postfix-3.2-20160730

2025-08-29 13:18:12 +00:00 · 2016-07-30 00:00:00 -05:00 · 2016-07-30 00:00:00 -05:00 · edfd6b5bb5
commit edfd6b5bb5
parent 98b90b32f0
13 changed files with 158 additions and 144 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -22419,3 +22419,13 @@ Apologies for any names omitted.
 	after-220 tests.  Files: postscreen_misc.c, postscreen_state.c,
 	postscreen.h, postscreen_tests.c, postscreen.c, postscreen_smtpd.c,
 	postscreen_early.c.
 20160730
 	Cleanup: don't try to optimize away postscreen cache updates.
 	File: postscreen_misc.c.
 	Cleanup: removed compatibility crutches that emulated a
 	historical data organization from four years ago. Files:
 	postscreen/postscreen.[hc], postscreen/postscreen_early.c,
 	postscreen/postscreen_smtpd.c, postscreen/postscreen_tests.c.
--- a/postfix/html/cidr_table.5.html
+++ b/postfix/html/cidr_table.5.html
@ -85,8 +85,9 @@ CIDR_TABLE(5)                                                    CIDR_TABLE(5)
       An  IPv4 network address is a sequence of four decimal octets separated
       by ".", and an IPv6 network address is a sequence  of  three  to  eight
-       hexadecimal  octets  or  octet  pairs  separated  by  ":".  The pattern
+       hexadecimal  octet  pairs separated by ":" or "::", where the latter is
-       0.0.0.0/0 matches every IPv4  address,  and  ::/0  matches  every  IPv6
+       short-hand for a sequence of one or more all-zero octet pairs. The pat-
       tern  0.0.0.0/0 matches every IPv4 address, and ::/0 matches every IPv6
       address.  IPv6 support is available in Postfix 2.2 and later.
       Before comparisons are made, lookup keys and  table  entries  are  con-
@ -106,6 +107,8 @@ CIDR_TABLE(5)                                                    CIDR_TABLE(5)
           # before more general blacklist entries.
           192.168.1.1             OK
           192.168.0.0/16          REJECT
           2001:db8::1             OK
           2001:db8::/32           REJECT
 <b>SEE ALSO</b>
       <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
--- a/postfix/html/postscreen.8.html
+++ b/postfix/html/postscreen.8.html
@ -4,7 +4,7 @@
 <meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
 <title> Postfix manual - postscreen(8) </title>
 </head> <body> <pre>
-POSTSCREEN(8)               System Manager's Manual              POSTSCREEN(8)
+POSTSCREEN(8)                                                    POSTSCREEN(8)
 <b>NAME</b>
       postscreen - Postfix zombie blocker
@ -394,9 +394,8 @@ POSTSCREEN(8)               System Manager's Manual              POSTSCREEN(8)
              The syslog facility of Postfix logging.
       <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
-              The  mail  system  name that is prepended to the process name in
+              A  prefix  that  is  prepended  to  the  process  name in syslog
-              syslog records, so that "smtpd"  becomes,  for  example,  "post-
+              records, so that, for example, "smtpd" becomes "prefix/smtpd".
              fix/smtpd".
 <b>SEE ALSO</b>
       <a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
--- a/postfix/man/man5/cidr_table.5
+++ b/postfix/man/man5/cidr_table.5
@ -96,10 +96,12 @@ part must be zero).
 An IPv4 network address is a sequence of four decimal octets
 separated by ".", and an IPv6 network address is a sequence
-of three to eight hexadecimal octets or octet pairs separated by
+of three to eight hexadecimal octet pairs separated by ":"
-":".  The pattern 0.0.0.0/0 matches every IPv4 address, and ::/0
+or "::", where the latter is short\-hand for a sequence of
-matches every IPv6 address.  IPv6 support is available in
+one or more all\-zero octet pairs. The pattern 0.0.0.0/0
-Postfix 2.2 and later.
+matches every IPv4 address, and ::/0 matches every IPv6
 address.  IPv6 support is available in Postfix 2.2 and
 later.
