mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-09-01 06:35:27 +00:00
Code Issues Releases Wiki Activity

postfix-2.3-20050404

Browse Source
This commit is contained in:
Wietse Venema
2005-04-04 00:00:00 -05:00
committed by Viktor Dukhovni
parent e060cb9490
commit e6fad12921
22 changed files with 409 additions and 728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
postfix/HISTORY
View File

@@ -10606,6 +10606,22 @@ Apologies for any names omitted.
specific to 8bit->7bit conversion; they can also happen
with generic address mapping. File: smtp/smtp_proto.c.
Safety: SASL 2.1.19 has a version lookup routine that we
can use to detect compile time / run time version mis-matches
(also known as DLL hell). Files: src/smtpd/smtpd_sasl_glue.c,
src/smtp/smtp_sasl_glue.c, src/lmtp/lmtp_sasl_glue.c.
20050404
Typo: missing comma after dsn=x.yy.zz logging. File:
global/log_adhoc.c.
Feature: specify "smtpd_sasl_authenticated_header = yes"
to report the SASL login name in the Received: message
header, so that the login name is shared with the whole
world. Based on code by Branko F. Gracnar. Files:
smtpd/smtpd.c, and documentation.
Open problems:
Med: disable header address rewriting after XCLIENT?

16
postfix/README_FILES/SASL_README
View File

@@ -20,14 +20,6 @@ When receiving mail, Postfix logs the client-provided username, authentication
method, and sender address to the maillog file, and optionally grants mail
access via the permit_sasl_authenticated UCE restriction.
Postfix does not record the client's SASL authentication information in message
headers, and does not pass it on via SMTP commands when forwarding mail,
because it is no-one else's business to know the client username and
authentication method. People who need to know can find the information in the
local Postfix maillog file. Some day, Postfix message headers will be
configurable and then one can record the SASL username without having to edit C
code.
This document covers the following topics:
* What SASL versions are supported
@@ -123,6 +115,14 @@ In order to allow mail relaying by authenticated clients:
smtpd_recipient_restrictions =
permit_mynetworks permit_sasl_authenticated ...
To report SASL login names in Received: message headers (Postfix version 2.3
and later):
/etc/postfix/main.cf:
smtpd_sasl_authenticated_header = yes
Note: the SASL login names will be shared with the entire world.
In /usr/local/lib/sasl/smtpd.conf (SASL version 1.5.5) or /usr/local/lib/sasl2/
smtpd.conf (SASL version 2.1.1) you need to specify how the server should
validate client passwords.

5
postfix/README_FILES/SMTPD_POLICY_README
View File

@@ -262,8 +262,9 @@ To invoke this service you would specify "check_policy_service inet:127.0.0.1:
GGrreeyylliissttiinngg mmaaiill ffrroomm ffrreeqquueennttllyy ffoorrggeedd ddoommaaiinnss
It is relatively safe to turn on greylisting for specific domains that often
appear in forged email. A list of frequently forged MAIL FROM domains can be
found at http://www.monkeys.com/anti-spam/filtering/sender-domain-validate.in.
appear in forged email. At some point in cyberspace/time a list of frequently
forged MAIL FROM domains could be found at http://www.monkeys.com/anti-spam/
filtering/sender-domain-validate.in.
1 /etc/postfix/main.cf:
2 smtpd_recipient_restrictions =

22
postfix/html/SASL_README.html
View File

@@ -37,15 +37,6 @@ authentication method, and sender address to the maillog file, and
optionally grants mail access via the <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>
UCE restriction. </p>
<p> Postfix does not record the client's SASL authentication
information in message headers, and does not pass it on via SMTP
commands when forwarding mail, because it is no-one else's business
to know the client username and authentication method. People who
need to know can find the information in the local Postfix maillog
file. Some day, Postfix message headers will be configurable and
then one can record the SASL username without having to edit C
code. </p>
<p>This document covers the following topics: </p>
<ul>
@@ -191,6 +182,19 @@ SMTP server</a></h2>
</pre>
</blockquote>
<p> To report SASL login names in Received: message headers
(Postfix version 2.3 and later): </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
<a href="postconf.5.html#smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a> = yes
</pre>
</blockquote>
<p> Note: the SASL login names will be shared with the entire world.
</p>
<p> In /usr/local/lib/sasl/smtpd.conf (SASL version 1.5.5) or
/usr/local/lib/sasl2/smtpd.conf (SASL version 2.1.1) you need to
specify how the server should validate client passwords. </p>

