From e9233f730b0d85c208c2d2f8786e5ef8ce69fd2a Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Fri, 11 May 2007 00:00:00 -0500 Subject: [PATCH] postfix-2.3.10-RC1 --- postfix/HISTORY | 25 ++++++++++++++++++++++++ postfix/README_FILES/SMTPD_POLICY_README | 17 ++++++++++++---- postfix/html/SMTPD_POLICY_README.html | 17 ++++++++++++---- postfix/html/postconf.1.html | 4 ++-- postfix/man/man1/postconf.1 | 2 +- postfix/proto/SMTPD_POLICY_README.html | 17 ++++++++++++---- postfix/src/cleanup/cleanup_message.c | 2 +- postfix/src/global/mail_version.h | 4 ++-- postfix/src/postconf/postconf.c | 2 +- postfix/src/qmqpd/qmqpd_peer.c | 22 +++++++++++++++++++-- postfix/src/smtpd/smtpd_peer.c | 22 +++++++++++++++++++-- 11 files changed, 111 insertions(+), 23 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index dbebff361..dfaa4d8e5 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -12986,3 +12986,28 @@ Apologies for any names omitted. with deadlock, "postfix stop" forcefully stops all processes in the master's process group. Files: conf/postfix-script, master/master_sig.c. Back-ported from Postfix 2.4. + +20070425 + + Bugfix: don't falsely report "lost connection from + localhost[127.0.0.1]" when Postfix is being portscanned. + Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c. + +20070430 + + Robustness: recommend a "0" process limit for policy servers + to avoid "connection refused" problems when the smtpd process + limit exceeds the default process limit. File: + proto/SMTPD_POLICY_README.html. + +20070501 + + Safety: when IPv6 (or IPv4) is turned off, don't treat an + IPv6 (or IPv4) connection from e.g. inetd as if it comes + from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c, + qmqpd/qmqpd_peer.c. + +20070508 + + Bugfix: Content-Transfer-Encoding: attribute values are + case insensitive. File: src/cleanup/cleanup_message.c. diff --git a/postfix/README_FILES/SMTPD_POLICY_README b/postfix/README_FILES/SMTPD_POLICY_README index 6ce119b84..65c9c111c 100644 --- a/postfix/README_FILES/SMTPD_POLICY_README +++ b/postfix/README_FILES/SMTPD_POLICY_README @@ -40,6 +40,7 @@ terminated by an empty line. Here is an example of all the attributes that the Postfix SMTP server sends in a delegated SMTPD access policy request: + PPoossttffiixx vveerrssiioonn 22..11 aanndd llaatteerr:: request=smtpd_access_policy protocol_state=RCPT protocol_name=SMTP @@ -167,7 +168,7 @@ To create a policy service that listens on a UNIX-domain socket called use something like this: 1 /etc/postfix/master.cf: - 2 policy unix - n n - - spawn + 2 policy unix - n n - 0 spawn 3 user=nobody argv=/some/where/policy-server 4 5 /etc/postfix/main.cf: @@ -187,13 +188,17 @@ NOTES: "policy_time_limit" setting. The name of the parameter is the name of the master.cf entry ("policy") concatenated with the "_time_limit" suffix. + * Line 2: specify a "0" process limit instead of the default "-", to avoid + "connection refused" and other problems when the smtpd process limit + exceeds the default_process_limit setting. + * Lines 8, 9: always specify "check_policy_service" AFTER "reject_unauth_destination" or else your system could become an open relay. * Solaris UNIX-domain sockets do not work reliably. Use TCP sockets instead: 1 /etc/postfix/master.cf: - 2 127.0.0.1:9998 inet n n n - - spawn + 2 127.0.0.1:9998 inet n n n - 0 spawn 3 user=nobody argv=/some/where/policy-server 4 5 /etc/postfix/main.cf: @@ -261,7 +266,7 @@ daemon. For example, to run the script as user "nobody", using a UNIX-domain socket that is accessible by Postfix processes only: 1 /etc/postfix/master.cf: - 2 policy unix - n n - - spawn + 2 policy unix - n n - 0 spawn 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl 4 5 /etc/postfix/main.cf: @@ -279,11 +284,15 @@ Notes: "policy_time_limit" setting. The name of the parameter is the name of the master.cf entry ("policy") concatenated with the "_time_limit" suffix. + * Line 2: specify a "0" process limit instead of the default "-", to avoid + "connection refused" and other problems when the smtpd process limit + exceeds the default_process_limit setting. + On Solaris you must use inet: style sockets instead of unix: style, as detailed in the "Policy client/server configuration" section above. 1 /etc/postfix/master.cf: - 2 127.0.0.1:9998 inet n n n - - spawn + 2 127.0.0.1:9998 inet n n n - 0 spawn 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl 4 5 /etc/postfix/main.cf: diff --git a/postfix/html/SMTPD_POLICY_README.html b/postfix/html/SMTPD_POLICY_README.html index 76f4cd8e6..cf662a28d 100644 --- a/postfix/html/SMTPD_POLICY_README.html +++ b/postfix/html/SMTPD_POLICY_README.html @@ -72,6 +72,7 @@ server sends in a delegated SMTPD access policy request: 

