mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 13:48:06 +00:00
Code Issues Releases Wiki Activity

postfix-2.5.3

Browse Source
This commit is contained in:
Wietse Venema
2008-07-26 00:00:00 -05:00
committed by Viktor Dukhovni
parent caa4ec5a68
commit fa3a2cce64
17 changed files with 188 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
postfix/HISTORY
View File

@@ -14397,3 +14397,17 @@ Apologies for any names omitted.
Cleanup: using "Before-queue content filter", RFC3848 Cleanup: using "Before-queue content filter", RFC3848
information was not added to the headers. Carlos Velasco. information was not added to the headers. Carlos Velasco.
File smtpd/smtpd.c. File smtpd/smtpd.c.
20080717
Cleanup: a poorly-implemented integer overflow check for
TCP MSS calculation had the unexpected effect that people
broke Postfix on LP64 systems while attempting to silence
a compiler warning. File: util/vstream_tweak.c.
20080725
Paranoia: defer delivery when a mailbox file is not owned
by the recipient. Requested by Sebastian Krahmer, SuSE.
Specify "strict_mailbox_ownership=no" to ignore ownership
discrepancies. Files: local/mailbox.c, virtual/mailbox.c.

12
postfix/RELEASE_NOTES
View File

@@ -11,8 +11,16 @@ instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd) The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release. specifies the release date of a stable release or snapshot release.
Incompatibility with Postfix 2.3 and earlier Incompatibility with Postfix 2.5.3
-------------------------------------------- ==================================
When a mailbox file is not owned by its recipient, the local and
virtual delivery agents now log a warning and defer delivery.
Specify "strict_mailbox_ownership = no" to ignore such ownership
discrepancies.
Postfix 2.5.0 Release Notes
===========================
If you upgrade from Postfix 2.3 or earlier, read RELEASE_NOTES-2.4 If you upgrade from Postfix 2.3 or earlier, read RELEASE_NOTES-2.4
before proceeding. before proceeding.

14
postfix/html/local.8.html
View File

@@ -398,6 +398,12 @@ LOCAL(8) LOCAL(8)
attempt; do not update the Delivered-To: address attempt; do not update the Delivered-To: address
while expanding aliases or .forward files. while expanding aliases or .forward files.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
Defer delivery when a mailbox file is not owned by
its recipient.
<b>DELIVERY METHOD CONTROLS</b> <b>DELIVERY METHOD CONTROLS</b>
The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to
low is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, low is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>,
@@ -518,7 +524,7 @@ LOCAL(8) LOCAL(8)
<b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a> (see 'postconf -d' output)</b> <b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a> (see 'postconf -d' output)</b>
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_com</a>- agent allows in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_com</a>-
<a href="postconf.5.html#mailbox_command">mand</a>. <a href="postconf.5.html#mailbox_command">mand</a> and $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>.
<b><a href="postconf.5.html#default_privs">default_privs</a> (nobody)</b> <b><a href="postconf.5.html#default_privs">default_privs</a> (nobody)</b>
The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery
@@ -536,6 +542,12 @@ LOCAL(8) LOCAL(8)
agent allows in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execu</a>- agent allows in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execu</a>-
<a href="postconf.5.html#command_execution_directory">tion_directory</a>. <a href="postconf.5.html#command_execution_directory">tion_directory</a>.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
Defer delivery when a mailbox file is not owned by
its recipient.
<b>MISCELLANEOUS CONTROLS</b> <b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b> <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and The default location of the Postfix <a href="postconf.5.html">main.cf</a> and

11
postfix/html/postconf.5.html
View File

@@ -12495,6 +12495,17 @@ This feature is available in Postfix 2.0 and later.
</p> </p>
</DD>
<DT><b><a name="strict_mailbox_ownership">strict_mailbox_ownership</a>
(default: yes)</b></DT><DD>
<p> Defer delivery when a mailbox file is not owned by its recipient.
The default setting is not backwards compatible. </p>
<p> This feature is available in Postfix 2.5.3 and later. </p>
</DD> </DD>
<DT><b><a name="strict_mime_encoding_domain">strict_mime_encoding_domain</a> <DT><b><a name="strict_mime_encoding_domain">strict_mime_encoding_domain</a>

