NOTE: Do not use the header_checks(5) IGNORE action to remove +Postfix's own Received: message header. This causes problems with +mail signing filters. Instead, keep Postfix's own Received: message +header and use the header_checks(5) REPLACE action to sanitize +information.
+You specify SMTP-only Milter applications (there can be more than one) with the smtpd_milters parameter. Each Milter application is identified by the name of its listening socket; other Milter @@ -345,6 +351,12 @@ limitations as discussed later in this section. Mail that arrives via the Postfix smtpd(8) server is not filtered by the non-SMTP filters.
+NOTE: Do not use the header_checks(5) IGNORE action to remove +Postfix's own Received: message header. This causes problems with +mail signing filters. Instead, keep Postfix's own Received: message +header and use the header_checks(5) REPLACE action to sanitize +information.
+You specify non-SMTP Milter applications with the non_smtpd_milters parameter. This parameter uses the same syntax as the smtpd_milters parameter in the previous section. As with the SMTP-only filters, diff --git a/postfix/html/SASL_README.html b/postfix/html/SASL_README.html index 3c1825b2d..d177f7f15 100644 --- a/postfix/html/SASL_README.html +++ b/postfix/html/SASL_README.html @@ -359,7 +359,8 @@ library for configuration can be set with:
@@ -687,8 +688,9 @@ of SuSE Rhein/Main AG. reject_authenticated_sender_login_mismatch and reject_unauthenticated_sender_login_mismatch, and revised the docs. -/etc/postfix/main.cf: - smtpd_sasl_application_name = smtpd + smtpd_sasl_application_name = smtpd (Postfix < 2.3) + smtpd_sasl_path = smtpd (Postfix 2.3 and later)
-This feature is available in Postfix 2.1 and later. +This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3 +it was renamed to smtpd_sasl_path.
@@ -10333,7 +10334,8 @@ the SASL plug-in implementation that is selected with smtpd_sasl_type. Typically this specifies the name of a configuration file or rendezvous point. -This feature is available in Postfix 2.3 and later.
+This feature is available in Postfix 2.3 and later. In earlier +releases it was called smtpd_sasl_application.
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 4a364a45d..5c3b18570 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -6076,7 +6076,8 @@ controls the name of the SASL configuration file. The default value is \fBsmtpd\fR, corresponding to a SASL configuration file named \fBsmtpd.conf\fR. .PP -This feature is available in Postfix 2.1 and later. +This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3 +it was renamed to smtpd_sasl_path. .SH smtpd_sasl_auth_enable (default: no) Enable SASL authentication in the Postfix SMTP server. By default, the Postfix SMTP server does not use authentication. @@ -6164,7 +6165,8 @@ the SASL plug-in implementation that is selected with \fBsmtpd_sasl_type\fR. Typically this specifies the name of a configuration file or rendezvous point. .PP -This feature is available in Postfix 2.3 and later. +This feature is available in Postfix 2.3 and later. In earlier +releases it was called smtpd_sasl_application. .SH smtpd_sasl_security_options (default: noanonymous) SASL security options; as of Postfix 2.3 the list of available features depends on the SASL server implementation that is selected diff --git a/postfix/proto/MILTER_README.html b/postfix/proto/MILTER_README.html index 8446ea642..0b2e53dcb 100644 --- a/postfix/proto/MILTER_README.html +++ b/postfix/proto/MILTER_README.html @@ -295,6 +295,12 @@ unwanted mail, and to sign mail from authorized SMTP clients. Mail that arrives via the Postfix smtpd(8) server is not filtered by the non-SMTP filters that are described in the next section. +NOTE: Do not use the header_checks(5) IGNORE action to remove +Postfix's own Received: message header. This causes problems with +mail signing filters. Instead, keep Postfix's own Received: message +header and use the header_checks(5) REPLACE action to sanitize +information.
+You specify SMTP-only Milter applications (there can be more than one) with the smtpd_milters parameter. Each Milter application is identified by the name of its listening socket; other Milter @@ -345,6 +351,12 @@ limitations as discussed later in this section. Mail that arrives via the Postfix smtpd(8) server is not filtered by the non-SMTP filters.
+NOTE: Do not use the header_checks(5) IGNORE action to remove +Postfix's own Received: message header. This causes problems with +mail signing filters. Instead, keep Postfix's own Received: message +header and use the header_checks(5) REPLACE action to sanitize +information.