5
postfix/html/SMTPD_POLICY_README.html
View File

@@ -374,8 +374,9 @@ inet:127.0.0.1:9998". </p>
<h2><a name="frequent">Greylisting mail from frequently forged domains</a></h2>
<p> It is relatively safe to turn on greylisting for specific
domains that often appear in forged email. A list of frequently
forged MAIL FROM domains can be found at
domains that often appear in forged email. At some point
in cyberspace/time a list of frequently
forged MAIL FROM domains could be found at
<a href="http://www.monkeys.com/anti-spam/filtering/sender-domain-validate.in">http://www.monkeys.com/anti-spam/filtering/sender-domain-validate.in</a>.
<blockquote>

11
postfix/html/postconf.5.html
View File

@@ -8261,6 +8261,17 @@ See the <a href="SASL_README.html">SASL_README</a> file for SASL configuration a
</p>
</DD>
<DT><b><a name="smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a>
(default: no)</b></DT><DD>
<p> Report the SASL authenticated user name in the <a href="smtpd.8.html">smtpd(8)</a> Received
message header. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a>

6
postfix/html/smtpd.8.html
View File

@@ -227,6 +227,12 @@ SMTPD(8) SMTPD(8)
What SMTP clients Postfix will not offer AUTH sup-
port to.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a> (no)</b>
Report the SASL authenticated user name in the
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> Received message header.
<b>STARTTLS SUPPORT CONTROLS</b>
Detailed information about STARTTLS configuration may be
found in the <a href="TLS_README.html">TLS_README</a> document.

5
postfix/man/man5/postconf.5
View File

@@ -4719,6 +4719,11 @@ specify "smtpd_delay_reject = yes" (which is the default) and use:
.ft R
.PP
See the SASL_README file for SASL configuration and operation details.
.SH smtpd_sasl_authenticated_header (default: no)
Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received
message header.
.PP
This feature is available in Postfix 2.3 and later.
.SH smtpd_sasl_exceptions_networks (default: empty)
What SMTP clients Postfix will not offer AUTH support to.
.PP

5
postfix/man/man8/smtpd.8
View File

@@ -215,6 +215,11 @@ Optional lookup table with the SASL login names that own sender
Available in Postfix version 2.1 and later:
.IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR"
What SMTP clients Postfix will not offer AUTH support to.
.PP
Available in Postfix version 2.3 and later:
.IP "\fBsmtpd_sasl_authenticated_header (no)\fR"
Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received
message header.
.SH "STARTTLS SUPPORT CONTROLS"
.na
.nf

1
postfix/mantools/postlink
View File

@@ -400,6 +400,7 @@ while (<>) {
s;\bsmtpd_restriction_classes\b;<a href="postconf.5.html#smtpd_restriction_classes">$&</a>;g;
s;\bsmtpd_sasl_application_name\b;<a href="postconf.5.html#smtpd_sasl_application_name">$&</a>;g;
s;\bsmtpd_sasl_auth_enable\b;<a href="postconf.5.html#smtpd_sasl_auth_enable">$&</a>;g;
s;\bsmtpd_sasl_authenticated_header\b;<a href="postconf.5.html#smtpd_sasl_authenticated_header">$&</a>;g;
s;\bsmtpd_sasl_exceptions_networks\b;<a href="postconf.5.html#smtpd_sasl_exceptions_networks">$&</a>;g;
s;\bsmtpd_sasl_local_domain\b;<a href="postconf.5.html#smtpd_sasl_local_domain">$&</a>;g;
s;\bsmtpd_sasl_secu[-</Bb>]*\n* *[<Bb>]*rity_options\b;<a href="postconf.5.html#smtpd_sasl_security_options">$&</a>;g;

22
postfix/proto/SASL_README.html
View File

@@ -37,15 +37,6 @@ authentication method, and sender address to the maillog file, and
optionally grants mail access via the permit_sasl_authenticated
UCE restriction. </p>
<p> Postfix does not record the client's SASL authentication
information in message headers, and does not pass it on via SMTP
commands when forwarding mail, because it is no-one else's business
to know the client username and authentication method. People who
need to know can find the information in the local Postfix maillog
file. Some day, Postfix message headers will be configurable and
then one can record the SASL username without having to edit C
code. </p>
<p>This document covers the following topics: </p>
<ul>
@@ -191,6 +182,19 @@ SMTP server</a></h2>
</pre>
</blockquote>
<p> To report SASL login names in Received: message headers
(Postfix version 2.3 and later): </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
smtpd_sasl_authenticated_header = yes
</pre>
</blockquote>
<p> Note: the SASL login names will be shared with the entire world.
</p>
<p> In /usr/local/lib/sasl/smtpd.conf (SASL version 1.5.5) or
/usr/local/lib/sasl2/smtpd.conf (SASL version 2.1.1) you need to
specify how the server should validate client passwords. </p>