 Before comparisons are made, lookup keys and table entries
 are converted from string to binary. Therefore, IPv6 patterns
@ -120,6 +122,8 @@ this form is not required.
    # before more general blacklist entries.
    192.168.1.1             OK
    192.168.0.0/16          REJECT
    2001:db8::1             OK
    2001:db8::/32           REJECT
 .fi
 .SH "SEE ALSO"
 .na
--- a/postfix/man/man8/postscreen.8
+++ b/postfix/man/man8/postscreen.8
@ -397,8 +397,8 @@ The process name of a Postfix command or daemon process.
 .IP "\fBsyslog_facility (mail)\fR"
 The syslog facility of Postfix logging.
 .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
-The mail system name that is prepended to the process name in syslog
+A prefix that is prepended to the process name in syslog
-records, so that "smtpd" becomes, for example, "postfix/smtpd".
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
 .SH "SEE ALSO"
 .na
 .nf
--- a/postfix/proto/cidr_table
+++ b/postfix/proto/cidr_table
@ -84,10 +84,12 @@
 #
 #	An IPv4 network address is a sequence of four decimal octets
 #	separated by ".", and an IPv6 network address is a sequence
-#	of three to eight hexadecimal octets or octet pairs separated by
+#	of three to eight hexadecimal octet pairs separated by ":"
-#	":".  The pattern 0.0.0.0/0 matches every IPv4 address, and ::/0
+#	or "::", where the latter is short-hand for a sequence of
-#	matches every IPv6 address.  IPv6 support is available in
+#	one or more all-zero octet pairs. The pattern 0.0.0.0/0
-#	Postfix 2.2 and later.
+#	matches every IPv4 address, and ::/0 matches every IPv6
 #	address.  IPv6 support is available in Postfix 2.2 and
 #	later.
 #
 #	Before comparisons are made, lookup keys and table entries
 #	are converted from string to binary. Therefore, IPv6 patterns
@ -106,6 +108,8 @@
 #	    # before more general blacklist entries.
 #	    192.168.1.1             OK
 #	    192.168.0.0/16          REJECT
 #	    2001:db8::1             OK
 #	    2001:db8::/32           REJECT
 # .fi
 # SEE ALSO
 #	postmap(1), Postfix lookup table manager
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@ -20,7 +20,7 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20160728"
+#define MAIL_RELEASE_DATE	"20160730"
 #define MAIL_VERSION_NUMBER	"3.2"
 #ifdef SNAPSHOT
--- a/postfix/src/postscreen/postscreen.c
+++ b/postfix/src/postscreen/postscreen.c
@ -357,8 +357,8 @@
 /* .IP "\fBsyslog_facility (mail)\fR"
 /*	The syslog facility of Postfix logging.
 /* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
-/*	The mail system name that is prepended to the process name in syslog
+/*	A prefix that is prepended to the process name in syslog
-/*	records, so that "smtpd" becomes, for example, "postfix/smtpd".
+/*	records, so that, for example, "smtpd" becomes "prefix/smtpd".
 /* SEE ALSO
 /*	smtpd(8), Postfix SMTP server
 /*	tlsproxy(8), Postfix TLS proxy server
@ -691,7 +691,7 @@ static void psc_endpt_lookup_done(int endpt_status,
     * Reply with 421 when the client has too many open connections.
     */
    if (var_psc_cconn_limit > 0
-	&& state->client_concurrency > var_psc_cconn_limit) {
+	&& state->client_info->concurrency > var_psc_cconn_limit) {
 	msg_info("NOQUEUE: reject: CONNECT from [%s]:%s: too many connections",
 		 state->smtp_client_addr, state->smtp_client_port);
 	PSC_DROP_SESSION_STATE(state,
@ -840,7 +840,7 @@ static int psc_cache_validator(const char *client_addr,
 			               const char *stamp_str,
 			               void *unused_context)
 {
-    PSC_STATE dummy;
+    PSC_STATE dummy_state;
    PSC_CLIENT_INFO dummy_client_info;
    /*
@ -851,9 +851,9 @@ static int psc_cache_validator(const char *client_addr,
     * silly logging we remove the cache entry only after all tests have
     * expired longer ago than the cache retention time.
