Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/ibm-public/postfix/dist Import Postfix 2.6.5. Chang...
details: https://anonhg.NetBSD.org/src/rev/f8fea84deba6
branches: trunk
changeset: 747069:f8fea84deba6
user: tron <tron%NetBSD.org@localhost>
date: Mon Aug 31 17:53:31 2009 +0000
description:
Import Postfix 2.6.5. Changes since Postfix 2.6.2:
- The Postfix Milter client got out of step with a Milter application
after the application sent a "quarantine" request at end-of-message
time. The Milter application would still be in the end-of-message
state, while Postfix would already be working on the next SMTP
event, typically, QUIT or MAIL FROM. In the latter case, Milter
responses for the previously-received email message would be applied
towards the next MAIL FROM transaction. This problem was diagnosed
with help from Alban Deniz.
- The Postfix SMTP server would abort with an "unexpected lookup table"
error when an SMTPD policy server was mis-configured in a particular way.
diffstat:
external/ibm-public/postfix/dist/HISTORY | 34 ++++++
external/ibm-public/postfix/dist/conf/postmulti-script | 74 ++++++-------
external/ibm-public/postfix/dist/src/global/mail_task.c | 5 +-
external/ibm-public/postfix/dist/src/global/mail_version.h | 6 +-
external/ibm-public/postfix/dist/src/milter/milter8.c | 8 +-
external/ibm-public/postfix/dist/src/smtpd/smtpd_check.c | 40 +++++-
6 files changed, 108 insertions(+), 59 deletions(-)
diffs (truncated from 301 to 300 lines):
diff -r 39666bfa3e5f -r f8fea84deba6 external/ibm-public/postfix/dist/HISTORY
--- a/external/ibm-public/postfix/dist/HISTORY Mon Aug 31 15:18:55 2009 +0000
+++ b/external/ibm-public/postfix/dist/HISTORY Mon Aug 31 17:53:31 2009 +0000
@@ -15240,3 +15240,37 @@
and broke reject_unauthenticated_sender_login_mismatch and
reject_sender_login_mismatch. Based on fix by Victor
Duchovni. File: smtpd/smtpd_check.c.
+
+20090605
+
+ Bugfix: "postmulti -e destroy" used hard-coded /bin/env
+ command. Simplified the "destroy" procedure to destroy only
+ known safe names without "/". File: conf/postmulti-script.
+
+20090710
+
+ Bugfix (introduced Postfix 2.3): Postfix got out of sync
+ with a Milter application after the application sent a
+ "quarantine" request at end-of-message time. The milter
+ application would still be in the end-of-message state,
+ while Postfix would already be working on the next SMTP
+ event (typically, QUIT or MAIL FROM). Problem diagnosed
+ with help from Alban Deniz. File: milter/milter8.c.
+
+20090712
+
+ Bugfix (garbage introduced Postfix 2.6): the ugly
+ ${multi_instance_name:postfix}${multi_instance_name
+ ?$multi_instance_name} garbage in Postfix logging is now
+ hopefully gone. File: global/mail_task.c.
+
+20090715
+
+ Documentation: as of Postfix 2.6, the reject_unauth_pipelining
+ feature can be used meaningfully at any protocol stage.
+ File: proto/postconf.proto.
+
+20090805
+
+ Bugfix: don't panic when an unexpected smtpd access map is
+ specified. File: smtpd/smtpd_check.c.
diff -r 39666bfa3e5f -r f8fea84deba6 external/ibm-public/postfix/dist/conf/postmulti-script
--- a/external/ibm-public/postfix/dist/conf/postmulti-script Mon Aug 31 15:18:55 2009 +0000
+++ b/external/ibm-public/postfix/dist/conf/postmulti-script Mon Aug 31 17:53:31 2009 +0000
@@ -1,5 +1,5 @@
#! /bin/sh
-# $NetBSD: postmulti-script,v 1.1.1.1 2009/06/23 10:08:23 tron Exp $
+# $NetBSD: postmulti-script,v 1.1.1.2 2009/08/31 17:53:37 tron Exp $
#
umask 022
@@ -230,6 +230,17 @@
;;
destroy)
+
+ # "postmulti -e destroy" will remove an entire instance only when
+ # invoked immediately after "postmulti -e create" (i.e. before
+ # other files are added to the instance). We delete only known
+ # safe names without "/".