+Postfix version 2.1 and later:
 request=smtpd_access_policy
 protocol_state=RCPT
 protocol_name=SMTP
@@ -238,7 +239,7 @@ daemon, you would use something like this: 

 

 
  1 /etc/postfix/master.cf:
- 2     policy  unix  -       n       n       -       -       spawn
+ 2     policy  unix  -       n       n       -       0       spawn
  3       user=nobody argv=/some/where/policy-server
  4 
  5 /etc/postfix/main.cf:
@@ -263,6 +264,10 @@ to an SMTP server process. The default time limit is overruled in
 the parameter is the name of the master.cf entry ("policy")
 concatenated with the "_time_limit" suffix.  

 
+
  •  
     Line 2: specify a "0" process limit instead of the default
+"-", to avoid "connection refused" and other problems when the smtpd
+process limit exceeds the default_process_limit setting. 
    
+
 
  •  
     Lines 8, 9: always specify "check_policy_service" AFTER
 "reject_unauth_destination" or else your system could become an
 open relay. 
    
@@ -275,7 +280,7 @@ TCP sockets instead: 
    
 
    
 
      1 /etc/postfix/master.cf:
- 2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
+ 2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
  3       user=nobody argv=/some/where/policy-server
  4 
  5 /etc/postfix/main.cf:
@@ -367,7 +372,7 @@ processes only: 
    
 
    
 
     1 /etc/postfix/master.cf:
-2     policy  unix  -       n       n       -       -       spawn
+2     policy  unix  -       n       n       -       0       spawn
 3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
 4 
 5 /etc/postfix/main.cf:
@@ -390,6 +395,10 @@ to an SMTP server process. The default time limit is overruled in
 the parameter is the name of the master.cf entry ("policy")
 concatenated with the "_time_limit" suffix.  
    
 
+
  •  
     Line 2: specify a "0" process limit instead of the default
+"-", to avoid "connection refused" and other problems when the smtpd
+process limit exceeds the default_process_limit setting. 
    
+
 
 
 
     On Solaris you must use inet: style sockets instead of unix:
@@ -399,7 +408,7 @@ client/server configuration" section above.  
    
 
    
 
     1 /etc/postfix/master.cf:
-2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
+2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
 3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
 4 
 5 /etc/postfix/main.cf:
diff --git a/postfix/html/postconf.1.html b/postfix/html/postconf.1.html
index 02eef4281..0640384da 100644
--- a/postfix/html/postconf.1.html
+++ b/postfix/html/postconf.1.html
@@ -177,8 +177,8 @@ POSTCONF(1)                                                        POSTCONF(1)
               tcp (read-only)
                      Perform lookups using a simple request-reply
                      protocol that is described in  tcp_table(5).
-                     This  feature  is  not included with Postfix
-                     2.2.
+                     This feature is not included with the stable
+                     Postfix release.
 
               unix (read-only)
                      A limited way to query the UNIX  authentica-
diff --git a/postfix/man/man1/postconf.1 b/postfix/man/man1/postconf.1
index f53403163..c0fed1ae4 100644
--- a/postfix/man/man1/postconf.1
+++ b/postfix/man/man1/postconf.1
@@ -152,7 +152,7 @@ result.
 .IP "\fBtcp\fR (read-only)"
 Perform lookups using a simple request-reply protocol that is
 described in \fBtcp_table\fR(5).
-This feature is not included with Postfix 2.2.
+This feature is not included with the stable Postfix release.
 .IP "\fBunix\fR (read-only)"
 A limited way to query the UNIX authentication database. The
 following tables are implemented:
diff --git a/postfix/proto/SMTPD_POLICY_README.html b/postfix/proto/SMTPD_POLICY_README.html
index 6030d6183..a53c4d237 100644
--- a/postfix/proto/SMTPD_POLICY_README.html
+++ b/postfix/proto/SMTPD_POLICY_README.html
@@ -72,6 +72,7 @@ server sends in a delegated SMTPD access policy request: 
    
