mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-23 02:17:44 +00:00
Code Issues Releases Wiki Activity

postfix-3.7-20210717

Browse Source
This commit is contained in:
Wietse Venema 2021-07-17 00:00:00 -05:00 committed by Viktor Dukhovni
parent 6f10a06650
commit ef9efb4a4c
14 changed files with 83 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
postfix/HISTORY
View File

@ -25661,3 +25661,16 @@ Apologies for any names omitted.
file, with "sendmail -F", or with the NAME environment file, with "sendmail -F", or with the NAME environment
variable. Found by Renaud Metrich. File: variable. Found by Renaud Metrich. File:
cleanup/cleanup_message.c. cleanup/cleanup_message.c.
20210708
Bugfix (introduced: 1999): the Postfix SMTP server was
sending all session transcripts to the error_notice_recipient,
instead of sending transcripts of bounced mail to the
bounce_notice_recipient. File: smtpd/smtpd_chat.c.
20210713
Cleanup: the 20060903 code for record loop detection was
comparing memory addresses instead of queue file names. It
now properly compares strings. File: global/record.c.

2
postfix/README_FILES/ADDRESS_VERIFICATION_README
View File

@ -125,7 +125,7 @@ LLiimmiittaattiioonnss ooff aaddddrreessss vveerriiffi
"double-bounce@$myorigin" would succeed. "double-bounce@$myorigin" would succeed.
* The downside of using a non-empty sender address is that the address may * The downside of using a non-empty sender address is that the address may
end op on spammer mailing lists. Although Postfix always discards mail to end up on spammer mailing lists. Although Postfix always discards mail to
the double-bounce address, this still results in wasted network bandwidth the double-bounce address, this still results in wasted network bandwidth
and server capacity. To defeat address harvesting, Postfix 2.9 and later and server capacity. To defeat address harvesting, Postfix 2.9 and later
support time-dependent sender addresses when you specify a non-zero support time-dependent sender addresses when you specify a non-zero

3
postfix/WISHLIST
View File

@ -2,6 +2,9 @@ Wish list:
Add verp=+= to the qmgr "from=" logging. Add verp=+= to the qmgr "from=" logging.
In addition to the xxx_per_record_deadline, specify
a minimum data rate for the DATA stage.
Make smtpd_relay_before_recipient_restrictions settable Make smtpd_relay_before_recipient_restrictions settable
in smtpd_checks tests. in smtpd_checks tests.

2
postfix/html/ADDRESS_VERIFICATION_README.html
View File

@ -252,7 +252,7 @@ mis-configured sites that reject MAIL FROM: <>, while
probes from "double-bounce@$<a href="postconf.5.html#myorigin">myorigin</a>" would succeed. </p> probes from "double-bounce@$<a href="postconf.5.html#myorigin">myorigin</a>" would succeed. </p>
<li> <p> The downside of using a non-empty sender address is that <li> <p> The downside of using a non-empty sender address is that
the address may end op on spammer mailing lists. Although Postfix the address may end up on spammer mailing lists. Although Postfix
always discards mail to the double-bounce address, this still results always discards mail to the double-bounce address, this still results
in wasted network bandwidth and server capacity. To defeat in wasted network bandwidth and server capacity. To defeat
address harvesting, Postfix 2.9 and later support time-dependent address harvesting, Postfix 2.9 and later support time-dependent

