mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-29 13:18:12 +00:00
Code Issues Releases Wiki Activity

postfix-2.5.3

Browse Source
This commit is contained in:
Wietse Venema 2008-07-26 00:00:00 -05:00 committed by Viktor Dukhovni
parent caa4ec5a68
commit fa3a2cce64
17 changed files with 188 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
postfix/HISTORY
View File

@ -14397,3 +14397,17 @@ Apologies for any names omitted.
Cleanup: using "Before-queue content filter", RFC3848
information was not added to the headers. Carlos Velasco.
File smtpd/smtpd.c.
20080717
Cleanup: a poorly-implemented integer overflow check for
TCP MSS calculation had the unexpected effect that people
broke Postfix on LP64 systems while attempting to silence
a compiler warning. File: util/vstream_tweak.c.
20080725
Paranoia: defer delivery when a mailbox file is not owned
by the recipient. Requested by Sebastian Krahmer, SuSE.
Specify "strict_mailbox_ownership=no" to ignore ownership
discrepancies. Files: local/mailbox.c, virtual/mailbox.c.

12
postfix/RELEASE_NOTES
View File

@ -11,8 +11,16 @@ instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
Incompatibility with Postfix 2.3 and earlier
--------------------------------------------
Incompatibility with Postfix 2.5.3
==================================
When a mailbox file is not owned by its recipient, the local and
virtual delivery agents now log a warning and defer delivery.
Specify "strict_mailbox_ownership = no" to ignore such ownership
discrepancies.
Postfix 2.5.0 Release Notes
===========================
If you upgrade from Postfix 2.3 or earlier, read RELEASE_NOTES-2.4
before proceeding.