 
 
    
 
    +Postfix version 2.1 and later:
 request=smtpd_access_policy
 protocol_state=RCPT
 protocol_name=SMTP
@@ -238,7 +239,7 @@ daemon, you would use something like this: 
    
 
    
 
      1 /etc/postfix/master.cf:
- 2     policy  unix  -       n       n       -       -       spawn
+ 2     policy  unix  -       n       n       -       0       spawn
  3       user=nobody argv=/some/where/policy-server
  4 
  5 /etc/postfix/main.cf:
@@ -263,6 +264,10 @@ main.cf with an explicit "policy_time_limit" setting.  The name of
 the parameter is the name of the master.cf entry ("policy")
 concatenated with the "_time_limit" suffix.  
    
 
+
  •  
     Line 2: specify a "0" process limit instead of the default
+"-", to avoid "connection refused" and other problems when the smtpd
+process limit exceeds the default_process_limit setting. 
    
+
 
  •  
     Lines 8, 9: always specify "check_policy_service" AFTER
 "reject_unauth_destination" or else your system could become an
 open relay. 
    
@@ -275,7 +280,7 @@ TCP sockets instead: 
    
 
    
 
      1 /etc/postfix/master.cf:
- 2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
+ 2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
  3       user=nobody argv=/some/where/policy-server
  4 
  5 /etc/postfix/main.cf:
@@ -367,7 +372,7 @@ processes only: 
    
 
    
 
     1 /etc/postfix/master.cf:
-2     policy  unix  -       n       n       -       -       spawn
+2     policy  unix  -       n       n       -       0       spawn
 3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
 4 
 5 /etc/postfix/main.cf:
@@ -390,6 +395,10 @@ main.cf with an explicit "policy_time_limit" setting.  The name of
 the parameter is the name of the master.cf entry ("policy")
 concatenated with the "_time_limit" suffix.  
    
 
+
  •  
     Line 2: specify a "0" process limit instead of the default
+"-", to avoid "connection refused" and other problems when the smtpd
+process limit exceeds the default_process_limit setting. 
    
+
 
 
 
     On Solaris you must use inet: style sockets instead of unix:
@@ -399,7 +408,7 @@ client/server configuration" section above.  
    
 
    
 
     1 /etc/postfix/master.cf:
-2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
+2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
 3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
 4 
 5 /etc/postfix/main.cf:
diff --git a/postfix/src/cleanup/cleanup_message.c b/postfix/src/cleanup/cleanup_message.c
index 5e71c8b89..00e2d6d1a 100644
--- a/postfix/src/cleanup/cleanup_message.c
+++ b/postfix/src/cleanup/cleanup_message.c
@@ -515,7 +515,7 @@ static void cleanup_header_callback(void *context, int header_class,
     if (hdr_opts->type == HDR_CONTENT_TRANSFER_ENCODING) {
 	for (cmp = code_map; cmp->name != 0; cmp++) {
 	    if (strcasecmp(hdrval, cmp->name) == 0) {
-		if (strcmp(cmp->encoding, MAIL_ATTR_ENC_8BIT) == 0)
+		if (strcasecmp(cmp->encoding, MAIL_ATTR_ENC_8BIT) == 0)
 		    nvtable_update(state->attr, MAIL_ATTR_ENCODING,
 				   cmp->encoding);
 		break;
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 50054d400..6f9f64174 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20070423"
-#define MAIL_VERSION_NUMBER	"2.3.9"
+#define MAIL_RELEASE_DATE	"20070511"
+#define MAIL_VERSION_NUMBER	"2.3.10-RC1"
 
