diff -cr /var/tmp/postfix-2.3.5/src/global/mail_version.h ./src/global/mail_version.h
*** /var/tmp/postfix-2.3.5/src/global/mail_version.h Mon Dec 11 20:43:55 2006
--- ./src/global/mail_version.h Mon Jan 1 15:58:41 2007
***************
*** 20,27 ****
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
! #define MAIL_RELEASE_DATE "20061211"
! #define MAIL_VERSION_NUMBER "2.3.5"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
--- 20,27 ----
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
! #define MAIL_RELEASE_DATE "20070102"
! #define MAIL_VERSION_NUMBER "2.3.6"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
diff -cr /var/tmp/postfix-2.3.5/HISTORY ./HISTORY
*** /var/tmp/postfix-2.3.5/HISTORY Sun Dec 10 15:05:41 2006
--- ./HISTORY Mon Jan 1 15:56:59 2007
***************
*** 12860,12864 ****
Cleanup: document under what conditions these protections
work, with REENTRANCY sections in the relevant man pages.
! Files: util/vbuf.c. util/msg.c, util/msg_output.c.
--- 12860,12909 ----
Cleanup: document under what conditions these protections
work, with REENTRANCY sections in the relevant man pages.
! Files: util/vbuf_print.c. util/msg.c, util/msg_output.c.
+ 20061211
+
+ Cleanup: when doing server access control by the remote TLS
+ client fingerprint, do not require client certificate
+ verification. Victor Duchovni. File: smtpd/smtpd_check.c.
+
+ Safety: when the remote TLS client certificate isn't verified,
+ don't send ccert_subject and ccert_issuer attributes in
+ check_policy_service requests. Victor Duchovni. File:
+ smtpd/smtpd_check.c.
+
+ Bugfix: the postconf command still complained about an
+ unqualified machine name, because it was not updated with
+ the 20050513 change that introduced a default "mydomain =
+ localdomain". File: postconf/postconf.c.
+
+ 20061213
+
+ Cleanup: the sendmail and postqueue commands no longer
+ terminate with a non-standard error status after a run-time
+ error in some Postfix internal routine (typically, some
+ essential file is not accessible, or the system is out of
+ memory). Files: sendmail/sendmail.c, postqueue/postqueue.c.
+
+ 20061220
+
+ Workaround: PMilter 0.95 does not deliver SMFIC_EOB+data
+ to the application as SMFIC_BODY+data followed by SMFIC_EOB.
+ To avoid compatibility problems, Postfix now sends
+ SMFIC_BODY+data followed by SMFIC_EOB. File: milter/milter8.c.
+
+ Bugfix (introduced with Postfix 2.3): when inserting
+ Milter-generated headers at increasing positions in a
+ message, a later header could end up at a previously used
+ insertion point. Thus, inserting headers at positions (N,
+ N+M) could work as if (N, N) had been specified. Problem
+ reported by Mark Martinec. File: milter/milter8.c.
+
+ 20061227
+
+ Bugfix (introduced with Postfix 2.3): the MX hostname syntax
+ check was skipped with reject_unknown_helo_hostname and
+ reject_unknown_sender/recipient_domain, so that Postfix
+ would still accept mail from domains with a zero-length MX
+ hostname. File: smtpd/smtpd_check.c.
diff -cr /var/tmp/postfix-2.3.5/README_FILES/FILTER_README ./README_FILES/FILTER_README
*** /var/tmp/postfix-2.3.5/README_FILES/FILTER_README Wed Jul 12 09:33:05 2006
--- ./README_FILES/FILTER_README Sun Dec 24 17:08:06 2006
***************
*** 331,336 ****
--- 331,337 ----
scan unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o disable_mime_output_conversion=yes
+ -o smtp_generic_maps=
* This runs up to 10 content filters in parallel. Instead of a limit of 10
concurrent processes, use whatever process limit is feasible for your
***************
*** 348,353 ****
--- 349,358 ----
the breaking of domainkeys and other digital signatures. This is needed
because some SMTP-based content filters don't announce 8BITMIME support,
even though they can handle it just fine.
