mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-29 21:27:57 +00:00
Code Issues Releases Wiki Activity

postfix-2.3-RC2

Browse Source
This commit is contained in:
Wietse Venema 2006-06-30 00:00:00 -05:00 committed by Viktor Dukhovni
parent ecbcf5ba3e
commit f30d3da9af
20 changed files with 154 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
postfix/HISTORY
View File

@ -12408,29 +12408,39 @@ Apologies for any names omitted.
mumble_tls_mandatory_mumble; added _mandatory_ qualifier mumble_tls_mandatory_mumble; added _mandatory_ qualifier
to names of parameters that affect only mandatory TLS. to names of parameters that affect only mandatory TLS.
20060630
Features promoted from SNAPSHOT to STABLE: the "sleep"
pseudo restriction; Postfix daemons now read the local
timezone file before chrooting; trivial-rewrite now detects
table changes every 10 seconds, so it restarts more timely.
Features that stay #ifdef SNAPSHOT: tcp_table,
lmtp_sasl_tls_verified_security_options, and
smtp_sasl_tls_verified_security_options.
Compatibility: Sendmail does not send its own Received:
header to Milter applications. Offsets in header replace
requests are relative to the message content as received
(i.e. without our own Received: header), while offsets in
header insert requests are relative to the message as
delivered (i.e. they include our own Received: header).
This explains why dk-filter would sign our own Received:
header but place the signature between our own Received:
header and the rest of the message, violating the draft
domainkeys spec.
Wish list: Wish list:
In the SMTPD policy client (encode or strip) non-printable In the SMTPD policy client (encode or strip) non-printable
non-ASCII in (TLS or all) attributes. non-ASCII in (TLS or all) attributes.
run real sendmail through test-milter and check the data
for bit-wise compatibility with Postfix.
Are transport:nexthop null fields the same as in the case Are transport:nexthop null fields the same as in the case
of default_transport etc. parameters? of default_transport etc. parameters?
Introduce the notion of required security level into smtpd(8)
just like with smtp(8): if the level is specified, ignore
the legacy boolean parameters.
Introduce structured API for tls_server_mumble() just like Introduce structured API for tls_server_mumble() just like
with smtp(8): this eliminates ever-growing lists of arguments. with smtp(8): this eliminates ever-growing lists of arguments.
Cleanup: declare smtp_tls_levels[] in a header file, probably
one that is owned by the Postfix TLS library instead of
smtp(8). Better, encapsulate the name to code conversion
as a Postfix TLS library service routine.
With (non)delivery notifications, prepend an "Auto-Submitted: With (non)delivery notifications, prepend an "Auto-Submitted:
auto-replied" header, as per RFC 3834. auto-replied" header, as per RFC 3834.

10
postfix/README_FILES/MILTER_README
View File

@ -152,6 +152,11 @@ mail from authorized SMTP clients. Mail that arrives via the Postfix smtpd(8)
server is not filtered by the non-SMTP filters that are described in the next server is not filtered by the non-SMTP filters that are described in the next
section. section.
NOTE: Do not use the header_checks(5) IGNORE action to remove Postfix's own
Received: message header. This causes problems with mail signing filters.
Instead, keep Postfix's own Received: message header and use the header_checks
(5) REPLACE action to sanitize information.
You specify SMTP-only Milter applications (there can be more than one) with the You specify SMTP-only Milter applications (there can be more than one) with the
smtpd_milters parameter. Each Milter application is identified by the name of smtpd_milters parameter. Each Milter application is identified by the name of
its listening socket; other Milter configuration options will be discussed in its listening socket; other Milter configuration options will be discussed in
@ -188,6 +193,11 @@ unwanted mail, there are limitations as discussed later in this section. Mail
that arrives via the Postfix smtpd(8) server is not filtered by the non-SMTP that arrives via the Postfix smtpd(8) server is not filtered by the non-SMTP
filters. filters.
NOTE: Do not use the header_checks(5) IGNORE action to remove Postfix's own
Received: message header. This causes problems with mail signing filters.
Instead, keep Postfix's own Received: message header and use the header_checks
(5) REPLACE action to sanitize information.
You specify non-SMTP Milter applications with the non_smtpd_milters parameter. You specify non-SMTP Milter applications with the non_smtpd_milters parameter.
This parameter uses the same syntax as the smtpd_milters parameter in the This parameter uses the same syntax as the smtpd_milters parameter in the
previous section. As with the SMTP-only filters, you can specify more than one previous section. As with the SMTP-only filters, you can specify more than one