+ #
+ QUEUE_SUBDIRS="active bounce corrupt defer deferred flush hold \
+ incoming maildrop pid private public saved trace"
+ #DEBUG=echo
+ WARN="postlog -p warn -t $TAG"
+
# Locate the target instance
#
[ -f "$config_directory/main.cf" ] ||
@@ -238,57 +249,36 @@
postfix -c "$config_directory" status >/dev/null 2>&1 &&
fatal "Instance '$config_directory' is not stopped"
- # XXX: Internal "postfix /some/cmd" interface via /bin/env for execvp().
- #
- for q in maildrop incoming active deferred hold
- do
- postfix -c "$config_directory" /bin/env \
- find "$q" ! -name "$q" ! -name "?" -perm 0700 -print |
- grep "^" >/dev/null &&
- fatal "Instance '$config_directory' $q queue is not empty"
- done
-
# Update multi_instance directories
# and also (just in case) drop from alternate_config_directories
#
- update_cfdirs del $config_directory || exit 1
-
- # Change default personalities:
- MAIL_CONFIG="$config_directory"; export MAIL_CONFIG
+ $DEBUG update_cfdirs del "$config_directory" || exit 1
- # Full steam ahead, instance will be at least partly destroyed!
-
- # Try to remove data_directory, but not sub-directories.
- # Note: care with "$TAG" insertion into sh -c 'script'.
+ # XXX: Internal "postfix /some/cmd" interface.
#
- postfix /bin/sh -c \
- 'cd $data_directory; rm -f -- *; cd ..; rmdir $data_directory; \
- PATH=$command_directory:$PATH; export PATH; \
- test -d $data_directory && \
- postlog -p warn -t "'"$TAG"'" \
- "$data_directory partly removed" 2>&1' 2>/dev/null
+ postfix -c "$config_directory" /bin/sh -c "
+ for q in $QUEUE_SUBDIRS
+ do
+ $DEBUG rmdir -- \$q ||
+ $WARN \`pwd\`/\$q: please verify contents and remove by hand
+ done
+ "
- # Remove Postfix-owned files in the queue directory.
- # Remove all files in the "pid" sub-directory.
- # Remove empty directories.
- # Note: care with "$TAG" insertion into sh -c 'script'.
- postfix /bin/sh -c \
- 'find . -user $mail_owner ! -type d -exec rm -f -- "{}" ";"; \
- find . -depth -user $mail_owner -type d -exec rmdir -- "{}" ";"; \
- rm -f -- pid/*; rmdir *; cd ..; rmdir $queue_directory; \
- PATH=$command_directory:$PATH; export PATH; \
- test -d $queue_directory && \
- postlog -p warn -t "'"$TAG"'" \
- "$queue_directory partly removed" 2>&1' 2>/dev/null
+ postfix -c "$config_directory" /bin/sh -c "
+ for dir in \$data_directory \$queue_directory
+ do
+ $DEBUG rmdir -- \$dir ||
+ $WARN \$dir: please verify contents and remove by hand
+ done
+ "