+
+ * The "-o smtp_generic_maps=" is a workaround that prevents local address
+ rewriting with generic(5) maps. Such rewriting should happen only when mail
+ is sent out to the Internet.
A�Ad�dv�va�an�nc�ce�ed�d c�co�on�nt�te�en�nt�t f�fi�il�lt�te�er�r:�: r�ru�un�nn�ni�in�ng�g t�th�he�e c�co�on�nt�te�en�nt�t f�fi�il�lt�te�er�r
diff -cr /var/tmp/postfix-2.3.5/RELEASE_NOTES ./RELEASE_NOTES
*** /var/tmp/postfix-2.3.5/RELEASE_NOTES Sun Aug 6 10:36:21 2006
--- ./RELEASE_NOTES Sun Dec 24 19:14:23 2006
***************
*** 11,16 ****
--- 11,30 ----
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
+ Incompatible changes with Postfix 2.3.6
+ ---------------------------------------
+
+ The check_smtpd_policy client sends TLS certificate attributes
+ (client ccert_subject, ccert_issuer) only after successful client
+ certificate verification. The reason is that the certification
+ verification status itself is not available in the policy request.
+
+ The check_smtpd_policy client sends TLS certificate fingerprint
+ information even when the certificate itself was not verified.
+
+ The remote SMTP client TLS certificate fingerprint can be used for
+ access control even when the certificate itself was not verified.
+
Incompatible changes with Postfix 2.3.3
---------------------------------------
diff -cr /var/tmp/postfix-2.3.5/html/FILTER_README.html ./html/FILTER_README.html
*** /var/tmp/postfix-2.3.5/html/FILTER_README.html Wed Jul 12 09:33:04 2006
--- ./html/FILTER_README.html Sun Dec 24 17:08:06 2006
***************
*** 616,621 ****
--- 616,622 ----
scan unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o disable_mime_output_conversion=yes
+ -o smtp_generic_maps=
***************
*** 638,643 ****
--- 639,648 ----
that prevents the breaking of domainkeys and other digital signatures.
This is needed because some SMTP-based content filters don't announce
8BITMIME support, even though they can handle it just fine.
+
+ The "-o smtp_generic_maps=" is a workaround that prevents
+ local address rewriting with generic(5) maps. Such rewriting should
+ happen only when mail is sent out to the Internet.
diff -cr /var/tmp/postfix-2.3.5/html/postconf.5.html ./html/postconf.5.html
*** /var/tmp/postfix-2.3.5/html/postconf.5.html Sun Sep 3 15:21:50 2006
--- ./html/postconf.5.html Sun Dec 24 19:27:37 2006
***************
*** 9099,9107 ****
check_ccert_access type:table
! When the remote SMTP client certificate is verified successfully,
! use the client certificate fingerprint as lookup key for the specified
! access(5) database. This feature is available with Postfix version 2.2.
check_client_access type:table
--- 9099,9108 ----
check_ccert_access type:table
! Use the client certificate fingerprint as lookup key for the
! specified access(5) database; with Postfix version 2.2, also require
! that the SMTP client certificate is verified successfully. This
! feature is available with Postfix version 2.2 and later.
check_client_access type:table
diff -cr /var/tmp/postfix-2.3.5/man/man5/postconf.5 ./man/man5/postconf.5
*** /var/tmp/postfix-2.3.5/man/man5/postconf.5 Sun Sep 3 15:21:50 2006
--- ./man/man5/postconf.5 Sun Dec 24 19:27:37 2006
***************
*** 5360,5368 ****
The following restrictions are specific to client hostname or
client network address information.
.IP "\fBcheck_ccert_access \fItype:table\fR\fR"
! When the remote SMTP client certificate is verified successfully,
! use the client certificate fingerprint as lookup key for the specified
! \fBaccess\fR(5) database. This feature is available with Postfix version 2.2.
.IP "\fBcheck_client_access \fItype:table\fR\fR"
Search the specified access database for the client hostname,
parent domains, client IP address, or networks obtained by stripping
--- 5360,5369 ----
The following restrictions are specific to client hostname or
client network address information.