6
postfix/README_FILES/SASL_README
View File

@ -227,7 +227,8 @@ Note: some Cyrus SASL distributions look for the smtpd.conf file in /etc/sasl2.
configuration can be set with: configuration can be set with:
/etc/postfix/main.cf: /etc/postfix/main.cf:
smtpd_sasl_application_name = smtpd smtpd_sasl_application_name = smtpd (Postfix < 2.3)
smtpd_sasl_path = smtpd (Postfix 2.3 and later)
The pwcheck daemon is contained in the cyrus-sasl source tarball. The pwcheck daemon is contained in the cyrus-sasl source tarball.
@ -453,7 +454,8 @@ CCrreeddiittss
reject_authenticated_sender_login_mismatch and reject_authenticated_sender_login_mismatch and
reject_unauthenticated_sender_login_mismatch, and revised the docs. reject_unauthenticated_sender_login_mismatch, and revised the docs.
* Wietse made another iteration through the code to add plug-in support for * Wietse made another iteration through the code to add plug-in support for
multiple SASL implementations. multiple SASL implementations, and changed smtpd_sasl_application_name into
smtpd_sasl_path.
* The Dovecot SMTP server-only plug-in was originally implemented by Timo * The Dovecot SMTP server-only plug-in was originally implemented by Timo
Sirainen of Procontrol, Finland. Sirainen of Procontrol, Finland.

6
postfix/RELEASE_NOTES
View File

@ -33,9 +33,9 @@ is required (notably Postfix 2.3 in "opportunistic" mode) and the
administrator has not excluded the "aNULL" OpenSSL cipher type. administrator has not excluded the "aNULL" OpenSSL cipher type.
Instead of cipher lists you can now specify cipher grades. The Instead of cipher lists you can now specify cipher grades. The
smtp_tls_ciphers, lmtp_tls_ciphers and smtpd_tls_ciphers parameters smtp_tls_mandatory_ciphers, lmtp_tls_mandatory_ciphers and
specify one of "high", "medium", "low", "export" or "null". See the smtpd_tls_ciphers parameters specify one of "high", "medium", "low",
documentation for details. "export" or "null". See TLS_README for details.
Incompatibility with Postfix snapshot 20060614 Incompatibility with Postfix snapshot 20060614
============================================== ==============================================

12
postfix/html/MILTER_README.html
View File

@ -295,6 +295,12 @@ unwanted mail, and to sign mail from authorized SMTP clients. Mail
that arrives via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server is not filtered by the that arrives via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server is not filtered by the
non-SMTP filters that are described in the next section. </p> non-SMTP filters that are described in the next section. </p>
<p> NOTE: Do not use the <a href="header_checks.5.html">header_checks(5)</a> IGNORE action to remove
Postfix's own Received: message header. This causes problems with
mail signing filters. Instead, keep Postfix's own Received: message
header and use the <a href="header_checks.5.html">header_checks(5)</a> REPLACE action to sanitize
information. </p>
<p> You specify SMTP-only Milter applications (there can be more <p> You specify SMTP-only Milter applications (there can be more
than one) with the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> parameter. Each Milter application than one) with the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> parameter. Each Milter application
is identified by the name of its listening socket; other Milter is identified by the name of its listening socket; other Milter
@ -345,6 +351,12 @@ limitations as discussed later in this section. Mail that arrives
via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server is not filtered by the non-SMTP via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server is not filtered by the non-SMTP
filters. </p> filters. </p>
<p> NOTE: Do not use the <a href="header_checks.5.html">header_checks(5)</a> IGNORE action to remove
Postfix's own Received: message header. This causes problems with
mail signing filters. Instead, keep Postfix's own Received: message
header and use the <a href="header_checks.5.html">header_checks(5)</a> REPLACE action to sanitize
information. </p>
<p> You specify non-SMTP Milter applications with the <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a> <p> You specify non-SMTP Milter applications with the <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>
parameter. This parameter uses the same syntax as the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> parameter. This parameter uses the same syntax as the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a>
parameter in the previous section. As with the SMTP-only filters, parameter in the previous section. As with the SMTP-only filters,