5
postfix/proto/SMTPD_POLICY_README.html
View File

@@ -374,8 +374,9 @@ inet:127.0.0.1:9998". </p>
<h2><a name="frequent">Greylisting mail from frequently forged domains</a></h2>
<p> It is relatively safe to turn on greylisting for specific
domains that often appear in forged email. A list of frequently
forged MAIL FROM domains can be found at
domains that often appear in forged email. At some point
in cyberspace/time a list of frequently
forged MAIL FROM domains could be found at
http://www.monkeys.com/anti-spam/filtering/sender-domain-validate.in.
<blockquote>

7
postfix/proto/postconf.proto
View File

@@ -5168,6 +5168,13 @@ specify "smtpd_delay_reject = yes" (which is the default) and use:
See the SASL_README file for SASL configuration and operation details.
</p>
%PARAM smtpd_sasl_authenticated_header no
<p> Report the SASL authenticated user name in the smtpd(8) Received
message header. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM smtpd_sasl_exceptions_networks
<p>

461
postfix/proto/postconf.spec
View File

@@ -1,461 +0,0 @@
%CLASS install
%PARAM command_directory
%PARAM config_directory
%PARAM daemon_directory
%PARAM default_database_type
%PARAM mail_owner
%PARAM mail_spool_directory
%PARAM mailq_path
%PARAM manpage_directory
%PARAM newaliases_path
%PARAM process_id_directory
%PARAM queue_directory
%PARAM readme_directory
%PARAM sample_directory
%PARAM sendmail_path
%PARAM setgid_group
%CLASS postfix
%PARAM mail_release_date
%PARAM mail_version
%CLASS plumbing
%PARAM address_verify_service_name
%PARAM bounce_service_name
%PARAM cleanup_service_name
%PARAM defer_service_name
%PARAM error_service_name
%PARAM flush_service_name
%PARAM pickup_service_name
%PARAM queue_service_name
%PARAM rewrite_service_name
%PARAM showq_service_name
%PARAM trace_service_name
%CLASS security
%PARAM allow_min_user
%PARAM alternate_config_directories
%PARAM authorized_flush_users
%PARAM authorized_mailq_users
%PARAM authorized_submit_users
%PARAM default_privs
%PARAM import_environment
%PARAM proxy_read_maps
%CLASS local-security
%PARAM allow_mail_to_commands
%PARAM allow_mail_to_files
%PARAM command_expansion_filter
%PARAM local_command_shell
%CLASS address-verification
%PARAM address_verify_sender
%PARAM address_verify_service_name
%CLASS address-verification-caching
%PARAM address_verify_map
%PARAM address_verify_negative_cache
%PARAM address_verify_negative_expire_time
%PARAM address_verify_negative_refresh_time
%PARAM address_verify_positive_expire_time
%PARAM address_verify_positive_refresh_time
%CLASS address-verification-routing
%PARAM address_verify_default_transport
%PARAM address_verify_local_transport
%PARAM address_verify_relay_transport
%PARAM address_verify_relayhost
%PARAM address_verify_transport_maps
%PARAM address_verify_virtual_transport
%CLASS smtpd-address-verification
%PARAM address_verify_poll_count
%PARAM address_verify_poll_delay
%PARAM unverified_recipient_reject_code
%PARAM unverified_sender_reject_code
%class compatibility
%PARAM undisclosed_recipients_header
%PARAM allow_min_user
%PARAM backwards_bounce_logfile_compatibility
%CLASS local-compatibility
%PARAM sun_mailtool_compatibility
%PARAM allow_mail_to_commands
%PARAM allow_mail_to_files
%PARAM biff
%CLASS smtpd-compatibility
%PARAM broken_sasl_auth_clients
%PARAM disable_vrfy_command
%PARAM smtpd_helo_required
%PARAM smtpd_noop_commands
%PARAM smtpd_sasl_exceptions_networks
%PARAM strict_rfc821_envelopes
%CLASS smtp-compatibility
%PARAM ignore_mx_lookup_error
%PARAM smtp_always_send_ehlo
%PARAM smtp_defer_if_no_mx_address_found
%PARAM smtp_host_lookup
%PARAM smtp_line_length_limit
%PARAM smtp_never_send_ehlo
%PARAM smtp_pix_workaround_delay_time
%PARAM smtp_pix_workaround_threshold_time
%PARAM smtp_quote_rfc821_envelope
%PARAM smtp_skip_4xx_greeting
%PARAM smtp_skip_5xx_greeting
%PARAM smtp_skip_quit_response
%CLASS lmtp-compatibility
%PARAM lmtp_skip_quit_response
%CLASS mime-compatibility
%PARAM strict_8bitmime
%PARAM strict_8bitmime_body
%PARAM strict_mime_encoding_domain
%PARAM strict_7bit_headers
%CLASS resource-control
%PARAM application_event_drain_time
%PARAM berkeley_db_create_buffer_size
%PARAM berkeley_db_read_buffer_size
%PARAM bounce_size_limit
