From fa3a2cce64fa730e44efa56c5fd021f45e4b64cc Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Sat, 26 Jul 2008 00:00:00 -0500 Subject: [PATCH] postfix-2.5.3 --- postfix/HISTORY | 14 +++++ postfix/RELEASE_NOTES | 12 +++- postfix/html/local.8.html | 94 +++++++++++++++++-------------- postfix/html/postconf.5.html | 11 ++++ postfix/html/virtual.8.html | 58 ++++++++++--------- postfix/man/man5/postconf.5 | 5 ++ postfix/man/man8/local.8 | 10 +++- postfix/man/man8/virtual.8 | 4 ++ postfix/mantools/postlink | 1 + postfix/proto/postconf.proto | 6 ++ postfix/src/global/mail_params.h | 7 +++ postfix/src/global/mail_version.h | 4 +- postfix/src/local/local.c | 12 +++- postfix/src/local/mailbox.c | 6 ++ postfix/src/util/vstream_tweak.c | 2 +- postfix/src/virtual/mailbox.c | 6 ++ postfix/src/virtual/virtual.c | 10 ++++ 17 files changed, 188 insertions(+), 74 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index d08f791d6..5bdc156d7 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -14397,3 +14397,17 @@ Apologies for any names omitted. Cleanup: using "Before-queue content filter", RFC3848 information was not added to the headers. Carlos Velasco. File smtpd/smtpd.c. + +20080717 + + Cleanup: a poorly-implemented integer overflow check for + TCP MSS calculation had the unexpected effect that people + broke Postfix on LP64 systems while attempting to silence + a compiler warning. File: util/vstream_tweak.c. + +20080725 + + Paranoia: defer delivery when a mailbox file is not owned + by the recipient. Requested by Sebastian Krahmer, SuSE. + Specify "strict_mailbox_ownership=no" to ignore ownership + discrepancies. Files: local/mailbox.c, virtual/mailbox.c. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index f560d3b5d..14fd19aa1 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -11,8 +11,16 @@ instead, a new snapshot is released. The mail_release_date configuration parameter (format: yyyymmdd) specifies the release date of a stable release or snapshot release. -Incompatibility with Postfix 2.3 and earlier --------------------------------------------- +Incompatibility with Postfix 2.5.3 +================================== + +When a mailbox file is not owned by its recipient, the local and +virtual delivery agents now log a warning and defer delivery. +Specify "strict_mailbox_ownership = no" to ignore such ownership +discrepancies. + +Postfix 2.5.0 Release Notes +=========================== If you upgrade from Postfix 2.3 or earlier, read RELEASE_NOTES-2.4 before proceeding. diff --git a/postfix/html/local.8.html b/postfix/html/local.8.html index 6a5ff6c17..e43fdb985 100644 --- a/postfix/html/local.8.html +++ b/postfix/html/local.8.html @@ -398,60 +398,66 @@ LOCAL(8) LOCAL(8) attempt; do not update the Delivered-To: address while expanding aliases or .forward files. + Available in Postfix version 2.5.3 and later: + + strict_mailbox_ownership (yes) + Defer delivery when a mailbox file is not owned by + its recipient. + DELIVERY METHOD CONTROLS - The precedence of local(8) delivery methods from high to - low is: aliases, .forward files, mailbox_transport_maps, - mailbox_transport, mailbox_command_maps, mailbox_command, - home_mailbox, mail_spool_directory, fallback_trans- + The precedence of local(8) delivery methods from high to + low is: aliases, .forward files, mailbox_transport_maps, + mailbox_transport, mailbox_command_maps, mailbox_command, + home_mailbox, mail_spool_directory, fallback_trans- port_maps, fallback_transport, and luser_relay. alias_maps (see 'postconf -d' output) - The alias databases that are used for local(8) + The alias databases that are used for local(8) delivery. forward_path (see 'postconf -d' output) The local(8) delivery agent search list for finding - a .forward file with user-specified delivery meth- + a .forward file with user-specified delivery meth- ods. mailbox_transport_maps (empty) - Optional lookup tables with per-recipient message - delivery transports to use for local(8) mailbox - delivery, whether or not the recipients are found + Optional lookup tables with per-recipient message + delivery transports to use for local(8) mailbox + delivery, whether or not the recipients are found in the UNIX passwd database. mailbox_transport (empty) - Optional message delivery transport that the - local(8) delivery agent should use for mailbox - delivery to all local recipients, whether or not + Optional message delivery transport that the + local(8) delivery agent should use for mailbox + delivery to all local recipients, whether or not they are found in the UNIX passwd database. mailbox_command_maps (empty) - Optional lookup tables with per-recipient external + Optional lookup tables with per-recipient external commands to use for local(8) mailbox delivery. mailbox_command (empty) - Optional external command that