Prereq: "2.11.7" diff -cr --new-file /var/tmp/postfix-2.11.7/src/global/mail_version.h ./src/global/mail_version.h *** /var/tmp/postfix-2.11.7/src/global/mail_version.h 2015-10-10 11:35:58.000000000 -0400 --- ./src/global/mail_version.h 2016-05-15 12:57:28.000000000 -0400 *************** *** 20,27 **** * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20151010" ! #define MAIL_VERSION_NUMBER "2.11.7" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE --- 20,27 ---- * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20150515" ! #define MAIL_VERSION_NUMBER "2.11.8" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -cr --new-file /var/tmp/postfix-2.11.7/HISTORY ./HISTORY *** /var/tmp/postfix-2.11.7/HISTORY 2015-10-10 11:07:12.000000000 -0400 --- ./HISTORY 2016-05-15 13:09:59.000000000 -0400 *************** *** 19728,19730 **** --- 19728,19752 ---- propagate error reports from xtext_unquote_append(), causing the decoder to return partial ouput, instead of rejecting malformed input. Fix by Krzysztof Wojta. File: global/xtext.c. + + 20160310 + + Bugfix (introduced: Postfix 2.6): the Milter SMFIR_CHGFROM + (replace sender) request lost the sender_bcc_maps address. + Fixed by moving some record keeping to the sender output + function. Files: cleanup/cleanup_envelope.c, + cleanup/cleanup_addr.c, cleanup/cleanup_milter.c, + cleanup/cleanup.h, regression tests. + + 20160410 + + Bugfix (introduced: Postfix 2.6): the "bad filetype" + header_checks pattern falsely rejected Content-Mumble headers + with ``name="example"; x-apple-part-url="example.com"''. + Fixed by respecting the ";" separator between content + attribute values. Reported by Cedric Knight. File: + proto/header_checks. + + 20160515 + + Portability: OpenBSD 6.0. Files: makedefs, util/sys_defs.h. diff -cr --new-file /var/tmp/postfix-2.11.7/conf/header_checks ./conf/header_checks *** /var/tmp/postfix-2.11.7/conf/header_checks 2013-06-19 11:03:56.000000000 -0400 --- ./conf/header_checks 2016-04-10 18:06:16.000000000 -0400 *************** *** 445,451 **** # header_checks = pcre:/etc/postfix/header_checks.pcre # # /etc/postfix/header_checks.pcre: ! # /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)( # ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| # hlp|ht[at]| # inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| --- 445,451 ---- # header_checks = pcre:/etc/postfix/header_checks.pcre # # /etc/postfix/header_checks.pcre: ! # /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)( # ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| # hlp|ht[at]| # inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| diff -cr --new-file /var/tmp/postfix-2.11.7/html/header_checks.5.html ./html/header_checks.5.html *** /var/tmp/postfix-2.11.7/html/header_checks.5.html 2013-12-20 19:37:54.000000000 -0500 --- ./html/header_checks.5.html 2016-04-10 18:06:16.000000000 -0400 *************** *** 26,32 **** postmap -q - pcre:/etc/postfix/filename <inputfile DESCRIPTION ! This document describes access control on the content of message head- ers and message body lines; it is implemented by the Postfix cleanup(8) server before mail is queued. See access(5) for access control on remote SMTP client information. --- 26,32 ---- postmap -q - pcre:/etc/postfix/filename <inputfile DESCRIPTION ! This document describes access control on the content of message head‐ ers and message body lines; it is implemented by the Postfix cleanup(8) server before mail is queued. See access(5) for access control on remote SMTP client information. *************** *** 37,50 **** message body line. Note: message headers are examined one logical header at a time, even ! when a message header spans multiple lines. Body lines are always exam- ined one line at a time. For examples, see the EXAMPLES section at the end of this manual page. Postfix header or body_checks are designed to stop a flood of mail from worms or viruses; they do not decode attachments, and they do not unzip ! archives. See the documents referenced below in the README FILES sec- tion if you need more sophisticated content analysis. FILTERS WHILE RECEIVING MAIL --- 37,50 ---- message body line. Note: message headers are examined one logical header at a time, even ! when a message header spans multiple lines. Body lines are always