From ef9efb4a4c10b434816a6b92d56c78148b45d1f6 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Sat, 17 Jul 2021 00:00:00 -0500 Subject: [PATCH] postfix-3.7-20210717 --- postfix/HISTORY | 13 +++++++++++++ .../README_FILES/ADDRESS_VERIFICATION_README | 2 +- postfix/WISHLIST | 3 +++ postfix/html/ADDRESS_VERIFICATION_README.html | 2 +- postfix/html/postconf.5.html | 18 ++++++++++++------ postfix/html/smtpd.8.html | 10 +++++++--- postfix/man/man5/postconf.5 | 17 ++++++++++++----- postfix/man/man8/smtpd.8 | 8 ++++++-- postfix/proto/ADDRESS_VERIFICATION_README.html | 2 +- postfix/proto/postconf.proto | 18 ++++++++++++------ postfix/src/global/mail_version.h | 2 +- postfix/src/global/record.c | 6 ++++-- postfix/src/smtpd/smtpd.c | 10 ++++++++-- postfix/src/smtpd/smtpd_chat.c | 3 ++- 14 files changed, 83 insertions(+), 31 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index 9f1991190..f6adcd861 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -25661,3 +25661,16 @@ Apologies for any names omitted. file, with "sendmail -F", or with the NAME environment variable. Found by Renaud Metrich. File: cleanup/cleanup_message.c. + +20210708 + + Bugfix (introduced: 1999): the Postfix SMTP server was + sending all session transcripts to the error_notice_recipient, + instead of sending transcripts of bounced mail to the + bounce_notice_recipient. File: smtpd/smtpd_chat.c. + +20210713 + + Cleanup: the 20060903 code for record loop detection was + comparing memory addresses instead of queue file names. It + now properly compares strings. File: global/record.c. diff --git a/postfix/README_FILES/ADDRESS_VERIFICATION_README b/postfix/README_FILES/ADDRESS_VERIFICATION_README index 5a30ef741..3a7e51ae0 100644 --- a/postfix/README_FILES/ADDRESS_VERIFICATION_README +++ b/postfix/README_FILES/ADDRESS_VERIFICATION_README @@ -125,7 +125,7 @@ LLiimmiittaattiioonnss ooff aaddddrreessss vveerriiffi "double-bounce@$myorigin" would succeed. * The downside of using a non-empty sender address is that the address may - end op on spammer mailing lists. Although Postfix always discards mail to + end up on spammer mailing lists. Although Postfix always discards mail to the double-bounce address, this still results in wasted network bandwidth and server capacity. To defeat address harvesting, Postfix 2.9 and later support time-dependent sender addresses when you specify a non-zero diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 3c6c7fbd2..c9b6a94a5 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -2,6 +2,9 @@ Wish list: Add verp=+= to the qmgr "from=" logging. + In addition to the xxx_per_record_deadline, specify + a minimum data rate for the DATA stage. + Make smtpd_relay_before_recipient_restrictions settable in smtpd_checks tests. diff --git a/postfix/html/ADDRESS_VERIFICATION_README.html b/postfix/html/ADDRESS_VERIFICATION_README.html index 081aa9061..3f429feea 100644 --- a/postfix/html/ADDRESS_VERIFICATION_README.html +++ b/postfix/html/ADDRESS_VERIFICATION_README.html @@ -252,7 +252,7 @@ mis-configured sites that reject MAIL FROM: <>, while probes from "double-bounce@$myorigin" would succeed.

  • The downside of using a non-empty sender address is that -the address may end op on spammer mailing lists. Although Postfix +the address may end up on spammer mailing lists. Although Postfix always discards mail to the double-bounce address, this still results in wasted network bandwidth and server capacity. To defeat address harvesting, Postfix 2.9 and later support time-dependent diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 2a1ec882f..64de53cd1 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -5736,8 +5736,8 @@ This feature is available in Postfix 2.1 and later.

