Prereq: "2.5.2"
diff -cr /var/tmp/postfix-2.5.2/src/global/mail_version.h ./src/global/mail_version.h
*** /var/tmp/postfix-2.5.2/src/global/mail_version.h Thu May 8 20:06:38 2008
--- ./src/global/mail_version.h Fri Jul 25 21:47:08 2008
***************
*** 20,27 ****
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
! #define MAIL_RELEASE_DATE "20080507"
! #define MAIL_VERSION_NUMBER "2.5.2"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
--- 20,27 ----
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
! #define MAIL_RELEASE_DATE "20080726"
! #define MAIL_VERSION_NUMBER "2.5.3"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
diff -cr /var/tmp/postfix-2.5.2/HISTORY ./HISTORY
*** /var/tmp/postfix-2.5.2/HISTORY Fri May 2 20:09:38 2008
--- ./HISTORY Sun Jul 27 16:45:34 2008
***************
*** 14377,14379 ****
--- 14377,14413 ----
not updated when the smtpd_client_port_logging configuration
parameter was added. Code by Victor Duchovni. Files:
smtpd/smtpd.c, smtpd/smtpd_peer.c.
+
+ 20080509
+
+ Bugfix: null-terminate CN comment string after sanitization.
+ File: smtpd/smtpd.c.
+
+ 20080603
+
+ Workaround: avoid "bad address pattern" errors with non-address
+ patterns in namadr_list_match() calls. File: util/match_ops.c.
+
+ 20080620
+
+ Bugfix (introduced 20080207): "cleanup -v" panic because
+ the new "SMTP reply" request flag did not have a printable
+ name. File: global/cleanup_strflags.c.
+
+ Cleanup: using "Before-queue content filter", RFC3848
+ information was not added to the headers. Carlos Velasco.
+ File smtpd/smtpd.c.
+
+ 20080717
+
+ Cleanup: a poorly-implemented integer overflow check for
+ TCP MSS calculation had the unexpected effect that people
+ broke Postfix on LP64 systems while attempting to silence
+ a compiler warning. File: util/vstream_tweak.c.
+
+ 20080725
+
+ Paranoia: defer delivery when a mailbox file is not owned
+ by the recipient. Requested by Sebastian Krahmer, SuSE.
+ Specify "strict_mailbox_ownership=no" to ignore ownership
+ discrepancies. Files: local/mailbox.c, virtual/mailbox.c.
diff -cr /var/tmp/postfix-2.5.2/README_FILES/RELEASE_NOTES ./README_FILES/RELEASE_NOTES
*** /var/tmp/postfix-2.5.2/README_FILES/RELEASE_NOTES Wed Jan 23 20:10:19 2008
--- ./README_FILES/RELEASE_NOTES Sun Jul 27 16:27:56 2008
***************
*** 11,18 ****
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
! Incompatibility with Postfix 2.3 and earlier
! --------------------------------------------
If you upgrade from Postfix 2.3 or earlier, read RELEASE_NOTES-2.4
before proceeding.
--- 11,26 ----
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
! Incompatibility with Postfix 2.5.3
! ==================================
!
! When a mailbox file is not owned by its recipient, the local and
! virtual delivery agents now log a warning and defer delivery.
! Specify "strict_mailbox_ownership = no" to ignore such ownership
! discrepancies.
!
! Postfix 2.5.0 Release Notes
! ===========================
If you upgrade from Postfix 2.3 or earlier, read RELEASE_NOTES-2.4
before proceeding.
diff -cr /var/tmp/postfix-2.5.2/RELEASE_NOTES ./RELEASE_NOTES
*** /var/tmp/postfix-2.5.2/RELEASE_NOTES Wed Jan 23 20:10:19 2008
--- ./RELEASE_NOTES Sun Jul 27 16:27:56 2008
***************
*** 11,18 ****
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
! Incompatibility with Postfix 2.3 and earlier
! --------------------------------------------
If you upgrade from Postfix 2.3 or earlier, read RELEASE_NOTES-2.4
before proceeding.
--- 11,26 ----
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
! Incompatibility with Postfix 2.5.3
! ==================================
!