exam‐ ined one line at a time. For examples, see the EXAMPLES section at the end of this manual page. Postfix header or body_checks are designed to stop a flood of mail from worms or viruses; they do not decode attachments, and they do not unzip ! archives. See the documents referenced below in the README FILES sec‐ tion if you need more sophisticated content analysis. FILTERS WHILE RECEIVING MAIL *************** *** 79,85 **** after the message is received: milter_header_checks (default: empty) ! These are applied to headers that are added with Milter applica- tions. This feature is available in Postfix 2.7 and later. --- 79,85 ---- after the message is received: milter_header_checks (default: empty) ! These are applied to headers that are added with Milter applica‐ tions. This feature is available in Postfix 2.7 and later. *************** *** 105,111 **** TABLE FORMAT This document assumes that header and body_checks rules are specified in the form of Postfix regular expression lookup tables. Usually the ! best performance is obtained with pcre (Perl Compatible Regular Expres- sion) tables. The regexp (POSIX regular expressions) tables are usually slower, but more widely available. Use the command "postconf -m" to find out what lookup table types your Postfix system supports. --- 105,111 ---- TABLE FORMAT This document assumes that header and body_checks rules are specified in the form of Postfix regular expression lookup tables. Usually the ! best performance is obtained with pcre (Perl Compatible Regular Expres‐ sion) tables. The regexp (POSIX regular expressions) tables are usually slower, but more widely available. Use the command "postconf -m" to find out what lookup table types your Postfix system supports. *************** *** 115,131 **** or regexp_table(5), respectively. /pattern/flags action ! When /pattern/ matches the input string, execute the correspond- ing action. See below for a list of possible actions. !/pattern/flags action ! When /pattern/ does not match the input string, execute the cor- responding action. if /pattern/flags endif Match the input string against the patterns between if and ! endif, if and only if the same input string also matches /pat- tern/. The if..endif can nest. Note: do not prepend whitespace to patterns inside if..endif. --- 115,131 ---- or regexp_table(5), respectively. /pattern/flags action ! When /pattern/ matches the input string, execute the correspond‐ ing action. See below for a list of possible actions. !/pattern/flags action ! When /pattern/ does not match the input string, execute the cor‐ responding action. if /pattern/flags endif Match the input string against the patterns between if and ! endif, if and only if the same input string also matches /pat‐ tern/. The if..endif can nest. Note: do not prepend whitespace to patterns inside if..endif. *************** *** 133,139 **** if !/pattern/flags endif Match the input string against the patterns between if and ! endif, if and only if the same input string does not match /pat- tern/. The if..endif can nest. blank lines and comments --- 133,139 ---- if !/pattern/flags endif Match the input string against the patterns between if and ! endif, if and only if the same input string does not match /pat‐ tern/. The if..endif can nest. blank lines and comments *************** *** 168,177 **** Claim successful delivery and silently discard the message. Log the optional text if specified, otherwise log a generic message. ! Note: this action disables further header or body_checks inspec- ! tion of the current message and affects all recipients. To dis- card only one recipient without discarding the entire message, ! use the transport(5) table to direct mail to the discard(8) ser- vice. This feature is available in Postfix 2.0 and later. --- 168,177 ---- Claim successful delivery and silently discard the message. Log the optional text if specified, otherwise log a generic message. ! Note: this action disables further header or body_checks inspec‐ ! tion of the current message and affects all recipients. To dis‐ card only one recipient without discarding the entire message, ! use the transport(5) table to direct mail to the discard(8) ser‐ vice. This feature is available in Postfix 2.0 and later. *************** *** 190,197 **** FILTER