# In the configuration directory remove just the main.cf and master.cf
# files.
- rm -f -- "$MAIL_CONFIG/master.cf" "$MAIL_CONFIG/main.cf" 2>/dev/null
- rmdir -- "$MAIL_CONFIG" 2>/dev/null
- test -d "$MAIL_CONFIG" && \
- postlog -p warn -t "$TAG" \
- "$MAIL_CONFIG partly removed" 2>&1
+ $DEBUG rm -f -- "$config_directory/master.cf" "$config_directory/main.cf" 2>/dev/null
+ $DEBUG rmdir -- "$config_directory" ||
+ $WARN $config_directory: please verify contents and remove by hand
;;
+
enable)
postconf -c "$config_directory" -e \
"multi_instance_enable = yes" || exit 1;;
diff -r 39666bfa3e5f -r f8fea84deba6 external/ibm-public/postfix/dist/src/global/mail_task.c
--- a/external/ibm-public/postfix/dist/src/global/mail_task.c Mon Aug 31 15:18:55 2009 +0000
+++ b/external/ibm-public/postfix/dist/src/global/mail_task.c Mon Aug 31 17:53:31 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: mail_task.c,v 1.1.1.1 2009/06/23 10:08:47 tron Exp $ */
+/* $NetBSD: mail_task.c,v 1.1.1.2 2009/08/31 17:54:01 tron Exp $ */
/*++
/* NAME
@@ -61,7 +61,8 @@
/* Setenv()-ed from main.cf, or inherited from master. */
if ((tag = safe_getenv(CONF_ENV_LOGTAG)) == 0)
/* Check main.cf settings directly, in case set-gid. */
- tag = var_syslog_name ? var_syslog_name : DEF_SYSLOG_NAME;
+ tag = var_syslog_name ? var_syslog_name :
+ mail_conf_eval(DEF_SYSLOG_NAME);
vstring_sprintf(canon_name, "%s/%s", tag, argv0);
return (vstring_str(canon_name));
}
diff -r 39666bfa3e5f -r f8fea84deba6 external/ibm-public/postfix/dist/src/global/mail_version.h
--- a/external/ibm-public/postfix/dist/src/global/mail_version.h Mon Aug 31 15:18:55 2009 +0000
+++ b/external/ibm-public/postfix/dist/src/global/mail_version.h Mon Aug 31 17:53:31 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: mail_version.h,v 1.1.1.1 2009/06/23 10:08:47 tron Exp $ */
+/* $NetBSD: mail_version.h,v 1.1.1.2 2009/08/31 17:54:01 tron Exp $ */
#ifndef _MAIL_VERSION_H_INCLUDED_
#define _MAIL_VERSION_H_INCLUDED_
@@ -22,8 +22,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20090603"
-#define MAIL_VERSION_NUMBER "2.6.2"
+#define MAIL_RELEASE_DATE "20090828"
+#define MAIL_VERSION_NUMBER "2.6.5"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
diff -r 39666bfa3e5f -r f8fea84deba6 external/ibm-public/postfix/dist/src/milter/milter8.c
--- a/external/ibm-public/postfix/dist/src/milter/milter8.c Mon Aug 31 15:18:55 2009 +0000
+++ b/external/ibm-public/postfix/dist/src/milter/milter8.c Mon Aug 31 17:53:31 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: milter8.c,v 1.1.1.1 2009/06/23 10:08:50 tron Exp $ */
+/* $NetBSD: milter8.c,v 1.1.1.2 2009/08/31 17:54:04 tron Exp $ */
/*++
/* NAME
@@ -1298,7 +1298,8 @@
/*
* Decision: quarantine. In Sendmail 8.13 this does not imply a
* transition in the receiver state (reply, reject, tempfail,
- * accept, discard).
+ * accept, discard). We should not transition, either, otherwise
+ * we get out of sync.
*/
case SMFIR_QUARANTINE:
/* XXX What to do with the "reason" text? */
@@ -1306,7 +1307,8 @@
MILTER8_DATA_BUFFER, milter->buf,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
- MILTER8_EVENT_BREAK("H");
+ milter8_def_reply(milter, "H");
+ continue;
/*
* Decision: skip further events of this type.