18
postfix/html/postconf.5.html
View File

@ -5736,8 +5736,8 @@ This feature is available in Postfix 2.1 and later.
<p> <p>
Optional shell program for <a href="local.8.html">local(8)</a> delivery to non-Postfix command. Optional shell program for <a href="local.8.html">local(8)</a> delivery to non-Postfix command.
By default, non-Postfix commands are executed directly; commands By default, non-Postfix commands are executed directly; commands
are given to given to the default shell (typically, /bin/sh) only are given to the default shell (typically, /bin/sh) only when they
when they contain shell meta characters or shell built-in commands. contain shell meta characters or shell built-in commands.
</p> </p>
<p> "sendmail's restricted shell" (smrsh) is what most people will <p> "sendmail's restricted shell" (smrsh) is what most people will
@ -17070,9 +17070,15 @@ was fixed at 300s. </p>
<DT><b><a name="smtpd_timeout">smtpd_timeout</a> <DT><b><a name="smtpd_timeout">smtpd_timeout</a>
(default: normal: 300s, overload: 10s)</b></DT><DD> (default: normal: 300s, overload: 10s)</b></DT><DD>
<p> <p> When the Postfix SMTP server wants to send an SMTP server
The time limit for sending a Postfix SMTP server response and for response, how long the Postfix SMTP server will wait for an underlying
receiving a remote SMTP client request. Normally the default limit network write operation to complete; and when the Postfix SMTP
server Postfix wants to receive an SMTP client request, how long
the Postfix SMTP server will wait for an underlying network read
operation to complete. See <a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> for how this
time limit may be enforced. </p>
<p> Normally the default limit
is 300s, but it changes under overload to just 10s. With Postfix is 300s, but it changes under overload to just 10s. With Postfix
2.5 and earlier, the SMTP server always uses a time limit of 300s 2.5 and earlier, the SMTP server always uses a time limit of 300s
by default. by default.
@ -19384,7 +19390,7 @@ starting with "0x", the options corresponding to the bits specified
in its value are enabled (see openssl/ssl.h and SSL_CTX_set_options(3)). in its value are enabled (see openssl/ssl.h and SSL_CTX_set_options(3)).
You can only enable options not already controlled by other Postfix You can only enable options not already controlled by other Postfix
settings. For example, you cannot disable protocols or enable settings. For example, you cannot disable protocols or enable
server cipher preference. Do not attempt to turn all features by server cipher preference. Do not attempt to enable all features by
specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some
bug work-arounds are also valid here, allowing them to be re-enabled bug work-arounds are also valid here, allowing them to be re-enabled
if/when they're no longer enabled by default. The supported values if/when they're no longer enabled by default. The supported values

10
postfix/html/smtpd.8.html
View File

@ -165,7 +165,7 @@ SMTPD(8) SMTPD(8)
Evaluate <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> before <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipi</a>- Evaluate <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> before <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipi</a>-
<a href="postconf.5.html#smtpd_recipient_restrictions">ent_restrictions</a>. <a href="postconf.5.html#smtpd_recipient_restrictions">ent_restrictions</a>.
<b>known_tcp_ports (lmtp=24, smtp=25, smtps=submissions=465, submis-</b> <b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b>
<b>sion=587)</b> <b>sion=587)</b>
Optional setting that avoids lookups in the <b>services</b>(5) data- Optional setting that avoids lookups in the <b>services</b>(5) data-
base. base.
@ -858,8 +858,12 @@ SMTPD(8) SMTPD(8)
accepts per message delivery request. accepts per message delivery request.
<b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (normal: 300s, overload: 10s)</b> <b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (normal: 300s, overload: 10s)</b>
The time limit for sending a Postfix SMTP server response and When the Postfix SMTP server wants to send an SMTP server
for receiving a remote SMTP client request. response, how long the Postfix SMTP server will wait for an
underlying network write operation to complete; and when the
Postfix SMTP server Postfix wants to receive an SMTP client
request, how long the Postfix SMTP server will wait for an
underlying network read operation to complete.
<b><a href="postconf.5.html#smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> (100)</b> <b><a href="postconf.5.html#smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> (100)</b>
The maximal number of lines in the Postfix SMTP server command The maximal number of lines in the Postfix SMTP server command

