postfix-2.3.10-RC1

2025-08-30 05:38:06 +00:00 · 2007-05-11 00:00:00 -05:00 · 2007-05-11 00:00:00 -05:00 · e9233f730b
commit e9233f730b
parent 9adf909df6
11 changed files with 111 additions and 23 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -12986,3 +12986,28 @@ Apologies for any names omitted.
 	with deadlock, "postfix stop" forcefully stops all processes
 	in the master's process group. Files: conf/postfix-script,
 	master/master_sig.c. Back-ported from Postfix 2.4.
 20070425
 	Bugfix: don't falsely report "lost connection from
 	localhost[127.0.0.1]" when Postfix is being portscanned.
 	Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.
 20070430
 	Robustness: recommend a "0" process limit for policy servers
 	to avoid "connection refused" problems when the smtpd process
 	limit exceeds the default process limit.  File:
 	proto/SMTPD_POLICY_README.html.
 20070501
 	Safety: when IPv6 (or IPv4) is turned off, don't treat an
 	IPv6 (or IPv4) connection from e.g. inetd as if it comes
 	from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c,
 	qmqpd/qmqpd_peer.c.
 20070508
 	Bugfix: Content-Transfer-Encoding: attribute values are
 	case insensitive. File: src/cleanup/cleanup_message.c.
--- a/postfix/README_FILES/SMTPD_POLICY_README
+++ b/postfix/README_FILES/SMTPD_POLICY_README
@ -40,6 +40,7 @@ terminated by an empty line.
 Here is an example of all the attributes that the Postfix SMTP server sends in
 a delegated SMTPD access policy request:
    PPoossttffiixx vveerrssiioonn 22..11 aanndd llaatteerr::
    request=smtpd_access_policy
    protocol_state=RCPT
    protocol_name=SMTP
@ -167,7 +168,7 @@ To create a policy service that listens on a UNIX-domain socket called
 use something like this:
     1 /etc/postfix/master.cf:
-     2     policy  unix  -       n       n       -       -       spawn
+     2     policy  unix  -       n       n       -       0       spawn
     3       user=nobody argv=/some/where/policy-server
     4
     5 /etc/postfix/main.cf:
@ -187,13 +188,17 @@ NOTES:
    "policy_time_limit" setting. The name of the parameter is the name of the
    master.cf entry ("policy") concatenated with the "_time_limit" suffix.
  * Line 2: specify a "0" process limit instead of the default "-", to avoid
    "connection refused" and other problems when the smtpd process limit
    exceeds the default_process_limit setting.
  * Lines 8, 9: always specify "check_policy_service" AFTER
    "reject_unauth_destination" or else your system could become an open relay.
  * Solaris UNIX-domain sockets do not work reliably. Use TCP sockets instead:
     1 /etc/postfix/master.cf:
-     2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
+     2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
     3       user=nobody argv=/some/where/policy-server
     4
     5 /etc/postfix/main.cf:
@ -261,7 +266,7 @@ daemon. For example, to run the script as user "nobody", using a UNIX-domain
 socket that is accessible by Postfix processes only:
    1 /etc/postfix/master.cf:
-    2     policy  unix  -       n       n       -       -       spawn
+    2     policy  unix  -       n       n       -       0       spawn
    3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
    4
    5 /etc/postfix/main.cf:
@ -279,11 +284,15 @@ Notes:
    "policy_time_limit" setting. The name of the parameter is the name of the
    master.cf entry ("policy") concatenated with the "_time_limit" suffix.
  * Line 2: specify a "0" process limit instead of the default "-", to avoid
    "connection refused" and other problems when the smtpd process limit
    exceeds the default_process_limit setting.
 On Solaris you must use inet: style sockets instead of unix: style, as detailed
 in the "Policy client/server configuration" section above.