diff -r 39666bfa3e5f -r f8fea84deba6 external/ibm-public/postfix/dist/src/smtpd/smtpd_check.c
--- a/external/ibm-public/postfix/dist/src/smtpd/smtpd_check.c Mon Aug 31 15:18:55 2009 +0000
+++ b/external/ibm-public/postfix/dist/src/smtpd/smtpd_check.c Mon Aug 31 17:53:31 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: smtpd_check.c,v 1.1.1.1 2009/06/23 10:08:56 tron Exp $ */
+/* $NetBSD: smtpd_check.c,v 1.1.1.2 2009/08/31 17:54:10 tron Exp $ */
/*++
/* NAME
@@ -2317,8 +2317,13 @@
if (msg_verbose)
msg_info("%s: %s", myname, name);
- if ((dict = dict_handle(table)) == 0)
- msg_panic("%s: dictionary not found: %s", myname, table);
+ if ((dict = dict_handle(table)) == 0) {
+ msg_warn("%s: unexpected dictionary: %s", myname, table);
+ value = "451 4.3.5 Server configuration error";
+ CHK_ACCESS_RETURN(check_table_result(state, table, value, name,
+ reply_name, reply_class,
+ def_acl), FOUND);
+ }
if (flags == 0 || (flags & dict->flags) != 0) {
if ((value = dict_get(dict, name)) != 0)
CHK_ACCESS_RETURN(check_table_result(state, table, value, name,
@@ -2362,8 +2367,13 @@
*/
#define CHK_DOMAIN_RETURN(x,y) { *found = y; return(x); }
- if ((dict = dict_handle(table)) == 0)
- msg_panic("%s: dictionary not found: %s", myname, table);
+ if ((dict = dict_handle(table)) == 0) {
+ msg_warn("%s: unexpected dictionary: %s", myname, table);
+ value = "451 4.3.5 Server configuration error";
+ CHK_DOMAIN_RETURN(check_table_result(state, table, value,
+ domain, reply_name, reply_class,
+ def_acl), FOUND);
+ }
for (name = domain; *name != 0; name = next) {
if (flags == 0 || (flags & dict->flags) != 0) {
if ((value = dict_get(dict, name)) != 0)
@@ -2421,8 +2431,13 @@
#endif
delim = '.';
- if ((dict = dict_handle(table)) == 0)
- msg_panic("%s: dictionary not found: %s", myname, table);
+ if ((dict = dict_handle(table)) == 0) {
+ msg_warn("%s: unexpected dictionary: %s", myname, table);
+ value = "451 4.3.5 Server configuration error";
+ CHK_ADDR_RETURN(check_table_result(state, table, value, address,
+ reply_name, reply_class,
+ def_acl), FOUND);
+ }
do {
if (flags == 0 || (flags & dict->flags) != 0) {
if ((value = dict_get(dict, addr)) != 0)
@@ -2559,12 +2574,12 @@
*/
dns_status = dns_lookup(domain, type, 0, &server_list,
(VSTRING *) 0, (VSTRING *) 0);
- if (dns_status == DNS_NOTFOUND && h_errno == NO_DATA) {
+ if (dns_status == DNS_NOTFOUND /* Not: h_errno == NO_DATA */ ) {
if (type == T_MX) {
server_list = dns_rr_create(domain, domain, type, C_IN, 0, 0,
domain, strlen(domain) + 1);
dns_status = DNS_OK;
- } else if (type == T_NS) {
+ } else if (type == T_NS && h_errno == NO_DATA) {
while ((domain = strchr(domain, '.')) != 0 && domain[1]) {
domain += 1;
dns_status = dns_lookup(domain, type, 0, &server_list,
@@ -2593,6 +2608,13 @@
if (msg_verbose)
msg_info("%s: %s hostname check: %s",
myname, dns_strtype(type), (char *) server->data);
+ if (valid_hostaddr((char *) server->data, DONT_GRIPE)) {
+ if ((status = check_addr_access(state, table, (char *) server->data,
+ FULL, &found, reply_name, reply_class,
+ def_acl)) != 0 || found)
+ CHECK_SERVER_RETURN(status);
+ continue;
+ }
if ((status = check_domain_access(state, table, (char *) server->data,
FULL, &found, reply_name, reply_class,
Home |
Main Index |
Thread Index |
Old Index