transport:destination After the message is queued, send the entire message through the specified external content filter. The transport name specifies ! the first field of a mail delivery agent definition in mas- ! ter.cf; the syntax of the next-hop destination is described in the manual page of the corresponding delivery agent. More information about external content filters is in the Postfix FILTER_README file. --- 190,197 ---- FILTER transport:destination After the message is queued, send the entire message through the specified external content filter. The transport name specifies ! the first field of a mail delivery agent definition in mas‐ ! ter.cf; the syntax of the next-hop destination is described in the manual page of the corresponding delivery agent. More information about external content filters is in the Postfix FILTER_README file. *************** *** 200,218 **** transport or destination unless you know that the information has a trusted origin. ! Note 2: this action overrides the main.cf content_filter set- ting, and affects all recipients of the message. In the case ! that multiple FILTER actions fire, only the last one is exe- cuted. Note 3: the purpose of the FILTER command is to override message routing. To override the recipient's transport but not the ! next-hop destination, specify an empty filter destination (Post- fix 2.7 and later), or specify a transport:destination that delivers through a different Postfix instance (Postfix 2.6 and ! earlier). Other options are using the recipient-dependent trans- ! port_maps or the sender-dependent sender_dependent_default- ! _transport_maps features. This feature is available in Postfix 2.0 and later. --- 200,218 ---- transport or destination unless you know that the information has a trusted origin. ! Note 2: this action overrides the main.cf content_filter set‐ ting, and affects all recipients of the message. In the case ! that multiple FILTER actions fire, only the last one is exe‐ cuted. Note 3: the purpose of the FILTER command is to override message routing. To override the recipient's transport but not the ! next-hop destination, specify an empty filter destination (Post‐ fix 2.7 and later), or specify a transport:destination that delivers through a different Postfix instance (Postfix 2.6 and ! earlier). Other options are using the recipient-dependent trans‐‐ ! port_maps or the sender-dependent sender_dependent_default‐‐ ! _transport_maps features. This feature is available in Postfix 2.0 and later. *************** *** 255,273 **** Notes: ! o The prepended text is output on a separate line, immedi- ately before the input that triggered the PREPEND action. ! o The prepended text is not considered part of the input stream: it is not subject to header/body checks or address rewriting, and it does not affect the way that Postfix adds missing message headers. ! o When prepending text before a message header line, the prepended text must begin with a valid message header label. ! o This action cannot be used to prepend multi-line text. This feature is available in Postfix 2.1 and later. --- 255,273 ---- Notes: ! · The prepended text is output on a separate line, immedi‐ ately before the input that triggered the PREPEND action. ! · The prepended text is not considered part of the input stream: it is not subject to header/body checks or address rewriting, and it does not affect the way that Postfix adds missing message headers. ! · When prepending text before a message header line, the prepended text must begin with a valid message header label. ! · This action cannot be used to prepend multi-line text. This feature is available in Postfix 2.1 and later. *************** *** 291,305 **** Replace the current line with the specified text, and inspect the next input line. ! This feature is available in Postfix 2.2 and later. The descrip- tion below applies to Postfix 2.2.2 and later. Notes: ! o When replacing a message header line, the replacement text must begin with a valid header label. ! o The replaced text remains part of the input stream. Unlike the result from the PREPEND action, a replaced message header may be subject to address rewriting and may affect the way that Postfix adds missing message --- 291,305 ---- Replace the current line with the specified text, and