8
postfix/html/SASL_README.html
View File

@ -359,7 +359,8 @@ library for configuration can be set with: </p>
<blockquote> <blockquote>
<pre> <pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>: /etc/postfix/<a href="postconf.5.html">main.cf</a>:
smtpd_sasl_application_name = smtpd smtpd_sasl_application_name = smtpd (Postfix &lt; 2.3)
<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> = smtpd (Postfix 2.3 and later)
</pre> </pre>
</blockquote> </blockquote>
@ -687,8 +688,9 @@ of SuSE Rhein/Main AG.
<a href="postconf.5.html#reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a> and <a href="postconf.5.html#reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a> and
<a href="postconf.5.html#reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a>, and revised the docs. <a href="postconf.5.html#reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a>, and revised the docs.
<li> Wietse made another iteration through the code to add <li> Wietse made another iteration through the code to add plug-in
plug-in support for multiple SASL implementations. support for multiple SASL implementations, and changed
smtpd_sasl_application_name into <a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.
<li> The Dovecot SMTP server-only plug-in was originally implemented by <li> The Dovecot SMTP server-only plug-in was originally implemented by
Timo Sirainen of Procontrol, Finland. Timo Sirainen of Procontrol, Finland.

6
postfix/html/postconf.5.html
View File

@ -10208,7 +10208,8 @@ is <b>smtpd</b>, corresponding to a SASL configuration file named
</p> </p>
<p> <p>
This feature is available in Postfix 2.1 and later. This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3
it was renamed to <a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.
</p> </p>
@ -10333,7 +10334,8 @@ the SASL plug-in implementation that is selected with
<b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. Typically this specifies the name of a <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. Typically this specifies the name of a
configuration file or rendezvous point. </p> configuration file or rendezvous point. </p>
<p> This feature is available in Postfix 2.3 and later. </p> <p> This feature is available in Postfix 2.3 and later. In earlier
releases it was called smtpd_sasl_application. </p>
</DD> </DD>

6
postfix/man/man5/postconf.5
View File

@ -6076,7 +6076,8 @@ controls the name of the SASL configuration file. The default value
is \fBsmtpd\fR, corresponding to a SASL configuration file named is \fBsmtpd\fR, corresponding to a SASL configuration file named
\fBsmtpd.conf\fR. \fBsmtpd.conf\fR.
.PP .PP
This feature is available in Postfix 2.1 and later. This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3
it was renamed to smtpd_sasl_path.
.SH smtpd_sasl_auth_enable (default: no) .SH smtpd_sasl_auth_enable (default: no)
Enable SASL authentication in the Postfix SMTP server. By default, Enable SASL authentication in the Postfix SMTP server. By default,
the Postfix SMTP server does not use authentication. the Postfix SMTP server does not use authentication.
@ -6164,7 +6165,8 @@ the SASL plug-in implementation that is selected with
\fBsmtpd_sasl_type\fR. Typically this specifies the name of a \fBsmtpd_sasl_type\fR. Typically this specifies the name of a
configuration file or rendezvous point. configuration file or rendezvous point.
.PP .PP
This feature is available in Postfix 2.3 and later. This feature is available in Postfix 2.3 and later. In earlier
releases it was called smtpd_sasl_application.
.SH smtpd_sasl_security_options (default: noanonymous) .SH smtpd_sasl_security_options (default: noanonymous)
SASL security options; as of Postfix 2.3 the list of available SASL security options; as of Postfix 2.3 the list of available
features depends on the SASL server implementation that is selected features depends on the SASL server implementation that is selected