    1 /etc/postfix/master.cf:
-    2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
+    2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
    3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
    4
    5 /etc/postfix/main.cf:
--- a/postfix/html/SMTPD_POLICY_README.html
+++ b/postfix/html/SMTPD_POLICY_README.html
@ -72,6 +72,7 @@ server sends in a delegated SMTPD access policy request: </p>
 <blockquote>
 <pre>
 <b>Postfix version 2.1 and later:</b>
 request=smtpd_access_policy
 protocol_state=RCPT
 protocol_name=SMTP
@ -238,7 +239,7 @@ daemon, you would use something like this: </p>
 <blockquote>
 <pre>
 1 /etc/postfix/<a href="master.5.html">master.cf</a>:
- 2     policy  unix  -       n       n       -       -       spawn
+ 2     policy  unix  -       n       n       -       0       spawn
 3       user=nobody argv=/some/where/policy-server
 4 
 5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
@ -263,6 +264,10 @@ to an SMTP server process. The default time limit is overruled in
 the parameter is the name of the <a href="master.5.html">master.cf</a> entry ("policy")
 concatenated with the "_time_limit" suffix.  </p>
 <li> <p> Line 2: specify a "0" process limit instead of the default
 "-", to avoid "connection refused" and other problems when the smtpd
 process limit exceeds the <a href="postconf.5.html#default_process_limit">default_process_limit</a> setting. </p>
 <li> <p> Lines 8, 9: always specify "<a href="postconf.5.html#check_policy_service">check_policy_service</a>" AFTER
 "<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>" or else your system could become an
 open relay. </p>
@ -275,7 +280,7 @@ TCP sockets instead: </p>
 <blockquote>
 <pre>
 1 /etc/postfix/<a href="master.5.html">master.cf</a>:
- 2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
+ 2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
 3       user=nobody argv=/some/where/policy-server
 4 
 5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
@ -367,7 +372,7 @@ processes only: </p>
 <blockquote>
 <pre>
 1 /etc/postfix/<a href="master.5.html">master.cf</a>:
-2     policy  unix  -       n       n       -       -       spawn
+2     policy  unix  -       n       n       -       0       spawn
 3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
 4 
 5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
@ -390,6 +395,10 @@ to an SMTP server process. The default time limit is overruled in
 the parameter is the name of the <a href="master.5.html">master.cf</a> entry ("policy")
 concatenated with the "_time_limit" suffix.  </p>
 <li> <p> Line 2: specify a "0" process limit instead of the default
 "-", to avoid "connection refused" and other problems when the smtpd
 process limit exceeds the <a href="postconf.5.html#default_process_limit">default_process_limit</a> setting. </p>
 </ul>
 <p> On Solaris you must use inet: style sockets instead of unix:
@ -399,7 +408,7 @@ client/server configuration</a>" section above.  </p>
 <blockquote>
 <pre>
 1 /etc/postfix/<a href="master.5.html">master.cf</a>:
-2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
+2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
 3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
 4 
 5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
--- a/postfix/html/postconf.1.html
+++ b/postfix/html/postconf.1.html
@ -177,8 +177,8 @@ POSTCONF(1)                                                        POSTCONF(1)
              <b>tcp</b> (read-only)
                     Perform lookups using a simple request-reply
                     protocol that is described in  <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
-                     This  feature  is  not included with Postfix
+                     This feature is not included with the stable
-                     2.2.
+                     Postfix release.
              <b>unix</b> (read-only)
                     A limited way to query the UNIX  authentica-
--- a/postfix/man/man1/postconf.1
+++ b/postfix/man/man1/postconf.1
@ -152,7 +152,7 @@ result.
 .IP "\fBtcp\fR (read-only)"
 Perform lookups using a simple request-reply protocol that is
 described in \fBtcp_table\fR(5).
-This feature is not included with Postfix 2.2.
+This feature is not included with the stable Postfix release.