! When a mailbox file is not owned by its recipient, the local and
! virtual delivery agents now log a warning and defer delivery.
! Specify "strict_mailbox_ownership = no" to ignore such ownership
! discrepancies.
!
! Postfix 2.5.0 Release Notes
! ===========================
If you upgrade from Postfix 2.3 or earlier, read RELEASE_NOTES-2.4
before proceeding.
diff -cr /var/tmp/postfix-2.5.2/html/local.8.html ./html/local.8.html
*** /var/tmp/postfix-2.5.2/html/local.8.html Tue Jan 8 17:22:42 2008
--- ./html/local.8.html Sun Jul 27 16:30:39 2008
***************
*** 398,457 ****
attempt; do not update the Delivered-To: address
while expanding aliases or .forward files.
DELIVERY METHOD CONTROLS
! The precedence of local(8) delivery methods from high to
! low is: aliases, .forward files, mailbox_transport_maps,
! mailbox_transport, mailbox_command_maps, mailbox_command,
! home_mailbox, mail_spool_directory, fallback_trans-
port_maps, fallback_transport, and luser_relay.
alias_maps (see 'postconf -d' output)
! The alias databases that are used for local(8)
delivery.
forward_path (see 'postconf -d' output)
The local(8) delivery agent search list for finding
! a .forward file with user-specified delivery meth-
ods.
mailbox_transport_maps (empty)
! Optional lookup tables with per-recipient message
! delivery transports to use for local(8) mailbox
! delivery, whether or not the recipients are found
in the UNIX passwd database.
mailbox_transport (empty)
! Optional message delivery transport that the
! local(8) delivery agent should use for mailbox
! delivery to all local recipients, whether or not
they are found in the UNIX passwd database.
mailbox_command_maps (empty)
! Optional lookup tables with per-recipient external
commands to use for local(8) mailbox delivery.
mailbox_command (empty)
! Optional external command that the local(8) deliv-
ery agent should use for mailbox delivery.
home_mailbox (empty)
! Optional pathname of a mailbox file relative to a
local(8) user's home directory.
mail_spool_directory (see 'postconf -d' output)
! The directory where local(8) UNIX-style mailboxes
are kept.
fallback_transport_maps (empty)
! Optional lookup tables with per-recipient message
! delivery transports for recipients that the
! local(8) delivery agent could not find in the
aliases(5) or UNIX password database.
fallback_transport (empty)
! Optional message delivery transport that the
! local(8) delivery agent should use for names that
! are not found in the aliases(5) or UNIX password
database.
luser_relay (empty)
--- 398,463 ----
attempt; do not update the Delivered-To: address
while expanding aliases or .forward files.
+ Available in Postfix version 2.5.3 and later:
+
+ strict_mailbox_ownership (yes)
+ Defer delivery when a mailbox file is not owned by
+ its recipient.
+
DELIVERY METHOD CONTROLS
! The precedence of local(8) delivery methods from high to
! low is: aliases, .forward files, mailbox_transport_maps,
! mailbox_transport, mailbox_command_maps, mailbox_command,
! home_mailbox, mail_spool_directory, fallback_trans-
port_maps, fallback_transport, and luser_relay.
alias_maps (see 'postconf -d' output)
! The alias databases that are used for local(8)
delivery.
forward_path (see 'postconf -d' output)
The local(8) delivery agent search list for finding
! a .forward file with user-specified delivery meth-
ods.
mailbox_transport_maps (empty)
! Optional lookup tables with per-recipient message
! delivery transports to use for local(8) mailbox
! delivery, whether or not the recipients are found
in the UNIX passwd database.
mailbox_transport (empty)
! Optional message delivery transport that the
! local(8) delivery agent should use for mailbox
! delivery to all local recipients, whether or not
they are found in the UNIX passwd database.
mailbox_command_maps (empty)
! Optional lookup tables with per-recipient external
commands to use for local(8) mailbox delivery.
mailbox_command (empty)
! Optional external command that the local(8) deliv-
ery agent should use for mailbox delivery.
home_mailbox (empty)
! Optional pathname of a mailbox file relative to a
local(8) user's home directory.
mail_spool_directory (see 'postconf -d' output)
! The directory where local(8) UNIX-style mailboxes
are kept.
fallback_transport_maps (empty)
! Optional lookup tables with per-recipient message
! delivery transports for recipients that the
! local(8) delivery agent could not find in the
aliases(5) or UNIX password database.
fallback_transport (empty)
! Optional message delivery transport that the
! local(8) delivery agent should use for names that
! are not found in the aliases(5) or UNIX password
database.
luser_relay (empty)
***************
*** 461,467 ****
Available in Postfix version 2.2 and later:
command_execution_directory (empty)
! The local(8) delivery agent working directory for
delivery to external command.