%PARAM command_time_limit
%PARAM daemon_timeout
%PARAM default_process_limit
%PARAM delay_warning_time
%PARAM deliver_lock_attempts
%PARAM deliver_lock_delay
%PARAM duplicate_filter_limit
%PARAM fork_attempts
%PARAM fork_delay
%PARAM header_address_token_limit
%PARAM header_size_limit
%PARAM hopcount_limit
%PARAM in_flow_delay
%PARAM ipc_idle
%PARAM ipc_timeout
%PARAM ipc_ttl
%PARAM line_length_limit
%PARAM max_idle
%PARAM max_use
%PARAM message_size_limit
%PARAM queue_file_attribute_count_limit
%PARAM service_throttle_time
%PARAM stale_lock_time
%PARAM transport_retry_time
%PARAM trigger_timeout
%CLASS smtpd-resource-control
%PARAM client_event_status_update_time
%PARAM client_rate_time_unit
%PARAM queue_minfree
%PARAM smtpd_client_connection_count_limit
%PARAM smtpd_client_connection_limit_exceptions
%PARAM smtpd_client_connection_rate_limit
%PARAM smtpd_history_flush_threshold
%PARAM smtpd_junk_command_limit
%PARAM smtpd_recipient_limit
%PARAM smtpd_timeout
%CLASS smtp-resource-control
%PARAM smtp_connect_timeout
%PARAM smtp_data_done_timeout
%PARAM smtp_data_init_timeout
%PARAM smtp_data_xfer_timeout
%PARAM smtp_destination_concurrency_limit
%PARAM smtp_destination_recipient_limit
%PARAM smtp_helo_timeout
%PARAM smtp_mail_timeout
%PARAM smtp_mx_address_limit
%PARAM smtp_mx_session_limit
%PARAM smtp_quit_timeout
%PARAM smtp_rcpt_timeout
%PARAM smtp_rset_timeout
%PARAM smtp_xforward_timeout
%CLASS lmtp-resource-control
%PARAM lmtp_cache_connection
%PARAM lmtp_connect_timeout
%PARAM lmtp_data_done_timeout
%PARAM lmtp_data_init_timeout
%PARAM lmtp_data_xfer_timeout
%PARAM lmtp_lhlo_timeout
%PARAM lmtp_mail_timeout
%PARAM lmtp_quit_timeout
%PARAM lmtp_rcpt_timeout
%PARAM lmtp_rset_timeout
%PARAM lmtp_xforward_timeout
%CLASS mime-resource-control
%PARAM mime_boundary_length_limit
%PARAM mime_nesting_limit
%CLASS local-resource-control
%PARAM local_destination_concurrency_limit
%PARAM local_destination_recipient_limit
%CLASS smtpd-tarpit
%PARAM smtpd_error_sleep_time
%PARAM smtpd_hard_error_limit
%PARAM smtpd_soft_error_limit
%CLASS content-filter
%PARAM lmtp_send_xforward_command
%PARAM receive_override_options
%PARAM smtp_send_xforward_command
%PARAM smtpd_authorized_xforward_hosts
%CLASS built-in-filter
%PARAM body_checks
%PARAM body_checks_size_limit
%PARAM header_checks
%PARAM mime_header_checks
%PARAM nested_header_checks
%CLASS after-queue-filter
%PARAM content_filter
%CLASS smtpd-proxy-filter
%PARAM smtpd_proxy_ehlo
%PARAM smtpd_proxy_filter
%PARAM smtpd_proxy_timeout
%CLASS smtp
%PARAM best_mx_transport
%PARAM disable_dns_lookups
%PARAM fallback_relay
%PARAM smtp_bind_address
%PARAM smtp_helo_name
%PARAM smtp_randomize_addresses
%CLASS basic-config
%PARAM alias_maps
%PARAM inet_interfaces
%PARAM mydestination
%PARAM mydomain
%PARAM myhostname
%PARAM mynetworks
%PARAM mynetworks_style
%PARAM myorigin
%PARAM proxy_interfaces
%CLASS smtpd-policy
%PARAM smtpd_policy_service_max_idle
%PARAM smtpd_policy_service_max_ttl
%PARAM smtpd_policy_service_timeout
%CLASS smtpd-access
%PARAM allow_untrusted_routing
%PARAM maps_rbl_domains
%PARAM parent_domain_matches_subdomains
%PARAM permit_mx_backup_networks
%PARAM smtpd_client_restrictions
%PARAM smtpd_data_restrictions
%PARAM smtpd_delay_reject
%PARAM smtpd_etrn_restrictions
%PARAM smtpd_expansion_filter
%PARAM smtpd_helo_restrictions
%PARAM smtpd_null_access_lookup_key
%PARAM smtpd_recipient_restrictions
%PARAM smtpd_reject_unlisted_recipient
%PARAM smtpd_reject_unlisted_sender
%PARAM smtpd_restriction_classes
%PARAM smtpd_sender_restrictions
%CLASS smtpd-reply-code
%PARAM access_map_reject_code
%PARAM default_rbl_reply
%PARAM defer_code
%PARAM invalid_hostname_reject_code
%PARAM maps_rbl_reject_code
%PARAM multi_recipient_bounce_reject_code
%PARAM non_fqdn_reject_code
%PARAM rbl_reply_maps
%PARAM reject_code
%PARAM relay_domains_reject_code
%PARAM unknown_address_reject_code
%PARAM unknown_client_reject_code
%PARAM unknown_hostname_reject_code
%PARAM unknown_local_recipient_reject_code
%PARAM unknown_relay_recipient_reject_code
%PARAM unknown_virtual_alias_reject_code
%PARAM unknown_virtual_mailbox_reject_code
%PARAM unverified_recipient_reject_code
%PARAM unverified_sender_reject_code