    Optional shell program for local(8) delivery to non-Postfix command. By default, non-Postfix commands are executed directly; commands -are given to given to the default shell (typically, /bin/sh) only -when they contain shell meta characters or shell built-in commands. +are given to the default shell (typically, /bin/sh) only when they +contain shell meta characters or shell built-in commands.

    "sendmail's restricted shell" (smrsh) is what most people will @@ -17070,9 +17070,15 @@ was fixed at 300s.

    smtpd_timeout (default: normal: 300s, overload: 10s)
    -

    -The time limit for sending a Postfix SMTP server response and for -receiving a remote SMTP client request. Normally the default limit +

    When the Postfix SMTP server wants to send an SMTP server +response, how long the Postfix SMTP server will wait for an underlying +network write operation to complete; and when the Postfix SMTP +server Postfix wants to receive an SMTP client request, how long +the Postfix SMTP server will wait for an underlying network read +operation to complete. See smtpd_per_record_deadline for how this +time limit may be enforced.

    + +

    Normally the default limit is 300s, but it changes under overload to just 10s. With Postfix 2.5 and earlier, the SMTP server always uses a time limit of 300s by default. @@ -19384,7 +19390,7 @@ starting with "0x", the options corresponding to the bits specified in its value are enabled (see openssl/ssl.h and SSL_CTX_set_options(3)). You can only enable options not already controlled by other Postfix settings. For example, you cannot disable protocols or enable -server cipher preference. Do not attempt to turn all features by +server cipher preference. Do not attempt to enable all features by specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some bug work-arounds are also valid here, allowing them to be re-enabled if/when they're no longer enabled by default. The supported values diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 4dbc75661..6f23b5c75 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -165,7 +165,7 @@ SMTPD(8) SMTPD(8) Evaluate smtpd_relay_restrictions before smtpd_recipi- ent_restrictions. - known_tcp_ports (lmtp=24, smtp=25, smtps=submissions=465, submis- + known_tcp_ports (lmtp=24, smtp=25, smtps=submissions=465, submis- sion=587) Optional setting that avoids lookups in the services(5) data- base. @@ -858,8 +858,12 @@ SMTPD(8) SMTPD(8) accepts per message delivery request. smtpd_timeout (normal: 300s, overload: 10s) - The time limit for sending a Postfix SMTP server response and - for receiving a remote SMTP client request. + When the Postfix SMTP server wants to send an SMTP server + response, how long the Postfix SMTP server will wait for an + underlying network write operation to complete; and when the + Postfix SMTP server Postfix wants to receive an SMTP client + request, how long the Postfix SMTP server will wait for an + underlying network read operation to complete. smtpd_history_flush_threshold (100) The maximal number of lines in the Postfix SMTP server command diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index d33e5c56a..87f9c5706 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -3429,8 +3429,8 @@ This feature is available in Postfix 2.1 and later. .SH local_command_shell (default: empty) Optional shell program for \fBlocal\fR(8) delivery to non\-Postfix command. By default, non\-Postfix commands are executed directly; commands -are given to given to the default shell (typically, /bin/sh) only -when they contain shell meta characters or shell built\-in commands. +are given to the default shell (typically, /bin/sh) only when they +contain shell meta characters or shell built\-in commands. .PP "sendmail's restricted shell" (smrsh) is what most people will use in order to restrict what programs can be run from e.g. .forward @@ -11728,8 +11728,15 @@ was fixed at 300s. .PP This feature is available in Postfix 2.2 and later. .SH smtpd_timeout (default: normal: 300s, overload: 10s) -The time limit for sending a Postfix SMTP server response and for -receiving a remote SMTP client request. Normally the default limit +When the Postfix SMTP server wants to send an SMTP server +response, how long the Postfix SMTP server will wait for an underlying +network write operation to complete; and when the Postfix SMTP +server Postfix wants to receive an SMTP client request, how long +the Postfix SMTP server will wait for an underlying network read +operation to complete. See smtpd_per_record_deadline for how this +time limit may be enforced. +.PP +Normally the default limit is 300s, but it changes under overload to just 10s. With Postfix 2.5 and earlier, the SMTP server always uses a time limit of 300s by default. @@ -13653,7 +13660,7 @@ starting with "0x", the options corresponding to the bits specified in its value are enabled (see openssl/ssl.h and \fBSSL_CTX_set_options\fR(3)). You can only enable options not already controlled by other Postfix settings. For example, you cannot disable protocols or enable -server cipher preference. Do not attempt to turn all features by +server cipher preference. Do not attempt to enable all features by specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some bug work\-arounds are also valid here, allowing them to be re\-enabled if/when they're no longer enabled by default. The supported values diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index 419fd0d46..3c294d405 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -757,8 +757,12 @@ The maximal size in bytes of a message, including envelope information. The maximal number of recipients that the Postfix SMTP server accepts per message delivery request. .IP "\fBsmtpd_timeout (normal: 300s, overload: 10s)\fR" -The time limit for sending a Postfix SMTP server response and for -receiving a remote SMTP client request. +When the Postfix SMTP server wants to send an SMTP server +response, how long the Postfix SMTP server will wait for an underlying +network write operation to complete; and when the Postfix SMTP +server Postfix wants to receive an SMTP client request, how long +the Postfix SMTP server will wait for an underlying network read +operation to complete. .IP "\fBsmtpd_history_flush_threshold (100)\fR" The maximal number of lines in the Postfix SMTP server command history before it is flushed upon receipt of EHLO, RSET, or end of DATA. diff --git a/postfix/proto/ADDRESS_VERIFICATION_README.html b/postfix/proto/ADDRESS_VERIFICATION_README.html index 4dc4ea339..aaaf24df0 100644 --- a/postfix/proto/ADDRESS_VERIFICATION_README.html +++ b/postfix/proto/ADDRESS_VERIFICATION_README.html @@ -252,7 +252,7 @@ mis-configured sites that reject MAIL FROM: <>, while probes from "double-bounce@$myorigin" would succeed.