MAILBOX LOCKING CONTROLS
--- 467,473 ----
Available in Postfix version 2.2 and later:
command_execution_directory (empty)
! The local(8) delivery agent working directory for
delivery to external command.
MAILBOX LOCKING CONTROLS
***************
*** 470,484 ****
sive lock on a mailbox file or bounce(8) logfile.
deliver_lock_delay (1s)
! The time between attempts to acquire an exclusive
lock on a mailbox file or bounce(8) logfile.
stale_lock_time (500s)
! The time after which a stale exclusive mailbox
lockfile is removed.
mailbox_delivery_lock (see 'postconf -d' output)
! How to lock a UNIX-style local(8) mailbox before
attempting delivery.
RESOURCE AND RATE CONTROLS
--- 476,490 ----
sive lock on a mailbox file or bounce(8) logfile.
deliver_lock_delay (1s)
! The time between attempts to acquire an exclusive
lock on a mailbox file or bounce(8) logfile.
stale_lock_time (500s)
! The time after which a stale exclusive mailbox
lockfile is removed.
mailbox_delivery_lock (see 'postconf -d' output)
! How to lock a UNIX-style local(8) mailbox before
attempting delivery.
RESOURCE AND RATE CONTROLS
***************
*** 486,502 ****
Time limit for delivery to external commands.
duplicate_filter_limit (1000)
! The maximal number of addresses remembered by the
! address duplicate filter for aliases(5) or vir-
tual(5) alias expansion, or for showq(8) queue dis-
plays.
local_destination_concurrency_limit (2)
! The maximal number of parallel deliveries via the
local mail delivery transport to the same recipient
! (when "local_destination_recipient_limit = 1") or
! the maximal number of parallel deliveries to the
! same local domain (when "local_destination_recipi-
ent_limit > 1").
local_destination_recipient_limit (1)
--- 492,508 ----
Time limit for delivery to external commands.
duplicate_filter_limit (1000)
! The maximal number of addresses remembered by the
! address duplicate filter for aliases(5) or vir-
tual(5) alias expansion, or for showq(8) queue dis-
plays.
local_destination_concurrency_limit (2)
! The maximal number of parallel deliveries via the
local mail delivery transport to the same recipient
! (when "local_destination_recipient_limit = 1") or
! the maximal number of parallel deliveries to the
! same local domain (when "local_destination_recipi-
ent_limit > 1").
local_destination_recipient_limit (1)
***************
*** 509,540 ****
SECURITY CONTROLS
allow_mail_to_commands (alias, forward)
! Restrict local(8) mail delivery to external com-
mands.
allow_mail_to_files (alias, forward)
! Restrict local(8) mail delivery to external files.
command_expansion_filter (see 'postconf -d' output)
! Restrict the characters that the local(8) delivery
! agent allows in $name expansions of $mailbox_com-
! mand.
default_privs (nobody)
! The default rights used by the local(8) delivery
agent for delivery to external file or command.
forward_expansion_filter (see 'postconf -d' output)
! Restrict the characters that the local(8) delivery
! agent allows in $name expansions of $forward_path.
Available in Postfix version 2.2 and later:
execution_directory_expansion_filter (see 'postconf -d'
output)
! Restrict the characters that the local(8) delivery
agent allows in $name expansions of $command_execu-
tion_directory.