+You specify non-SMTP Milter applications with the non_smtpd_milters parameter. This parameter uses the same syntax as the smtpd_milters parameter in the previous section. As with the SMTP-only filters, diff --git a/postfix/proto/SASL_README.html b/postfix/proto/SASL_README.html index 29ae2843c..2c0ac06c1 100644 --- a/postfix/proto/SASL_README.html +++ b/postfix/proto/SASL_README.html @@ -359,7 +359,8 @@ library for configuration can be set with:
@@ -687,8 +688,9 @@ reject_sender_login_mismatch into reject_authenticated_sender_login_mismatch and reject_unauthenticated_sender_login_mismatch, and revised the docs. -/etc/postfix/main.cf: - smtpd_sasl_application_name = smtpd + smtpd_sasl_application_name = smtpd (Postfix < 2.3) + smtpd_sasl_path = smtpd (Postfix 2.3 and later)
-This feature is available in Postfix 2.1 and later. +This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3 +it was renamed to smtpd_sasl_path.
%PARAM strict_7bit_headers no @@ -9307,7 +9308,8 @@ the SASL plug-in implementation that is selected with smtpd_sasl_type. Typically this specifies the name of a configuration file or rendezvous point. -This feature is available in Postfix 2.3 and later.
+This feature is available in Postfix 2.3 and later. In earlier +releases it was called smtpd_sasl_application.
%PARAM smtp_sasl_path diff --git a/postfix/src/cleanup/cleanup_milter.c b/postfix/src/cleanup/cleanup_milter.c index 9a2d47c6c..656f5a531 100644 --- a/postfix/src/cleanup/cleanup_milter.c +++ b/postfix/src/cleanup/cleanup_milter.c @@ -272,7 +272,8 @@ static void cleanup_add_header(void *context, char *name, char *value) static off_t cleanup_find_header(CLEANUP_STATE *state, ssize_t index, const char *header_label, VSTRING *buf, int *prec_type, - int allow_ptr_backup) + int allow_ptr_backup, + int skip_headers) { const char *myname = "cleanup_find_header"; off_t curr_offset; /* offset after found record */ @@ -281,6 +282,7 @@ static off_t cleanup_find_header(CLEANUP_STATE *state, ssize_t index, int rec_type; int last_type; ssize_t len; + int hdr_count = 0; if (msg_verbose) msg_info("%s: index %ld name \"%s\"", @@ -328,6 +330,28 @@ static off_t cleanup_find_header(CLEANUP_STATE *state, ssize_t index, * duplicate some of its logic here and in the routines that delete or * modify header records. To minimize the duplication we define an ugly * macro that is used in all code that scans for header boundaries. + * + * XXX Sendmail compatibility (based on Sendmail 8.13.6 measurements). + * + * - When changing Received: header #1, we change the Received: header that + * follows our own one; a request to change Received: header #0 is + * silently treated as a request to change Received: header #1. + * + * - When changing Date: header #1, we change the first Date: header; a + * request to change Date: header #0 is silently treated as a request to + * change Date: header #1. + * + * Thus, header change requests are relative to the content as received, + * that is, the content after our own Received: header. They can affect + * only the headers that the MTA actually exposes to mail filter + * applications. + * + * - However, when inserting a header at position 0, the new header appears + * before our own Received: header, and when inserting at position 1, the + * new header appears after our own Received: header. + * + * Thus, header insert operations are relative to the content as delivered, + * that is, the content including our own Received: header. */ #define GET_NEXT_TEXT_OR_PTR_RECORD(rec_type, state, buf, curr_offset) \ if ((rec_type = rec_get_raw(state->dst, buf, 0, REC_FLAG_NONE)) < 0) \ @@ -374,6 +398,8 @@ static off_t cleanup_find_header(CLEANUP_STATE *state, ssize_t index, break; } /* This the start of a message header. */ + else if (hdr_count++ < skip_headers) + continue; else if ((header_label == 0 || (strncasecmp(header_label, STR(buf), len) == 0 && (IS_SPACE_TAB(STR(buf)[len]) @@ -590,12 +616,15 @@ static void cleanup_ins_header(void *context, ssize_t index, */ #define NO_HEADER_NAME ((char *) 0) #define ALLOW_PTR_BACKUP 1 +#define SKIP_ONE_HEADER 1 +#define DONT_SKIP_HEADERS 0 if (index < 1) index = 1; old_rec_offset = cleanup_find_header(state, index, NO_HEADER_NAME, old_rec_buf, &old_rec_type, - ALLOW_PTR_BACKUP); + ALLOW_PTR_BACKUP, + DONT_SKIP_HEADERS); if (old_rec_offset < 0) { cleanup_add_header(context, new_hdr_name, new_hdr_value); } else { @@ -658,7 +687,8 @@ static void cleanup_upd_header(void *context, ssize_t index, rec_buf = vstring_alloc(100); old_rec_offset = cleanup_find_header(state, index, new_hdr_name, rec_buf, &last_type, - NO_PTR_BACKUP); + NO_PTR_BACKUP, + SKIP_ONE_HEADER); if (old_rec_offset < 0) { cleanup_add_header(context, new_hdr_name, new_hdr_value); } else { @@ -733,7 +763,8 @@ static void cleanup_del_header(void *context, ssize_t index, char *hdr_name) */ rec_buf = vstring_alloc(100); header_offset = cleanup_find_header(state, index, hdr_name, rec_buf, - &last_type, NO_PTR_BACKUP); + &last_type, NO_PTR_BACKUP, + SKIP_ONE_HEADER); /* Memory usage for header offsets is limited by header_size_limit. */ if (header_offset > 0) { ssize_t off_len = 1; diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index e949f5241..c42b00c76 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20060629" -#define MAIL_VERSION_NUMBER "2.3-RC1" +#define MAIL_RELEASE_DATE "20060630" +#define MAIL_VERSION_NUMBER "2.3-RC2" #define VAR_MAIL_VERSION "mail_version" #define DEF_MAIL_VERSION MAIL_VERSION_NUMBER diff --git a/postfix/src/master/multi_server.c b/postfix/src/master/multi_server.c index 34bfac507..1330b23e6 100644 --- a/postfix/src/master/multi_server.c +++ b/postfix/src/master/multi_server.c @@ -755,9 +755,7 @@ NORETURN multi_server_main(int argc, char **argv, MULTI_SERVER_FN service,...) * Optionally, restrict the damage that this process can do. */ resolve_local_init(); -#ifdef SNAPSHOT tzset(); -#endif chroot_uid(root_dir, user_name); /* diff --git a/postfix/src/master/single_server.c b/postfix/src/master/single_server.c index 2b0c92675..82fec73d1 100644 --- a/postfix/src/master/single_server.c +++ b/postfix/src/master/single_server.c @@ -658,9 +658,7 @@ NORETURN single_server_main(int argc, char **argv, SINGLE_SERVER_FN service,...) * Optionally, restrict the damage that this process can do. */ resolve_local_init(); -#ifdef SNAPSHOT tzset(); -#endif chroot_uid(root_dir, user_name); /* diff --git a/postfix/src/master/trigger_server.c b/postfix/src/master/trigger_server.c index 471a44c79..bdf042d61 100644 --- a/postfix/src/master/trigger_server.c +++ b/postfix/src/master/trigger_server.c @@ -678,9 +678,7 @@ NORETURN trigger_server_main(int argc, char **argv, TRIGGER_SERVER_FN service,.. * Optionally, restrict the damage that this process can do. */ resolve_local_init(); -#ifdef SNAPSHOT tzset(); -#endif chroot_uid(root_dir, user_name); /* diff --git a/postfix/src/milter/milter8.c b/postfix/src/milter/milter8.c index f2bbebdba..8b5c44220 100644 --- a/postfix/src/milter/milter8.c +++ b/postfix/src/milter/milter8.c @@ -1857,6 +1857,7 @@ static void milter8_disc_event(MILTER *m) typedef struct { MILTER8 *milter; /* milter client */ ARGV *macros; /* end-of-body macros */ + int hdr_count; /* header counter */ const char *resp; /* milter application response */ } MILTER_MSG_CONTEXT; @@ -1872,6 +1873,23 @@ static void milter8_header(void *ptr, int unused_header_class, char *cp; int skip_reply; + /* + * XXX Sendmail compatibility. Don't expose our first (received) header + * to mail filter applications. See also cleanup_milter.c for code