12
postfix/proto/MILTER_README.html
View File

@ -295,6 +295,12 @@ unwanted mail, and to sign mail from authorized SMTP clients. Mail
that arrives via the Postfix smtpd(8) server is not filtered by the that arrives via the Postfix smtpd(8) server is not filtered by the
non-SMTP filters that are described in the next section. </p> non-SMTP filters that are described in the next section. </p>
<p> NOTE: Do not use the header_checks(5) IGNORE action to remove
Postfix's own Received: message header. This causes problems with
mail signing filters. Instead, keep Postfix's own Received: message
header and use the header_checks(5) REPLACE action to sanitize
information. </p>
<p> You specify SMTP-only Milter applications (there can be more <p> You specify SMTP-only Milter applications (there can be more
than one) with the smtpd_milters parameter. Each Milter application than one) with the smtpd_milters parameter. Each Milter application
is identified by the name of its listening socket; other Milter is identified by the name of its listening socket; other Milter
@ -345,6 +351,12 @@ limitations as discussed later in this section. Mail that arrives
via the Postfix smtpd(8) server is not filtered by the non-SMTP via the Postfix smtpd(8) server is not filtered by the non-SMTP
filters. </p> filters. </p>
<p> NOTE: Do not use the header_checks(5) IGNORE action to remove
Postfix's own Received: message header. This causes problems with
mail signing filters. Instead, keep Postfix's own Received: message
header and use the header_checks(5) REPLACE action to sanitize
information. </p>
<p> You specify non-SMTP Milter applications with the non_smtpd_milters <p> You specify non-SMTP Milter applications with the non_smtpd_milters
parameter. This parameter uses the same syntax as the smtpd_milters parameter. This parameter uses the same syntax as the smtpd_milters
parameter in the previous section. As with the SMTP-only filters, parameter in the previous section. As with the SMTP-only filters,

8
postfix/proto/SASL_README.html
View File

@ -359,7 +359,8 @@ library for configuration can be set with: </p>
<blockquote> <blockquote>
<pre> <pre>
/etc/postfix/main.cf: /etc/postfix/main.cf:
smtpd_sasl_application_name = smtpd smtpd_sasl_application_name = smtpd (Postfix &lt; 2.3)
smtpd_sasl_path = smtpd (Postfix 2.3 and later)
</pre> </pre>
</blockquote> </blockquote>
@ -687,8 +688,9 @@ reject_sender_login_mismatch into
reject_authenticated_sender_login_mismatch and reject_authenticated_sender_login_mismatch and
reject_unauthenticated_sender_login_mismatch, and revised the docs. reject_unauthenticated_sender_login_mismatch, and revised the docs.
<li> Wietse made another iteration through the code to add <li> Wietse made another iteration through the code to add plug-in
plug-in support for multiple SASL implementations. support for multiple SASL implementations, and changed
smtpd_sasl_application_name into smtpd_sasl_path.
<li> The Dovecot SMTP server-only plug-in was originally implemented by <li> The Dovecot SMTP server-only plug-in was originally implemented by
Timo Sirainen of Procontrol, Finland. Timo Sirainen of Procontrol, Finland.

6
postfix/proto/postconf.proto
View File

@ -7480,7 +7480,8 @@ is <b>smtpd</b>, corresponding to a SASL configuration file named
</p> </p>
<p> <p>
This feature is available in Postfix 2.1 and later. This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3
it was renamed to smtpd_sasl_path.
</p> </p>
%PARAM strict_7bit_headers no %PARAM strict_7bit_headers no
@ -9307,7 +9308,8 @@ the SASL plug-in implementation that is selected with
<b>smtpd_sasl_type</b>. Typically this specifies the name of a <b>smtpd_sasl_type</b>. Typically this specifies the name of a
configuration file or rendezvous point. </p> configuration file or rendezvous point. </p>
<p> This feature is available in Postfix 2.3 and later. </p> <p> This feature is available in Postfix 2.3 and later. In earlier
releases it was called smtpd_sasl_application. </p>
%PARAM smtp_sasl_path %PARAM smtp_sasl_path