94
postfix/html/local.8.html
View File

@ -398,60 +398,66 @@ LOCAL(8) LOCAL(8)
attempt; do not update the Delivered-To: address
while expanding aliases or .forward files.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
Defer delivery when a mailbox file is not owned by
its recipient.
<b>DELIVERY METHOD CONTROLS</b>
The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to
low is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>,
<a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>,
<a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, fallback_trans-
The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to
low is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>,
<a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>,
<a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, fallback_trans-
port_maps, <a href="postconf.5.html#fallback_transport">fallback_transport</a>, and <a href="postconf.5.html#luser_relay">luser_relay</a>.
<b><a href="postconf.5.html#alias_maps">alias_maps</a> (see 'postconf -d' output)</b>
The alias databases that are used for <a href="local.8.html"><b>local</b>(8)</a>
The alias databases that are used for <a href="local.8.html"><b>local</b>(8)</a>
delivery.
<b><a href="postconf.5.html#forward_path">forward_path</a> (see 'postconf -d' output)</b>
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent search list for finding
a .forward file with user-specified delivery meth-
a .forward file with user-specified delivery meth-
ods.
<b><a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a> (empty)</b>
Optional lookup tables with per-recipient message
delivery transports to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox
delivery, whether or not the recipients are found
Optional lookup tables with per-recipient message
delivery transports to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox
delivery, whether or not the recipients are found
in the UNIX passwd database.
<b><a href="postconf.5.html#mailbox_transport">mailbox_transport</a> (empty)</b>
Optional message delivery transport that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for mailbox
delivery to all local recipients, whether or not
Optional message delivery transport that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for mailbox
delivery to all local recipients, whether or not
they are found in the UNIX passwd database.
<b><a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a> (empty)</b>
Optional lookup tables with per-recipient external
Optional lookup tables with per-recipient external
commands to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox delivery.
<b><a href="postconf.5.html#mailbox_command">mailbox_command</a> (empty)</b>
Optional external command that the <a href="local.8.html"><b>local</b>(8)</a> deliv-
Optional external command that the <a href="local.8.html"><b>local</b>(8)</a> deliv-
ery agent should use for mailbox delivery.
<b><a href="postconf.5.html#home_mailbox">home_mailbox</a> (empty)</b>
Optional pathname of a mailbox file relative to a
Optional pathname of a mailbox file relative to a
<a href="local.8.html"><b>local</b>(8)</a> user's home directory.
<b><a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> (see 'postconf -d' output)</b>
The directory where <a href="local.8.html"><b>local</b>(8)</a> UNIX-style mailboxes
The directory where <a href="local.8.html"><b>local</b>(8)</a> UNIX-style mailboxes
are kept.
<b><a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a> (empty)</b>
Optional lookup tables with per-recipient message
delivery transports for recipients that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent could not find in the
Optional lookup tables with per-recipient message
delivery transports for recipients that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent could not find in the
<a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password database.
<b><a href="postconf.5.html#fallback_transport">fallback_transport</a> (empty)</b>
Optional message delivery transport that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for names that
are not found in the <a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password
Optional message delivery transport that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for names that
are not found in the <a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password
database.
<b><a href="postconf.5.html#luser_relay">luser_relay</a> (empty)</b>
@ -461,7 +467,7 @@ LOCAL(8) LOCAL(8)
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a> (empty)</b>
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for
delivery to external command.
<b>MAILBOX LOCKING CONTROLS</b>
@ -470,15 +476,15 @@ LOCAL(8) LOCAL(8)
sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
The time between attempts to acquire an exclusive
The time between attempts to acquire an exclusive
lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
The time after which a stale exclusive mailbox
The time after which a stale exclusive mailbox
lockfile is removed.
<b><a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> (see 'postconf -d' output)</b>
How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before
How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before
attempting delivery.
<b>RESOURCE AND RATE CONTROLS</b>
@ -486,17 +492,17 @@ LOCAL(8) LOCAL(8)
Time limit for delivery to external commands.
<b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
The maximal number of addresses remembered by the
address duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>vir-</b></a>
The maximal number of addresses remembered by the
address duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>vir-</b></a>
<a href="virtual.5.html"><b>tual</b>(5)</a> alias expansion, or for <a href="showq.8.html"><b>showq</b>(8)</a> queue dis-
plays.
<b><a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> (2)</b>
The maximal number of parallel deliveries via the
The maximal number of parallel deliveries via the
local mail delivery transport to the same recipient
(when "<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> = 1") or
the maximal number of parallel deliveries to the
same <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> (when "local_destination_recipi-
(when "<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> = 1") or
the maximal number of parallel deliveries to the
same <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> (when "local_destination_recipi-
ent_limit &gt; 1").
<b><a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> (1)</b>
@ -509,33 +515,39 @@ LOCAL(8) LOCAL(8)
<b>SECURITY CONTROLS</b>
<b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> (alias, forward)</b>
Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external com-
Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external com-
mands.
<b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a> (alias, forward)</b>
Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external files.
Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external files.
<b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a> (see 'postconf -d' output)</b>
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_com</a>-
<a href="postconf.5.html#mailbox_command">mand</a>.
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_com</a>-
<a href="postconf.5.html#mailbox_command">mand</a> and $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>.
<b><a href="postconf.5.html#default_privs">default_privs</a> (nobody)</b>
The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery
The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent for delivery to external file or command.
<b><a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a> (see 'postconf -d' output)</b>
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>.
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a> (see 'postconf -d'</b>
<b>output)</b>
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execu</a>-
<a href="postconf.5.html#command_execution_directory">tion_directory</a>.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
Defer delivery when a mailbox file is not owned by
its recipient.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and

11
postfix/html/postconf.5.html
View File

@ -12495,6 +12495,17 @@ This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="strict_mailbox_ownership">strict_mailbox_ownership</a>
(default: yes)</b></DT><DD>
<p> Defer delivery when a mailbox file is not owned by its recipient.
The default setting is not backwards compatible. </p>
<p> This feature is available in Postfix 2.5.3 and later. </p>
</DD>
<DT><b><a name="strict_mime_encoding_domain">strict_mime_encoding_domain</a>