inspect the next input line. ! This feature is available in Postfix 2.2 and later. The descrip‐ tion below applies to Postfix 2.2.2 and later. Notes: ! · When replacing a message header line, the replacement text must begin with a valid header label. ! · The replaced text remains part of the input stream. Unlike the result from the PREPEND action, a replaced message header may be subject to address rewriting and may affect the way that Postfix adds missing message *************** *** 310,316 **** optional text is specified, otherwise reply with a generic error message. ! Note: this action disables further header or body_checks inspec- tion of the current message and affects all recipients. Postfix version 2.3 and later support enhanced status codes. --- 310,316 ---- optional text is specified, otherwise reply with a generic error message. ! Note: this action disables further header or body_checks inspec‐ tion of the current message and affects all recipients. Postfix version 2.3 and later support enhanced status codes. *************** *** 333,346 **** Many people overlook the main limitations of header and body_checks rules. ! o These rules operate on one logical message header or one body line at a time. A decision made for one line is not carried over to the next line. ! o If text in the message body is encoded (RFC 2045) then the rules need to be specified for the encoded form. ! o Likewise, when message headers are encoded (RFC 2047) then the rules need to be specified for the encoded form. Message headers added by the cleanup(8) daemon itself are excluded from --- 333,346 ---- Many people overlook the main limitations of header and body_checks rules. ! · These rules operate on one logical message header or one body line at a time. A decision made for one line is not carried over to the next line. ! · If text in the message body is encoded (RFC 2045) then the rules need to be specified for the encoded form. ! · Likewise, when message headers are encoded (RFC 2047) then the rules need to be specified for the encoded form. Message headers added by the cleanup(8) daemon itself are excluded from *************** *** 368,380 **** nested_header_checks (default: $header_checks) Lookup tables with content filter rules for message header lines: respectively, these are applied to the initial message ! headers (not including MIME headers), to the MIME headers any- where in the message, and to the initial headers of attached messages. Note: these filters see one logical message header at a time, even when a message header spans multiple lines. Message headers ! that are longer than $header_size_limit characters are trun- cated. disable_mime_input_processing --- 368,380 ---- nested_header_checks (default: $header_checks) Lookup tables with content filter rules for message header lines: respectively, these are applied to the initial message ! headers (not including MIME headers), to the MIME headers any‐ where in the message, and to the initial headers of attached messages. Note: these filters see one logical message header at a time, even when a message header spans multiple lines. Message headers ! that are longer than $header_size_limit characters are trun‐ cated. disable_mime_input_processing *************** *** 397,403 **** header_checks = pcre:/etc/postfix/header_checks.pcre /etc/postfix/header_checks.pcre: ! /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)( ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| hlp|ht[at]| inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| --- 397,403 ---- header_checks = pcre:/etc/postfix/header_checks.pcre /etc/postfix/header_checks.pcre: ! /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)( ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| hlp|ht[at]| inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| diff -cr --new-file /var/tmp/postfix-2.11.7/html/postscreen.8.html ./html/postscreen.8.html *** /var/tmp/postfix-2.11.7/html/postscreen.8.html 2013-12-20 19:37:52.000000000 -0500 --- ./html/postscreen.8.html 2016-04-11 17:21:45.000000000 -0400 *************** *** 81,90 **** The optional "after 220 server greeting" tests involve postscreen(8)'s built-in SMTP protocol engine. When these tests succeed, postscreen(8) ! adds the client to the temporary whitelist, but it