39
postfix/src/cleanup/cleanup_milter.c
View File

@ -272,7 +272,8 @@ static void cleanup_add_header(void *context, char *name, char *value)
static off_t cleanup_find_header(CLEANUP_STATE *state, ssize_t index, static off_t cleanup_find_header(CLEANUP_STATE *state, ssize_t index,
const char *header_label, VSTRING *buf, const char *header_label, VSTRING *buf,
int *prec_type, int *prec_type,
int allow_ptr_backup) int allow_ptr_backup,
int skip_headers)
{ {
const char *myname = "cleanup_find_header"; const char *myname = "cleanup_find_header";
off_t curr_offset; /* offset after found record */ off_t curr_offset; /* offset after found record */
@ -281,6 +282,7 @@ static off_t cleanup_find_header(CLEANUP_STATE *state, ssize_t index,
int rec_type; int rec_type;
int last_type; int last_type;
ssize_t len; ssize_t len;
int hdr_count = 0;
if (msg_verbose) if (msg_verbose)
msg_info("%s: index %ld name \"%s\"", msg_info("%s: index %ld name \"%s\"",
@ -328,6 +330,28 @@ static off_t cleanup_find_header(CLEANUP_STATE *state, ssize_t index,
* duplicate some of its logic here and in the routines that delete or * duplicate some of its logic here and in the routines that delete or
* modify header records. To minimize the duplication we define an ugly * modify header records. To minimize the duplication we define an ugly
* macro that is used in all code that scans for header boundaries. * macro that is used in all code that scans for header boundaries.
*
* XXX Sendmail compatibility (based on Sendmail 8.13.6 measurements).
*
* - When changing Received: header #1, we change the Received: header that
* follows our own one; a request to change Received: header #0 is
* silently treated as a request to change Received: header #1.
*
* - When changing Date: header #1, we change the first Date: header; a
* request to change Date: header #0 is silently treated as a request to
* change Date: header #1.
*
* Thus, header change requests are relative to the content as received,
* that is, the content after our own Received: header. They can affect
* only the headers that the MTA actually exposes to mail filter
* applications.
*
* - However, when inserting a header at position 0, the new header appears
* before our own Received: header, and when inserting at position 1, the
* new header appears after our own Received: header.
*
* Thus, header insert operations are relative to the content as delivered,
* that is, the content including our own Received: header.
*/ */
#define GET_NEXT_TEXT_OR_PTR_RECORD(rec_type, state, buf, curr_offset) \ #define GET_NEXT_TEXT_OR_PTR_RECORD(rec_type, state, buf, curr_offset) \
if ((rec_type = rec_get_raw(state->dst, buf, 0, REC_FLAG_NONE)) < 0) \ if ((rec_type = rec_get_raw(state->dst, buf, 0, REC_FLAG_NONE)) < 0) \
@ -374,6 +398,8 @@ static off_t cleanup_find_header(CLEANUP_STATE *state, ssize_t index,
break; break;
} }
/* This the start of a message header. */ /* This the start of a message header. */
else if (hdr_count++ < skip_headers)
continue;
else if ((header_label == 0 else if ((header_label == 0
|| (strncasecmp(header_label, STR(buf), len) == 0 || (strncasecmp(header_label, STR(buf), len) == 0
&& (IS_SPACE_TAB(STR(buf)[len]) && (IS_SPACE_TAB(STR(buf)[len])
@ -590,12 +616,15 @@ static void cleanup_ins_header(void *context, ssize_t index,
*/ */
#define NO_HEADER_NAME ((char *) 0) #define NO_HEADER_NAME ((char *) 0)
#define ALLOW_PTR_BACKUP 1 #define ALLOW_PTR_BACKUP 1
#define SKIP_ONE_HEADER 1
#define DONT_SKIP_HEADERS 0
if (index < 1) if (index < 1)
index = 1; index = 1;
old_rec_offset = cleanup_find_header(state, index, NO_HEADER_NAME, old_rec_offset = cleanup_find_header(state, index, NO_HEADER_NAME,
old_rec_buf, &old_rec_type, old_rec_buf, &old_rec_type,
ALLOW_PTR_BACKUP); ALLOW_PTR_BACKUP,
DONT_SKIP_HEADERS);
if (old_rec_offset < 0) { if (old_rec_offset < 0) {
cleanup_add_header(context, new_hdr_name, new_hdr_value); cleanup_add_header(context, new_hdr_name, new_hdr_value);
} else { } else {
@ -658,7 +687,8 @@ static void cleanup_upd_header(void *context, ssize_t index,
rec_buf = vstring_alloc(100); rec_buf = vstring_alloc(100);
old_rec_offset = cleanup_find_header(state, index, new_hdr_name, old_rec_offset = cleanup_find_header(state, index, new_hdr_name,
rec_buf, &last_type, rec_buf, &last_type,
NO_PTR_BACKUP); NO_PTR_BACKUP,
SKIP_ONE_HEADER);
if (old_rec_offset < 0) { if (old_rec_offset < 0) {
cleanup_add_header(context, new_hdr_name, new_hdr_value); cleanup_add_header(context, new_hdr_name, new_hdr_value);
} else { } else {
@ -733,7 +763,8 @@ static void cleanup_del_header(void *context, ssize_t index, char *hdr_name)
*/ */
rec_buf = vstring_alloc(100); rec_buf = vstring_alloc(100);
header_offset = cleanup_find_header(state, index, hdr_name, rec_buf, header_offset = cleanup_find_header(state, index, hdr_name, rec_buf,
&last_type, NO_PTR_BACKUP); &last_type, NO_PTR_BACKUP,
SKIP_ONE_HEADER);
/* Memory usage for header offsets is limited by header_size_limit. */ /* Memory usage for header offsets is limited by header_size_limit. */
if (header_offset > 0) { if (header_offset > 0) {
ssize_t off_len = 1; ssize_t off_len = 1;