17
postfix/man/man5/postconf.5
View File

@ -3429,8 +3429,8 @@ This feature is available in Postfix 2.1 and later.
.SH local_command_shell (default: empty) .SH local_command_shell (default: empty)
Optional shell program for \fBlocal\fR(8) delivery to non\-Postfix command. Optional shell program for \fBlocal\fR(8) delivery to non\-Postfix command.
By default, non\-Postfix commands are executed directly; commands By default, non\-Postfix commands are executed directly; commands
are given to given to the default shell (typically, /bin/sh) only are given to the default shell (typically, /bin/sh) only when they
when they contain shell meta characters or shell built\-in commands. contain shell meta characters or shell built\-in commands.
.PP .PP
"sendmail's restricted shell" (smrsh) is what most people will "sendmail's restricted shell" (smrsh) is what most people will
use in order to restrict what programs can be run from e.g. .forward use in order to restrict what programs can be run from e.g. .forward
@ -11728,8 +11728,15 @@ was fixed at 300s.
.PP .PP
This feature is available in Postfix 2.2 and later. This feature is available in Postfix 2.2 and later.
.SH smtpd_timeout (default: normal: 300s, overload: 10s) .SH smtpd_timeout (default: normal: 300s, overload: 10s)
The time limit for sending a Postfix SMTP server response and for When the Postfix SMTP server wants to send an SMTP server
receiving a remote SMTP client request. Normally the default limit response, how long the Postfix SMTP server will wait for an underlying
network write operation to complete; and when the Postfix SMTP
server Postfix wants to receive an SMTP client request, how long
the Postfix SMTP server will wait for an underlying network read
operation to complete. See smtpd_per_record_deadline for how this
time limit may be enforced.
.PP
Normally the default limit
is 300s, but it changes under overload to just 10s. With Postfix is 300s, but it changes under overload to just 10s. With Postfix
2.5 and earlier, the SMTP server always uses a time limit of 300s 2.5 and earlier, the SMTP server always uses a time limit of 300s
by default. by default.
@ -13653,7 +13660,7 @@ starting with "0x", the options corresponding to the bits specified
in its value are enabled (see openssl/ssl.h and \fBSSL_CTX_set_options\fR(3)). in its value are enabled (see openssl/ssl.h and \fBSSL_CTX_set_options\fR(3)).
You can only enable options not already controlled by other Postfix You can only enable options not already controlled by other Postfix
settings. For example, you cannot disable protocols or enable settings. For example, you cannot disable protocols or enable
server cipher preference. Do not attempt to turn all features by server cipher preference. Do not attempt to enable all features by
specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some
bug work\-arounds are also valid here, allowing them to be re\-enabled bug work\-arounds are also valid here, allowing them to be re\-enabled
if/when they're no longer enabled by default. The supported values if/when they're no longer enabled by default. The supported values

8
postfix/man/man8/smtpd.8
View File

@ -757,8 +757,12 @@ The maximal size in bytes of a message, including envelope information.
The maximal number of recipients that the Postfix SMTP server The maximal number of recipients that the Postfix SMTP server
accepts per message delivery request. accepts per message delivery request.
.IP "\fBsmtpd_timeout (normal: 300s, overload: 10s)\fR" .IP "\fBsmtpd_timeout (normal: 300s, overload: 10s)\fR"
The time limit for sending a Postfix SMTP server response and for When the Postfix SMTP server wants to send an SMTP server
receiving a remote SMTP client request. response, how long the Postfix SMTP server will wait for an underlying
network write operation to complete; and when the Postfix SMTP
server Postfix wants to receive an SMTP client request, how long
the Postfix SMTP server will wait for an underlying network read
operation to complete.
.IP "\fBsmtpd_history_flush_threshold (100)\fR" .IP "\fBsmtpd_history_flush_threshold (100)\fR"
The maximal number of lines in the Postfix SMTP server command history The maximal number of lines in the Postfix SMTP server command history
before it is flushed upon receipt of EHLO, RSET, or end of DATA. before it is flushed upon receipt of EHLO, RSET, or end of DATA.