.IP "\fBcheck_ccert_access \fItype:table\fR\fR"
! Use the client certificate fingerprint as lookup key for the
! specified \fBaccess\fR(5) database; with Postfix version 2.2, also require
! that the SMTP client certificate is verified successfully. This
! feature is available with Postfix version 2.2 and later.
.IP "\fBcheck_client_access \fItype:table\fR\fR"
Search the specified access database for the client hostname,
parent domains, client IP address, or networks obtained by stripping
diff -cr /var/tmp/postfix-2.3.5/proto/FILTER_README.html ./proto/FILTER_README.html
*** /var/tmp/postfix-2.3.5/proto/FILTER_README.html Wed Jul 12 09:23:10 2006
--- ./proto/FILTER_README.html Sun Dec 24 17:05:22 2006
***************
*** 616,621 ****
--- 616,622 ----
scan unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o disable_mime_output_conversion=yes
+ -o smtp_generic_maps=
***************
*** 638,643 ****
--- 639,648 ----
that prevents the breaking of domainkeys and other digital signatures.
This is needed because some SMTP-based content filters don't announce
8BITMIME support, even though they can handle it just fine.
+
+ The "-o smtp_generic_maps=" is a workaround that prevents
+ local address rewriting with generic(5) maps. Such rewriting should
+ happen only when mail is sent out to the Internet.
diff -cr /var/tmp/postfix-2.3.5/proto/postconf.proto ./proto/postconf.proto
*** /var/tmp/postfix-2.3.5/proto/postconf.proto Sun Sep 3 15:21:00 2006
--- ./proto/postconf.proto Sun Dec 24 19:26:51 2006
***************
*** 4557,4565 ****
check_ccert_access type:table
! When the remote SMTP client certificate is verified successfully,
! use the client certificate fingerprint as lookup key for the specified
! access(5) database. This feature is available with Postfix version 2.2.
check_client_access type:table
--- 4557,4566 ----
check_ccert_access type:table
! Use the client certificate fingerprint as lookup key for the
! specified access(5) database; with Postfix version 2.2, also require
! that the SMTP client certificate is verified successfully. This
! feature is available with Postfix version 2.2 and later.
check_client_access type:table
diff -cr /var/tmp/postfix-2.3.5/src/cleanup/cleanup_milter.c ./src/cleanup/cleanup_milter.c
*** /var/tmp/postfix-2.3.5/src/cleanup/cleanup_milter.c Fri Dec 1 21:19:42 2006
--- ./src/cleanup/cleanup_milter.c Wed Dec 20 19:44:08 2006
***************
*** 401,406 ****
--- 401,410 ----
*
* Thus, header insert operations are relative to the content as delivered,
* that is, the content including our own Received: header.
+ *
+ * None of the above is applicable after a Milter inserts a header before
+ * our own Received: header. From then on, our own Received: header
+ * becomes just like other headers.
*/
#define CLEANUP_FIND_HEADER_NOTFOUND (-1)
#define CLEANUP_FIND_HEADER_IOERROR (-2)
***************
*** 460,467 ****
}
/* The middle of a multi-record header. */
else if (last_type == REC_TYPE_CONT || IS_SPACE_TAB(STR(buf)[0])) {
! /* Reset the saved PTR record. */
! ptr_offset = 0;
}
/* No more message headers. */
else if ((len = is_header(STR(buf))) == 0) {
--- 464,470 ----
}
/* The middle of a multi-record header. */
else if (last_type == REC_TYPE_CONT || IS_SPACE_TAB(STR(buf)[0])) {
! /* Reset the saved PTR record and update last_type. */
}
/* No more message headers. */
else if ((len = is_header(STR(buf))) == 0) {
***************
*** 469,475 ****
}
/* This the start of a message header. */
else if (hdr_count++ < skip_headers)
! continue;
else if ((header_label == 0
|| (strncasecmp(header_label, STR(buf), len) == 0
&& (IS_SPACE_TAB(STR(buf)[len])
--- 472,478 ----
}
/* This the start of a message header. */
else if (hdr_count++ < skip_headers)
! /* Reset the saved PTR record and update last_type. */ ;
else if ((header_label == 0
|| (strncasecmp(header_label, STR(buf), len) == 0
&& (IS_SPACE_TAB(STR(buf)[len])
***************
*** 478,483 ****
--- 481,487 ----
/* If we have a saved PTR record, it points to start of header. */
break;
}
+ ptr_offset = 0;
last_type = rec_type;
}
diff -cr /var/tmp/postfix-2.3.5/src/milter/milter8.c ./src/milter/milter8.c
*** /var/tmp/postfix-2.3.5/src/milter/milter8.c Tue Dec 5 19:20:51 2006
--- ./src/milter/milter8.c Sun Dec 24 16:23:47 2006
***************
*** 570,579 ****
break;
/*
! * Raw on-the-wire format.