6
postfix/html/virtual.8.html
View File

@@ -200,6 +200,12 @@ VIRTUAL(8) VIRTUAL(8)
destination for final delivery to domains listed destination for final delivery to domains listed
with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
Defer delivery when a mailbox file is not owned by
its recipient.
<b>LOCKING CONTROLS</b> <b>LOCKING CONTROLS</b>
<b><a href="postconf.5.html#virtual_mailbox_lock">virtual_mailbox_lock</a> (see 'postconf -d' output)</b> <b><a href="postconf.5.html#virtual_mailbox_lock">virtual_mailbox_lock</a> (see 'postconf -d' output)</b>
How to lock a UNIX-style <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox before How to lock a UNIX-style <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox before

5
postfix/man/man5/postconf.5
View File

@@ -7771,6 +7771,11 @@ This feature should not be enabled on a general purpose mail server,
because it is likely to reject legitimate email. because it is likely to reject legitimate email.
.PP .PP
This feature is available in Postfix 2.0 and later. This feature is available in Postfix 2.0 and later.
.SH strict_mailbox_ownership (default: yes)
Defer delivery when a mailbox file is not owned by its recipient.
The default setting is not backwards compatible.
.PP
This feature is available in Postfix 2.5.3 and later.
.SH strict_mime_encoding_domain (default: no) .SH strict_mime_encoding_domain (default: no)
Reject mail with invalid Content-Transfer-Encoding: information Reject mail with invalid Content-Transfer-Encoding: information
for the message/* or multipart/* MIME content types. This blocks for the message/* or multipart/* MIME content types. This blocks

10
postfix/man/man8/local.8
View File

@@ -415,6 +415,10 @@ Update the \fBlocal\fR(8) delivery agent's idea of the Delivered-To:
address (see prepend_delivered_header) only once, at the start of address (see prepend_delivered_header) only once, at the start of
a delivery attempt; do not update the Delivered-To: address while a delivery attempt; do not update the Delivered-To: address while
expanding aliases or .forward files. expanding aliases or .forward files.
.PP
Available in Postfix version 2.5.3 and later:
.IP "\fBstrict_mailbox_ownership (yes)\fR"
Defer delivery when a mailbox file is not owned by its recipient.
.SH "DELIVERY METHOD CONTROLS" .SH "DELIVERY METHOD CONTROLS"
.na .na
.nf .nf
@@ -513,7 +517,7 @@ Restrict \fBlocal\fR(8) mail delivery to external commands.
Restrict \fBlocal\fR(8) mail delivery to external files. Restrict \fBlocal\fR(8) mail delivery to external files.
.IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR" .IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"
Restrict the characters that the \fBlocal\fR(8) delivery agent allows in Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
$name expansions of $mailbox_command. $name expansions of $mailbox_command and $command_execution_directory.
.IP "\fBdefault_privs (nobody)\fR" .IP "\fBdefault_privs (nobody)\fR"
The default rights used by the \fBlocal\fR(8) delivery agent for delivery The default rights used by the \fBlocal\fR(8) delivery agent for delivery
to external file or command. to external file or command.
@@ -525,6 +529,10 @@ Available in Postfix version 2.2 and later:
.IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR" .IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR"
Restrict the characters that the \fBlocal\fR(8) delivery agent allows Restrict the characters that the \fBlocal\fR(8) delivery agent allows
in $name expansions of $command_execution_directory. in $name expansions of $command_execution_directory.
.PP
Available in Postfix version 2.5.3 and later:
.IP "\fBstrict_mailbox_ownership (yes)\fR"
Defer delivery when a mailbox file is not owned by its recipient.
.SH "MISCELLANEOUS CONTROLS" .SH "MISCELLANEOUS CONTROLS"
.na .na
.nf .nf