58
postfix/html/virtual.8.html
View File

@ -200,9 +200,15 @@ VIRTUAL(8) VIRTUAL(8)
destination for final delivery to domains listed
with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
Defer delivery when a mailbox file is not owned by
its recipient.
<b>LOCKING CONTROLS</b>
<b><a href="postconf.5.html#virtual_mailbox_lock">virtual_mailbox_lock</a> (see 'postconf -d' output)</b>
How to lock a UNIX-style <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox before
How to lock a UNIX-style <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox before
attempting delivery.
<b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
@ -210,41 +216,41 @@ VIRTUAL(8) VIRTUAL(8)
sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
The time between attempts to acquire an exclusive
The time between attempts to acquire an exclusive
lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
The time after which a stale exclusive mailbox
The time after which a stale exclusive mailbox
lockfile is removed.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
The maximal number of parallel deliveries to the
same destination via the virtual message delivery
The maximal number of parallel deliveries to the
same destination via the virtual message delivery
transport.
<b><a href="postconf.5.html#virtual_destination_recipient_limit">virtual_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
The maximal number of recipients per delivery via
The maximal number of recipients per delivery via
the virtual message delivery transport.
<b><a href="postconf.5.html#virtual_mailbox_limit">virtual_mailbox_limit</a> (51200000)</b>
The maximal size in bytes of an individual mailbox
The maximal size in bytes of an individual mailbox
or maildir file, or zero (no limit).
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal
The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@ -252,33 +258,33 @@ VIRTUAL(8) VIRTUAL(8)
over an internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection
The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection
before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of incoming connections that a
Postfix daemon process will service before termi-
The maximal number of incoming connections that a
Postfix daemon process will service before termi-
nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
@ -291,20 +297,20 @@ VIRTUAL(8) VIRTUAL(8)
<a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting howto
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
This delivery agent was originally based on the Postfix
local delivery agent. Modifications mainly consisted of
removing code that either was not applicable or that was
not safe in this context: aliases, ~user/.forward files,
This delivery agent was originally based on the Postfix
local delivery agent. Modifications mainly consisted of
removing code that either was not applicable or that was
not safe in this context: aliases, ~user/.forward files,
delivery to "|command" or to /file/name.
The <b>Delivered-To:</b> message header appears in the <b>qmail</b> sys-
tem by Daniel Bernstein.
The <b>maildir</b> structure appears in the <b>qmail</b> system by
The <b>maildir</b> structure appears in the <b>qmail</b> system by
Daniel Bernstein.
<b>AUTHOR(S)</b>

5
postfix/man/man5/postconf.5
View File

@ -7771,6 +7771,11 @@ This feature should not be enabled on a general purpose mail server,
because it is likely to reject legitimate email.
.PP
This feature is available in Postfix 2.0 and later.
.SH strict_mailbox_ownership (default: yes)
Defer delivery when a mailbox file is not owned by its recipient.
The default setting is not backwards compatible.
.PP
This feature is available in Postfix 2.5.3 and later.
.SH strict_mime_encoding_domain (default: no)
Reject mail with invalid Content-Transfer-Encoding: information
for the message/* or multipart/* MIME content types. This blocks

10
postfix/man/man8/local.8
View File

@ -415,6 +415,10 @@ Update the \fBlocal\fR(8) delivery agent's idea of the Delivered-To:
address (see prepend_delivered_header) only once, at the start of
a delivery attempt; do not update the Delivered-To: address while
expanding aliases or .forward files.
.PP
Available in Postfix version 2.5.3 and later:
.IP "\fBstrict_mailbox_ownership (yes)\fR"
Defer delivery when a mailbox file is not owned by its recipient.
.SH "DELIVERY METHOD CONTROLS"
.na
.nf
@ -513,7 +517,7 @@ Restrict \fBlocal\fR(8) mail delivery to external commands.
Restrict \fBlocal\fR(8) mail delivery to external files.
.IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"
Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
$name expansions of $mailbox_command.
$name expansions of $mailbox_command and $command_execution_directory.
.IP "\fBdefault_privs (nobody)\fR"
The default rights used by the \fBlocal\fR(8) delivery agent for delivery
to external file or command.
@ -525,6 +529,10 @@ Available in Postfix version 2.2 and later:
.IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR"
Restrict the characters that the \fBlocal\fR(8) delivery agent allows
in $name expansions of $command_execution_directory.
.PP
Available in Postfix version 2.5.3 and later:
.IP "\fBstrict_mailbox_ownership (yes)\fR"
Defer delivery when a mailbox file is not owned by its recipient.
.SH "MISCELLANEOUS CONTROLS"
.na
.nf