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c
index 376644fe9..3bf12da55 100644
--- a/postfix/src/postconf/postconf.c
+++ b/postfix/src/postconf/postconf.c
@@ -146,7 +146,7 @@
 /* .IP "\fBtcp\fR (read-only)"
 /*	Perform lookups using a simple request-reply protocol that is
 /*	described in \fBtcp_table\fR(5).
-/*	This feature is not included with Postfix 2.2.
+/*	This feature is not included with the stable Postfix release.
 /* .IP "\fBunix\fR (read-only)"
 /*	A limited way to query the UNIX authentication database. The
 /*	following tables are implemented:
diff --git a/postfix/src/qmqpd/qmqpd_peer.c b/postfix/src/qmqpd/qmqpd_peer.c
index 9d084e56d..f97a52452 100644
--- a/postfix/src/qmqpd/qmqpd_peer.c
+++ b/postfix/src/qmqpd/qmqpd_peer.c
@@ -91,7 +91,7 @@ void    qmqpd_peer_init(QMQPD_STATE *state)
     /*
      * If peer went away, give up.
      */
-    if (errno == ECONNRESET || errno == ECONNABORTED) {
+    if (errno != 0 && errno != ENOTSOCK) {
 	state->name = mystrdup(CLIENT_NAME_UNKNOWN);
 	state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
 	state->rfc_addr = mystrdup(CLIENT_ADDR_UNKNOWN);
@@ -100,14 +100,32 @@ void    qmqpd_peer_init(QMQPD_STATE *state)
 
     /*
      * Convert the client address to printable address and hostname.
+     * 
+     * XXX If we're given an IPv6 (or IPv4) connection from, e.g., inetd, while
+     * Postfix IPv6 (or IPv4) support is turned off, don't (skip to the final
+     * else clause, pretend the origin is localhost[127.0.0.1], and become an
+     * open relay).
      */
     else if (errno == 0
-	     && strchr((char *) proto_info->sa_family_list, sa->sa_family)) {
+	     && (sa->sa_family == AF_INET
+#ifdef AF_INET6
+		 || sa->sa_family == AF_INET6
+#endif
+		 )) {
 	MAI_HOSTNAME_STR client_name;
 	MAI_HOSTADDR_STR client_addr;
 	int     aierr;
 	char   *colonp;
 
+	/*
+	 * Sanity check: we can't use sockets that we're not configured for.
+	 */
+	if (strchr((char *) proto_info->sa_family_list, sa->sa_family) == 0)
+	    msg_fatal("cannot handle socket type %s with \"%s = %s\"",
+		      sa->sa_family == AF_INET6 ? "AF_INET6" :
+		      sa->sa_family == AF_INET ? "AF_INET" :
+		      "other", VAR_INET_PROTOCOLS, var_inet_protocols);
+
 	/*
 	 * Sorry, but there are some things that we just cannot do while
 	 * connected to the network.
diff --git a/postfix/src/smtpd/smtpd_peer.c b/postfix/src/smtpd/smtpd_peer.c
index 8dacecffb..e61e8233e 100644
--- a/postfix/src/smtpd/smtpd_peer.c
+++ b/postfix/src/smtpd/smtpd_peer.c
@@ -155,7 +155,7 @@ void    smtpd_peer_init(SMTPD_STATE *state)
     /*
      * If peer went away, give up.
      */
-    if (errno == ECONNRESET || errno == ECONNABORTED) {
+    if (errno != 0 && errno != ENOTSOCK) {
 	state->name = mystrdup(CLIENT_NAME_UNKNOWN);
 	state->reverse_name = mystrdup(CLIENT_NAME_UNKNOWN);
 	state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
@@ -167,14 +167,32 @@ void    smtpd_peer_init(SMTPD_STATE *state)
 
     /*
      * Convert the client address to printable address and hostname.
+     * 
+     * XXX If we're given an IPv6 (or IPv4) connection from, e.g., inetd, while
+     * Postfix IPv6 (or IPv4) support is turned off, don't (skip to the final
+     * else clause, pretend the origin is localhost[127.0.0.1], and become an
+     * open relay).
      */
     else if (errno == 0
-	     && strchr((char *) proto_info->sa_family_list, sa->sa_family)) {
+	     && (sa->sa_family == AF_INET
+#ifdef AF_INET6
+		 || sa->sa_family == AF_INET6
+#endif
+		 )) {
 	MAI_HOSTNAME_STR client_name;
 	MAI_HOSTADDR_STR client_addr;
 	int     aierr;
 	char   *colonp;
 
+	/*
+	 * Sanity check: we can't use sockets that we're not configured for.
+	 */
+	if (strchr((char *) proto_info->sa_family_list, sa->sa_family) == 0)
+	    msg_fatal("cannot handle socket type %s with \"%s = %s\"",
+		      sa->sa_family == AF_INET6 ? "AF_INET6" :
+		      sa->sa_family == AF_INET ? "AF_INET" :
+		      "other", VAR_INET_PROTOCOLS, var_inet_protocols);
+
 	/*
 	 * Sorry, but there are some things that we just cannot do while
 	 * connected to the network.