%CLASS smtpd-sasl
%PARAM smtpd_sasl_application_name
%PARAM smtpd_sasl_auth_enable
%PARAM smtpd_sasl_local_domain
%PARAM smtpd_sasl_security_options
%PARAM smtpd_sender_login_maps
%CLASS smtp-sasl
%PARAM smtp_sasl_auth_enable
%PARAM smtp_sasl_password_maps
%PARAM smtp_sasl_security_options
%PARAM smtp_sasl_mechanism_filter
%CLASS lmtp-sasl
%PARAM lmtp_sasl_auth_enable
%PARAM lmtp_sasl_password_maps
%PARAM lmtp_sasl_security_options
%CLASS smtpd-unknown-recipients
%PARAM local_recipient_maps
%PARAM relay_recipient_maps
%PARAM virtual_alias_maps
%PARAM virtual_mailbox_maps
%CLASS trouble-shooting
%PARAM 2bounce_notice_recipient
%PARAM bounce_notice_recipient
%PARAM debug_peer_level
%PARAM debug_peer_list
%PARAM debugger_command
%PARAM delay_notice_recipient
%PARAM dont_remove
%PARAM double_bounce_sender
%PARAM error_notice_recipient
%PARAM fault_injection_code
%PARAM helpful_warnings
%PARAM notify_classes
%PARAM show_user_unknown_table_name
%PARAM smtpd_authorized_xclient_hosts
%PARAM soft_bounce
%CLASS mime
%PARAM disable_mime_input_processing
%PARAM disable_mime_output_conversion
%CLASS verp
%PARAM default_verp_delimiters
%PARAM disable_verp_bounces
%PARAM smtpd_authorized_verp_clients
%PARAM verp_delimiter_filter
%CLASS lmtp
%PARAM lmtp_tcp_port
%CLASS other
%PARAM command_directory
%PARAM process_name
%PARAM process_id
%PARAM smtpd_banner
%PARAM mail_name
%CLASS scheduler
%PARAM bounce_queue_lifetime
%PARAM default_delivery_slot_cost
%PARAM default_delivery_slot_discount
%PARAM default_delivery_slot_loan
%PARAM default_destination_concurrency_limit
%PARAM default_destination_recipient_limit
%PARAM default_extra_recipient_limit
%PARAM default_minimum_delivery_slots
%PARAM default_recipient_limit
%PARAM defer_transports
%PARAM initial_destination_concurrency
%PARAM maximal_backoff_time
%PARAM maximal_queue_lifetime
%PARAM minimal_backoff_time
%PARAM qmgr_clog_warn_time
%PARAM qmgr_fudge_factor
%PARAM qmgr_message_active_limit
%PARAM qmgr_message_recipient_limit
%PARAM qmgr_message_recipient_minimum
%PARAM queue_run_delay
%PARAM queue_service_name
%CLASS qmqpd
%PARAM qmqpd_authorized_clients
%PARAM qmqpd_error_delay
%PARAM qmqpd_timeout
%CLASS logging
%PARAM syslog_facility
%PARAM syslog_name
%PARAM debug_peer_list
%PARAM debug_peer_level
%CLASS etrn
%PARAM fast_flush_domains
%PARAM fast_flush_purge_time
%PARAM fast_flush_refresh_time
%PARAM flush_service_name
%CLASS local
%PARAM alias_database
%PARAM alias_maps
%PARAM export_environment
%PARAM fallback_transport
%PARAM forward_expansion_filter
%PARAM forward_path
%PARAM home_mailbox
%PARAM local_transport
%PARAM luser_relay
%PARAM mailbox_command
%PARAM mailbox_command_maps
%PARAM mailbox_delivery_lock
%PARAM mailbox_size_limit
%PARAM mailbox_transport
%PARAM prepend_delivered_header
%PARAM require_home_directory
%CLASS address-manipulation
%PARAM allow_percent_hack
%PARAM always_bcc
%PARAM append_at_myorigin
%PARAM append_dot_mydomain
%PARAM canonical_maps
%PARAM cleanup_service_name
%PARAM default_transport
%PARAM default_transport
%PARAM empty_address_recipient
%PARAM enable_original_recipient
%PARAM expand_owner_alias
%PARAM masquerade_classes
%PARAM masquerade_domains
%PARAM masquerade_exceptions
%PARAM owner_request_special
%PARAM propagate_unmatched_extensions
%PARAM recipient_bcc_maps
%PARAM recipient_canonical_maps
%PARAM recipient_delimiter
%PARAM relay_domains
%PARAM relay_transport
%PARAM relayhost
%PARAM relocated_maps
%PARAM resolve_dequoted_address
%PARAM rewrite_service_name
%PARAM sender_based_routing
%PARAM sender_bcc_maps
%PARAM sender_canonical_maps
%PARAM swap_bangpath
%PARAM transport_maps
%PARAM virtual_alias_expansion_limit
%PARAM virtual_alias_maps
%PARAM virtual_alias_recursion_limit
%CLASS queue-hashing
%PARAM hash_queue_depth
%PARAM hash_queue_names
%CLASS virtual-mailbox
%PARAM virtual_gid_maps
%PARAM virtual_mailbox_base
%PARAM virtual_mailbox_domains
%PARAM virtual_mailbox_limit
%PARAM virtual_mailbox_lock
%PARAM virtual_mailbox_maps
%PARAM virtual_minimum_uid
%PARAM virtual_transport
%PARAM virtual_uid_maps
%CLASS virtual-alias-domain
%PARAM virtual_alias_domains
%PARAM virtual_alias_expansion_limit
%PARAM virtual_alias_maps
%PARAM virtual_alias_recursion_limit