     */
-    dummy.client_info = &dummy_client_info;
+    dummy_state.client_info = &dummy_client_info;
-    psc_parse_tests(&dummy, stamp_str, event_time() - var_psc_cache_ret);
+    psc_parse_tests(&dummy_state, stamp_str, event_time() - var_psc_cache_ret);
-    return ((dummy.flags & PSC_STATE_MASK_ANY_TODO) == 0);
+    return ((dummy_state.flags & PSC_STATE_MASK_ANY_TODO) == 0);
 }
 /* pre_jail_init - pre-jail initialization */
--- a/postfix/src/postscreen/postscreen.h
+++ b/postfix/src/postscreen/postscreen.h
@ -99,19 +99,6 @@ typedef struct {
    const char *where;			/* SMTP protocol state */
 } PSC_STATE;
 /*
  * Emulate legacy ad-hoc variables on top of indexable time stamps. This
  * avoids massive scar tissue during initial feature development.
  */
 #define pregr_stamp	client_info->expire_time[PSC_TINDX_PREGR]
 #define dnsbl_stamp	client_info->expire_time[PSC_TINDX_DNSBL]
 #define pipel_stamp	client_info->expire_time[PSC_TINDX_PIPEL]
 #define nsmtp_stamp	client_info->expire_time[PSC_TINDX_NSMTP]
 #define barlf_stamp	client_info->expire_time[PSC_TINDX_BARLF]
 /* Minize the patch size for stable releases. */
 #define client_concurrency client_info->concurrency
 /*
  * Special expiration time values.
  */
--- a/postfix/src/postscreen/postscreen_early.c
+++ b/postfix/src/postscreen/postscreen_early.c
@ -104,6 +104,7 @@ static void psc_early_event(int event, void *context)
 {
    const char *myname = "psc_early_event";
    PSC_STATE *state = (PSC_STATE *) context;
    time_t *expire_time = state->client_info->expire_time;
    char    read_buf[PSC_READ_BUF_SIZE];
    int     read_count;
    DELTA_TIME elapsed;
@ -142,7 +143,7 @@ static void psc_early_event(int event, void *context)
 	 */
 	if ((state->flags & PSC_STATE_FLAG_PREGR_TODO) != 0
 	    && (state->flags & PSC_STATE_MASK_PREGR_FAIL_DONE) == 0) {
-	    state->pregr_stamp = event_time() + var_psc_pregr_ttl;
+	    expire_time[PSC_TINDX_PREGR] = event_time() + var_psc_pregr_ttl;
 	    PSC_PASS_SESSION_STATE(state, "pregreet test",
 				   PSC_STATE_FLAG_PREGR_PASS);
 	}
@ -175,7 +176,7 @@ static void psc_early_event(int event, void *context)
 		    psc_whitelist_non_dnsbl(state);
 	    }
 	    if (state->dnsbl_score < var_psc_dnsbl_thresh) {
-		state->dnsbl_stamp = event_time() + state->dnsbl_ttl;
+		expire_time[PSC_TINDX_DNSBL] = event_time() + state->dnsbl_ttl;
 		PSC_PASS_SESSION_STATE(state, "dnsbl test",
 				       PSC_STATE_FLAG_DNSBL_PASS);
 	    } else {
--- a/postfix/src/postscreen/postscreen_misc.c
+++ b/postfix/src/postscreen/postscreen_misc.c
@ -112,10 +112,13 @@ void    psc_conclude(PSC_STATE *state)
    /*
     * Update the postscreen cache. This still supports a scenario where a
     * client gets whitelisted in the course of multiple sessions, as long as
-     * that client does not "fail" any test.
+     * that client does not "fail" any test. Don't try to optimize away cache
     * updates; we want cached information to be up-to-date even if a test
     * result is renewed during overlapping SMTP sessions, and even if
     * 'postfix reload' happens in the middle of that.