4
postfix/man/man8/virtual.8
View File

@@ -213,6 +213,10 @@ mail is delivered via the $virtual_transport mail delivery transport.
.IP "\fBvirtual_transport (virtual)\fR" .IP "\fBvirtual_transport (virtual)\fR"
The default mail delivery transport and next-hop destination for The default mail delivery transport and next-hop destination for
final delivery to domains listed with $virtual_mailbox_domains. final delivery to domains listed with $virtual_mailbox_domains.
.PP
Available in Postfix version 2.5.3 and later:
.IP "\fBstrict_mailbox_ownership (yes)\fR"
Defer delivery when a mailbox file is not owned by its recipient.
.SH "LOCKING CONTROLS" .SH "LOCKING CONTROLS"
.na .na
.nf .nf

1
postfix/mantools/postlink
View File

@@ -517,6 +517,7 @@ while (<>) {
s;\bstrict_8bitmime\b;<a href="postconf.5.html#strict_8bitmime">$&</a>;g; s;\bstrict_8bitmime\b;<a href="postconf.5.html#strict_8bitmime">$&</a>;g;
s;\bstrict_8bitmime_body\b;<a href="postconf.5.html#strict_8bitmime_body">$&</a>;g; s;\bstrict_8bitmime_body\b;<a href="postconf.5.html#strict_8bitmime_body">$&</a>;g;
s;\bstrict_mime_encoding_domain\b;<a href="postconf.5.html#strict_mime_encoding_domain">$&</a>;g; s;\bstrict_mime_encoding_domain\b;<a href="postconf.5.html#strict_mime_encoding_domain">$&</a>;g;
s;\bstrict_mailbox_ownership\b;<a href="postconf.5.html#strict_mailbox_ownership">$&</a>;g;
s;\bstrict_rfc821_envelopes\b;<a href="postconf.5.html#strict_rfc821_envelopes">$&</a>;g; s;\bstrict_rfc821_envelopes\b;<a href="postconf.5.html#strict_rfc821_envelopes">$&</a>;g;
s;\bsun_mailtool_compatibility\b;<a href="postconf.5.html#sun_mailtool_compatibility">$&</a>;g; s;\bsun_mailtool_compatibility\b;<a href="postconf.5.html#sun_mailtool_compatibility">$&</a>;g;
s;\bswap_bangpath\b;<a href="postconf.5.html#swap_bangpath">$&</a>;g; s;\bswap_bangpath\b;<a href="postconf.5.html#swap_bangpath">$&</a>;g;

6
postfix/proto/postconf.proto
View File

@@ -11517,3 +11517,9 @@ configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.5 and later. </p> <p> This feature is available in Postfix 2.5 and later. </p>
%PARAM strict_mailbox_ownership yes
<p> Defer delivery when a mailbox file is not owned by its recipient.
The default setting is not backwards compatible. </p>
<p> This feature is available in Postfix 2.5.3 and later. </p>

7
postfix/src/global/mail_params.h
View File

@@ -2932,6 +2932,13 @@ extern int var_dest_rate_delay;
#define DEF_STRESS "" #define DEF_STRESS ""
extern char *var_stress; extern char *var_stress;
/*
* Mailbox ownership.
*/
#define VAR_STRICT_MBOX_OWNER "strict_mailbox_ownership"
#define DEF_STRICT_MBOX_OWNER 1
extern bool var_strict_mbox_owner;
/* LICENSE /* LICENSE
/* .ad /* .ad
/* .fi /* .fi

4
postfix/src/global/mail_version.h
View File

@@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20080711" #define MAIL_RELEASE_DATE "20080726"
#define MAIL_VERSION_NUMBER "2.5.3-RC1" #define MAIL_VERSION_NUMBER "2.5.3"
#ifdef SNAPSHOT #ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE

12
postfix/src/local/local.c
View File

@@ -381,6 +381,10 @@
/* address (see prepend_delivered_header) only once, at the start of /* address (see prepend_delivered_header) only once, at the start of
/* a delivery attempt; do not update the Delivered-To: address while /* a delivery attempt; do not update the Delivered-To: address while
/* expanding aliases or .forward files. /* expanding aliases or .forward files.
/* .PP
/* Available in Postfix version 2.5.3 and later:
/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
/* Defer delivery when a mailbox file is not owned by its recipient.
/* DELIVERY METHOD CONTROLS /* DELIVERY METHOD CONTROLS
/* .ad /* .ad
/* .fi /* .fi
@@ -471,7 +475,7 @@
/* Restrict \fBlocal\fR(8) mail delivery to external files. /* Restrict \fBlocal\fR(8) mail delivery to external files.
/* .IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR" /* .IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"
/* Restrict the characters that the \fBlocal\fR(8) delivery agent allows in /* Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
/* $name expansions of $mailbox_command. /* $name expansions of $mailbox_command and $command_execution_directory.
/* .IP "\fBdefault_privs (nobody)\fR" /* .IP "\fBdefault_privs (nobody)\fR"
/* The default rights used by the \fBlocal\fR(8) delivery agent for delivery /* The default rights used by the \fBlocal\fR(8) delivery agent for delivery
/* to external file or command. /* to external file or command.
@@ -483,6 +487,10 @@
/* .IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR" /* .IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR"
/* Restrict the characters that the \fBlocal\fR(8) delivery agent allows /* Restrict the characters that the \fBlocal\fR(8) delivery agent allows
/* in $name expansions of $command_execution_directory. /* in $name expansions of $command_execution_directory.
/* .PP
/* Available in Postfix version 2.5.3 and later:
/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
/* Defer delivery when a mailbox file is not owned by its recipient.
/* MISCELLANEOUS CONTROLS /* MISCELLANEOUS CONTROLS
/* .ad /* .ad
/* .fi /* .fi
@@ -644,6 +652,7 @@ int var_mailtool_compat;
char *var_mailbox_lock; char *var_mailbox_lock;
int var_mailbox_limit; int var_mailbox_limit;
bool var_frozen_delivered; bool var_frozen_delivered;
bool var_strict_mbox_owner;
int local_cmd_deliver_mask; int local_cmd_deliver_mask;
int local_file_deliver_mask; int local_file_deliver_mask;
@@ -891,6 +900,7 @@ int main(int argc, char **argv)
VAR_STAT_HOME_DIR, DEF_STAT_HOME_DIR, &var_stat_home_dir, VAR_STAT_HOME_DIR, DEF_STAT_HOME_DIR, &var_stat_home_dir,
VAR_MAILTOOL_COMPAT, DEF_MAILTOOL_COMPAT, &var_mailtool_compat, VAR_MAILTOOL_COMPAT, DEF_MAILTOOL_COMPAT, &var_mailtool_compat,
VAR_FROZEN_DELIVERED, DEF_FROZEN_DELIVERED, &var_frozen_delivered, VAR_FROZEN_DELIVERED, DEF_FROZEN_DELIVERED, &var_frozen_delivered,
VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner,
0, 0,
}; };

6
postfix/src/local/mailbox.c
View File

@@ -194,6 +194,12 @@ static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr)
vstream_fclose(mp->fp); vstream_fclose(mp->fp);
dsb_simple(why, "5.2.0", dsb_simple(why, "5.2.0",
"destination %s is not a regular file", mailbox); "destination %s is not a regular file", mailbox);
} else if (var_strict_mbox_owner && st.st_uid != usr_attr.uid) {
vstream_fclose(mp->fp);
dsb_simple(why, "4.2.0",
"destination %s is not owned by recipient", mailbox);
msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch",
VAR_STRICT_MBOX_OWNER);
} else { } else {
end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END); end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp, mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,