MISCELLANEOUS CONTROLS
config_directory (see 'postconf -d' output)
--- 515,552 ----
SECURITY CONTROLS
allow_mail_to_commands (alias, forward)
! Restrict local(8) mail delivery to external com-
mands.
allow_mail_to_files (alias, forward)
! Restrict local(8) mail delivery to external files.
command_expansion_filter (see 'postconf -d' output)
! Restrict the characters that the local(8) delivery
! agent allows in $name expansions of $mailbox_com-
! mand and $command_execution_directory.
default_privs (nobody)
! The default rights used by the local(8) delivery
agent for delivery to external file or command.
forward_expansion_filter (see 'postconf -d' output)
! Restrict the characters that the local(8) delivery
! agent allows in $name expansions of $forward_path.
Available in Postfix version 2.2 and later:
execution_directory_expansion_filter (see 'postconf -d'
output)
! Restrict the characters that the local(8) delivery
agent allows in $name expansions of $command_execu-
tion_directory.
+
+ Available in Postfix version 2.5.3 and later:
+
+ strict_mailbox_ownership (yes)
+ Defer delivery when a mailbox file is not owned by
+ its recipient.
MISCELLANEOUS CONTROLS
config_directory (see 'postconf -d' output)
diff -cr /var/tmp/postfix-2.5.2/html/postconf.5.html ./html/postconf.5.html
*** /var/tmp/postfix-2.5.2/html/postconf.5.html Thu May 8 20:11:59 2008
--- ./html/postconf.5.html Sun Jul 27 15:47:10 2008
***************
*** 12497,12502 ****
--- 12497,12513 ----
+ strict_mailbox_ownership
+ (default: yes)
+
+ Defer delivery when a mailbox file is not owned by its recipient.
+ The default setting is not backwards compatible.
+
+ This feature is available in Postfix 2.5.3 and later.
+
+
+
+
strict_mime_encoding_domain
(default: no)
diff -cr /var/tmp/postfix-2.5.2/html/virtual.8.html ./html/virtual.8.html
*** /var/tmp/postfix-2.5.2/html/virtual.8.html Tue Jan 8 17:22:44 2008
--- ./html/virtual.8.html Sun Jul 27 17:04:30 2008
***************
*** 200,208 ****
destination for final delivery to domains listed
with $virtual_mailbox_domains.
LOCKING CONTROLS
virtual_mailbox_lock (see 'postconf -d' output)
! How to lock a UNIX-style virtual(8) mailbox before
attempting delivery.
deliver_lock_attempts (20)
--- 200,214 ----
destination for final delivery to domains listed
with $virtual_mailbox_domains.
+ Available in Postfix version 2.5.3 and later:
+
+ strict_mailbox_ownership (yes)
+ Defer delivery when a mailbox file is not owned by
+ its recipient.
+
LOCKING CONTROLS
virtual_mailbox_lock (see 'postconf -d' output)
! How to lock a UNIX-style virtual(8) mailbox before
attempting delivery.
deliver_lock_attempts (20)
***************
*** 210,250 ****
sive lock on a mailbox file or bounce(8) logfile.
deliver_lock_delay (1s)
! The time between attempts to acquire an exclusive
lock on a mailbox file or bounce(8) logfile.
stale_lock_time (500s)
! The time after which a stale exclusive mailbox
lockfile is removed.
RESOURCE AND RATE CONTROLS
virtual_destination_concurrency_limit ($default_destina-
tion_concurrency_limit)
! The maximal number of parallel deliveries to the
! same destination via the virtual message delivery
transport.
virtual_destination_recipient_limit ($default_destina-
tion_recipient_limit)
! The maximal number of recipients per delivery via
the virtual message delivery transport.
virtual_mailbox_limit (51200000)
! The maximal size in bytes of an individual mailbox
or maildir file, or zero (no limit).
MISCELLANEOUS CONTROLS
config_directory (see 'postconf -d' output)
! The default location of the Postfix main.cf and
master.cf configuration files.
daemon_timeout (18000s)
! How much time a Postfix daemon process may take to
! handle a request before it is terminated by a
built-in watchdog timer.
delay_logging_resolution_limit (2)
! The maximal number of digits after the decimal
point when logging sub-second delay values.
ipc_timeout (3600s)
--- 216,256 ----
sive lock on a mailbox file or bounce(8) logfile.
deliver_lock_delay (1s)
! The time between attempts to acquire an exclusive
lock on a mailbox file or bounce(8) logfile.
stale_lock_time (500s)
! The time after which a stale exclusive mailbox
lockfile is removed.
