diff --git a/postfix/HISTORY b/postfix/HISTORY index 1eb3a09c3..f5d857a0e 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -23060,3 +23060,15 @@ Apologies for any names omitted. correct form :ffff::1.2.3.4. Incorrect or misleading comments are worse than no comments. Files: smtpd/smtpd_haproxy.c, postscreen/postscreen_haproxy.c. + +20170721 + + Bitrot: updated postconf LDAP database configuration check with + SASL and TLS-related parameters. Reported by Ralf Hildebrandt. + File: postconf/postconf_dbms.c. + +20170722 + + Cleanup: don't log the 'delay_dotcrlf' workaround for CISCO + PIX bugs before the smtp_pix_workaround_threshold_time has + passed. Reported by Ralf Hildebrandt. File: smtp/smtp_proto.c. diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 06e4907cd..103de3e75 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -29,9 +29,6 @@ Wish list: In the bounce daemon, set util_utf8_enable if returning an SMTPUTF8 message. - Merge in the code to check database client configuration - files for unknown or duplicate settings. - Add a header_body_checks extension callback in smtp_proto.c that implements the PASS action. @@ -52,7 +49,9 @@ Wish list: Fix "make test" bitrot. - Move DNS-based tests from porcupine.org to postfix.org. + Move DNS-based tests from porcupine.org to postfix.org, or use + a mock DNS library (a library that presents the same API as the + real library, but that produces canned responses). Document dns_ncache_ttl_fix_enable use case in POSTSCREEN_README and RELEASE_NOTES. diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index beb0abbd6..b21a5beab 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20170716" +#define MAIL_RELEASE_DATE "20170722" #define MAIL_VERSION_NUMBER "3.3" #ifdef SNAPSHOT diff --git a/postfix/src/postconf/postconf_dbms.c b/postfix/src/postconf/postconf_dbms.c index 33542073a..57f94cc01 100644 --- a/postfix/src/postconf/postconf_dbms.c +++ b/postfix/src/postconf/postconf_dbms.c @@ -94,10 +94,13 @@ static const char *pcf_ldap_suffixes[] = { "bind", "bind_dn", "bind_pw", "cache", "cache_expiry", "cache_size", "chase_referrals", "debuglevel", "dereference", "domain", "expansion_limit", "leaf_result_attribute", "query_filter", - "recursion_limit", "result_attribute", "result_format", "scope", - "search_base", "server_host", "server_port", "size_limit", - "special_result_attribute", "terminal_result_attribute", - "timeout", "version", 0, + "recursion_limit", "result_attribute", "result_format", + "sasl_authz_id", "sasl_mechs", "sasl_minssf", "sasl_realm", + "scope", "search_base", "server_host", "server_port", "size_limit", + "special_result_attribute", "start_tls", "terminal_result_attribute", + "timeout", "tls_ca_cert_dir", "tls_ca_cert_file", "tls_cert", + "tls_cipher_suite", "tls_key", "tls_random_file", "tls_require_cert", + "version", 0, }; /* See mysql_table(5). */ diff --git a/postfix/src/smtp/smtp_proto.c b/postfix/src/smtp/smtp_proto.c index 89a3aab94..343231613 100644 --- a/postfix/src/smtp/smtp_proto.c +++ b/postfix/src/smtp/smtp_proto.c @@ -403,6 +403,10 @@ int smtp_helo(SMTP_STATE *state) pix_bug_mask = name_mask_opt(pix_bug_source, pix_bug_table, pix_bug_words, NAME_MASK_ANY_CASE | NAME_MASK_IGNORE); + if ((pix_bug_mask & SMTP_FEATURE_PIX_DELAY_DOTCRLF) + && request->msg_stats.incoming_arrival.tv_sec + > vstream_ftime(state->session->stream) - var_smtp_pix_thresh) + pix_bug_mask &= ~SMTP_FEATURE_PIX_DELAY_DOTCRLF; msg_info("%s: enabling PIX workarounds: %s for %s", request->queue_id, str_name_mask("pix workaround bitmask", @@ -2147,9 +2151,7 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state, } } else if (prev_type == REC_TYPE_CONT) /* missing newline */ smtp_fputs("", 0, session->stream); - if ((session->features & SMTP_FEATURE_PIX_DELAY_DOTCRLF) != 0 - && request->msg_stats.incoming_arrival.tv_sec - <= vstream_ftime(session->stream) - var_smtp_pix_thresh) { + if (session->features & SMTP_FEATURE_PIX_DELAY_DOTCRLF) { smtp_flush(session->stream);/* hurts performance */ sleep(var_smtp_pix_delay); /* not to mention this */ }