From f46e7462baf46fbf916357c8c8f01bcdc4cc54a3 Mon Sep 17 00:00:00 2001
From: Wietse Venema <wietse@porcupine.org>
Date: Wed, 6 Jul 2011 00:00:00 -0500
Subject: [PATCH] postfix-2.9-20110706

---
 postfix/HISTORY                        |  9 ++++
 postfix/README_FILES/PACKAGE_README    |  6 +--
 postfix/README_FILES/SASL_README       | 33 ++++++++++-----
 postfix/WISHLIST                       | 20 ++++++++-
 postfix/html/PACKAGE_README.html       |  4 +-
 postfix/html/SASL_README.html          | 57 ++++++++++++++++++--------
 postfix/html/postconf.5.html           |  4 ++
 postfix/man/man5/postconf.5            |  4 ++
 postfix/postfix-install                |  2 +-
 postfix/proto/PACKAGE_README.html      |  4 +-
 postfix/proto/SASL_README.html         | 55 +++++++++++++++++--------
 postfix/proto/postconf.proto           |  4 ++
 postfix/src/global/mail_version.h      |  2 +-
 postfix/src/global/smtp_reply_footer.c |  4 +-
 postfix/src/smtpd/smtpd_check.c        | 26 +++++++++++-
 postfix/src/util/sys_defs.h            |  3 ++
 16 files changed, 178 insertions(+), 59 deletions(-)

diff --git a/postfix/HISTORY b/postfix/HISTORY
index eca95e4d5..e2dd02635 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -16841,3 +16841,12 @@ Apologies for any names omitted.
 	IP queries" even if the name has an alphanumerical prefix.
 	We play safe, and skip both RHSBL and RHSWL queries for
 	names ending in a numerical suffix.  File: smtpd/smtpd_check.c.
+
+20110624
+
+	Cleanup: added error checks for smtpd access primitives
+	that don't automatically terminate the program after table
+	lookup error: these primitives are permit_tls_clientcerts,
+	permit_tls_all_clientcerts, and check_address_map (the last
+	one is used in local_header_rewrite_clients only).  File:
+	smtpd/smtpd_check.c.
diff --git a/postfix/README_FILES/PACKAGE_README b/postfix/README_FILES/PACKAGE_README
index 2d51e40f5..d90078337 100644
--- a/postfix/README_FILES/PACKAGE_README
+++ b/postfix/README_FILES/PACKAGE_README
@@ -4,9 +4,9 @@ GGuuiiddeelliinneess ffoorr PPaacckkaaggee BBuuiilldde
 
 PPuurrppoossee ooff tthhiiss ddooccuummeenntt
 
-This document has hints and tips for those who manage their own Postfix
-distribution for internal use, and for those who maintain Postfix distributions
-for general use.
+This document has hints and tips for those who manage their own Postfix binary
+distribution for internal use, and for those who maintain Postfix binary
+distributions for general use.
 
 GGeenneerraall ddiissttrriibbuuttiioonnss:: pplleeaassee pprroovviiddee aa ssmmaallll ddeeffaauulltt mmaaiinn..ccff ffiillee
 
diff --git a/postfix/README_FILES/SASL_README b/postfix/README_FILES/SASL_README
index 2ebd342cd..54c9fb352 100644
--- a/postfix/README_FILES/SASL_README
+++ b/postfix/README_FILES/SASL_README
@@ -922,21 +922,34 @@ named `test' with password `testpass'.
 You can use one of the following commands to generate base64 encoded
 authentication information:
 
-    % ggeenn--aauutthh ppllaaiinn
-    username: uusseerrnnaammee
-    password:
+  * Using a recent version of the bbaasshh shell:
 
-The ggeenn--aauutthh Perl script was written by John Jetmore and can be found at http:/
-/jetmore.org/john/code/gen-auth.
+        % eecchhoo --nnee ''\\000000uusseerrnnaammee\\000000ppaasssswwoorrdd'' || ooppeennssssll bbaassee6644
 
-    % pprriinnttff ''\\00uusseerrnnaammee\\00ppaasssswwoorrdd'' || mmmmeennccooddee
+    Some other shells support similar syntax.
 