cannot not hand off ! the "live" connection to a Postfix SMTP server process in the middle of ! a session. Instead, postscreen(8) defers attempts to deliver mail with ! a 4XX status, and waits for the client to disconnect. When the client connects again, postscreen(8) will allow the client to talk to a Post- fix SMTP server process (provided that the whitelist status has not expired). postscreen(8) mitigates the impact of this limitation by --- 81,90 ---- The optional "after 220 server greeting" tests involve postscreen(8)'s built-in SMTP protocol engine. When these tests succeed, postscreen(8) ! adds the client to the temporary whitelist, but it cannot hand off the ! "live" connection to a Postfix SMTP server process in the middle of a ! session. Instead, postscreen(8) defers attempts to deliver mail with a ! 4XX status, and waits for the client to disconnect. When the client connects again, postscreen(8) will allow the client to talk to a Post- fix SMTP server process (provided that the whitelist status has not expired). postscreen(8) mitigates the impact of this limitation by diff -cr --new-file /var/tmp/postfix-2.11.7/man/man5/header_checks.5 ./man/man5/header_checks.5 *** /var/tmp/postfix-2.11.7/man/man5/header_checks.5 2013-06-19 11:03:56.000000000 -0400 --- ./man/man5/header_checks.5 2016-04-10 18:06:16.000000000 -0400 *************** *** 422,428 **** header_checks = pcre:/etc/postfix/header_checks.pcre /etc/postfix/header_checks.pcre: ! /^Content-(Disposition|Type).*name\es*=\es*"?(.*(\e.|=2E)( ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| hlp|ht[at]| inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| --- 422,428 ---- header_checks = pcre:/etc/postfix/header_checks.pcre /etc/postfix/header_checks.pcre: ! /^Content-(Disposition|Type).*name\es*=\es*"?([^;]*(\e.|=2E)( ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| hlp|ht[at]| inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| diff -cr --new-file /var/tmp/postfix-2.11.7/man/man8/postscreen.8 ./man/man8/postscreen.8 *** /var/tmp/postfix-2.11.7/man/man8/postscreen.8 2013-09-28 21:03:32.000000000 -0400 --- ./man/man8/postscreen.8 2016-04-11 17:21:45.000000000 -0400 *************** *** 93,99 **** The optional "after 220 server greeting" tests involve \fBpostscreen\fR(8)'s built-in SMTP protocol engine. When these tests succeed, \fBpostscreen\fR(8) adds the client ! to the temporary whitelist, but it cannot not hand off the "live" connection to a Postfix SMTP server process in the middle of a session. Instead, \fBpostscreen\fR(8) defers attempts to deliver mail with a 4XX status, and waits for --- 93,99 ---- The optional "after 220 server greeting" tests involve \fBpostscreen\fR(8)'s built-in SMTP protocol engine. When these tests succeed, \fBpostscreen\fR(8) adds the client ! to the temporary whitelist, but it cannot hand off the "live" connection to a Postfix SMTP server process in the middle of a session. Instead, \fBpostscreen\fR(8) defers attempts to deliver mail with a 4XX status, and waits for diff -cr --new-file /var/tmp/postfix-2.11.7/proto/Makefile.in ./proto/Makefile.in *** /var/tmp/postfix-2.11.7/proto/Makefile.in 2013-12-18 14:36:19.000000000 -0500 --- ./proto/Makefile.in 2016-04-10 18:02:03.000000000 -0400 *************** *** 98,104 **** SRCTOMAN= ../mantools/srctoman POSTLINK= ../mantools/postlink DETAB = pr -tre ! NROFF = GROFF_NO_SGR=1 nroff HT2READ = ../mantools/html2readme MAKEAAA = ../mantools/makereadme MAKESOHO= ../mantools/make_soho_readme --- 98,104 ---- SRCTOMAN= ../mantools/srctoman POSTLINK= ../mantools/postlink DETAB = pr -tre ! NROFF = LANG=C GROFF_NO_SGR=1 nroff HT2READ = ../mantools/html2readme MAKEAAA = ../mantools/makereadme MAKESOHO= ../mantools/make_soho_readme diff -cr --new-file /var/tmp/postfix-2.11.7/proto/header_checks ./proto/header_checks *** /var/tmp/postfix-2.11.7/proto/header_checks 2013-06-19 11:03:47.000000000 -0400 --- ./proto/header_checks 2016-04-10 18:06:14.000000000 -0400 *************** *** 421,427 **** # header_checks = pcre:/etc/postfix/header_checks.pcre # # /etc/postfix/header_checks.pcre: ! # /^Content-(Disposition|Type).*name\es*=\es*"?(.*(\e.|=2E)( # ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| # hlp|ht[at]| # inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| --- 421,427 ---- # header_checks = pcre:/etc/postfix/header_checks.pcre # # /etc/postfix/header_checks.pcre: ! # /^Content-(Disposition|Type).