*/
case MILTER8_DATA_BUFFER:
! if (data_left < 1) {
msg_warn("milter %s: no data in input packet", milter->m.name);
return (milter8_comm_error(milter));
}
--- 570,579 ----
break;
/*
! * Raw on-the-wire format, without explicit null terminator.
*/
case MILTER8_DATA_BUFFER:
! if (data_left < 0) {
msg_warn("milter %s: no data in input packet", milter->m.name);
return (milter8_comm_error(milter));
}
***************
*** 2078,2091 ****
vstring_memcat(milter->body, bp, count);
bp += count;
todo -= count;
! /* Flush body chunk buffer when full. */
if (LEN(milter->body) == MILTER_CHUNK_SIZE) {
msg_ctx->resp =
milter8_event(milter, SMFIC_BODY, SMFIP_NOBODY,
DONT_SKIP_REPLY, msg_ctx->macros,
MILTER8_DATA_BUFFER, milter->body,
MILTER8_DATA_END);
! if (msg_ctx->resp != 0 || milter->state != MILTER8_STAT_MESSAGE)
break;
VSTRING_RESET(milter->body);
}
--- 2078,2091 ----
vstring_memcat(milter->body, bp, count);
bp += count;
todo -= count;
! /* Flush body chunk buffer when full. See also milter8_eob(). */
if (LEN(milter->body) == MILTER_CHUNK_SIZE) {
msg_ctx->resp =
milter8_event(milter, SMFIC_BODY, SMFIP_NOBODY,
DONT_SKIP_REPLY, msg_ctx->macros,
MILTER8_DATA_BUFFER, milter->body,
MILTER8_DATA_END);
! if (MILTER8_MESSAGE_DONE(milter, msg_ctx))
break;
VSTRING_RESET(milter->body);
}
***************
*** 2110,2119 ****
return;
if (msg_verbose)
msg_info("%s: eob milter %s", myname, milter->m.name);
msg_ctx->resp =
milter8_event(msg_ctx->milter, SMFIC_BODYEOB, 0,
DONT_SKIP_REPLY, msg_ctx->macros,
- MILTER8_DATA_BUFFER, milter->body,
MILTER8_DATA_END);
}
--- 2110,2139 ----
return;
if (msg_verbose)
msg_info("%s: eob milter %s", myname, milter->m.name);
+
+ /*
+ * Flush partial body chunk buffer. See also milter8_body().
+ *
+ * XXX Sendmail 8 libmilter accepts SMFIC_EOB+data, and delivers it to the
+ * application as two events: SMFIC_BODY+data followed by SMFIC_EOB. This
+ * breaks with the PMilter 0.95 protocol re-implementation, which
+ * delivers the SMFIC_EOB event and ignores the data. To avoid such
+ * compatibility problems we separate the events in the client. With
+ * this, we also prepare for a future where different event types can
+ * have different macro lists.