     */
    if ((state->flags & PSC_STATE_MASK_ANY_UPDATE) != 0
-	&& psc_cache_map != 0 && state->client_info->pass_new_count <= 1) {
+	&& psc_cache_map != 0) {
 	psc_print_tests(psc_temp, state);
 	psc_cache_update(psc_cache_map, state->smtp_client_addr, STR(psc_temp));
    }
--- a/postfix/src/postscreen/postscreen_smtpd.c
+++ b/postfix/src/postscreen/postscreen_smtpd.c
@ -722,6 +722,7 @@ static void psc_smtpd_read_event(int event, void *context)
 {
    const char *myname = "psc_smtpd_read_event";
    PSC_STATE *state = (PSC_STATE *) context;
    time_t *expire_time = state->client_info->expire_time;
    int     ch;
    struct cmd_trans {
 	int     state;
@ -835,7 +836,7 @@ static void psc_smtpd_read_event(int event, void *context)
 			     PSC_CLIENT_ADDR_PORT(state), STR(psc_temp));
 		    PSC_FAIL_SESSION_STATE(state, PSC_STATE_FLAG_BARLF_FAIL);
 		    PSC_UNPASS_SESSION_STATE(state, PSC_STATE_FLAG_BARLF_PASS);
-		    state->barlf_stamp = PSC_TIME_STAMP_DISABLED;	/* XXX */
+		    expire_time[PSC_TINDX_BARLF] = PSC_TIME_STAMP_DISABLED;	/* XXX */
 		    /* Skip this test for the remainder of this session. */
 		    PSC_SKIP_SESSION_STATE(state, "bare newline test",
 					   PSC_STATE_FLAG_BARLF_SKIP);
@ -855,7 +856,7 @@ static void psc_smtpd_read_event(int event, void *context)
 			/* Temporarily whitelist until something expires. */
 			PSC_PASS_SESSION_STATE(state, "bare newline test",
 					       PSC_STATE_FLAG_BARLF_PASS);
-			state->barlf_stamp = event_time() + psc_min_ttl;
+			expire_time[PSC_TINDX_BARLF] = event_time() + psc_min_ttl;
 			break;
 		    default:
 			msg_panic("%s: unknown bare_newline action value %d",
@ -960,7 +961,7 @@ static void psc_smtpd_read_event(int event, void *context)
 		     command, STR(psc_temp));
 	    PSC_FAIL_SESSION_STATE(state, PSC_STATE_FLAG_NSMTP_FAIL);
 	    PSC_UNPASS_SESSION_STATE(state, PSC_STATE_FLAG_NSMTP_PASS);
-	    state->nsmtp_stamp = PSC_TIME_STAMP_DISABLED;	/* XXX */
+	    expire_time[PSC_TINDX_NSMTP] = PSC_TIME_STAMP_DISABLED;	/* XXX */
 	    /* Skip this test for the remainder of this SMTP session. */
 	    PSC_SKIP_SESSION_STATE(state, "non-smtp test",
 				   PSC_STATE_FLAG_NSMTP_SKIP);
@ -980,7 +981,7 @@ static void psc_smtpd_read_event(int event, void *context)
 		/* Temporarily whitelist until something else expires. */
 		PSC_PASS_SESSION_STATE(state, "non-smtp test",
 				       PSC_STATE_FLAG_NSMTP_PASS);
-		state->nsmtp_stamp = event_time() + psc_min_ttl;
+		expire_time[PSC_TINDX_NSMTP] = event_time() + psc_min_ttl;
 		break;
 	    default:
 		msg_panic("%s: unknown non_smtp_command action value %d",
@ -997,7 +998,7 @@ static void psc_smtpd_read_event(int event, void *context)
 		     PSC_CLIENT_ADDR_PORT(state), command, STR(psc_temp));
 	    PSC_FAIL_SESSION_STATE(state, PSC_STATE_FLAG_PIPEL_FAIL);
 	    PSC_UNPASS_SESSION_STATE(state, PSC_STATE_FLAG_PIPEL_PASS);
-	    state->pipel_stamp = PSC_TIME_STAMP_DISABLED;	/* XXX */