4
postfix/src/global/mail_version.h
View File

@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20060629" #define MAIL_RELEASE_DATE "20060630"
#define MAIL_VERSION_NUMBER "2.3-RC1" #define MAIL_VERSION_NUMBER "2.3-RC2"
#define VAR_MAIL_VERSION "mail_version" #define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION MAIL_VERSION_NUMBER #define DEF_MAIL_VERSION MAIL_VERSION_NUMBER

2
postfix/src/master/multi_server.c
View File

@ -755,9 +755,7 @@ NORETURN multi_server_main(int argc, char **argv, MULTI_SERVER_FN service,...)
* Optionally, restrict the damage that this process can do. * Optionally, restrict the damage that this process can do.
*/ */
resolve_local_init(); resolve_local_init();
#ifdef SNAPSHOT
tzset(); tzset();
#endif
chroot_uid(root_dir, user_name); chroot_uid(root_dir, user_name);
/* /*

2
postfix/src/master/single_server.c
View File

@ -658,9 +658,7 @@ NORETURN single_server_main(int argc, char **argv, SINGLE_SERVER_FN service,...)
* Optionally, restrict the damage that this process can do. * Optionally, restrict the damage that this process can do.
*/ */
resolve_local_init(); resolve_local_init();
#ifdef SNAPSHOT
tzset(); tzset();
#endif
chroot_uid(root_dir, user_name); chroot_uid(root_dir, user_name);
/* /*

2
postfix/src/master/trigger_server.c
View File

@ -678,9 +678,7 @@ NORETURN trigger_server_main(int argc, char **argv, TRIGGER_SERVER_FN service,..
* Optionally, restrict the damage that this process can do. * Optionally, restrict the damage that this process can do.
*/ */
resolve_local_init(); resolve_local_init();
#ifdef SNAPSHOT
tzset(); tzset();
#endif
chroot_uid(root_dir, user_name); chroot_uid(root_dir, user_name);
/* /*

19
postfix/src/milter/milter8.c
View File

@ -1857,6 +1857,7 @@ static void milter8_disc_event(MILTER *m)
typedef struct { typedef struct {
MILTER8 *milter; /* milter client */ MILTER8 *milter; /* milter client */
ARGV *macros; /* end-of-body macros */ ARGV *macros; /* end-of-body macros */
int hdr_count; /* header counter */
const char *resp; /* milter application response */ const char *resp; /* milter application response */
} MILTER_MSG_CONTEXT; } MILTER_MSG_CONTEXT;
@ -1872,6 +1873,23 @@ static void milter8_header(void *ptr, int unused_header_class,
char *cp; char *cp;
int skip_reply; int skip_reply;
/*
* XXX Sendmail compatibility. Don't expose our first (received) header
* to mail filter applications. See also cleanup_milter.c for code to
* ensure that header replace requests are relative to the message
* content as received, that is, without our own first (received) header,
* while header insert requests are relative to the message as delivered,
* that is, including our own first (received) header.
*
* XXX But this breaks when they delete our own Received: header with
* header_checks before it reaches the queue file. Even then we must not
* expose the first header to mail filter applications, otherwise the
* dk-filter signature will be inserted at the wrong position. It should
* precede the headers that it signs.
*/
if (msg_ctx->hdr_count++ == 0)
return;
/* /*
* Sendmail 8 sends multi-line headers as text separated by newline. * Sendmail 8 sends multi-line headers as text separated by newline.
* *
@ -2029,6 +2047,7 @@ static const char *milter8_message(MILTER *m, VSTREAM *qfile,
} }
msg_ctx.milter = milter; msg_ctx.milter = milter;
msg_ctx.macros = macros; msg_ctx.macros = macros;
msg_ctx.hdr_count = 0;
msg_ctx.resp = 0; msg_ctx.resp = 0;
mime_state = mime_state =
mime_state_alloc(MIME_OPT_DISABLE_MIME, mime_state_alloc(MIME_OPT_DISABLE_MIME,