 .IP "\fBunix\fR (read-only)"
 A limited way to query the UNIX authentication database. The
 following tables are implemented:
--- a/postfix/proto/SMTPD_POLICY_README.html
+++ b/postfix/proto/SMTPD_POLICY_README.html
@ -72,6 +72,7 @@ server sends in a delegated SMTPD access policy request: </p>
 <blockquote>
 <pre>
 <b>Postfix version 2.1 and later:</b>
 request=smtpd_access_policy
 protocol_state=RCPT
 protocol_name=SMTP
@ -238,7 +239,7 @@ daemon, you would use something like this: </p>
 <blockquote>
 <pre>
 1 /etc/postfix/master.cf:
- 2     policy  unix  -       n       n       -       -       spawn
+ 2     policy  unix  -       n       n       -       0       spawn
 3       user=nobody argv=/some/where/policy-server
 4 
 5 /etc/postfix/main.cf:
@ -263,6 +264,10 @@ main.cf with an explicit "policy_time_limit" setting.  The name of
 the parameter is the name of the master.cf entry ("policy")
 concatenated with the "_time_limit" suffix.  </p>
 <li> <p> Line 2: specify a "0" process limit instead of the default
 "-", to avoid "connection refused" and other problems when the smtpd
 process limit exceeds the default_process_limit setting. </p>
 <li> <p> Lines 8, 9: always specify "check_policy_service" AFTER
 "reject_unauth_destination" or else your system could become an
 open relay. </p>
@ -275,7 +280,7 @@ TCP sockets instead: </p>
 <blockquote>
 <pre>
 1 /etc/postfix/master.cf:
- 2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
+ 2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
 3       user=nobody argv=/some/where/policy-server
 4 
 5 /etc/postfix/main.cf:
@ -367,7 +372,7 @@ processes only: </p>
 <blockquote>
 <pre>
 1 /etc/postfix/master.cf:
-2     policy  unix  -       n       n       -       -       spawn
+2     policy  unix  -       n       n       -       0       spawn
 3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
 4 
 5 /etc/postfix/main.cf:
@ -390,6 +395,10 @@ main.cf with an explicit "policy_time_limit" setting.  The name of
 the parameter is the name of the master.cf entry ("policy")
 concatenated with the "_time_limit" suffix.  </p>
 <li> <p> Line 2: specify a "0" process limit instead of the default
 "-", to avoid "connection refused" and other problems when the smtpd
 process limit exceeds the default_process_limit setting. </p>
 </ul>
 <p> On Solaris you must use inet: style sockets instead of unix:
@ -399,7 +408,7 @@ client/server configuration</a>" section above.  </p>
 <blockquote>
 <pre>
 1 /etc/postfix/master.cf:
-2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
+2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
 3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
 4 
 5 /etc/postfix/main.cf:
--- a/postfix/src/cleanup/cleanup_message.c
+++ b/postfix/src/cleanup/cleanup_message.c
@ -515,7 +515,7 @@ static void cleanup_header_callback(void *context, int header_class,
    if (hdr_opts->type == HDR_CONTENT_TRANSFER_ENCODING) {
 	for (cmp = code_map; cmp->name != 0; cmp++) {
 	    if (strcasecmp(hdrval, cmp->name) == 0) {
-		if (strcmp(cmp->encoding, MAIL_ATTR_ENC_8BIT) == 0)
+		if (strcasecmp(cmp->encoding, MAIL_ATTR_ENC_8BIT) == 0)
 		    nvtable_update(state->attr, MAIL_ATTR_ENCODING,
 				   cmp->encoding);
 		break;
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@ -20,8 +20,8 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20070423"
+#define MAIL_RELEASE_DATE	"20070511"
-#define MAIL_VERSION_NUMBER	"2.3.9"
+#define MAIL_VERSION_NUMBER	"2.3.10-RC1"
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
--- a/postfix/src/postconf/postconf.c
+++ b/postfix/src/postconf/postconf.c
@ -146,7 +146,7 @@
 /* .IP "\fBtcp\fR (read-only)"
 /*	Perform lookups using a simple request-reply protocol that is
 /*	described in \fBtcp_table\fR(5).
-/*	This feature is not included with Postfix 2.2.
+/*	This feature is not included with the stable Postfix release.