  • The downside of using a non-empty sender address is that -the address may end op on spammer mailing lists. Although Postfix +the address may end up on spammer mailing lists. Although Postfix always discards mail to the double-bounce address, this still results in wasted network bandwidth and server capacity. To defeat address harvesting, Postfix 2.9 and later support time-dependent diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index bef8dcfc1..1a01b713d 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -2314,8 +2314,8 @@ This feature is available in Postfix 2.1 and later.

    Optional shell program for local(8) delivery to non-Postfix command. By default, non-Postfix commands are executed directly; commands -are given to given to the default shell (typically, /bin/sh) only -when they contain shell meta characters or shell built-in commands. +are given to the default shell (typically, /bin/sh) only when they +contain shell meta characters or shell built-in commands.

    "sendmail's restricted shell" (smrsh) is what most people will @@ -6710,9 +6710,15 @@ smtpd_sender_restrictions = reject_unknown_sender_domain, %PARAM smtpd_timeout normal: 300s, overload: 10s -

    -The time limit for sending a Postfix SMTP server response and for -receiving a remote SMTP client request. Normally the default limit +

    When the Postfix SMTP server wants to send an SMTP server +response, how long the Postfix SMTP server will wait for an underlying +network write operation to complete; and when the Postfix SMTP +server Postfix wants to receive an SMTP client request, how long +the Postfix SMTP server will wait for an underlying network read +operation to complete. See smtpd_per_record_deadline for how this +time limit may be enforced.

