtp_client_stream)) < 0) {
msg_warn("cannot pass connection to service %s: %m",
ps_smtpd_service_name);
ps_send_reply(vstream_fileno(state->smtp_client_stream),
state->smtp_client_addr, state->smtp_client_port,
"421 4.3.2 No system resources\r\n");
PS_SEND_REPLY(state, "421 4.3.2 No system resources\r\n");
ps_free_session_state(state);
return;
} else {

2
postfix/src/smtp/smtp.c
View File

@ -753,7 +753,7 @@ int var_smtp_mxsess_limit;
int var_smtp_cache_conn;
int var_smtp_reuse_time;
char *var_smtp_cache_dest;
char *var_scache_service;
char *var_scache_service; /* You can now leave this here. */
bool var_smtp_cache_demand;
char *var_smtp_ehlo_dis_words;
char *var_smtp_ehlo_dis_maps;