2
postfix/proto/ADDRESS_VERIFICATION_README.html
View File

@ -252,7 +252,7 @@ mis-configured sites that reject MAIL FROM: &lt;&gt;, while
probes from "double-bounce@$myorigin" would succeed. </p> probes from "double-bounce@$myorigin" would succeed. </p>
<li> <p> The downside of using a non-empty sender address is that <li> <p> The downside of using a non-empty sender address is that
the address may end op on spammer mailing lists. Although Postfix the address may end up on spammer mailing lists. Although Postfix
always discards mail to the double-bounce address, this still results always discards mail to the double-bounce address, this still results
in wasted network bandwidth and server capacity. To defeat in wasted network bandwidth and server capacity. To defeat
address harvesting, Postfix 2.9 and later support time-dependent address harvesting, Postfix 2.9 and later support time-dependent

18
postfix/proto/postconf.proto
View File

@ -2314,8 +2314,8 @@ This feature is available in Postfix 2.1 and later.
<p> <p>
Optional shell program for local(8) delivery to non-Postfix command. Optional shell program for local(8) delivery to non-Postfix command.
By default, non-Postfix commands are executed directly; commands By default, non-Postfix commands are executed directly; commands
are given to given to the default shell (typically, /bin/sh) only are given to the default shell (typically, /bin/sh) only when they
when they contain shell meta characters or shell built-in commands. contain shell meta characters or shell built-in commands.
</p> </p>
<p> "sendmail's restricted shell" (smrsh) is what most people will <p> "sendmail's restricted shell" (smrsh) is what most people will
@ -6710,9 +6710,15 @@ smtpd_sender_restrictions = reject_unknown_sender_domain,
%PARAM smtpd_timeout normal: 300s, overload: 10s %PARAM smtpd_timeout normal: 300s, overload: 10s
<p> <p> When the Postfix SMTP server wants to send an SMTP server
The time limit for sending a Postfix SMTP server response and for response, how long the Postfix SMTP server will wait for an underlying
receiving a remote SMTP client request. Normally the default limit network write operation to complete; and when the Postfix SMTP
server Postfix wants to receive an SMTP client request, how long
the Postfix SMTP server will wait for an underlying network read
operation to complete. See smtpd_per_record_deadline for how this
time limit may be enforced. </p>
<p> Normally the default limit
is 300s, but it changes under overload to just 10s. With Postfix is 300s, but it changes under overload to just 10s. With Postfix
2.5 and earlier, the SMTP server always uses a time limit of 300s 2.5 and earlier, the SMTP server always uses a time limit of 300s
by default. by default.
@ -16265,7 +16271,7 @@ starting with "0x", the options corresponding to the bits specified
in its value are enabled (see openssl/ssl.h and SSL_CTX_set_options(3)). in its value are enabled (see openssl/ssl.h and SSL_CTX_set_options(3)).
You can only enable options not already controlled by other Postfix You can only enable options not already controlled by other Postfix
settings. For example, you cannot disable protocols or enable settings. For example, you cannot disable protocols or enable
server cipher preference. Do not attempt to turn all features by server cipher preference. Do not attempt to enable all features by
specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some
bug work-arounds are also valid here, allowing them to be re-enabled bug work-arounds are also valid here, allowing them to be re-enabled
if/when they're no longer enabled by default. The supported values if/when they're no longer enabled by default. The supported values

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20210707" #define MAIL_RELEASE_DATE "20210717"
#define MAIL_VERSION_NUMBER "3.7" #define MAIL_VERSION_NUMBER "3.7"
#ifdef SNAPSHOT #ifdef SNAPSHOT

6
postfix/src/global/record.c
View File

@ -338,8 +338,10 @@ int rec_goto(VSTREAM *stream, const char *buf)
*/ */
#define REVERSE_JUMP_LIMIT 10000 #define REVERSE_JUMP_LIMIT 10000
if (saved_path != VSTREAM_PATH(stream)) { if (saved_path == 0 || strcmp(saved_path, VSTREAM_PATH(stream)) != 0) {
saved_path = VSTREAM_PATH(stream); if (saved_path)
myfree(saved_path);
saved_path = mystrdup(VSTREAM_PATH(stream));
reverse_count = 0; reverse_count = 0;
saved_offset = 0; saved_offset = 0;
} }