+ */
+ if (LEN(milter->body) > 0) {
+ msg_ctx->resp =
+ milter8_event(milter, SMFIC_BODY, SMFIP_NOBODY,
+ DONT_SKIP_REPLY, msg_ctx->macros,
+ MILTER8_DATA_BUFFER, milter->body,
+ MILTER8_DATA_END);
+ if (MILTER8_MESSAGE_DONE(milter, msg_ctx))
+ return;
+ }
msg_ctx->resp =
milter8_event(msg_ctx->milter, SMFIC_BODYEOB, 0,
DONT_SKIP_REPLY, msg_ctx->macros,
MILTER8_DATA_END);
}
diff -cr /var/tmp/postfix-2.3.5/src/postconf/postconf.c ./src/postconf/postconf.c
*** /var/tmp/postfix-2.3.5/src/postconf/postconf.c Fri Mar 24 15:09:13 2006
--- ./src/postconf/postconf.c Tue Dec 12 18:04:33 2006
***************
*** 381,397 ****
/*
* If the local machine name is not in FQDN form, try to append the
* contents of $mydomain.
- *
- * XXX Do not complain when running as "postconf -d".
*/
name = get_hostname();
! if ((cmd_mode & SHOW_DEFS) == 0 && (dot = strchr(name, '.')) == 0) {
! if ((domain = mail_conf_lookup_eval(VAR_MYDOMAIN)) == 0) {
! msg_warn("My hostname %s is not a fully qualified name - set %s or %s in %s/main.cf",
! name, VAR_MYHOSTNAME, VAR_MYDOMAIN, var_config_dir);
! } else {
! name = concatenate(name, ".", domain, (char *) 0);
! }
}
return (name);
}
--- 381,392 ----
/*
* If the local machine name is not in FQDN form, try to append the
* contents of $mydomain.
*/
name = get_hostname();
! if ((dot = strchr(name, '.')) == 0) {
! if ((domain = mail_conf_lookup_eval(VAR_MYDOMAIN)) == 0)
! domain = DEF_MYDOMAIN;
! name = concatenate(name, ".", domain, (char *) 0);
}
return (name);
}
***************
*** 420,426 ****
if (var_myhostname == 0)
get_myhostname();
if ((dot = strchr(var_myhostname, '.')) == 0 || strchr(dot + 1, '.') == 0)
! return (var_myhostname);
return (dot + 1);
}
--- 415,421 ----
if (var_myhostname == 0)
get_myhostname();
if ((dot = strchr(var_myhostname, '.')) == 0 || strchr(dot + 1, '.') == 0)
! return (DEF_MYDOMAIN);
return (dot + 1);
}
diff -cr /var/tmp/postfix-2.3.5/src/postqueue/postqueue.c ./src/postqueue/postqueue.c
*** /var/tmp/postfix-2.3.5/src/postqueue/postqueue.c Thu Jan 12 15:18:56 2006
--- ./src/postqueue/postqueue.c Mon Dec 18 17:24:10 2006
***************
*** 363,368 ****
--- 363,375 ----
}
}
+ /* unavailable - sanitize exit status from library run-time errors */
+
+ static void unavailable(void)
+ {
+ exit(EX_UNAVAILABLE);
+ }
+
/* usage - scream and die */
static NORETURN usage(void)
***************
*** 406,411 ****
--- 413,419 ----
if ((slash = strrchr(argv[0], '/')) != 0 && slash[1])
argv[0] = slash + 1;
msg_vstream_init(argv[0], VSTREAM_ERR);
+ msg_cleanup(unavailable);
msg_syslog_init(mail_task("postqueue"), LOG_PID, LOG_FACILITY);
set_mail_conf_str(VAR_PROCNAME, var_procname = mystrdup(argv[0]));
diff -cr /var/tmp/postfix-2.3.5/src/sendmail/sendmail.c ./src/sendmail/sendmail.c
*** /var/tmp/postfix-2.3.5/src/sendmail/sendmail.c Thu Sep 28 07:06:23 2006
--- ./src/sendmail/sendmail.c Mon Dec 18 17:19:03 2006
***************
*** 885,890 ****
--- 885,897 ----
myfree(saved_sender);
}
+ /* tempfail - sanitize exit status after library run-time error */
+
+ static void tempfail(void)
+ {
+ exit(EX_TEMPFAIL);
+ }
+
/* main - the main program */
int main(int argc, char **argv)