 /* .IP "\fBunix\fR (read-only)"
 /*	A limited way to query the UNIX authentication database. The
 /*	following tables are implemented:
--- a/postfix/src/qmqpd/qmqpd_peer.c
+++ b/postfix/src/qmqpd/qmqpd_peer.c
@ -91,7 +91,7 @@ void    qmqpd_peer_init(QMQPD_STATE *state)
    /*
     * If peer went away, give up.
     */
-    if (errno == ECONNRESET || errno == ECONNABORTED) {
+    if (errno != 0 && errno != ENOTSOCK) {
 	state->name = mystrdup(CLIENT_NAME_UNKNOWN);
 	state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
 	state->rfc_addr = mystrdup(CLIENT_ADDR_UNKNOWN);
@ -100,14 +100,32 @@ void    qmqpd_peer_init(QMQPD_STATE *state)
    /*
     * Convert the client address to printable address and hostname.
     * 
     * XXX If we're given an IPv6 (or IPv4) connection from, e.g., inetd, while
     * Postfix IPv6 (or IPv4) support is turned off, don't (skip to the final
     * else clause, pretend the origin is localhost[127.0.0.1], and become an
     * open relay).
     */
    else if (errno == 0
-	     && strchr((char *) proto_info->sa_family_list, sa->sa_family)) {
+	     && (sa->sa_family == AF_INET
 #ifdef AF_INET6
 		 || sa->sa_family == AF_INET6
 #endif
 		 )) {
 	MAI_HOSTNAME_STR client_name;
 	MAI_HOSTADDR_STR client_addr;
 	int     aierr;
 	char   *colonp;
 	/*
 	 * Sanity check: we can't use sockets that we're not configured for.
 	 */
 	if (strchr((char *) proto_info->sa_family_list, sa->sa_family) == 0)
 	    msg_fatal("cannot handle socket type %s with \"%s = %s\"",
 		      sa->sa_family == AF_INET6 ? "AF_INET6" :
 		      sa->sa_family == AF_INET ? "AF_INET" :
 		      "other", VAR_INET_PROTOCOLS, var_inet_protocols);
 	/*
 	 * Sorry, but there are some things that we just cannot do while
 	 * connected to the network.
--- a/postfix/src/smtpd/smtpd_peer.c
+++ b/postfix/src/smtpd/smtpd_peer.c
@ -155,7 +155,7 @@ void    smtpd_peer_init(SMTPD_STATE *state)
    /*
     * If peer went away, give up.
     */
-    if (errno == ECONNRESET || errno == ECONNABORTED) {
+    if (errno != 0 && errno != ENOTSOCK) {
 	state->name = mystrdup(CLIENT_NAME_UNKNOWN);
 	state->reverse_name = mystrdup(CLIENT_NAME_UNKNOWN);
 	state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
@ -167,14 +167,32 @@ void    smtpd_peer_init(SMTPD_STATE *state)
    /*
     * Convert the client address to printable address and hostname.
     * 
     * XXX If we're given an IPv6 (or IPv4) connection from, e.g., inetd, while
     * Postfix IPv6 (or IPv4) support is turned off, don't (skip to the final
     * else clause, pretend the origin is localhost[127.0.0.1], and become an
     * open relay).
     */
    else if (errno == 0
-	     && strchr((char *) proto_info->sa_family_list, sa->sa_family)) {
+	     && (sa->sa_family == AF_INET
 #ifdef AF_INET6
 		 || sa->sa_family == AF_INET6
 #endif
 		 )) {
 	MAI_HOSTNAME_STR client_name;
 	MAI_HOSTADDR_STR client_addr;
 	int     aierr;
 	char   *colonp;
 	/*
 	 * Sanity check: we can't use sockets that we're not configured for.
 	 */
 	if (strchr((char *) proto_info->sa_family_list, sa->sa_family) == 0)
 	    msg_fatal("cannot handle socket type %s with \"%s = %s\"",
 		      sa->sa_family == AF_INET6 ? "AF_INET6" :
 		      sa->sa_family == AF_INET ? "AF_INET" :
 		      "other", VAR_INET_PROTOCOLS, var_inet_protocols);
 	/*
 	 * Sorry, but there are some things that we just cannot do while
 	 * connected to the network.