14
postfix/src/milter/test-milter.c
View File

@ -191,6 +191,18 @@ static sfsistat test_body(SMFICTX *ctx, unsigned char *data, size_t data_len)
static sfsistat test_eom(SMFICTX *ctx) static sfsistat test_eom(SMFICTX *ctx)
{ {
printf("test_eom\n"); printf("test_eom\n");
#if 0
if (smfi_insheader(ctx, 1, "Received", "insert at 1") == MI_FAILURE)
fprintf(stderr, "smfi_insheader failed");
#endif
#if 0
if (smfi_chgheader(ctx, "Received", 1, "change received #1") == MI_FAILURE)
fprintf(stderr, "smfi_chgheader failed");
#endif
#if 0
if (smfi_chgheader(ctx, "date", 0, "change date #0") == MI_FAILURE)
fprintf(stderr, "smfi_chgheader failed");
#endif
return (test_reply(ctx, test_eom_reply)); return (test_reply(ctx, test_eom_reply));
} }
@ -234,7 +246,7 @@ static struct smfiDesc smfilter =
{ {
"test-milter", "test-milter",
SMFI_VERSION, SMFI_VERSION,
SMFIF_ADDRCPT | SMFIF_DELRCPT | SMFIF_CHGHDRS, SMFIF_ADDRCPT | SMFIF_DELRCPT | SMFIF_ADDHDRS | SMFIF_CHGHDRS,
test_connect, test_connect,
test_helo, test_helo,
test_mail, test_mail,

2
postfix/src/smtpd/smtpd_check.c
View File

@ -3484,7 +3484,6 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
450, "4.7.0", 450, "4.7.0",
"<%s>: %s rejected: defer_if_reject requested", "<%s>: %s rejected: defer_if_reject requested",
reply_name, reply_class); reply_name, reply_class);
#ifdef SNAPSHOT
} else if (strcasecmp(name, SLEEP) == 0) { } else if (strcasecmp(name, SLEEP) == 0) {
if (cpp[1] == 0 || alldig(cpp[1]) == 0) { if (cpp[1] == 0 || alldig(cpp[1]) == 0) {
msg_warn("restriction %s must be followed by number", SLEEP); msg_warn("restriction %s must be followed by number", SLEEP);
@ -3494,7 +3493,6 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
"Server configuration error")); "Server configuration error"));
} else } else
sleep(atoi(*++cpp)); sleep(atoi(*++cpp));
#endif
} else if (strcasecmp(name, REJECT_PLAINTEXT_SESSION) == 0) { } else if (strcasecmp(name, REJECT_PLAINTEXT_SESSION) == 0) {
status = reject_plaintext_session(state); status = reject_plaintext_session(state);
} }

6
postfix/src/trivial-rewrite/trivial-rewrite.c
View File

@ -473,8 +473,6 @@ static void pre_accept(char *unused_name, char **unused_argv)
#endif #endif
#ifdef SNAPSHOT
static void check_table_stats(int unused_event, char *unused_context) static void check_table_stats(int unused_event, char *unused_context)
{ {
const char *table; const char *table;
@ -486,8 +484,6 @@ static void check_table_stats(int unused_event, char *unused_context)
event_request_timer(check_table_stats, (char *) 0, 10); event_request_timer(check_table_stats, (char *) 0, 10);
} }
#endif
/* pre_jail_init - initialize before entering chroot jail */ /* pre_jail_init - initialize before entering chroot jail */
static void pre_jail_init(char *unused_name, char **unused_argv) static void pre_jail_init(char *unused_name, char **unused_argv)
@ -525,9 +521,7 @@ static void post_jail_init(char *unused_name, char **unused_argv)
transport_post_init(resolve_regular.transport_info); transport_post_init(resolve_regular.transport_info);
if (resolve_verify.transport_info) if (resolve_verify.transport_info)
transport_post_init(resolve_verify.transport_info); transport_post_init(resolve_verify.transport_info);
#ifdef SNAPSHOT
check_table_stats(0, (char *) 0); check_table_stats(0, (char *) 0);
#endif
/* /*
* This process is called by clients that already enforce the max_idle * This process is called by clients that already enforce the max_idle