*name\es*=\es*"?([^;]*(\e.|=2E)( # ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| # hlp|ht[at]| # inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| diff -cr --new-file /var/tmp/postfix-2.11.7/src/cleanup/cleanup.h ./src/cleanup/cleanup.h *** /var/tmp/postfix-2.11.7/src/cleanup/cleanup.h 2014-10-18 17:14:21.000000000 -0400 --- ./src/cleanup/cleanup.h 2016-04-10 18:14:21.000000000 -0400 *************** *** 284,290 **** /* * cleanup_addr.c. */ ! extern void cleanup_addr_sender(CLEANUP_STATE *, const char *); extern void cleanup_addr_recipient(CLEANUP_STATE *, const char *); extern void cleanup_addr_bcc_dsn(CLEANUP_STATE *, const char *, const char *, int); --- 284,290 ---- /* * cleanup_addr.c. */ ! extern off_t cleanup_addr_sender(CLEANUP_STATE *, const char *); extern void cleanup_addr_recipient(CLEANUP_STATE *, const char *); extern void cleanup_addr_bcc_dsn(CLEANUP_STATE *, const char *, const char *, int); diff -cr --new-file /var/tmp/postfix-2.11.7/src/cleanup/cleanup_addr.c ./src/cleanup/cleanup_addr.c *** /var/tmp/postfix-2.11.7/src/cleanup/cleanup_addr.c 2013-11-14 14:54:09.000000000 -0500 --- ./src/cleanup/cleanup_addr.c 2016-05-12 10:52:05.000000000 -0400 *************** *** 6,12 **** /* SYNOPSIS /* #include /* ! /* void cleanup_addr_sender(state, addr) /* CLEANUP_STATE *state; /* const char *addr; /* --- 6,12 ---- /* SYNOPSIS /* #include /* ! /* off_t cleanup_addr_sender(state, addr) /* CLEANUP_STATE *state; /* const char *addr; /* *************** *** 29,35 **** /* sender/recipient auto bcc address generation. /* /* cleanup_addr_sender() processes sender envelope information and updates ! /* state->sender. /* /* cleanup_addr_recipient() processes recipient envelope information /* and updates state->recip. --- 29,36 ---- /* sender/recipient auto bcc address generation. /* /* cleanup_addr_sender() processes sender envelope information and updates ! /* state->sender. The result value is the offset of the record that ! /* follows the sender record if milters are enabled, otherwise zero. /* /* cleanup_addr_recipient() processes recipient envelope information /* and updates state->recip. *************** *** 85,90 **** --- 86,92 ---- /* Global library. */ #include + #include #include #include #include *************** *** 99,112 **** #include "cleanup.h" #define STR vstring_str #define IGNORE_EXTENSION (char **) 0 /* cleanup_addr_sender - process envelope sender record */ ! void cleanup_addr_sender(CLEANUP_STATE *state, const char *buf) { VSTRING *clean_addr = vstring_alloc(100); const char *bcc; /* * Note: an unqualified envelope address is for all practical purposes --- 101,118 ---- #include "cleanup.h" #define STR vstring_str + #define LEN VSTRING_LEN #define IGNORE_EXTENSION (char **) 0 /* cleanup_addr_sender - process envelope sender record */ ! off_t cleanup_addr_sender(CLEANUP_STATE *state, const char *buf) { + const char myname[] = "cleanup_addr_sender"; VSTRING *clean_addr = vstring_alloc(100); + off_t after_sender_offs = 0; const char *bcc; + size_t len; /* * Note: an unqualified envelope address is for all practical purposes *************** *** 142,147 **** --- 148,162 ---- if (state->sender) /* XXX Can't happen */ myfree(state->sender); state->sender = mystrdup(STR(clean_addr)); /* Used by Milter client */ + /* Fix 20160310: Moved from cleanup_envelope.c. */ + if (state->milters || cleanup_milters) { + /* Make room to replace sender. */ + if ((len = LEN(clean_addr)) < REC_TYPE_PTR_PAYL_SIZE) + rec_pad(state->dst, REC_TYPE_PTR, REC_TYPE_PTR_PAYL_SIZE - len); + /* Remember the after-sender record offset. */ + if ((after_sender_offs = vstream_ftell(state->dst)) < 0) + msg_fatal("%s: vstream_ftell %s: %m:", myname, cleanup_path); + } if ((state->flags & CLEANUP_FLAG_BCC_OK) && *STR(clean_addr) && cleanup_send_bcc_maps) { *************** *** 156,161 **** --- 171,177 ---- } } vstring_free(clean_addr); + return after_sender_offs; } /* cleanup_addr_recipient - process envelope recipient */ diff -cr --new-file /var/tmp/postfix-2.11.7/src/cleanup/cleanup_envelope.c ./src/cleanup/cleanup_envelope.c *** /var/tmp/postfix-2.11.7/src/cleanup/cleanup_envelope.c 2009-06-05 21:24:50.000000000 -0400 --- ./src/cleanup/cleanup_envelope.c 2016-04-10 18:14:21.000000000 -0400 *************** *** 370,375 **** --- 370,377 ---- return; } if (type == REC_TYPE_FROM) { + off_t after_sender_offs; + /* Allow only one instance. */ if (state->sender != 0) { msg_warn("%s: message rejected: multiple envelope sender records", *************** *** 382,395 **** if ((state->sender_pt_offset = vstream_ftell(state->dst)) < 0) msg_fatal("%s: vstream_ftell %s: %m:", myname, cleanup_path); } ! cleanup_addr_sender(state, buf); if (state->milters || cleanup_milters) { - /* Make room to replace sender. */ - if ((len = strlen(state->sender)) < REC_TYPE_PTR_PAYL_SIZE) - rec_pad(state->dst, REC_TYPE_PTR, REC_TYPE_PTR_PAYL_SIZE - len); /* Remember the after-sender record offset. */ ! if ((state->sender_pt_target = vstream_ftell(state->dst)) < 0) ! msg_fatal("%s: vstream_ftell %s: %m:", myname, cleanup_path); } if (cleanup_milters != 0 && state->milters == 0 --- 384,393 ---- if ((state->sender_pt_offset = vstream_ftell(state->dst)) < 0) msg_fatal("%s: vstream_ftell %s: %m:", myname, cleanup_path); } ! after_sender_offs = cleanup_addr_sender(state, buf); if (state->milters || cleanup_milters) { /* Remember the after-sender record offset. */ ! state->sender_pt_target = after_sender_offs; } if (cleanup_milters != 0 && state->milters == 0 diff -cr --new-file /var/tmp/postfix-2.11.7/src/cleanup/cleanup_milter.c ./src/cleanup/cleanup_milter.c *** /var/tmp/postfix-2.11.7/src/cleanup/cleanup_milter.c 2014-10-18 17:14:21.000000000 -0400 --- ./src/cleanup/cleanup_milter.c 2016-05-15 15:02:13.000000000 -0400 *************** *** 1304,1309 **** --- 1304,1310 ---- const char *myname = "cleanup_chg_from"; CLEANUP_STATE *state = (CLEANUP_STATE *) context; off_t new_sender_offset; + off_t after_sender_offs; int addr_count; TOK822 *tree; TOK822 *tp; *************** *** 1367,1376 **** } } tok822_free_tree(tree); ! cleanup_addr_sender(state, STR(int_sender_buf)); vstring_free(int_sender_buf); cleanup_out_format(state, REC_TYPE_PTR, REC_TYPE_PTR_FORMAT, (long) state->sender_pt_target); /* * Overwrite the original sender record with the pointer to the new --- 1368,1378 ---- } } tok822_free_tree(tree); ! after_sender_offs = cleanup_addr_sender(state, STR(int_sender_buf)); vstring_free(int_sender_buf); cleanup_out_format(state, REC_TYPE_PTR, REC_TYPE_PTR_FORMAT, (long) state->sender_pt_target); + state->sender_pt_target = after_sender_offs; /* * Overwrite the original sender record with the pointer to the new *************** *** 2517,2522 **** --- 2519,2537 ---- var_milt_head_checks = mystrdup(argv->argv[1]); cleanup_milter_header_checks_init(state); } + } else if (strcmp(argv->argv[0], "sender_bcc_maps") == 0) { + if (argv->argc != 2) { + msg_warn("bad sender_bcc_maps argument count: %ld", + (long) argv->argc); + } else { + if (cleanup_send_bcc_maps) + maps_free(cleanup_send_bcc_maps); + cleanup_send_bcc_maps = + maps_create("sender_bcc_maps", argv->argv[1], + DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); + state->flags |= CLEANUP_FLAG_BCC_OK; + var_rcpt_delim = ""; + } } else { msg_warn("bad command: %s", argv->argv[0]); } diff -cr --new-file /var/tmp/postfix-2.11.7/src/postscreen/postscreen.c ./src/postscreen/postscreen.c *** /var/tmp/postfix-2.11.7/src/postscreen/postscreen.c 2013-09-28 20:16:31.000000000 -0400 --- ./src/postscreen/postscreen.c 2016-04-11 08:51:26.000000000 -0400 *************** *** 79,85 **** /* The optional "after 220 server greeting" tests involve /* \fBpostscreen\fR(8)'s built-in SMTP protocol engine. When /* these tests succeed, \fBpostscreen\fR(8) adds the client ! /* to the temporary whitelist, but it cannot not hand off the /* "live" connection to a Postfix SMTP server process in the /* middle of a session. Instead, \fBpostscreen\fR(8) defers /* attempts to deliver mail with a 4XX status, and waits for --- 79,85 ---- /* The optional "after 220 server greeting" tests involve /* \fBpostscreen\fR(8)'s built-in SMTP protocol engine. When /* these tests succeed, \fBpostscreen\fR(8) adds the client ! /* to the temporary whitelist, but it cannot hand off the /* "live" connection to a Postfix SMTP server process in the /* middle of a session. Instead, \fBpostscreen\fR(8) defers /* attempts to deliver mail with a 4XX status, and waits for