the local(8) deliv- + Optional external command that the local(8) deliv- ery agent should use for mailbox delivery. home_mailbox (empty) - Optional pathname of a mailbox file relative to a + Optional pathname of a mailbox file relative to a local(8) user's home directory. mail_spool_directory (see 'postconf -d' output) - The directory where local(8) UNIX-style mailboxes + The directory where local(8) UNIX-style mailboxes are kept. fallback_transport_maps (empty) - Optional lookup tables with per-recipient message - delivery transports for recipients that the - local(8) delivery agent could not find in the + Optional lookup tables with per-recipient message + delivery transports for recipients that the + local(8) delivery agent could not find in the aliases(5) or UNIX password database. fallback_transport (empty) - Optional message delivery transport that the - local(8) delivery agent should use for names that - are not found in the aliases(5) or UNIX password + Optional message delivery transport that the + local(8) delivery agent should use for names that + are not found in the aliases(5) or UNIX password database. luser_relay (empty) @@ -461,7 +467,7 @@ LOCAL(8) LOCAL(8) Available in Postfix version 2.2 and later: command_execution_directory (empty) - The local(8) delivery agent working directory for + The local(8) delivery agent working directory for delivery to external command. MAILBOX LOCKING CONTROLS @@ -470,15 +476,15 @@ LOCAL(8) LOCAL(8) sive lock on a mailbox file or bounce(8) logfile. deliver_lock_delay (1s) - The time between attempts to acquire an exclusive + The time between attempts to acquire an exclusive lock on a mailbox file or bounce(8) logfile. stale_lock_time (500s) - The time after which a stale exclusive mailbox + The time after which a stale exclusive mailbox lockfile is removed. mailbox_delivery_lock (see 'postconf -d' output) - How to lock a UNIX-style local(8) mailbox before + How to lock a UNIX-style local(8) mailbox before attempting delivery. RESOURCE AND RATE CONTROLS @@ -486,17 +492,17 @@ LOCAL(8) LOCAL(8) Time limit for delivery to external commands. duplicate_filter_limit (1000) - The maximal number of addresses remembered by the - address duplicate filter for aliases(5) or vir- + The maximal number of addresses remembered by the + address duplicate filter for aliases(5) or vir- tual(5) alias expansion, or for showq(8) queue dis- plays. local_destination_concurrency_limit (2) - The maximal number of parallel deliveries via the + The maximal number of parallel deliveries via the local mail delivery transport to the same recipient - (when "local_destination_recipient_limit = 1") or - the maximal number of parallel deliveries to the - same local domain (when "local_destination_recipi- + (when "local_destination_recipient_limit = 1") or + the maximal number of parallel deliveries to the + same local domain (when "local_destination_recipi- ent_limit > 1"). local_destination_recipient_limit (1) @@ -509,33 +515,39 @@ LOCAL(8) LOCAL(8) SECURITY CONTROLS allow_mail_to_commands (alias, forward) - Restrict local(8) mail delivery to external com- + Restrict local(8) mail delivery to external com- mands. allow_mail_to_files (alias, forward) - Restrict local(8) mail delivery to external files. + Restrict local(8) mail delivery to external files. command_expansion_filter (see 'postconf -d' output) - Restrict the characters that the local(8) delivery - agent allows in $name expansions of $mailbox_com- - mand. + Restrict the characters that the local(8) delivery + agent allows in $name expansions of $mailbox_com- + mand and $command_execution_directory. default_privs (nobody) - The default rights used by the local(8) delivery + The default rights used by the local(8) delivery agent for delivery to external file or command. forward_expansion_filter (see 'postconf -d' output) - Restrict the characters that the local(8) delivery - agent allows in $name expansions of $forward_path. + Restrict the characters that the local(8) delivery + agent allows in $name expansions of $forward_path. Available in Postfix version 2.2 and later: execution_directory_expansion_filter (see 'postconf -d' output) - Restrict the characters that the local(8) delivery + Restrict the characters that the local(8) delivery agent allows in $name expansions of $command_execu- tion_directory. + Available in Postfix version 2.5.3 and later: + + strict_mailbox_ownership (yes) + Defer delivery when a mailbox file is not owned by + its recipient. + MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) The default location of the Postfix main.cf and diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index f442ec2c5..9166671ce 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -12495,6 +12495,17 @@ This feature is available in Postfix 2.0 and later.