4
postfix/src/global/log_adhoc.c
View File

@@ -120,10 +120,10 @@ void vlog_adhoc(const char *id, const char *orig_rcpt,
vstring_vsprintf(why, fmt, ap);
if (orig_rcpt && *orig_rcpt && strcasecmp(recipient, orig_rcpt) != 0)
msg_info("%s: to=<%s>, orig_to=<%s>, relay=%s, delay=%d, dsn=%s status=%s (%s)",
msg_info("%s: to=<%s>, orig_to=<%s>, relay=%s, delay=%d, dsn=%s, status=%s (%s)",
id, recipient, orig_rcpt, relay, delay, detail, status, vstring_str(why));
else
msg_info("%s: to=<%s>, relay=%s, delay=%d, dsn=%s status=%s (%s)",
msg_info("%s: to=<%s>, relay=%s, delay=%d, dsn=%s, status=%s (%s)",
id, recipient, relay, delay, detail, status, vstring_str(why));
vstring_free(why);
}

4
postfix/src/global/mail_params.h
View File

@@ -1177,6 +1177,10 @@ extern int var_smtp_tls_scache_timeout;
#define DEF_SMTPD_SASL_ENABLE 0
extern bool var_smtpd_sasl_enable;
#define VAR_SMTPD_SASL_AUTH_HDR "smtpd_sasl_authenticated_header"
#define DEF_SMTPD_SASL_AUTH_HDR 0
extern bool var_smtpd_sasl_auth_hdr;
#define VAR_SMTPD_SASL_OPTS "smtpd_sasl_security_options"
#define DEF_SMTPD_SASL_OPTS "noanonymous"
extern char *var_smtpd_sasl_opts;

2
postfix/src/global/mail_version.h
View File

@@ -20,7 +20,7 @@
* Patches change the patchlevel and the release date. Snapshots change the
* release date only.
*/
#define MAIL_RELEASE_DATE "20050402"
#define MAIL_RELEASE_DATE "20050404"
#define MAIL_VERSION_NUMBER "2.3"
#define VAR_MAIL_VERSION "mail_version"

21
postfix/src/lmtp/lmtp_sasl_glue.c
View File

@@ -292,6 +292,27 @@ int lmtp_sasl_passwd_lookup(LMTP_STATE *state)
void lmtp_sasl_initialize(void)
{
#if SASL_VERSION_MAJOR >= 2 && (SASL_VERSION_MINOR >= 2 \
|| (SASL_VERSION_MINOR == 1 && SASL_VERSION_STEP >= 19))
int sasl_major;
int sasl_minor;
int sasl_step;
/*
* DLL hell guard.
*/
sasl_version_info((const char **) 0, (const char **) 0,
&sasl_major, &sasl_minor,
&sasl_step, (int *) 0);
if (sasl_major != SASL_VERSION_MAJOR
|| sasl_minor != SASL_VERSION_MINOR
|| sasl_step != SASL_VERSION_STEP)
msg_fatal("incorrect SASL library version. "
"Postfix was built for version %d.%d.%d, "
"but the run-time library version is %d.%d.%d",
SASL_VERSION_MAJOR, SASL_VERSION_MINOR, SASL_VERSION_STEP,
sasl_major, sasl_minor, sasl_step);
#endif
/*
* Global callbacks. These have no per-session context.