to + * ensure that header replace requests are relative to the message + * content as received, that is, without our own first (received) header, + * while header insert requests are relative to the message as delivered, + * that is, including our own first (received) header. + * + * XXX But this breaks when they delete our own Received: header with + * header_checks before it reaches the queue file. Even then we must not + * expose the first header to mail filter applications, otherwise the + * dk-filter signature will be inserted at the wrong position. It should + * precede the headers that it signs. + */ + if (msg_ctx->hdr_count++ == 0) + return; + /* * Sendmail 8 sends multi-line headers as text separated by newline. * @@ -2029,6 +2047,7 @@ static const char *milter8_message(MILTER *m, VSTREAM *qfile, } msg_ctx.milter = milter; msg_ctx.macros = macros; + msg_ctx.hdr_count = 0; msg_ctx.resp = 0; mime_state = mime_state_alloc(MIME_OPT_DISABLE_MIME, diff --git a/postfix/src/milter/test-milter.c b/postfix/src/milter/test-milter.c index 60df98a34..3ff1586d6 100644 --- a/postfix/src/milter/test-milter.c +++ b/postfix/src/milter/test-milter.c @@ -191,6 +191,18 @@ static sfsistat test_body(SMFICTX *ctx, unsigned char *data, size_t data_len) static sfsistat test_eom(SMFICTX *ctx) { printf("test_eom\n"); +#if 0 + if (smfi_insheader(ctx, 1, "Received", "insert at 1") == MI_FAILURE) + fprintf(stderr, "smfi_insheader failed"); +#endif +#if 0 + if (smfi_chgheader(ctx, "Received", 1, "change received #1") == MI_FAILURE) + fprintf(stderr, "smfi_chgheader failed"); +#endif +#if 0 + if (smfi_chgheader(ctx, "date", 0, "change date #0") == MI_FAILURE) + fprintf(stderr, "smfi_chgheader failed"); +#endif return (test_reply(ctx, test_eom_reply)); } @@ -234,7 +246,7 @@ static struct smfiDesc smfilter = { "test-milter", SMFI_VERSION, - SMFIF_ADDRCPT | SMFIF_DELRCPT | SMFIF_CHGHDRS, + SMFIF_ADDRCPT | SMFIF_DELRCPT | SMFIF_ADDHDRS | SMFIF_CHGHDRS, test_connect, test_helo, test_mail, diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index a07c3a847..8d26c6e87 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -3484,7 +3484,6 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, 450, "4.7.0", "<%s>: %s rejected: defer_if_reject requested", reply_name, reply_class); -#ifdef SNAPSHOT } else if (strcasecmp(name, SLEEP) == 0) { if (cpp[1] == 0 || alldig(cpp[1]) == 0) { msg_warn("restriction %s must be followed by number", SLEEP); @@ -3494,7 +3493,6 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, "Server configuration error")); } else sleep(atoi(*++cpp)); -#endif } else if (strcasecmp(name, REJECT_PLAINTEXT_SESSION) == 0) { status = reject_plaintext_session(state); } diff --git a/postfix/src/trivial-rewrite/trivial-rewrite.c b/postfix/src/trivial-rewrite/trivial-rewrite.c index 0f2e17ea5..406c6c6f6 100644 --- a/postfix/src/trivial-rewrite/trivial-rewrite.c +++ b/postfix/src/trivial-rewrite/trivial-rewrite.c @@ -473,8 +473,6 @@ static void pre_accept(char *unused_name, char **unused_argv) #endif -#ifdef SNAPSHOT - static void check_table_stats(int unused_event, char *unused_context) { const char *table; @@ -486,8 +484,6 @@ static void check_table_stats(int unused_event, char *unused_context) event_request_timer(check_table_stats, (char *) 0, 10); } -#endif - /* pre_jail_init - initialize before entering chroot jail */ static void pre_jail_init(char *unused_name, char **unused_argv) @@ -525,9 +521,7 @@ static void post_jail_init(char *unused_name, char **unused_argv) transport_post_init(resolve_regular.transport_info); if (resolve_verify.transport_info) transport_post_init(resolve_verify.transport_info); -#ifdef SNAPSHOT check_table_stats(0, (char *) 0); -#endif /* * This process is called by clients that already enforce the max_idle