+ + +
strict_mailbox_ownership +(default: yes)
+ +

Defer delivery when a mailbox file is not owned by its recipient. +The default setting is not backwards compatible.

+ +

This feature is available in Postfix 2.5.3 and later.

+ +
strict_mime_encoding_domain diff --git a/postfix/html/virtual.8.html b/postfix/html/virtual.8.html index 7d1e21bdb..8645550ae 100644 --- a/postfix/html/virtual.8.html +++ b/postfix/html/virtual.8.html @@ -200,9 +200,15 @@ VIRTUAL(8) VIRTUAL(8) destination for final delivery to domains listed with $virtual_mailbox_domains. + Available in Postfix version 2.5.3 and later: + + strict_mailbox_ownership (yes) + Defer delivery when a mailbox file is not owned by + its recipient. + LOCKING CONTROLS virtual_mailbox_lock (see 'postconf -d' output) - How to lock a UNIX-style virtual(8) mailbox before + How to lock a UNIX-style virtual(8) mailbox before attempting delivery. deliver_lock_attempts (20) @@ -210,41 +216,41 @@ VIRTUAL(8) VIRTUAL(8) sive lock on a mailbox file or bounce(8) logfile. deliver_lock_delay (1s) - The time between attempts to acquire an exclusive + The time between attempts to acquire an exclusive lock on a mailbox file or bounce(8) logfile. stale_lock_time (500s) - The time after which a stale exclusive mailbox + The time after which a stale exclusive mailbox lockfile is removed. RESOURCE AND RATE CONTROLS virtual_destination_concurrency_limit ($default_destina- tion_concurrency_limit) - The maximal number of parallel deliveries to the - same destination via the virtual message delivery + The maximal number of parallel deliveries to the + same destination via the virtual message delivery transport. virtual_destination_recipient_limit ($default_destina- tion_recipient_limit) - The maximal number of recipients per delivery via + The maximal number of recipients per delivery via the virtual message delivery transport. virtual_mailbox_limit (51200000) - The maximal size in bytes of an individual mailbox + The maximal size in bytes of an individual mailbox or maildir file, or zero (no limit). MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a + How much time a Postfix daemon process may take to + handle a request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal + The maximal number of digits after the decimal point when logging sub-second delay values. ipc_timeout (3600s) @@ -252,33 +258,33 @@ VIRTUAL(8) VIRTUAL(8) over an internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection + The maximum amount of time that an idle Postfix + daemon process waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- + The maximal number of incoming connections that a + Postfix daemon process will service before termi- nating voluntarily. process_id (read-only) - The process ID of a Postfix command or daemon + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- + The location of the Postfix top-level queue direc- tory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (postfix) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" + The mail system name that is prepended to the + process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". SEE ALSO @@ -291,20 +297,20 @@ VIRTUAL(8) VIRTUAL(8) VIRTUAL_README, domain hosting howto LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. HISTORY - This delivery agent was originally based on the Postfix - local delivery agent. Modifications mainly consisted of - removing code that either was not applicable or that was - not safe in this context: aliases, ~user/.forward files, + This delivery agent was originally based on the Postfix + local delivery agent. Modifications mainly consisted of + removing code that either was not applicable or that was + not safe in this context: aliases, ~user/.forward files, delivery to "|command" or to /file/name. The Delivered-To: message header appears in the qmail sys- tem by Daniel Bernstein. - The maildir structure appears in the qmail system by + The maildir structure appears in the qmail system by Daniel Bernstein. AUTHOR(S) diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 22a574184..922cdac1e 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -7771,6 +7771,11 @@ This feature should not be enabled on a general purpose mail server, because it is likely to reject legitimate email. .PP This feature is available in Postfix 2.0 and later. +.SH strict_mailbox_ownership (default: yes) +Defer delivery when a mailbox file is not owned by its recipient. +The default setting is not backwards compatible. +.PP +This feature is available in Postfix 2.5.3 and later. .SH strict_mime_encoding_domain (default: no) Reject mail with invalid Content-Transfer-Encoding: information for the message/* or multipart/* MIME content types. This blocks diff --git a/postfix/man/man8/local.8 b/postfix/man/man8/local.8 index 2699ba6ee..d7658f33e 100644 --- a/postfix/man/man8/local.8 +++ b/postfix/man/man8/local.8 @@ -415,6 +415,10 @@ Update the \fBlocal\fR(8) delivery agent's idea of the Delivered-To: address (see prepend_delivered_header) only once, at the start of a delivery attempt; do not update the Delivered-To: address while expanding aliases or .forward files. +.PP +Available in Postfix version 2.5.3 and later: +.IP "\fBstrict_mailbox_ownership (yes)\fR" +Defer delivery when a mailbox file is not owned by its recipient. .SH "DELIVERY METHOD CONTROLS" .na .nf @@ -513,7 +517,7 @@ Restrict \fBlocal\fR(8) mail delivery to external commands. Restrict \fBlocal\fR(8) mail delivery to external files. .IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR" Restrict the characters that the \fBlocal\fR(8) delivery agent allows in -$name expansions of $mailbox_command. +$name expansions of $mailbox_command and $command_execution_directory. .IP "\fBdefault_privs (nobody)\fR" The default rights used by the \fBlocal\fR(8) delivery agent for delivery to external file or command. @@ -525,6 +529,10 @@ Available in Postfix version 2.2 and later: .IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR" Restrict the characters that the \fBlocal\fR(8) delivery agent allows in $name expansions of $command_execution_directory. +.PP +Available in Postfix version 2.5.3 and later: +.IP "\fBstrict_mailbox_ownership (yes)\fR" +Defer delivery when a mailbox file is not owned by its recipient. .SH "MISCELLANEOUS CONTROLS" .na .nf diff --git a/postfix/man/man8/virtual.8 b/postfix/man/man8/virtual.8 index b45ac26d9..22e41b511 100644 --- a/postfix/man/man8/virtual.8 +++ b/postfix/man/man8/virtual.8 @@ -213,6 +213,10 @@ mail is delivered via the $virtual_transport mail delivery transport. .IP "\fBvirtual_transport (virtual)\fR" The default mail delivery transport and next-hop destination for final delivery to domains listed with $virtual_mailbox_domains. +.PP +Available in Postfix version 2.5.3 and later: +.IP "\fBstrict_mailbox_ownership (yes)\fR" +Defer delivery when a mailbox file is not owned by its recipient. .SH "LOCKING CONTROLS" .na .nf diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index 07c43c01f..be98d67e7 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -517,6 +517,7 @@ while (<>) { s;\bstrict_8bitmime\b;$&;g; s;\bstrict_8bitmime_body\b;$&;g; s;\bstrict_mime_encoding_domain\b;$&;g; + s;\bstrict_mailbox_ownership\b;$&;g; s;\bstrict_rfc821_envelopes\b;$&;g; s;\bsun_mailtool_compatibility\b;$&;g; s;\bswap_bangpath\b;$&;g; diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 4e68c5f0c..d2ce35d79 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -11517,3 +11517,9 @@ configuration parameter. See there for details.

