postfix-3.7-20210717

postfix/HISTORY

@@ -25661,3 +25661,16 @@ Apologies for any names omitted.
 	file, with "sendmail -F", or with the NAME environment
 	variable. Found by Renaud Metrich. File:
 	cleanup/cleanup_message.c.
+
+20210708
+
+	Bugfix (introduced: 1999): the Postfix SMTP server was
+	sending all session transcripts to the error_notice_recipient,
+	instead of sending transcripts of bounced mail to the
+	bounce_notice_recipient. File: smtpd/smtpd_chat.c.
+
+20210713
+
+	Cleanup: the 20060903 code for record loop detection was
+	comparing memory addresses instead of queue file names. It
+	now properly compares strings. File: global/record.c.

postfix/README_FILES/ADDRESS_VERIFICATION_README

@@ -125,7 +125,7 @@ LLiimmiittaattiioonnss ooff aaddddrreessss vveerriiffi
     "double-bounce@$myorigin" would succeed.
 
   * The downside of using a non-empty sender address is that the address may
-    end op on spammer mailing lists. Although Postfix always discards mail to
+    end up on spammer mailing lists. Although Postfix always discards mail to
     the double-bounce address, this still results in wasted network bandwidth
     and server capacity. To defeat address harvesting, Postfix 2.9 and later
     support time-dependent sender addresses when you specify a non-zero

postfix/WISHLIST

@@ -2,6 +2,9 @@ Wish list:
 
 	Add verp=+= to the qmgr "from=" logging.
 
+	In addition to the xxx_per_record_deadline, specify
+	a minimum data rate for the DATA stage.
+
 	Make smtpd_relay_before_recipient_restrictions settable
 	in smtpd_checks tests.
 

postfix/html/ADDRESS_VERIFICATION_README.html

@@ -252,7 +252,7 @@ mis-configured sites that reject MAIL FROM:  <>, while
 probes from "double-bounce@$<a href="postconf.5.html#myorigin">myorigin</a>" would succeed. </p>
 
 <li> <p> The downside of using a non-empty sender address is that
-the address may end op on spammer mailing lists. Although Postfix
+the address may end up on spammer mailing lists. Although Postfix
 always discards mail to the double-bounce address, this still results
 in wasted network bandwidth and server capacity.  To defeat
 address harvesting, Postfix 2.9 and later support time-dependent

postfix/html/postconf.5.html

@@ -5736,8 +5736,8 @@ This feature is available in Postfix 2.1 and later.
 <p>
 Optional shell program for <a href="local.8.html">local(8)</a> delivery to non-Postfix command.
 By default, non-Postfix commands are executed directly; commands
-are given to given to the default shell (typically, /bin/sh) only
-when they contain shell meta characters or shell built-in commands.
+are given to the default shell (typically, /bin/sh) only when they
+contain shell meta characters or shell built-in commands.
 </p>
 
 <p> "sendmail's restricted shell" (smrsh) is what most people will
@@ -17070,9 +17070,15 @@ was fixed at 300s. </p>
 <DT><b><a name="smtpd_timeout">smtpd_timeout</a>
 (default: normal: 300s, overload: 10s)</b></DT><DD>
 
-<p>
-The time limit for sending a Postfix SMTP server response and for
-receiving a remote SMTP client request. Normally the default limit
+<p> When the Postfix SMTP server wants to send an SMTP server
+response, how long the Postfix SMTP server will wait for an underlying
+network write operation to complete; and when the Postfix SMTP
+server Postfix wants to receive an SMTP client request, how long
+the Postfix SMTP server will wait for an underlying network read
+operation to complete. See <a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> for how this
+time limit may be enforced. </p>
+
+<p> Normally the default limit
 is 300s, but it changes under overload to just 10s. With Postfix
 2.5 and earlier, the SMTP server always uses a time limit of 300s
 by default.
@@ -19384,7 +19390,7 @@ starting with "0x", the options corresponding to the bits specified
 in its value are enabled (see openssl/ssl.h and SSL_CTX_set_options(3)).
 You can only enable options not already controlled by other Postfix
 settings.  For example, you cannot disable protocols or enable
-server cipher preference.  Do not attempt to turn all features by
+server cipher preference.  Do not attempt to enable all features by
 specifying 0xFFFFFFFF, this is unlikely to be a good idea.  Some
 bug work-arounds are also valid here, allowing them to be re-enabled
 if/when they're no longer enabled by default.  The supported values

postfix/html/smtpd.8.html

@@ -165,7 +165,7 @@ SMTPD(8)                                                              SMTPD(8)
               Evaluate    <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>    before     <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipi</a>-
               <a href="postconf.5.html#smtpd_recipient_restrictions">ent_restrictions</a>.
 
-       <b>known_tcp_ports   (lmtp=24,   smtp=25,  smtps=submissions=465,  submis-</b>
+       <b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a>   (lmtp=24,   smtp=25,  smtps=submissions=465,  submis-</b>
        <b>sion=587)</b>
               Optional  setting  that  avoids lookups in the <b>services</b>(5) data-
               base.
@@ -858,8 +858,12 @@ SMTPD(8)                                                              SMTPD(8)
               accepts per message delivery request.
 