+	    expire_time[PSC_TINDX_PIPEL] = PSC_TIME_STAMP_DISABLED;	/* XXX */
 	    /* Skip this test for the remainder of this SMTP session. */
 	    PSC_SKIP_SESSION_STATE(state, "pipelining test",
 				   PSC_STATE_FLAG_PIPEL_SKIP);
@ -1017,7 +1018,7 @@ static void psc_smtpd_read_event(int event, void *context)
 		/* Temporarily whitelist until something else expires. */
 		PSC_PASS_SESSION_STATE(state, "pipelining test",
 				       PSC_STATE_FLAG_PIPEL_PASS);
-		state->pipel_stamp = event_time() + psc_min_ttl;
+		expire_time[PSC_TINDX_PIPEL] = event_time() + psc_min_ttl;
 		break;
 	    default:
 		msg_panic("%s: unknown pipelining action value %d",
@ -1036,21 +1037,21 @@ static void psc_smtpd_read_event(int event, void *context)
 		PSC_PASS_SESSION_STATE(state, "bare newline test",
 				       PSC_STATE_FLAG_BARLF_PASS);
 		/* XXX Reset to PSC_TIME_STAMP_DISABLED on failure. */
-		state->barlf_stamp = event_time() + var_psc_barlf_ttl;
+		expire_time[PSC_TINDX_BARLF] = event_time() + var_psc_barlf_ttl;
 	    }
 	    if ((state->flags & PSC_STATE_MASK_NSMTP_TODO_PASS_FAIL)
 		== PSC_STATE_FLAG_NSMTP_TODO) {
 		PSC_PASS_SESSION_STATE(state, "non-smtp test",
 				       PSC_STATE_FLAG_NSMTP_PASS);
 		/* XXX Reset to PSC_TIME_STAMP_DISABLED on failure. */
-		state->nsmtp_stamp = event_time() + var_psc_nsmtp_ttl;
+		expire_time[PSC_TINDX_NSMTP] = event_time() + var_psc_nsmtp_ttl;
 	    }
 	    if ((state->flags & PSC_STATE_MASK_PIPEL_TODO_PASS_FAIL)
 		== PSC_STATE_FLAG_PIPEL_TODO) {
 		PSC_PASS_SESSION_STATE(state, "pipelining test",
 				       PSC_STATE_FLAG_PIPEL_PASS);
 		/* XXX Reset to PSC_TIME_STAMP_DISABLED on failure. */
-		state->pipel_stamp = event_time() + var_psc_pipel_ttl;
+		expire_time[PSC_TINDX_PIPEL] = event_time() + var_psc_pipel_ttl;
 	    }
 	}
 	/* Command COUNT limit test. */
--- a/postfix/src/postscreen/postscreen_tests.c
+++ b/postfix/src/postscreen/postscreen_tests.c
@ -133,6 +133,7 @@
 void    psc_new_tests(PSC_STATE *state)
 {
    time_t *expire_time = state->client_info->expire_time;
    /*
     * Give all tests a PSC_TIME_STAMP_NEW time stamp, so that we can later
@ -140,11 +141,11 @@ void    psc_new_tests(PSC_STATE *state)
     * write a cache entry to the database, any new-but-disabled tests will
     * get a PSC_TIME_STAMP_DISABLED time stamp.
     */
-    state->pregr_stamp = PSC_TIME_STAMP_NEW;
+    expire_time[PSC_TINDX_PREGR] = PSC_TIME_STAMP_NEW;
-    state->dnsbl_stamp = PSC_TIME_STAMP_NEW;
+    expire_time[PSC_TINDX_DNSBL] = PSC_TIME_STAMP_NEW;
-    state->pipel_stamp = PSC_TIME_STAMP_NEW;
+    expire_time[PSC_TINDX_PIPEL] = PSC_TIME_STAMP_NEW;
-    state->nsmtp_stamp = PSC_TIME_STAMP_NEW;
+    expire_time[PSC_TINDX_NSMTP] = PSC_TIME_STAMP_NEW;
-    state->barlf_stamp = PSC_TIME_STAMP_NEW;
+    expire_time[PSC_TINDX_BARLF] = PSC_TIME_STAMP_NEW;
    /*
     * Determine what tests need to be completed.