This feature is available in Postfix 2.5 and later.

+%PARAM strict_mailbox_ownership yes + +

Defer delivery when a mailbox file is not owned by its recipient. +The default setting is not backwards compatible.

+ +

This feature is available in Postfix 2.5.3 and later.

diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index fe7dd5db8..ca9d1cf48 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -2932,6 +2932,13 @@ extern int var_dest_rate_delay; #define DEF_STRESS "" extern char *var_stress; + /* + * Mailbox ownership. + */ +#define VAR_STRICT_MBOX_OWNER "strict_mailbox_ownership" +#define DEF_STRICT_MBOX_OWNER 1 +extern bool var_strict_mbox_owner; + /* LICENSE /* .ad /* .fi diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index a91ed72cb..7e7bcf5d8 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20080711" -#define MAIL_VERSION_NUMBER "2.5.3-RC1" +#define MAIL_RELEASE_DATE "20080726" +#define MAIL_VERSION_NUMBER "2.5.3" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/local/local.c b/postfix/src/local/local.c index 6300111af..33af0ad76 100644 --- a/postfix/src/local/local.c +++ b/postfix/src/local/local.c @@ -381,6 +381,10 @@ /* address (see prepend_delivered_header) only once, at the start of /* a delivery attempt; do not update the Delivered-To: address while /* expanding aliases or .forward files. +/* .PP +/* Available in Postfix version 2.5.3 and later: +/* .IP "\fBstrict_mailbox_ownership (yes)\fR" +/* Defer delivery when a mailbox file is not owned by its recipient. /* DELIVERY METHOD CONTROLS /* .ad /* .fi @@ -471,7 +475,7 @@ /* Restrict \fBlocal\fR(8) mail delivery to external files. /* .IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR" /* Restrict the characters that the \fBlocal\fR(8) delivery agent allows in -/* $name expansions of $mailbox_command. +/* $name expansions of $mailbox_command and $command_execution_directory. /* .IP "\fBdefault_privs (nobody)\fR" /* The default rights used by the \fBlocal\fR(8) delivery agent for delivery /* to external file or command. @@ -483,6 +487,10 @@ /* .IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR" /* Restrict the characters that the \fBlocal\fR(8) delivery agent allows /* in $name expansions of $command_execution_directory. +/* .PP +/* Available in Postfix version 2.5.3 and later: +/* .IP "\fBstrict_mailbox_ownership (yes)\fR" +/* Defer delivery when a mailbox file is not owned by its recipient. /* MISCELLANEOUS CONTROLS /* .ad /* .fi @@ -644,6 +652,7 @@ int var_mailtool_compat; char *var_mailbox_lock; int var_mailbox_limit; bool var_frozen_delivered; +bool var_strict_mbox_owner; int local_cmd_deliver_mask; int local_file_deliver_mask; @@ -891,6 +900,7 @@ int main(int argc, char **argv) VAR_STAT_HOME_DIR, DEF_STAT_HOME_DIR, &var_stat_home_dir, VAR_MAILTOOL_COMPAT, DEF_MAILTOOL_COMPAT, &var_mailtool_compat, VAR_FROZEN_DELIVERED, DEF_FROZEN_DELIVERED, &var_frozen_delivered, + VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner, 0, }; diff --git a/postfix/src/local/mailbox.c b/postfix/src/local/mailbox.c index 92bd79d67..d35ef66b4 100644 --- a/postfix/src/local/mailbox.c +++ b/postfix/src/local/mailbox.c @@ -194,6 +194,12 @@ static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr) vstream_fclose(mp->fp); dsb_simple(why, "5.2.0", "destination %s is not a regular file", mailbox); + } else if (var_strict_mbox_owner && st.st_uid != usr_attr.uid) { + vstream_fclose(mp->fp); + dsb_simple(why, "4.2.0", + "destination %s is not owned by recipient", mailbox); + msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch", + VAR_STRICT_MBOX_OWNER); } else { end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END); mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp, diff --git a/postfix/src/util/vstream_tweak.c b/postfix/src/util/vstream_tweak.c index d1afac8fd..a9dc8bd1b 100644 --- a/postfix/src/util/vstream_tweak.c +++ b/postfix/src/util/vstream_tweak.c @@ -115,7 +115,7 @@ int vstream_tweak_tcp(VSTREAM *fp) */ #ifdef VSTREAM_CTL_BUFSIZE if (mss > 0) { - if (mss < __MAXINT__(ssize_t) /2) + if (mss < INT_MAX / 2) mss *= 2; vstream_control(fp, VSTREAM_CTL_BUFSIZE, (ssize_t) mss, diff --git a/postfix/src/virtual/mailbox.c b/postfix/src/virtual/mailbox.c index 09fc54bb0..f0ad6eb4a 100644 --- a/postfix/src/virtual/mailbox.c +++ b/postfix/src/virtual/mailbox.c @@ -125,6 +125,12 @@ static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr) msg_warn("recipient %s: destination %s is not a regular file", state.msg_attr.rcpt.address, usr_attr.mailbox); dsb_simple(why, "5.3.5", "mail system configuration error"); + } else if (var_strict_mbox_owner && st.st_uid != usr_attr.uid) { + vstream_fclose(mp->fp); + dsb_simple(why, "4.2.0", + "destination %s is not owned by recipient", usr_attr.mailbox); + msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch", + VAR_STRICT_MBOX_OWNER); } else { end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END); mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp, diff --git a/postfix/src/virtual/virtual.c b/postfix/src/virtual/virtual.c index 88d969ca5..835f53bf7 100644 --- a/postfix/src/virtual/virtual.c +++ b/postfix/src/virtual/virtual.c @@ -183,6 +183,10 @@ /* .IP "\fBvirtual_transport (virtual)\fR" /* The default mail delivery transport and next-hop destination for /* final delivery to domains listed with $virtual_mailbox_domains. +/* .PP +/* Available in Postfix version 2.5.3 and later: +/* .IP "\fBstrict_mailbox_ownership (yes)\fR" +/* Defer delivery when a mailbox file is not owned by its recipient. /* LOCKING CONTROLS /* .ad /* .fi @@ -329,6 +333,7 @@ char *var_virt_mailbox_base; char *var_virt_mailbox_lock; int var_virt_mailbox_limit; char *var_mail_spool_dir; /* XXX dependency fix */ +bool var_strict_mbox_owner; /* * Mappings. @@ -504,6 +509,10 @@ int main(int argc, char **argv) VAR_VIRT_MAILBOX_LOCK, DEF_VIRT_MAILBOX_LOCK, &var_virt_mailbox_lock, 1, 0, 0, }; + static const CONFIG_BOOL_TABLE bool_table[] = { + VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner, + 0, + }; /* * Fingerprint executables and core dumps. @@ -513,6 +522,7 @@ int main(int argc, char **argv) single_server_main(argc, argv, local_service, MAIL_SERVER_INT_TABLE, int_table, MAIL_SERVER_STR_TABLE, str_table, + MAIL_SERVER_BOOL_TABLE, bool_table, MAIL_SERVER_PRE_INIT, pre_init, MAIL_SERVER_POST_INIT, post_init, MAIL_SERVER_PRE_ACCEPT, pre_accept,