        <b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (normal: 300s, overload: 10s)</b>
-              The  time  limit  for sending a Postfix SMTP server response and
-              for receiving a remote SMTP client request.
+              When  the  Postfix  SMTP  server  wants  to  send an SMTP server
+              response, how long the Postfix SMTP  server  will  wait  for  an
+              underlying  network  write  operation  to complete; and when the
+              Postfix SMTP server Postfix wants  to  receive  an  SMTP  client
+              request,  how  long  the  Postfix  SMTP  server will wait for an
+              underlying network read operation to complete.
 
        <b><a href="postconf.5.html#smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> (100)</b>
               The maximal number of lines in the Postfix SMTP  server  command

postfix/man/man5/postconf.5

@@ -3429,8 +3429,8 @@ This feature is available in Postfix 2.1 and later.
 .SH local_command_shell (default: empty)
 Optional shell program for \fBlocal\fR(8) delivery to non\-Postfix command.
 By default, non\-Postfix commands are executed directly; commands
-are given to given to the default shell (typically, /bin/sh) only
-when they contain shell meta characters or shell built\-in commands.
+are given to the default shell (typically, /bin/sh) only when they
+contain shell meta characters or shell built\-in commands.
 .PP
 "sendmail's restricted shell" (smrsh) is what most people will
 use in order to restrict what programs can be run from e.g. .forward
@@ -11728,8 +11728,15 @@ was fixed at 300s.
 .PP
 This feature is available in Postfix 2.2 and later.
 .SH smtpd_timeout (default: normal: 300s, overload: 10s)
-The time limit for sending a Postfix SMTP server response and for
-receiving a remote SMTP client request. Normally the default limit
+When the Postfix SMTP server wants to send an SMTP server
+response, how long the Postfix SMTP server will wait for an underlying
+network write operation to complete; and when the Postfix SMTP
+server Postfix wants to receive an SMTP client request, how long
+the Postfix SMTP server will wait for an underlying network read
+operation to complete. See smtpd_per_record_deadline for how this
+time limit may be enforced.
+.PP
+Normally the default limit
 is 300s, but it changes under overload to just 10s. With Postfix
 2.5 and earlier, the SMTP server always uses a time limit of 300s
 by default.
@@ -13653,7 +13660,7 @@ starting with "0x", the options corresponding to the bits specified
 in its value are enabled (see openssl/ssl.h and \fBSSL_CTX_set_options\fR(3)).
 You can only enable options not already controlled by other Postfix
 settings.  For example, you cannot disable protocols or enable
-server cipher preference.  Do not attempt to turn all features by
+server cipher preference.  Do not attempt to enable all features by
 specifying 0xFFFFFFFF, this is unlikely to be a good idea.  Some
 bug work\-arounds are also valid here, allowing them to be re\-enabled
 if/when they're no longer enabled by default.  The supported values

postfix/man/man8/smtpd.8

@@ -757,8 +757,12 @@ The maximal size in bytes of a message, including envelope information.
 The maximal number of recipients that the Postfix SMTP server
 accepts per message delivery request.
 .IP "\fBsmtpd_timeout (normal: 300s, overload: 10s)\fR"
-The time limit for sending a Postfix SMTP server response and for
-receiving a remote SMTP client request.
+When the Postfix SMTP server wants to send an SMTP server
+response, how long the Postfix SMTP server will wait for an underlying
+network write operation to complete; and when the Postfix SMTP
+server Postfix wants to receive an SMTP client request, how long
+the Postfix SMTP server will wait for an underlying network read
+operation to complete.
 .IP "\fBsmtpd_history_flush_threshold (100)\fR"
 The maximal number of lines in the Postfix SMTP server command history
 before it is flushed upon receipt of EHLO, RSET, or end of DATA.

postfix/proto/ADDRESS_VERIFICATION_README.html

@@ -252,7 +252,7 @@ mis-configured sites that reject MAIL FROM:  <>, while
 probes from "double-bounce@$myorigin" would succeed. </p>
 
 <li> <p> The downside of using a non-empty sender address is that
-the address may end op on spammer mailing lists. Although Postfix
+the address may end up on spammer mailing lists. Although Postfix
 always discards mail to the double-bounce address, this still results
 in wasted network bandwidth and server capacity.  To defeat
 address harvesting, Postfix 2.9 and later support time-dependent

postfix/proto/postconf.proto

@@ -2314,8 +2314,8 @@ This feature is available in Postfix 2.1 and later.
 <p>
 Optional shell program for local(8) delivery to non-Postfix command.
 By default, non-Postfix commands are executed directly; commands
-are given to given to the default shell (typically, /bin/sh) only
-when they contain shell meta characters or shell built-in commands.
+are given to the default shell (typically, /bin/sh) only when they
+contain shell meta characters or shell built-in commands.
 </p>
 
 <p> "sendmail's restricted shell" (smrsh) is what most people will
@@ -6710,9 +6710,15 @@ smtpd_sender_restrictions = reject_unknown_sender_domain,
 