21
postfix/src/smtp/smtp_sasl_glue.c
View File

@@ -321,6 +321,27 @@ int smtp_sasl_passwd_lookup(SMTP_SESSION *session)
void smtp_sasl_initialize(void)
{
#if SASL_VERSION_MAJOR >= 2 && (SASL_VERSION_MINOR >= 2 \
|| (SASL_VERSION_MINOR == 1 && SASL_VERSION_STEP >= 19))
int sasl_major;
int sasl_minor;
int sasl_step;
/*
* DLL hell guard.
*/
sasl_version_info((const char **) 0, (const char **) 0,
&sasl_major, &sasl_minor,
&sasl_step, (int *) 0);
if (sasl_major != SASL_VERSION_MAJOR
|| sasl_minor != SASL_VERSION_MINOR
|| sasl_step != SASL_VERSION_STEP)
msg_fatal("incorrect SASL library version. "
"Postfix was built for version %d.%d.%d, "
"but the run-time library version is %d.%d.%d",
SASL_VERSION_MAJOR, SASL_VERSION_MINOR, SASL_VERSION_STEP,
sasl_major, sasl_minor, sasl_step);
#endif
/*
* Global callbacks. These have no per-session context.

51
postfix/src/smtpd/smtpd.c
View File

@@ -187,6 +187,11 @@
/* Available in Postfix version 2.1 and later:
/* .IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR"
/* What SMTP clients Postfix will not offer AUTH support to.
/* .PP
/* Available in Postfix version 2.3 and later:
/* .IP "\fBsmtpd_sasl_authenticated_header (no)\fR"
/* Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received
/* message header.
/* STARTTLS SUPPORT CONTROLS
/* .ad
/* .fi
@@ -856,6 +861,7 @@ bool var_allow_untrust_route;
int var_smtpd_junk_cmd_limit;
int var_smtpd_rcpt_overlim;
bool var_smtpd_sasl_enable;
bool var_smtpd_sasl_auth_hdr;
char *var_smtpd_sasl_opts;
char *var_smtpd_sasl_appname;
char *var_smtpd_sasl_realm;
@@ -1824,11 +1830,9 @@ static void rcpt_reset(SMTPD_STATE *state)
state->rcpt_overshoot = 0;
}
#ifdef USE_TLS
/* comment_sanitize - clesn up comment string */
/* CN_sanitize - make sure, the CN-string is well behaved */
static void CN_sanitize(VSTRING *CNstring)
static void comment_sanitize(VSTRING *comment_string)
{
unsigned char *cp;
int ch;
@@ -1836,12 +1840,13 @@ static void CN_sanitize(VSTRING *CNstring)
/*
* Postfix Received: headers can be configured to include a comment with
* the CN (CommonName) of the peer and its issuer. To avoid problems with
* RFC 822 etc. syntax, we limit the CN information to printable ASCII
* text, and neutralize characters that affect comment parsing: the
* backslash and unbalanced parentheses.
* the CN (CommonName) of the peer and its issuer, or the login name of a
* SASL authenticated user. To avoid problems with RFC 822 etc. syntax,
* we limit this information to printable ASCII text, and neutralize
* characters that affect comment parsing: the backslash and unbalanced
* parentheses.
*/
for (pc = 0, cp = (unsigned char *) STR(CNstring); (ch = *cp) != 0; cp++) {
for (pc = 0, cp = (unsigned char *) STR(comment_string); (ch = *cp) != 0; cp++) {
if (!ISASCII(ch) || !ISPRINT(ch) || ch == '\\') {
*cp = '?';
} else if (ch == '(') {
@@ -1854,11 +1859,9 @@ static void CN_sanitize(VSTRING *CNstring)
}
}
while (pc-- > 0)
VSTRING_ADDCH(CNstring, ')');
VSTRING_ADDCH(comment_string, ')');
}
#endif
/* data_cmd - process DATA command */
static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
@@ -1882,6 +1885,10 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
VSTRING *peer_CN;
VSTRING *issuer_CN;
#endif
#ifdef USE_SASL_AUTH
VSTRING *username;
#endif
/*
@@ -1965,6 +1972,9 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
"Received: from %s (%s [%s])",
state->helo_name ? state->helo_name : state->name,
state->name, state->rfc_addr);
#define VSTRING_STRDUP(s) vstring_strcpy(vstring_alloc(strlen(s) + 1), (s))
#ifdef USE_TLS
if (var_smtpd_tls_received_header && state->tls_context) {
out_fprintf(out_stream, REC_TYPE_NORM,
@@ -1972,14 +1982,11 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
state->tls_info.protocol, state->tls_info.cipher_name,
state->tls_info.cipher_usebits,
state->tls_info.cipher_algbits);
#define VSTRING_STRDUP(s) vstring_strcpy(vstring_alloc(strlen(s) + 1), (s))
if (state->tls_info.peer_CN) {
peer_CN = VSTRING_STRDUP(state->tls_info.peer_CN);
CN_sanitize(peer_CN);
comment_sanitize(peer_CN);
issuer_CN = VSTRING_STRDUP(state->tls_info.issuer_CN);
CN_sanitize(issuer_CN);
comment_sanitize(issuer_CN);
if (state->tls_info.peer_verified)
out_fprintf(out_stream, REC_TYPE_NORM,
"\t(Client CN \"%s\", Issuer \"%s\" (verified OK))",
@@ -1997,6 +2004,15 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
out_fprintf(out_stream, REC_TYPE_NORM,
"\t(No client certificate requested)");
}
#endif
#ifdef USE_SASL_AUTH
if (var_smtpd_sasl_auth_hdr && state->sasl_username) {
username = VSTRING_STRDUP(state->sasl_username);
comment_sanitize(username);
out_fprintf(out_stream, REC_TYPE_NORM,
"\t(Authenticated sender: %s)", STR(username));
vstring_free(username);
}
#endif
if (state->rcpt_count == 1 && state->recipient) {
out_fprintf(out_stream, REC_TYPE_NORM,
@@ -3399,6 +3415,7 @@ int main(int argc, char **argv)
VAR_DISABLE_VRFY_CMD, DEF_DISABLE_VRFY_CMD, &var_disable_vrfy_cmd,
VAR_ALLOW_UNTRUST_ROUTE, DEF_ALLOW_UNTRUST_ROUTE, &var_allow_untrust_route,
VAR_SMTPD_SASL_ENABLE, DEF_SMTPD_SASL_ENABLE, &var_smtpd_sasl_enable,
VAR_SMTPD_SASL_AUTH_HDR, DEF_SMTPD_SASL_AUTH_HDR, &var_smtpd_sasl_auth_hdr,
VAR_BROKEN_AUTH_CLNTS, DEF_BROKEN_AUTH_CLNTS, &var_broken_auth_clients,
VAR_SHOW_UNK_RCPT_TABLE, DEF_SHOW_UNK_RCPT_TABLE, &var_show_unk_rcpt_table,
VAR_SMTPD_REJ_UNL_FROM, DEF_SMTPD_REJ_UNL_FROM, &var_smtpd_rej_unl_from,