-The mmmmeennccooddee command is part of the metamail software.
+  * Using the pprriinnttff command:
 
-    % ppeerrll --MMMMIIMMEE::::BBaassee6644 --ee \\
-        ''pprriinntt eennccooddee__bbaassee6644((""\\00uusseerrnnaammee\\00ppaasssswwoorrdd""));;''
+        % pprriinnttff ''\\00%%ss\\00%%ss'' ''uusseerrnnaammee'' ''ppaasssswwoorrdd'' || ooppeennssssll bbaassee6644
+        % pprriinnttff ''\\00%%ss\\00%%ss'' ''uusseerrnnaammee'' ''ppaasssswwoorrdd'' || mmmmeennccooddee
 
-MIME::Base64 is available from http://www.cpan.org/.
+    The mmmmeennccooddee command is part of the metamail software.
+
+  * Using Perl MMIIMMEE::::BBaassee6644:
+
+        % ppeerrll --MMMMIIMMEE::::BBaassee6644 --ee \\
+            ''pprriinntt eennccooddee__bbaassee6644((""\\00uusseerrnnaammee\\00ppaasssswwoorrdd""));;''
+
+    MIME::Base64 is available from http://www.cpan.org/.
+
+  * Using the ggeenn--aauutthh script:
+
+        % ggeenn--aauutthh ppllaaiinn
+        username: uusseerrnnaammee
+        password:
+
+    The ggeenn--aauutthh Perl script was written by John Jetmore and can be found at
+    http://jetmore.org/john/code/gen-auth.
 
 CCoonnffiigguurriinngg SSAASSLL aauutthheennttiiccaattiioonn iinn tthhee PPoossttffiixx SSMMTTPP//LLMMTTPP cclliieenntt
 
diff --git a/postfix/WISHLIST b/postfix/WISHLIST
index 4f0ce0cae..0f11b8c6b 100644
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -40,8 +40,17 @@ Wish list:
 	into doubles (converting only some leads to a documentation
 	nightmare).
 
-	postscreen: wait for DNS completion after early HANGUP
-	and log DNSBL.
+	postscreen: wait for DNS completion after early HANGUP and
+	log DNSBL results. If the client was still waiting for the
+	PREGREET timer, just flag the PREGREET test as (done, not
+	passed).  If the client was not waiting for the PREGREET
+	timer, just wait until DNSBL lookup (if any) completes.
+
+	Address verify cache: allow a negative cache "refresh"
+	result to purge a "positive" cache entry in some safe manner.
+	Currently, the negative cache "refresh" result is discarded,
+	address verify cache lookup returns OK, and each lookup
+	forces a "refresh" probe until the entry expires.
 
 	Some Sendmail configurations trigger sub-optimal behavior
 	when the postscreen_whitelist_interfaces parameter lists
@@ -73,6 +82,13 @@ Wish list:
 	be sent. This reduces the time window for RFC 1047 message
 	duplication, and may even prevent the delivery of some spam.
 	http://www.exim.org/lurker/message/20070416.103159.9d5ff0ce.en.html
+	This requires splitting the SMTP server's commit operation
+	into two operations: first, a tentative commit operation
+	that performs most of the I/O and processing in milters and
+	in the cleanup server; second, a final commit operation
+	that is executed only if the remote SMTP client hasn't hung
+	up in the mean time. Unfortunately, SMTP-based before-queue
+	content filters don't support a tentative commit operation.
 
 	Find out how to reproduce Berkeley DB bogus ENOENT errors.
 	postscreen does not log this with Berkeley DB 1 (FreeBSD
diff --git a/postfix/html/PACKAGE_README.html b/postfix/html/PACKAGE_README.html
index 9eec205a7..5f651bc3e 100644
--- a/postfix/html/PACKAGE_README.html
+++ b/postfix/html/PACKAGE_README.html
@@ -20,8 +20,8 @@
 <h2>Purpose of this document</h2>
 
 <p> This document has hints and tips for those who manage their
-own Postfix distribution for internal use, and for those who maintain
-Postfix distributions for general use.  </p>
+own Postfix binary distribution for internal use, and for those who
+maintain Postfix binary distributions for general use.  </p>
 
 <h2>General distributions: please provide a small default main.cf
 file</h2>
diff --git a/postfix/html/SASL_README.html b/postfix/html/SASL_README.html
index bd5fac0e4..cc75f7bc2 100644
--- a/postfix/html/SASL_README.html
+++ b/postfix/html/SASL_README.html
@@ -1490,6 +1490,43 @@ to recover from the base64-encoded form. </p>
 <p> You can use one of the following commands to generate base64
 encoded authentication information: </p>
 