***************
*** 952,957 ****
--- 959,965 ----
if ((slash = strrchr(argv[0], '/')) != 0 && slash[1])
argv[0] = slash + 1;
msg_vstream_init(argv[0], VSTREAM_ERR);
+ msg_cleanup(tempfail);
msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY);
set_mail_conf_str(VAR_PROCNAME, var_procname = mystrdup(argv[0]));
diff -cr /var/tmp/postfix-2.3.5/src/smtpd/smtpd_check.c ./src/smtpd/smtpd_check.c
*** /var/tmp/postfix-2.3.5/src/smtpd/smtpd_check.c Fri Jul 7 16:32:43 2006
--- ./src/smtpd/smtpd_check.c Fri Dec 29 12:23:38 2006
***************
*** 1142,1147 ****
--- 1142,1148 ----
{
const char *myname = "reject_unknown_hostname";
int dns_status;
+ DNS_RR *dummy;
if (msg_verbose)
msg_info("%s: %s", myname, name);
***************
*** 1152,1166 ****
#define RR_ADDR_TYPES T_A
#endif
! dns_status = dns_lookup_l(name, 0, (DNS_RR **) 0, (VSTRING *) 0,
(VSTRING *) 0, DNS_REQ_FLAG_STOP_OK,
RR_ADDR_TYPES, T_MX, 0);
if (dns_status != DNS_OK) { /* incl. DNS_INVAL */
if (dns_status != DNS_RETRY)
return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
var_unk_name_code, "4.7.1",
! "<%s>: %s rejected: Host not found",
! reply_name, reply_class));
else
DEFER_IF_PERMIT2(state, MAIL_ERROR_POLICY,
450, "4.7.1",
--- 1153,1172 ----
#define RR_ADDR_TYPES T_A
#endif
! dns_status = dns_lookup_l(name, 0, &dummy, (VSTRING *) 0,
(VSTRING *) 0, DNS_REQ_FLAG_STOP_OK,
RR_ADDR_TYPES, T_MX, 0);
+ if (dummy)
+ dns_rr_free(dummy);
if (dns_status != DNS_OK) { /* incl. DNS_INVAL */
if (dns_status != DNS_RETRY)
return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
var_unk_name_code, "4.7.1",
! "<%s>: %s rejected: %s",
! reply_name, reply_class,
! dns_status == DNS_INVAL ?
! "Malformed DNS server reply" :
! "Host not found"));
else
DEFER_IF_PERMIT2(state, MAIL_ERROR_POLICY,
450, "4.7.1",
***************
*** 1177,1199 ****
{
const char *myname = "reject_unknown_mailhost";
int dns_status;
if (msg_verbose)
msg_info("%s: %s", myname, name);
#define MAILHOST_LOOKUP_FLAGS (DNS_REQ_FLAG_STOP_OK | DNS_REQ_FLAG_STOP_INVAL)
! dns_status = dns_lookup_l(name, 0, (DNS_RR **) 0, (VSTRING *) 0,
(VSTRING *) 0, MAILHOST_LOOKUP_FLAGS,
T_MX, RR_ADDR_TYPES, 0);
if (dns_status != DNS_OK) { /* incl. DNS_INVAL */
if (dns_status != DNS_RETRY)
return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
var_unk_addr_code,
strcmp(reply_class, SMTPD_NAME_SENDER) == 0 ?
"4.1.8" : "4.1.2",
! "<%s>: %s rejected: Domain not found",
! reply_name, reply_class));
else
DEFER_IF_PERMIT2(state, MAIL_ERROR_POLICY,
450, strcmp(reply_class, SMTPD_NAME_SENDER) == 0 ?
--- 1183,1211 ----
{
const char *myname = "reject_unknown_mailhost";
int dns_status;
+ DNS_RR *dummy;
if (msg_verbose)
msg_info("%s: %s", myname, name);
#define MAILHOST_LOOKUP_FLAGS (DNS_REQ_FLAG_STOP_OK | DNS_REQ_FLAG_STOP_INVAL)
! dns_status = dns_lookup_l(name, 0, &dummy, (VSTRING *) 0,
(VSTRING *) 0, MAILHOST_LOOKUP_FLAGS,
T_MX, RR_ADDR_TYPES, 0);
+ if (dummy)
+ dns_rr_free(dummy);
if (dns_status != DNS_OK) { /* incl. DNS_INVAL */
if (dns_status != DNS_RETRY)
return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
var_unk_addr_code,
strcmp(reply_class, SMTPD_NAME_SENDER) == 0 ?