2
postfix/src/util/vstream_tweak.c
View File

@@ -115,7 +115,7 @@ int vstream_tweak_tcp(VSTREAM *fp)
*/ */
#ifdef VSTREAM_CTL_BUFSIZE #ifdef VSTREAM_CTL_BUFSIZE
if (mss > 0) { if (mss > 0) {
if (mss < __MAXINT__(ssize_t) /2) if (mss < INT_MAX / 2)
mss *= 2; mss *= 2;
vstream_control(fp, vstream_control(fp,
VSTREAM_CTL_BUFSIZE, (ssize_t) mss, VSTREAM_CTL_BUFSIZE, (ssize_t) mss,

6
postfix/src/virtual/mailbox.c
View File

@@ -125,6 +125,12 @@ static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr)
msg_warn("recipient %s: destination %s is not a regular file", msg_warn("recipient %s: destination %s is not a regular file",
state.msg_attr.rcpt.address, usr_attr.mailbox); state.msg_attr.rcpt.address, usr_attr.mailbox);
dsb_simple(why, "5.3.5", "mail system configuration error"); dsb_simple(why, "5.3.5", "mail system configuration error");
} else if (var_strict_mbox_owner && st.st_uid != usr_attr.uid) {
vstream_fclose(mp->fp);
dsb_simple(why, "4.2.0",
"destination %s is not owned by recipient", usr_attr.mailbox);
msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch",
VAR_STRICT_MBOX_OWNER);
} else { } else {
end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END); end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp, mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,

10
postfix/src/virtual/virtual.c
View File

@@ -183,6 +183,10 @@
/* .IP "\fBvirtual_transport (virtual)\fR" /* .IP "\fBvirtual_transport (virtual)\fR"
/* The default mail delivery transport and next-hop destination for /* The default mail delivery transport and next-hop destination for
/* final delivery to domains listed with $virtual_mailbox_domains. /* final delivery to domains listed with $virtual_mailbox_domains.
/* .PP
/* Available in Postfix version 2.5.3 and later:
/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
/* Defer delivery when a mailbox file is not owned by its recipient.
/* LOCKING CONTROLS /* LOCKING CONTROLS
/* .ad /* .ad
/* .fi /* .fi
@@ -329,6 +333,7 @@ char *var_virt_mailbox_base;
char *var_virt_mailbox_lock; char *var_virt_mailbox_lock;
int var_virt_mailbox_limit; int var_virt_mailbox_limit;
char *var_mail_spool_dir; /* XXX dependency fix */ char *var_mail_spool_dir; /* XXX dependency fix */
bool var_strict_mbox_owner;
/* /*
* Mappings. * Mappings.
@@ -504,6 +509,10 @@ int main(int argc, char **argv)
VAR_VIRT_MAILBOX_LOCK, DEF_VIRT_MAILBOX_LOCK, &var_virt_mailbox_lock, 1, 0, VAR_VIRT_MAILBOX_LOCK, DEF_VIRT_MAILBOX_LOCK, &var_virt_mailbox_lock, 1, 0,
0, 0,
}; };
static const CONFIG_BOOL_TABLE bool_table[] = {
VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner,
0,
};
/* /*
* Fingerprint executables and core dumps. * Fingerprint executables and core dumps.
@@ -513,6 +522,7 @@ int main(int argc, char **argv)
single_server_main(argc, argv, local_service, single_server_main(argc, argv, local_service,
MAIL_SERVER_INT_TABLE, int_table, MAIL_SERVER_INT_TABLE, int_table,
MAIL_SERVER_STR_TABLE, str_table, MAIL_SERVER_STR_TABLE, str_table,
MAIL_SERVER_BOOL_TABLE, bool_table,
MAIL_SERVER_PRE_INIT, pre_init, MAIL_SERVER_PRE_INIT, pre_init,
MAIL_SERVER_POST_INIT, post_init, MAIL_SERVER_POST_INIT, post_init,
MAIL_SERVER_PRE_ACCEPT, pre_accept, MAIL_SERVER_PRE_ACCEPT, pre_accept,