10
postfix/src/smtpd/smtpd.c
View File

@ -711,8 +711,12 @@
/* The maximal number of recipients that the Postfix SMTP server /* The maximal number of recipients that the Postfix SMTP server
/* accepts per message delivery request. /* accepts per message delivery request.
/* .IP "\fBsmtpd_timeout (normal: 300s, overload: 10s)\fR" /* .IP "\fBsmtpd_timeout (normal: 300s, overload: 10s)\fR"
/* The time limit for sending a Postfix SMTP server response and for /* When the Postfix SMTP server wants to send an SMTP server
/* receiving a remote SMTP client request. /* response, how long the Postfix SMTP server will wait for an underlying
/* network write operation to complete; and when the Postfix SMTP
/* server Postfix wants to receive an SMTP client request, how long
/* the Postfix SMTP server will wait for an underlying network read
/* operation to complete.
/* .IP "\fBsmtpd_history_flush_threshold (100)\fR" /* .IP "\fBsmtpd_history_flush_threshold (100)\fR"
/* The maximal number of lines in the Postfix SMTP server command history /* The maximal number of lines in the Postfix SMTP server command history
/* before it is flushed upon receipt of EHLO, RSET, or end of DATA. /* before it is flushed upon receipt of EHLO, RSET, or end of DATA.
@ -1301,6 +1305,7 @@ int var_reject_code;
int var_defer_code; int var_defer_code;
int var_smtpd_err_sleep; int var_smtpd_err_sleep;
int var_non_fqdn_code; int var_non_fqdn_code;
char *var_bounce_rcpt;
char *var_error_rcpt; char *var_error_rcpt;
int var_smtpd_delay_reject; int var_smtpd_delay_reject;
char *var_rest_classes; char *var_rest_classes;
@ -6437,6 +6442,7 @@ int main(int argc, char **argv)
VAR_EOD_CHECKS, DEF_EOD_CHECKS, &var_eod_checks, 0, 0, VAR_EOD_CHECKS, DEF_EOD_CHECKS, &var_eod_checks, 0, 0,
VAR_MAPS_RBL_DOMAINS, DEF_MAPS_RBL_DOMAINS, &var_maps_rbl_domains, 0, 0, VAR_MAPS_RBL_DOMAINS, DEF_MAPS_RBL_DOMAINS, &var_maps_rbl_domains, 0, 0,
VAR_RBL_REPLY_MAPS, DEF_RBL_REPLY_MAPS, &var_rbl_reply_maps, 0, 0, VAR_RBL_REPLY_MAPS, DEF_RBL_REPLY_MAPS, &var_rbl_reply_maps, 0, 0,
VAR_BOUNCE_RCPT, DEF_BOUNCE_RCPT, &var_bounce_rcpt, 1, 0,
VAR_ERROR_RCPT, DEF_ERROR_RCPT, &var_error_rcpt, 1, 0, VAR_ERROR_RCPT, DEF_ERROR_RCPT, &var_error_rcpt, 1, 0,
VAR_REST_CLASSES, DEF_REST_CLASSES, &var_rest_classes, 0, 0, VAR_REST_CLASSES, DEF_REST_CLASSES, &var_rest_classes, 0, 0,
VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0, VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0,

3
postfix/src/smtpd/smtpd_chat.c
View File

@ -316,7 +316,8 @@ void smtpd_chat_notify(SMTPD_STATE *state)
#define INDENT 4 #define INDENT 4
notice = post_mail_fopen_nowait(mail_addr_double_bounce(), notice = post_mail_fopen_nowait(mail_addr_double_bounce(),
var_error_rcpt, (state->error_mask & MAIL_ERROR_BOUNCE) ?
var_bounce_rcpt : var_error_rcpt,
MAIL_SRC_MASK_NOTIFY, NULL_TRACE_FLAGS, MAIL_SRC_MASK_NOTIFY, NULL_TRACE_FLAGS,
SMTPUTF8_FLAG_NONE, NO_QUEUE_ID); SMTPUTF8_FLAG_NONE, NO_QUEUE_ID);
if (notice == 0) { if (notice == 0) {