4
postfix/man/man8/virtual.8
View File

@ -213,6 +213,10 @@ mail is delivered via the $virtual_transport mail delivery transport.
.IP "\fBvirtual_transport (virtual)\fR"
The default mail delivery transport and next-hop destination for
final delivery to domains listed with $virtual_mailbox_domains.
.PP
Available in Postfix version 2.5.3 and later:
.IP "\fBstrict_mailbox_ownership (yes)\fR"
Defer delivery when a mailbox file is not owned by its recipient.
.SH "LOCKING CONTROLS"
.na
.nf

1
postfix/mantools/postlink
View File

@ -517,6 +517,7 @@ while (<>) {
s;\bstrict_8bitmime\b;<a href="postconf.5.html#strict_8bitmime">$&</a>;g;
s;\bstrict_8bitmime_body\b;<a href="postconf.5.html#strict_8bitmime_body">$&</a>;g;
s;\bstrict_mime_encoding_domain\b;<a href="postconf.5.html#strict_mime_encoding_domain">$&</a>;g;
s;\bstrict_mailbox_ownership\b;<a href="postconf.5.html#strict_mailbox_ownership">$&</a>;g;
s;\bstrict_rfc821_envelopes\b;<a href="postconf.5.html#strict_rfc821_envelopes">$&</a>;g;
s;\bsun_mailtool_compatibility\b;<a href="postconf.5.html#sun_mailtool_compatibility">$&</a>;g;
s;\bswap_bangpath\b;<a href="postconf.5.html#swap_bangpath">$&</a>;g;

6
postfix/proto/postconf.proto
View File

@ -11517,3 +11517,9 @@ configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
%PARAM strict_mailbox_ownership yes
<p> Defer delivery when a mailbox file is not owned by its recipient.
The default setting is not backwards compatible. </p>
<p> This feature is available in Postfix 2.5.3 and later. </p>

7
postfix/src/global/mail_params.h
View File

@ -2932,6 +2932,13 @@ extern int var_dest_rate_delay;
#define DEF_STRESS ""
extern char *var_stress;
/*
* Mailbox ownership.
*/
#define VAR_STRICT_MBOX_OWNER "strict_mailbox_ownership"
#define DEF_STRICT_MBOX_OWNER 1
extern bool var_strict_mbox_owner;
/* LICENSE
/* .ad
/* .fi

4
postfix/src/global/mail_version.h
View File

@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20080711"
#define MAIL_VERSION_NUMBER "2.5.3-RC1"
#define MAIL_RELEASE_DATE "20080726"
#define MAIL_VERSION_NUMBER "2.5.3"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE

12
postfix/src/local/local.c
View File

@ -381,6 +381,10 @@
/* address (see prepend_delivered_header) only once, at the start of
/* a delivery attempt; do not update the Delivered-To: address while
/* expanding aliases or .forward files.
/* .PP
/* Available in Postfix version 2.5.3 and later:
/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
/* Defer delivery when a mailbox file is not owned by its recipient.
/* DELIVERY METHOD CONTROLS
/* .ad
/* .fi
@ -471,7 +475,7 @@
/* Restrict \fBlocal\fR(8) mail delivery to external files.
/* .IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"
/* Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
/* $name expansions of $mailbox_command.
/* $name expansions of $mailbox_command and $command_execution_directory.
/* .IP "\fBdefault_privs (nobody)\fR"
/* The default rights used by the \fBlocal\fR(8) delivery agent for delivery
/* to external file or command.
@ -483,6 +487,10 @@
/* .IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR"
/* Restrict the characters that the \fBlocal\fR(8) delivery agent allows
/* in $name expansions of $command_execution_directory.
/* .PP
/* Available in Postfix version 2.5.3 and later:
/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
/* Defer delivery when a mailbox file is not owned by its recipient.
/* MISCELLANEOUS CONTROLS
/* .ad
/* .fi
@ -644,6 +652,7 @@ int var_mailtool_compat;
char *var_mailbox_lock;
int var_mailbox_limit;
bool var_frozen_delivered;
bool var_strict_mbox_owner;
int local_cmd_deliver_mask;
int local_file_deliver_mask;
@ -891,6 +900,7 @@ int main(int argc, char **argv)
VAR_STAT_HOME_DIR, DEF_STAT_HOME_DIR, &var_stat_home_dir,
VAR_MAILTOOL_COMPAT, DEF_MAILTOOL_COMPAT, &var_mailtool_compat,
VAR_FROZEN_DELIVERED, DEF_FROZEN_DELIVERED, &var_frozen_delivered,
VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner,
0,
};