+<ul>
+
+<li> <p> Using a recent version of the <b>bash</b> shell: </p>
+
+<blockquote>
+<pre>
+% <strong>echo -ne '\000username\000password' | openssl base64</strong>
+</pre>
+</blockquote>
+
+<p> Some other shells support similar syntax. </p>
+
+<li> <p> Using the <b>printf</b> command: </p>
+
+<blockquote>
+<pre>
+% <strong>printf '\0%s\0%s' '<em>username</em>' '<em>password</em>' | openssl base64</strong>
+% <strong>printf '\0%s\0%s' '<em>username</em>' '<em>password</em>' | mmencode</strong>
+</pre>
+</blockquote>
+
+<p> The <strong>mmencode</strong> command is part of the metamail
+software. </p>
+
+<li> <p> Using Perl <b>MIME::Base64</b>: </p>
+
+<blockquote>
+<pre>
+% <strong>perl -MMIME::Base64 -e \
+    'print encode_base64("\0<em>username</em>\0<em>password</em>");'</strong>
+</pre>
+</blockquote>
+
+<p> MIME::Base64 is available from <a href="http://www.cpan.org/">http://www.cpan.org/</a>. </p>
+
+<li> <p> Using the <b>gen-auth</b> script: </p>
+
 <blockquote>
 <pre>
 % <strong>gen-auth plain</strong>
@@ -1501,23 +1538,7 @@ password:
 <p> The <strong>gen-auth</strong> Perl script was written by John
 Jetmore and can be found at <a href="http://jetmore.org/john/code/gen-auth">http://jetmore.org/john/code/gen-auth</a>. </p>
 
-<blockquote>
-<pre>
-% <strong>printf '\0<em>username</em>\0<em>password</em>' | mmencode</strong>
-</pre>
-</blockquote>
-
-<p> The <strong>mmencode</strong> command is part of the metamail
-software. </p>
-
-<blockquote>
-<pre>
-% <strong>perl -MMIME::Base64 -e \
-    'print encode_base64("\0<em>username</em>\0<em>password</em>");'</strong>
-</pre>
-</blockquote>
-
-<p> MIME::Base64 is available from <a href="http://www.cpan.org/">http://www.cpan.org/</a>. </p>
+</ul>
 
 <h2><a name="client_sasl">Configuring SASL authentication in the Postfix SMTP/LMTP client</a></h2>
 
@@ -1912,7 +1933,7 @@ except for <code>GSSAPI</code> and <code>LOGIN</code>: </p>
 <blockquote>
 <pre>
 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
-    <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = !gssapi, !login, static:all
+    <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = !gssapi, !login, <a href="DATABASE_README.html#types">static</a>:all
 </pre>
 </blockquote>
 
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 817eaa6b8..1914a2ce5 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -7810,6 +7810,8 @@ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
 The default time unit is s (seconds).
 </p>
 
+<p> This feature is available in Postfix 2.8 and later.  </p>
+
 
 </DD>
 
@@ -7843,6 +7845,8 @@ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
 The default time unit is s (seconds).
 </p>
 
+<p> This feature is available in Postfix 2.8 and later.  </p>
+
 
 </DD>
 
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 4aecf46e1..c8467e669 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -4502,6 +4502,8 @@ a request before it is terminated by a built-in watchdog timer.
 .PP
 Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
 The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.8 and later.
 .SH qmgr_fudge_factor (default: 100)
 Obsolete feature: the percentage of delivery resources that a busy
 mail system will use up for delivery of a large mailing  list
@@ -4517,6 +4519,8 @@ software either retries or aborts the operation.
 .PP
 Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
 The default time unit is s (seconds).
+.PP
+This feature is available in Postfix 2.8 and later.
 .SH qmgr_message_active_limit (default: 20000)
 The maximal number of messages in the active queue.
 .SH qmgr_message_recipient_limit (default: 20000)
diff --git a/postfix/postfix-install b/postfix/postfix-install
index f936b81a0..775b0acfe 100644
--- a/postfix/postfix-install
+++ b/postfix/postfix-install
@@ -305,7 +305,7 @@ esac
 
 install_root_prompt="the prefix for installed file names. Specify
 this ONLY if you are building ready-to-install packages for
-distribution to other machines."
+distribution to OTHER machines. See PACKAGE_README for instructions."
 
 tempdir_prompt="a directory for scratch files while installing
 Postfix.  You must have write permission in this directory."
diff --git a/postfix/proto/PACKAGE_README.html b/postfix/proto/PACKAGE_README.html
index cf5ee523d..1698f9a7a 100644
--- a/postfix/proto/PACKAGE_README.html
+++ b/postfix/proto/PACKAGE_README.html
@@ -20,8 +20,8 @@
 <h2>Purpose of this document</h2>
 