 %PARAM smtpd_timeout normal: 300s, overload: 10s
 
-<p>
-The time limit for sending a Postfix SMTP server response and for
-receiving a remote SMTP client request. Normally the default limit
+<p> When the Postfix SMTP server wants to send an SMTP server
+response, how long the Postfix SMTP server will wait for an underlying
+network write operation to complete; and when the Postfix SMTP
+server Postfix wants to receive an SMTP client request, how long
+the Postfix SMTP server will wait for an underlying network read
+operation to complete. See smtpd_per_record_deadline for how this
+time limit may be enforced. </p>
+
+<p> Normally the default limit
 is 300s, but it changes under overload to just 10s. With Postfix
 2.5 and earlier, the SMTP server always uses a time limit of 300s
 by default.
@@ -16265,7 +16271,7 @@ starting with "0x", the options corresponding to the bits specified
 in its value are enabled (see openssl/ssl.h and SSL_CTX_set_options(3)).
 You can only enable options not already controlled by other Postfix
 settings.  For example, you cannot disable protocols or enable
-server cipher preference.  Do not attempt to turn all features by
+server cipher preference.  Do not attempt to enable all features by
 specifying 0xFFFFFFFF, this is unlikely to be a good idea.  Some
 bug work-arounds are also valid here, allowing them to be re-enabled
 if/when they're no longer enabled by default.  The supported values

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20210707"
+#define MAIL_RELEASE_DATE	"20210717"
 #define MAIL_VERSION_NUMBER	"3.7"
 
 #ifdef SNAPSHOT

postfix/src/global/record.c

@@ -338,8 +338,10 @@ int     rec_goto(VSTREAM *stream, const char *buf)
      */
 #define REVERSE_JUMP_LIMIT	10000
 
-    if (saved_path != VSTREAM_PATH(stream)) {
-	saved_path = VSTREAM_PATH(stream);
+    if (saved_path == 0 || strcmp(saved_path, VSTREAM_PATH(stream)) != 0) {
+	if (saved_path)
+	    myfree(saved_path);
+	saved_path = mystrdup(VSTREAM_PATH(stream));
 	reverse_count = 0;
 	saved_offset = 0;
     }

postfix/src/smtpd/smtpd.c

@@ -711,8 +711,12 @@
 /*	The maximal number of recipients that the Postfix SMTP server
 /*	accepts per message delivery request.
 /* .IP "\fBsmtpd_timeout (normal: 300s, overload: 10s)\fR"
-/*	The time limit for sending a Postfix SMTP server response and for
-/*	receiving a remote SMTP client request.
+/*	When the Postfix SMTP server wants to send an SMTP server
+/*	response, how long the Postfix SMTP server will wait for an underlying
+/*	network write operation to complete; and when the Postfix SMTP
+/*	server Postfix wants to receive an SMTP client request, how long
+/*	the Postfix SMTP server will wait for an underlying network read
+/*	operation to complete.
 /* .IP "\fBsmtpd_history_flush_threshold (100)\fR"
 /*	The maximal number of lines in the Postfix SMTP server command history
 /*	before it is flushed upon receipt of EHLO, RSET, or end of DATA.
@@ -1301,6 +1305,7 @@ int     var_reject_code;
 int     var_defer_code;
 int     var_smtpd_err_sleep;
 int     var_non_fqdn_code;
+char   *var_bounce_rcpt;
 char   *var_error_rcpt;
 int     var_smtpd_delay_reject;
 char   *var_rest_classes;
@@ -6437,6 +6442,7 @@ int     main(int argc, char **argv)
 	VAR_EOD_CHECKS, DEF_EOD_CHECKS, &var_eod_checks, 0, 0,
 	VAR_MAPS_RBL_DOMAINS, DEF_MAPS_RBL_DOMAINS, &var_maps_rbl_domains, 0, 0,
 	VAR_RBL_REPLY_MAPS, DEF_RBL_REPLY_MAPS, &var_rbl_reply_maps, 0, 0,
+	VAR_BOUNCE_RCPT, DEF_BOUNCE_RCPT, &var_bounce_rcpt, 1, 0,
 	VAR_ERROR_RCPT, DEF_ERROR_RCPT, &var_error_rcpt, 1, 0,
 	VAR_REST_CLASSES, DEF_REST_CLASSES, &var_rest_classes, 0, 0,
 	VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0,

postfix/src/smtpd/smtpd_chat.c

@@ -316,7 +316,8 @@ void    smtpd_chat_notify(SMTPD_STATE *state)
 #define INDENT	4
 
     notice = post_mail_fopen_nowait(mail_addr_double_bounce(),
-				    var_error_rcpt,
+				    (state->error_mask & MAIL_ERROR_BOUNCE) ?
+				    var_bounce_rcpt : var_error_rcpt,
 				    MAIL_SRC_MASK_NOTIFY, NULL_TRACE_FLAGS,
 				    SMTPUTF8_FLAG_NONE, NO_QUEUE_ID);
     if (notice == 0) {