"4.1.8" : "4.1.2",
! "<%s>: %s rejected: %s",
! reply_name, reply_class,
! dns_status == DNS_INVAL ?
! "Malformed DNS server reply" :
! "Domain not found"));
else
DEFER_IF_PERMIT2(state, MAIL_ERROR_POLICY,
450, strcmp(reply_class, SMTPD_NAME_SENDER) == 0 ?
***************
*** 1221,1228 ****
msg_info("Relaying allowed for all verified client certificates");
return (SMTPD_CHECK_OK);
}
! if (state->tls_context->peer_verified
! && state->tls_context->peer_fingerprint) {
found = maps_find(relay_ccerts, state->tls_context->peer_fingerprint,
DICT_FLAG_NONE);
if (found) {
--- 1233,1244 ----
msg_info("Relaying allowed for all verified client certificates");
return (SMTPD_CHECK_OK);
}
!
! /*
! * When directly checking the fingerprint, it is OK if the issuing CA is
! * not trusted.
! */
! if (state->tls_context->peer_fingerprint) {
found = maps_find(relay_ccerts, state->tls_context->peer_fingerprint,
DICT_FLAG_NONE);
if (found) {
***************
*** 2578,2585 ****
if (!state->tls_context)
return SMTPD_CHECK_DUNNO;
! if (state->tls_context->peer_verified
! && state->tls_context->peer_fingerprint) {
if (msg_verbose)
msg_info("%s: %s", myname, state->tls_context->peer_fingerprint);
--- 2594,2604 ----
if (!state->tls_context)
return SMTPD_CHECK_DUNNO;
! /*
! * When directly checking the fingerprint, it is OK if the issuing CA is
! * not trusted.
! */
! if (state->tls_context->peer_fingerprint) {
if (msg_verbose)
msg_info("%s: %s", myname, state->tls_context->peer_fingerprint);
***************
*** 3335,3345 ****
#define IF_VERIFIED(x) \
((state->tls_context && \
state->tls_context->peer_verified && ((x) != 0)) ? (x) : "")
- ATTR_TYPE_STR, MAIL_ATTR_CCERT_SUBJECT, subject,
- ATTR_TYPE_STR, MAIL_ATTR_CCERT_ISSUER, issuer,
- ATTR_TYPE_STR, MAIL_ATTR_CCERT_FINGERPRINT,
- IF_VERIFIED(state->tls_context->peer_fingerprint),
#define IF_ENCRYPTED(x, y) ((state->tls_context && ((x) != 0)) ? (x) : (y))
ATTR_TYPE_STR, MAIL_ATTR_CRYPTO_PROTOCOL,
IF_ENCRYPTED(state->tls_context->protocol, ""),
ATTR_TYPE_STR, MAIL_ATTR_CRYPTO_CIPHER,
--- 3354,3371 ----
#define IF_VERIFIED(x) \
((state->tls_context && \
state->tls_context->peer_verified && ((x) != 0)) ? (x) : "")
#define IF_ENCRYPTED(x, y) ((state->tls_context && ((x) != 0)) ? (x) : (y))
+ ATTR_TYPE_STR, MAIL_ATTR_CCERT_SUBJECT,
+ IF_VERIFIED(subject),
+ ATTR_TYPE_STR, MAIL_ATTR_CCERT_ISSUER,
+ IF_VERIFIED(issuer),
+
+ /*
+ * When directly checking the fingerprint, it is OK if the issuing CA is
+ * not trusted.
+ */
+ ATTR_TYPE_STR, MAIL_ATTR_CCERT_FINGERPRINT,
+ IF_ENCRYPTED(state->tls_context->peer_fingerprint, ""),
ATTR_TYPE_STR, MAIL_ATTR_CRYPTO_PROTOCOL,
IF_ENCRYPTED(state->tls_context->protocol, ""),
ATTR_TYPE_STR, MAIL_ATTR_CRYPTO_CIPHER,