 <p> This document has hints and tips for those who manage their
-own Postfix distribution for internal use, and for those who maintain
-Postfix distributions for general use.  </p>
+own Postfix binary distribution for internal use, and for those who
+maintain Postfix binary distributions for general use.  </p>
 
 <h2>General distributions: please provide a small default main.cf
 file</h2>
diff --git a/postfix/proto/SASL_README.html b/postfix/proto/SASL_README.html
index 5ab745480..d73ae7726 100644
--- a/postfix/proto/SASL_README.html
+++ b/postfix/proto/SASL_README.html
@@ -1490,6 +1490,43 @@ to recover from the base64-encoded form. </p>
 <p> You can use one of the following commands to generate base64
 encoded authentication information: </p>
 
+<ul>
+
+<li> <p> Using a recent version of the <b>bash</b> shell: </p>
+
+<blockquote>
+<pre>
+% <strong>echo -ne '\000username\000password' | openssl base64</strong>
+</pre>
+</blockquote>
+
+<p> Some other shells support similar syntax. </p>
+
+<li> <p> Using the <b>printf</b> command: </p>
+
+<blockquote>
+<pre>
+% <strong>printf '\0%s\0%s' '<em>username</em>' '<em>password</em>' | openssl base64</strong>
+% <strong>printf '\0%s\0%s' '<em>username</em>' '<em>password</em>' | mmencode</strong>
+</pre>
+</blockquote>
+
+<p> The <strong>mmencode</strong> command is part of the metamail
+software. </p>
+
+<li> <p> Using Perl <b>MIME::Base64</b>: </p>
+
+<blockquote>
+<pre>
+% <strong>perl -MMIME::Base64 -e \
+    'print encode_base64("\0<em>username</em>\0<em>password</em>");'</strong>
+</pre>
+</blockquote>
+
+<p> MIME::Base64 is available from http://www.cpan.org/. </p>
+
+<li> <p> Using the <b>gen-auth</b> script: </p>
+
 <blockquote>
 <pre>
 % <strong>gen-auth plain</strong>
@@ -1501,23 +1538,7 @@ password:
 <p> The <strong>gen-auth</strong> Perl script was written by John
 Jetmore and can be found at http://jetmore.org/john/code/gen-auth. </p>
 
-<blockquote>
-<pre>
-% <strong>printf '\0<em>username</em>\0<em>password</em>' | mmencode</strong>
-</pre>
-</blockquote>
-
-<p> The <strong>mmencode</strong> command is part of the metamail
-software. </p>
-
-<blockquote>
-<pre>
-% <strong>perl -MMIME::Base64 -e \
-    'print encode_base64("\0<em>username</em>\0<em>password</em>");'</strong>
-</pre>
-</blockquote>
-
-<p> MIME::Base64 is available from http://www.cpan.org/. </p>
+</ul>
 
 <h2><a name="client_sasl">Configuring SASL authentication in the Postfix SMTP/LMTP client</a></h2>
 
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index b27389ec3..bf53a24f8 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -13530,6 +13530,8 @@ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
 The default time unit is s (seconds).
 </p>
 
+<p> This feature is available in Postfix 2.8 and later.  </p>
+
 %PARAM qmgr_daemon_timeout 1000s
 
 <p> How much time a Postfix queue manager process may take to handle
@@ -13541,6 +13543,8 @@ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
 The default time unit is s (seconds).
 </p>
 
+<p> This feature is available in Postfix 2.8 and later.  </p>
+
 %PARAM tls_preempt_cipherlist no
 
 <p> With SSLv3 and later, use the server's cipher preference order
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 03e67d803..697904f2a 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20110615"
+#define MAIL_RELEASE_DATE	"20110706"
 #define MAIL_VERSION_NUMBER	"2.9"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/global/smtp_reply_footer.c b/postfix/src/global/smtp_reply_footer.c
index 5018a4706..6e460f442 100644
--- a/postfix/src/global/smtp_reply_footer.c
+++ b/postfix/src/global/smtp_reply_footer.c
@@ -15,8 +15,8 @@
 /*	const char *(*lookup) (const char *name, char *context);
 /*	char	*context;
 /* DESCRIPTION
-/*	smtp_reply_footer() expands a reply template to an existing
-/*	reply text.
+/*	smtp_reply_footer() expands a reply template, and appends
+/*	the result to an existing reply text.
 /*
 /*	Arguments:
 /* .IP buffer
diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c
index 2e14dae0d..46ee5a055 100644
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@@ -1220,13 +1220,15 @@ static int reject_unknown_mailhost(SMTPD_STATE *state, const char *name,
 
 static int permit_auth_destination(SMTPD_STATE *state, char *recipient);
 