    + +

    Normally the default limit is 300s, but it changes under overload to just 10s. With Postfix 2.5 and earlier, the SMTP server always uses a time limit of 300s by default. @@ -16265,7 +16271,7 @@ starting with "0x", the options corresponding to the bits specified in its value are enabled (see openssl/ssl.h and SSL_CTX_set_options(3)). You can only enable options not already controlled by other Postfix settings. For example, you cannot disable protocols or enable -server cipher preference. Do not attempt to turn all features by +server cipher preference. Do not attempt to enable all features by specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some bug work-arounds are also valid here, allowing them to be re-enabled if/when they're no longer enabled by default. The supported values diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index f4f71a6a1..636021c64 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20210707" +#define MAIL_RELEASE_DATE "20210717" #define MAIL_VERSION_NUMBER "3.7" #ifdef SNAPSHOT diff --git a/postfix/src/global/record.c b/postfix/src/global/record.c index 5a3516368..8f5d53ce3 100644 --- a/postfix/src/global/record.c +++ b/postfix/src/global/record.c @@ -338,8 +338,10 @@ int rec_goto(VSTREAM *stream, const char *buf) */ #define REVERSE_JUMP_LIMIT 10000 - if (saved_path != VSTREAM_PATH(stream)) { - saved_path = VSTREAM_PATH(stream); + if (saved_path == 0 || strcmp(saved_path, VSTREAM_PATH(stream)) != 0) { + if (saved_path) + myfree(saved_path); + saved_path = mystrdup(VSTREAM_PATH(stream)); reverse_count = 0; saved_offset = 0; } diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 3f7b20167..403459052 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -711,8 +711,12 @@ /* The maximal number of recipients that the Postfix SMTP server /* accepts per message delivery request. /* .IP "\fBsmtpd_timeout (normal: 300s, overload: 10s)\fR" -/* The time limit for sending a Postfix SMTP server response and for -/* receiving a remote SMTP client request. +/* When the Postfix SMTP server wants to send an SMTP server +/* response, how long the Postfix SMTP server will wait for an underlying +/* network write operation to complete; and when the Postfix SMTP +/* server Postfix wants to receive an SMTP client request, how long +/* the Postfix SMTP server will wait for an underlying network read +/* operation to complete. /* .IP "\fBsmtpd_history_flush_threshold (100)\fR" /* The maximal number of lines in the Postfix SMTP server command history /* before it is flushed upon receipt of EHLO, RSET, or end of DATA. @@ -1301,6 +1305,7 @@ int var_reject_code; int var_defer_code; int var_smtpd_err_sleep; int var_non_fqdn_code; +char *var_bounce_rcpt; char *var_error_rcpt; int var_smtpd_delay_reject; char *var_rest_classes; @@ -6437,6 +6442,7 @@ int main(int argc, char **argv) VAR_EOD_CHECKS, DEF_EOD_CHECKS, &var_eod_checks, 0, 0, VAR_MAPS_RBL_DOMAINS, DEF_MAPS_RBL_DOMAINS, &var_maps_rbl_domains, 0, 0, VAR_RBL_REPLY_MAPS, DEF_RBL_REPLY_MAPS, &var_rbl_reply_maps, 0, 0, + VAR_BOUNCE_RCPT, DEF_BOUNCE_RCPT, &var_bounce_rcpt, 1, 0, VAR_ERROR_RCPT, DEF_ERROR_RCPT, &var_error_rcpt, 1, 0, VAR_REST_CLASSES, DEF_REST_CLASSES, &var_rest_classes, 0, 0, VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0, diff --git a/postfix/src/smtpd/smtpd_chat.c b/postfix/src/smtpd/smtpd_chat.c index 63795b861..c172ab3d1 100644 --- a/postfix/src/smtpd/smtpd_chat.c +++ b/postfix/src/smtpd/smtpd_chat.c @@ -316,7 +316,8 @@ void smtpd_chat_notify(SMTPD_STATE *state) #define INDENT 4 notice = post_mail_fopen_nowait(mail_addr_double_bounce(), - var_error_rcpt, + (state->error_mask & MAIL_ERROR_BOUNCE) ? + var_bounce_rcpt : var_error_rcpt, MAIL_SRC_MASK_NOTIFY, NULL_TRACE_FLAGS, SMTPUTF8_FLAG_NONE, NO_QUEUE_ID); if (notice == 0) {