21
postfix/src/smtpd/smtpd_sasl_glue.c
View File

@@ -208,6 +208,27 @@ static NAME_MASK smtpd_sasl_mask[] = {
void smtpd_sasl_initialize(void)
{
#if SASL_VERSION_MAJOR >= 2 && (SASL_VERSION_MINOR >= 2 \
|| (SASL_VERSION_MINOR == 1 && SASL_VERSION_STEP >= 19))
int sasl_major;
int sasl_minor;
int sasl_step;
/*
* DLL hell guard.
*/
sasl_version_info((const char **) 0, (const char **) 0,
&sasl_major, &sasl_minor,
&sasl_step, (int *) 0);
if (sasl_major != SASL_VERSION_MAJOR
|| sasl_minor != SASL_VERSION_MINOR
|| sasl_step != SASL_VERSION_STEP)
msg_fatal("incorrect SASL library version. "
"Postfix was built for version %d.%d.%d, "
"but the run-time library version is %d.%d.%d",
SASL_VERSION_MAJOR, SASL_VERSION_MINOR, SASL_VERSION_STEP,
sasl_major, sasl_minor, sasl_step);
#endif
/*
* Initialize the library: load SASL plug-in routines, etc.

8
postfix/src/tls/tls_scache.c
View File

@@ -144,9 +144,6 @@
/*
* Session cache entry format.
*
* XXX The session cache version number is not needed because we truncate the
* database when it is opened.
*/
typedef struct {
time_t timestamp; /* time when saved */
@@ -221,8 +218,7 @@ static int tls_scache_decode(TLS_SCACHE *cp, const char *cache_id,
}
/*
* Disassemble the TLS session cache entry and enforce version number
* restrictions.
* Disassemble the TLS session cache entry.
*
* No early returns or we have a memory leak.
*/
@@ -289,7 +285,7 @@ int tls_scache_lookup(TLS_SCACHE *cp, const char *cache_id,
return (0);
/*
* Decode entry and verify version information.
* Decode entry and delete if expired or malformed.
*/
if (tls_scache_decode(cp, cache_id, hex_data, strlen(hex_data),
session) == 0) {