-/* permit_tls_clientcerts - OK/DUNNO for message relaying */
+/* permit_tls_clientcerts - OK/DUNNO for message relaying, or set dict_errno */
 
 static int permit_tls_clientcerts(SMTPD_STATE *state, int permit_all_certs)
 {
 #ifdef USE_TLS
     const char *found;
 
+    dict_errno = 0;
+
     if (!state->tls_context)
 	return SMTPD_CHECK_DUNNO;
 
@@ -1251,6 +1253,8 @@ static int permit_tls_clientcerts(SMTPD_STATE *state, int permit_all_certs)
 	    msg_info("relay_clientcerts: No match for fingerprint '%s'",
 		     state->tls_context->peer_fingerprint);
     }
+#else
+    dict_errno = 0;
 #endif
     return (SMTPD_CHECK_DUNNO);
 }
@@ -3958,8 +3962,12 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
 #endif
 	} else if (strcasecmp(name, PERMIT_TLS_ALL_CLIENTCERTS) == 0) {
 	    status = permit_tls_clientcerts(state, 1);
+	    if (dict_errno != 0) 
+		reject_dict_retry(state, reply_name);
 	} else if (strcasecmp(name, PERMIT_TLS_CLIENTCERTS) == 0) {
 	    status = permit_tls_clientcerts(state, 0);
+	    if (dict_errno != 0) 
+		reject_dict_retry(state, reply_name);
 	} else if (strcasecmp(name, REJECT_UNKNOWN_RCPTDOM) == 0) {
 	    if (state->recipient)
 		status = reject_unknown_address(state, state->recipient,
@@ -4106,13 +4114,19 @@ void    smtpd_check_rewrite(SMTPD_STATE *state)
 	}
 	if (strcasecmp(name, PERMIT_INET_INTERFACES) == 0) {
 	    status = permit_inet_interfaces(state);
+	    /* dict errors are fatal */
 	} else if (strcasecmp(name, PERMIT_MYNETWORKS) == 0) {
 	    status = permit_mynetworks(state);
+	    /* dict errors are fatal */
 	} else if (is_map_command(state, name, CHECK_ADDR_MAP, &cpp)) {
 	    if ((dict = dict_handle(*cpp)) == 0)
 		msg_panic("%s: dictionary not found: %s", myname, *cpp);
+	    dict_errno = 0;
+	    /* for now, dict errors are fatal */
 	    if (dict_get(dict, state->addr) != 0)
 		status = SMTPD_CHECK_OK;
+	    else if (dict_errno != 0)
+		msg_fatal("%s: table lookup error", *cpp);
 	} else if (strcasecmp(name, PERMIT_SASL_AUTH) == 0) {
 #ifdef USE_SASL_AUTH
 	    if (smtpd_sasl_is_active(state))
@@ -4121,8 +4135,18 @@ void    smtpd_check_rewrite(SMTPD_STATE *state)
 #endif
 	} else if (strcasecmp(name, PERMIT_TLS_ALL_CLIENTCERTS) == 0) {
 	    status = permit_tls_clientcerts(state, 1);
+	    /* for now, dict errors are fatal */
+#ifdef USE_TLS
+	    if (dict_errno != 0)
+		msg_fatal("%s: table lookup error", var_smtpd_relay_ccerts);
+#endif
 	} else if (strcasecmp(name, PERMIT_TLS_CLIENTCERTS) == 0) {
 	    status = permit_tls_clientcerts(state, 0);
+	    /* for now, dict errors are fatal */
+#ifdef USE_TLS
+	    if (dict_errno != 0)
+		msg_fatal("%s: table lookup error", var_smtpd_relay_ccerts);
+#endif
 	} else {
 	    msg_warn("parameter %s: invalid request: %s",
 		     VAR_LOC_RWR_CLIENTS, name);
diff --git a/postfix/src/util/sys_defs.h b/postfix/src/util/sys_defs.h
index bbe370f2b..422219055 100644
--- a/postfix/src/util/sys_defs.h
+++ b/postfix/src/util/sys_defs.h
@@ -1547,6 +1547,9 @@ typedef int pid_t;
   * Bit banging!! There is no official constant that defines the INT_MAX
   * equivalent of the off_t type. Wietse came up with the following macro
   * that works as long as off_t is some two's complement number.
+  * 
+  * Note, however, that C99 permits signed integer representations other than
+  * two's complement.
   */
 #include <limits.h>
 #define __MAXINT__(T) ((T) (((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ ((T) -1))))