@ -190,7 +191,7 @@ void    psc_parse_tests(PSC_STATE *state,
 void    psc_todo_tests(PSC_STATE *state, time_t time_value)
 {
-    time_t *time_stamps = state->client_info->expire_time;
+    time_t *expire_time = state->client_info->expire_time;
    time_t *sp;
    /*
@ -203,7 +204,7 @@ void    psc_todo_tests(PSC_STATE *state, time_t time_value)
     * enabled tests, but the remote SMTP client has not yet passed all those
     * tests.
     */
-    for (sp = time_stamps; sp < time_stamps + PSC_TINDX_COUNT; sp++) {
+    for (sp = expire_time; sp < expire_time + PSC_TINDX_COUNT; sp++) {
 	if (*sp == PSC_TIME_STAMP_NEW)
 	    state->flags |= PSC_STATE_FLAG_NEW;
    }
@ -212,15 +213,15 @@ void    psc_todo_tests(PSC_STATE *state, time_t time_value)
     * Don't flag disabled tests as "todo", because there would be no way to
     * make those bits go away.
     */
-    if (PSC_PREGR_TEST_ENABLE() && time_value > state->pregr_stamp)
+    if (PSC_PREGR_TEST_ENABLE() && time_value > expire_time[PSC_TINDX_PREGR])
 	state->flags |= PSC_STATE_FLAG_PREGR_TODO;
-    if (PSC_DNSBL_TEST_ENABLE() && time_value > state->dnsbl_stamp)
+    if (PSC_DNSBL_TEST_ENABLE() && time_value > expire_time[PSC_TINDX_DNSBL])
 	state->flags |= PSC_STATE_FLAG_DNSBL_TODO;
-    if (var_psc_pipel_enable && time_value > state->pipel_stamp)
+    if (var_psc_pipel_enable && time_value > expire_time[PSC_TINDX_PIPEL])
 	state->flags |= PSC_STATE_FLAG_PIPEL_TODO;
-    if (var_psc_nsmtp_enable && time_value > state->nsmtp_stamp)
+    if (var_psc_nsmtp_enable && time_value > expire_time[PSC_TINDX_NSMTP])
 	state->flags |= PSC_STATE_FLAG_NSMTP_TODO;
-    if (var_psc_barlf_enable && time_value > state->barlf_stamp)
+    if (var_psc_barlf_enable && time_value > expire_time[PSC_TINDX_BARLF])
 	state->flags |= PSC_STATE_FLAG_BARLF_TODO;
    /*
@ -235,15 +236,15 @@ void    psc_todo_tests(PSC_STATE *state, time_t time_value)
 	&& var_psc_refresh_time > 0) {
 	time_t  refresh_time = time_value + var_psc_refresh_time;
-	if (PSC_PREGR_TEST_ENABLE() && refresh_time > state->pregr_stamp)
+	if (PSC_PREGR_TEST_ENABLE() && refresh_time > expire_time[PSC_TINDX_PREGR])
 	    state->flags |= PSC_STATE_FLAG_PREGR_TODO;
-	if (PSC_DNSBL_TEST_ENABLE() && refresh_time > state->dnsbl_stamp)
+	if (PSC_DNSBL_TEST_ENABLE() && refresh_time > expire_time[PSC_TINDX_DNSBL])
 	    state->flags |= PSC_STATE_FLAG_DNSBL_TODO;
-	if (var_psc_pipel_enable && refresh_time > state->pipel_stamp)
+	if (var_psc_pipel_enable && refresh_time > expire_time[PSC_TINDX_PIPEL])
 	    state->flags |= PSC_STATE_FLAG_PIPEL_TODO;
-	if (var_psc_nsmtp_enable && refresh_time > state->nsmtp_stamp)
+	if (var_psc_nsmtp_enable && refresh_time > expire_time[PSC_TINDX_NSMTP])
 	    state->flags |= PSC_STATE_FLAG_NSMTP_TODO;
-	if (var_psc_barlf_enable && refresh_time > state->barlf_stamp)
+	if (var_psc_barlf_enable && refresh_time > expire_time[PSC_TINDX_BARLF])
 	    state->flags |= PSC_STATE_FLAG_BARLF_TODO;
    }
 #endif
@ -271,6 +272,7 @@ void    psc_todo_tests(PSC_STATE *state, time_t time_value)
 char   *psc_print_tests(VSTRING *buf, PSC_STATE *state)
 {
    const char *myname = "psc_print_tests";
    time_t *expire_time = state->client_info->expire_time;
    /*
     * Sanity check.