6
postfix/src/local/mailbox.c
View File

@ -194,6 +194,12 @@ static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr)
vstream_fclose(mp->fp);
dsb_simple(why, "5.2.0",
"destination %s is not a regular file", mailbox);
} else if (var_strict_mbox_owner && st.st_uid != usr_attr.uid) {
vstream_fclose(mp->fp);
dsb_simple(why, "4.2.0",
"destination %s is not owned by recipient", mailbox);
msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch",
VAR_STRICT_MBOX_OWNER);
} else {
end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,

2
postfix/src/util/vstream_tweak.c
View File

@ -115,7 +115,7 @@ int vstream_tweak_tcp(VSTREAM *fp)
*/
#ifdef VSTREAM_CTL_BUFSIZE
if (mss > 0) {
if (mss < __MAXINT__(ssize_t) /2)
if (mss < INT_MAX / 2)
mss *= 2;
vstream_control(fp,
VSTREAM_CTL_BUFSIZE, (ssize_t) mss,

6
postfix/src/virtual/mailbox.c
View File

@ -125,6 +125,12 @@ static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr)
msg_warn("recipient %s: destination %s is not a regular file",
state.msg_attr.rcpt.address, usr_attr.mailbox);
dsb_simple(why, "5.3.5", "mail system configuration error");
} else if (var_strict_mbox_owner && st.st_uid != usr_attr.uid) {
vstream_fclose(mp->fp);
dsb_simple(why, "4.2.0",
"destination %s is not owned by recipient", usr_attr.mailbox);
msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch",
VAR_STRICT_MBOX_OWNER);
} else {
end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,

10
postfix/src/virtual/virtual.c
View File

@ -183,6 +183,10 @@
/* .IP "\fBvirtual_transport (virtual)\fR"
/* The default mail delivery transport and next-hop destination for
/* final delivery to domains listed with $virtual_mailbox_domains.
/* .PP
/* Available in Postfix version 2.5.3 and later:
/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
/* Defer delivery when a mailbox file is not owned by its recipient.
/* LOCKING CONTROLS
/* .ad
/* .fi
@ -329,6 +333,7 @@ char *var_virt_mailbox_base;
char *var_virt_mailbox_lock;
int var_virt_mailbox_limit;
char *var_mail_spool_dir; /* XXX dependency fix */
bool var_strict_mbox_owner;
/*
* Mappings.
@ -504,6 +509,10 @@ int main(int argc, char **argv)
VAR_VIRT_MAILBOX_LOCK, DEF_VIRT_MAILBOX_LOCK, &var_virt_mailbox_lock, 1, 0,
0,
};
static const CONFIG_BOOL_TABLE bool_table[] = {
VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner,
0,
};
/*
* Fingerprint executables and core dumps.
@ -513,6 +522,7 @@ int main(int argc, char **argv)
single_server_main(argc, argv, local_service,
MAIL_SERVER_INT_TABLE, int_table,
MAIL_SERVER_STR_TABLE, str_table,
MAIL_SERVER_BOOL_TABLE, bool_table,
MAIL_SERVER_PRE_INIT, pre_init,
MAIL_SERVER_POST_INIT, post_init,
MAIL_SERVER_PRE_ACCEPT, pre_accept,