mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 05:38:06 +00:00
Code Issues Releases Wiki Activity

postfix-2.3.10-RC1

Browse Source
This commit is contained in:
Wietse Venema 2007-05-11 00:00:00 -05:00 committed by Viktor Dukhovni
parent 9adf909df6
commit e9233f730b
11 changed files with 111 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
postfix/HISTORY
View File

@ -12986,3 +12986,28 @@ Apologies for any names omitted.
with deadlock, "postfix stop" forcefully stops all processes
in the master's process group. Files: conf/postfix-script,
master/master_sig.c. Back-ported from Postfix 2.4.
20070425
Bugfix: don't falsely report "lost connection from
localhost[127.0.0.1]" when Postfix is being portscanned.
Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.
20070430
Robustness: recommend a "0" process limit for policy servers
to avoid "connection refused" problems when the smtpd process
limit exceeds the default process limit. File:
proto/SMTPD_POLICY_README.html.
20070501
Safety: when IPv6 (or IPv4) is turned off, don't treat an
IPv6 (or IPv4) connection from e.g. inetd as if it comes
from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c,
qmqpd/qmqpd_peer.c.
20070508
Bugfix: Content-Transfer-Encoding: attribute values are
case insensitive. File: src/cleanup/cleanup_message.c.

17
postfix/README_FILES/SMTPD_POLICY_README
View File

@ -40,6 +40,7 @@ terminated by an empty line.
Here is an example of all the attributes that the Postfix SMTP server sends in
a delegated SMTPD access policy request:
PPoossttffiixx vveerrssiioonn 22..11 aanndd llaatteerr::
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
@ -167,7 +168,7 @@ To create a policy service that listens on a UNIX-domain socket called
use something like this:
1 /etc/postfix/master.cf:
2 policy unix - n n - - spawn
2 policy unix - n n - 0 spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/main.cf:
@ -187,13 +188,17 @@ NOTES:
"policy_time_limit" setting. The name of the parameter is the name of the
master.cf entry ("policy") concatenated with the "_time_limit" suffix.
* Line 2: specify a "0" process limit instead of the default "-", to avoid
"connection refused" and other problems when the smtpd process limit
exceeds the default_process_limit setting.
* Lines 8, 9: always specify "check_policy_service" AFTER
"reject_unauth_destination" or else your system could become an open relay.
* Solaris UNIX-domain sockets do not work reliably. Use TCP sockets instead:
1 /etc/postfix/master.cf:
2 127.0.0.1:9998 inet n n n - - spawn
2 127.0.0.1:9998 inet n n n - 0 spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/main.cf:
@ -261,7 +266,7 @@ daemon. For example, to run the script as user "nobody", using a UNIX-domain
socket that is accessible by Postfix processes only:
1 /etc/postfix/master.cf:
2 policy unix - n n - - spawn
2 policy unix - n n - 0 spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/main.cf:
@ -279,11 +284,15 @@ Notes:
"policy_time_limit" setting. The name of the parameter is the name of the
master.cf entry ("policy") concatenated with the "_time_limit" suffix.
* Line 2: specify a "0" process limit instead of the default "-", to avoid
"connection refused" and other problems when the smtpd process limit
exceeds the default_process_limit setting.
On Solaris you must use inet: style sockets instead of unix: style, as detailed
in the "Policy client/server configuration" section above.
1 /etc/postfix/master.cf:
2 127.0.0.1:9998 inet n n n - - spawn
2 127.0.0.1:9998 inet n n n - 0 spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/main.cf:

17
postfix/html/SMTPD_POLICY_README.html
View File

@ -72,6 +72,7 @@ server sends in a delegated SMTPD access policy request: </p>
<blockquote>
<pre>
<b>Postfix version 2.1 and later:</b>
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
@ -238,7 +239,7 @@ daemon, you would use something like this: </p>
<blockquote>
<pre>
1 /etc/postfix/<a href="master.5.html">master.cf</a>:
2 policy unix - n n - - spawn
2 policy unix - n n - 0 spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
@ -263,6 +264,10 @@ to an SMTP server process. The default time limit is overruled in
the parameter is the name of the <a href="master.5.html">master.cf</a> entry ("policy")
concatenated with the "_time_limit" suffix. </p>
<li> <p> Line 2: specify a "0" process limit instead of the default
"-", to avoid "connection refused" and other problems when the smtpd
process limit exceeds the <a href="postconf.5.html#default_process_limit">default_process_limit</a> setting. </p>
<li> <p> Lines 8, 9: always specify "<a href="postconf.5.html#check_policy_service">check_policy_service</a>" AFTER
"<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>" or else your system could become an
open relay. </p>
@ -275,7 +280,7 @@ TCP sockets instead: </p>
<blockquote>
<pre>
1 /etc/postfix/<a href="master.5.html">master.cf</a>:
2 127.0.0.1:9998 inet n n n - - spawn
2 127.0.0.1:9998 inet n n n - 0 spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
@ -367,7 +372,7 @@ processes only: </p>
<blockquote>
<pre>
1 /etc/postfix/<a href="master.5.html">master.cf</a>:
2 policy unix - n n - - spawn
2 policy unix - n n - 0 spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
@ -390,6 +395,10 @@ to an SMTP server process. The default time limit is overruled in
the parameter is the name of the <a href="master.5.html">master.cf</a> entry ("policy")
concatenated with the "_time_limit" suffix. </p>
<li> <p> Line 2: specify a "0" process limit instead of the default
"-", to avoid "connection refused" and other problems when the smtpd
process limit exceeds the <a href="postconf.5.html#default_process_limit">default_process_limit</a> setting. </p>
</ul>
<p> On Solaris you must use inet: style sockets instead of unix:
@ -399,7 +408,7 @@ client/server configuration</a>" section above. </p>
<blockquote>
<pre>
1 /etc/postfix/<a href="master.5.html">master.cf</a>:
2 127.0.0.1:9998 inet n n n - - spawn
2 127.0.0.1:9998 inet n n n - 0 spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:

4
postfix/html/postconf.1.html
View File

@ -177,8 +177,8 @@ POSTCONF(1) POSTCONF(1)
<b>tcp</b> (read-only)
Perform lookups using a simple request-reply
protocol that is described in <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
This feature is not included with Postfix
2.2.
This feature is not included with the stable
Postfix release.
<b>unix</b> (read-only)
A limited way to query the UNIX authentica-

2
postfix/man/man1/postconf.1
View File

@ -152,7 +152,7 @@ result.
.IP "\fBtcp\fR (read-only)"
Perform lookups using a simple request-reply protocol that is
described in \fBtcp_table\fR(5).
This feature is not included with Postfix 2.2.
This feature is not included with the stable Postfix release.
.IP "\fBunix\fR (read-only)"
A limited way to query the UNIX authentication database. The
following tables are implemented:

17
postfix/proto/SMTPD_POLICY_README.html
View File

@ -72,6 +72,7 @@ server sends in a delegated SMTPD access policy request: </p>
<blockquote>
<pre>
<b>Postfix version 2.1 and later:</b>
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
@ -238,7 +239,7 @@ daemon, you would use something like this: </p>
<blockquote>
<pre>
1 /etc/postfix/master.cf:
2 policy unix - n n - - spawn
2 policy unix - n n - 0 spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/main.cf:
@ -263,6 +264,10 @@ main.cf with an explicit "policy_time_limit" setting. The name of
the parameter is the name of the master.cf entry ("policy")
concatenated with the "_time_limit" suffix. </p>
<li> <p> Line 2: specify a "0" process limit instead of the default
"-", to avoid "connection refused" and other problems when the smtpd
process limit exceeds the default_process_limit setting. </p>
<li> <p> Lines 8, 9: always specify "check_policy_service" AFTER
"reject_unauth_destination" or else your system could become an
open relay. </p>
@ -275,7 +280,7 @@ TCP sockets instead: </p>
<blockquote>
<pre>
1 /etc/postfix/master.cf:
2 127.0.0.1:9998 inet n n n - - spawn
2 127.0.0.1:9998 inet n n n - 0 spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/main.cf:
@ -367,7 +372,7 @@ processes only: </p>
<blockquote>
<pre>
1 /etc/postfix/master.cf:
2 policy unix - n n - - spawn
2 policy unix - n n - 0 spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/main.cf:
@ -390,6 +395,10 @@ main.cf with an explicit "policy_time_limit" setting. The name of
the parameter is the name of the master.cf entry ("policy")
concatenated with the "_time_limit" suffix. </p>
<li> <p> Line 2: specify a "0" process limit instead of the default
"-", to avoid "connection refused" and other problems when the smtpd
process limit exceeds the default_process_limit setting. </p>
</ul>
<p> On Solaris you must use inet: style sockets instead of unix:
@ -399,7 +408,7 @@ client/server configuration</a>" section above. </p>
<blockquote>
<pre>
1 /etc/postfix/master.cf:
2 127.0.0.1:9998 inet n n n - - spawn
2 127.0.0.1:9998 inet n n n - 0 spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/main.cf:

2
postfix/src/cleanup/cleanup_message.c
View File

@ -515,7 +515,7 @@ static void cleanup_header_callback(void *context, int header_class,
if (hdr_opts->type == HDR_CONTENT_TRANSFER_ENCODING) {
for (cmp = code_map; cmp->name != 0; cmp++) {
if (strcasecmp(hdrval, cmp->name) == 0) {
if (strcmp(cmp->encoding, MAIL_ATTR_ENC_8BIT) == 0)
if (strcasecmp(cmp->encoding, MAIL_ATTR_ENC_8BIT) == 0)
nvtable_update(state->attr, MAIL_ATTR_ENCODING,
cmp->encoding);
break;

4
postfix/src/global/mail_version.h
View File

@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20070423"
#define MAIL_VERSION_NUMBER "2.3.9"
#define MAIL_RELEASE_DATE "20070511"
#define MAIL_VERSION_NUMBER "2.3.10-RC1"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE

2
postfix/src/postconf/postconf.c
View File

@ -146,7 +146,7 @@
/* .IP "\fBtcp\fR (read-only)"
/* Perform lookups using a simple request-reply protocol that is
/* described in \fBtcp_table\fR(5).
/* This feature is not included with Postfix 2.2.
/* This feature is not included with the stable Postfix release.
/* .IP "\fBunix\fR (read-only)"
/* A limited way to query the UNIX authentication database. The
/* following tables are implemented:

22
postfix/src/qmqpd/qmqpd_peer.c
View File

@ -91,7 +91,7 @@ void qmqpd_peer_init(QMQPD_STATE *state)
/*
* If peer went away, give up.
*/
if (errno == ECONNRESET || errno == ECONNABORTED) {
if (errno != 0 && errno != ENOTSOCK) {
state->name = mystrdup(CLIENT_NAME_UNKNOWN);
state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
state->rfc_addr = mystrdup(CLIENT_ADDR_UNKNOWN);
@ -100,14 +100,32 @@ void qmqpd_peer_init(QMQPD_STATE *state)
/*
* Convert the client address to printable address and hostname.
*
* XXX If we're given an IPv6 (or IPv4) connection from, e.g., inetd, while
* Postfix IPv6 (or IPv4) support is turned off, don't (skip to the final
* else clause, pretend the origin is localhost[127.0.0.1], and become an
* open relay).
*/
else if (errno == 0
&& strchr((char *) proto_info->sa_family_list, sa->sa_family)) {
&& (sa->sa_family == AF_INET
#ifdef AF_INET6
|| sa->sa_family == AF_INET6
#endif
)) {
MAI_HOSTNAME_STR client_name;
MAI_HOSTADDR_STR client_addr;
int aierr;
char *colonp;
/*
* Sanity check: we can't use sockets that we're not configured for.
*/
if (strchr((char *) proto_info->sa_family_list, sa->sa_family) == 0)
msg_fatal("cannot handle socket type %s with \"%s = %s\"",
sa->sa_family == AF_INET6 ? "AF_INET6" :
sa->sa_family == AF_INET ? "AF_INET" :
"other", VAR_INET_PROTOCOLS, var_inet_protocols);
/*
* Sorry, but there are some things that we just cannot do while
* connected to the network.

22
postfix/src/smtpd/smtpd_peer.c
View File

@ -155,7 +155,7 @@ void smtpd_peer_init(SMTPD_STATE *state)
/*
* If peer went away, give up.
*/
if (errno == ECONNRESET || errno == ECONNABORTED) {
if (errno != 0 && errno != ENOTSOCK) {
state->name = mystrdup(CLIENT_NAME_UNKNOWN);
state->reverse_name = mystrdup(CLIENT_NAME_UNKNOWN);
state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
@ -167,14 +167,32 @@ void smtpd_peer_init(SMTPD_STATE *state)
/*
* Convert the client address to printable address and hostname.
*
* XXX If we're given an IPv6 (or IPv4) connection from, e.g., inetd, while
* Postfix IPv6 (or IPv4) support is turned off, don't (skip to the final
* else clause, pretend the origin is localhost[127.0.0.1], and become an
* open relay).
*/
else if (errno == 0
&& strchr((char *) proto_info->sa_family_list, sa->sa_family)) {
&& (sa->sa_family == AF_INET
#ifdef AF_INET6
|| sa->sa_family == AF_INET6
#endif
)) {
MAI_HOSTNAME_STR client_name;
MAI_HOSTADDR_STR client_addr;
int aierr;
char *colonp;
/*
* Sanity check: we can't use sockets that we're not configured for.
*/
if (strchr((char *) proto_info->sa_family_list, sa->sa_family) == 0)
msg_fatal("cannot handle socket type %s with \"%s = %s\"",
sa->sa_family == AF_INET6 ? "AF_INET6" :
sa->sa_family == AF_INET ? "AF_INET" :
"other", VAR_INET_PROTOCOLS, var_inet_protocols);
/*
* Sorry, but there are some things that we just cannot do while
* connected to the network.