@ -283,23 +285,23 @@ char   *psc_print_tests(VSTRING *buf, PSC_STATE *state)
     * with "pass new" when some disabled test becomes enabled at some later
     * time.
     */
-    if (PSC_PREGR_TEST_ENABLE() == 0 && state->pregr_stamp == PSC_TIME_STAMP_NEW)
+    if (PSC_PREGR_TEST_ENABLE() == 0 && expire_time[PSC_TINDX_PREGR] == PSC_TIME_STAMP_NEW)
-	state->pregr_stamp = PSC_TIME_STAMP_DISABLED;
+	expire_time[PSC_TINDX_PREGR] = PSC_TIME_STAMP_DISABLED;
-    if (PSC_DNSBL_TEST_ENABLE() == 0 && state->dnsbl_stamp == PSC_TIME_STAMP_NEW)
+    if (PSC_DNSBL_TEST_ENABLE() == 0 && expire_time[PSC_TINDX_DNSBL] == PSC_TIME_STAMP_NEW)
-	state->dnsbl_stamp = PSC_TIME_STAMP_DISABLED;
+	expire_time[PSC_TINDX_DNSBL] = PSC_TIME_STAMP_DISABLED;
-    if (var_psc_pipel_enable == 0 && state->pipel_stamp == PSC_TIME_STAMP_NEW)
+    if (var_psc_pipel_enable == 0 && expire_time[PSC_TINDX_PIPEL] == PSC_TIME_STAMP_NEW)
-	state->pipel_stamp = PSC_TIME_STAMP_DISABLED;
+	expire_time[PSC_TINDX_PIPEL] = PSC_TIME_STAMP_DISABLED;
-    if (var_psc_nsmtp_enable == 0 && state->nsmtp_stamp == PSC_TIME_STAMP_NEW)
+    if (var_psc_nsmtp_enable == 0 && expire_time[PSC_TINDX_NSMTP] == PSC_TIME_STAMP_NEW)
-	state->nsmtp_stamp = PSC_TIME_STAMP_DISABLED;
+	expire_time[PSC_TINDX_NSMTP] = PSC_TIME_STAMP_DISABLED;
-    if (var_psc_barlf_enable == 0 && state->barlf_stamp == PSC_TIME_STAMP_NEW)
+    if (var_psc_barlf_enable == 0 && expire_time[PSC_TINDX_BARLF] == PSC_TIME_STAMP_NEW)
-	state->barlf_stamp = PSC_TIME_STAMP_DISABLED;
+	expire_time[PSC_TINDX_BARLF] = PSC_TIME_STAMP_DISABLED;
    vstring_sprintf(buf, "%lu;%lu;%lu;%lu;%lu",
-		    (unsigned long) state->pregr_stamp,
+		    (unsigned long) expire_time[PSC_TINDX_PREGR],
-		    (unsigned long) state->dnsbl_stamp,
+		    (unsigned long) expire_time[PSC_TINDX_DNSBL],
-		    (unsigned long) state->pipel_stamp,
+		    (unsigned long) expire_time[PSC_TINDX_PIPEL],
-		    (unsigned long) state->nsmtp_stamp,
+		    (unsigned long) expire_time[PSC_TINDX_NSMTP],
-		    (unsigned long) state->barlf_stamp);
+		    (unsigned long) expire_time[PSC_TINDX_BARLF]);
    return (STR(buf));
 }