RESOURCE AND RATE CONTROLS
virtual_destination_concurrency_limit ($default_destina-
tion_concurrency_limit)
! The maximal number of parallel deliveries to the
! same destination via the virtual message delivery
transport.
virtual_destination_recipient_limit ($default_destina-
tion_recipient_limit)
! The maximal number of recipients per delivery via
the virtual message delivery transport.
virtual_mailbox_limit (51200000)
! The maximal size in bytes of an individual mailbox
or maildir file, or zero (no limit).
MISCELLANEOUS CONTROLS
config_directory (see 'postconf -d' output)
! The default location of the Postfix main.cf and
master.cf configuration files.
daemon_timeout (18000s)
! How much time a Postfix daemon process may take to
! handle a request before it is terminated by a
built-in watchdog timer.
delay_logging_resolution_limit (2)
! The maximal number of digits after the decimal
point when logging sub-second delay values.
ipc_timeout (3600s)
***************
*** 252,284 ****
over an internal communication channel.
max_idle (100s)
! The maximum amount of time that an idle Postfix
! daemon process waits for an incoming connection
before terminating voluntarily.
max_use (100)
! The maximal number of incoming connections that a
! Postfix daemon process will service before termi-
nating voluntarily.
process_id (read-only)
! The process ID of a Postfix command or daemon
process.
process_name (read-only)
! The process name of a Postfix command or daemon
process.
queue_directory (see 'postconf -d' output)
! The location of the Postfix top-level queue direc-
tory.
syslog_facility (mail)
The syslog facility of Postfix logging.
syslog_name (postfix)
! The mail system name that is prepended to the
! process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
SEE ALSO
--- 258,290 ----
over an internal communication channel.
max_idle (100s)
! The maximum amount of time that an idle Postfix
! daemon process waits for an incoming connection
before terminating voluntarily.
max_use (100)
! The maximal number of incoming connections that a
! Postfix daemon process will service before termi-
nating voluntarily.
process_id (read-only)
! The process ID of a Postfix command or daemon
process.
process_name (read-only)
! The process name of a Postfix command or daemon
process.
queue_directory (see 'postconf -d' output)
! The location of the Postfix top-level queue direc-
tory.
syslog_facility (mail)
The syslog facility of Postfix logging.
syslog_name (postfix)
! The mail system name that is prepended to the
! process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
SEE ALSO
***************
*** 291,310 ****
VIRTUAL_README, domain hosting howto
LICENSE
! The Secure Mailer license must be distributed with this
software.
HISTORY
! This delivery agent was originally based on the Postfix
! local delivery agent. Modifications mainly consisted of
! removing code that either was not applicable or that was
! not safe in this context: aliases, ~user/.forward files,
delivery to "|command" or to /file/name.
The Delivered-To: message header appears in the qmail sys-
tem by Daniel Bernstein.
! The maildir structure appears in the qmail system by
Daniel Bernstein.
AUTHOR(S)
--- 297,316 ----
VIRTUAL_README, domain hosting howto
LICENSE
! The Secure Mailer license must be distributed with this
software.
HISTORY
! This delivery agent was originally based on the Postfix
! local delivery agent. Modifications mainly consisted of
! removing code that either was not applicable or that was
! not safe in this context: aliases, ~user/.forward files,
delivery to "|command" or to /file/name.
The Delivered-To: message header appears in the qmail sys-
tem by Daniel Bernstein.
! The maildir structure appears in the qmail system by
Daniel Bernstein.
AUTHOR(S)
diff -cr /var/tmp/postfix-2.5.2/man/man5/postconf.5 ./man/man5/postconf.5
*** /var/tmp/postfix-2.5.2/man/man5/postconf.5 Thu May 8 20:11:59 2008
--- ./man/man5/postconf.5 Sun Jul 27 15:47:10 2008
***************
*** 7771,7776 ****
--- 7771,7781 ----
because it is likely to reject legitimate email.
.PP
This feature is available in Postfix 2.0 and later.
+ .SH strict_mailbox_ownership (default: yes)
+ Defer delivery when a mailbox file is not owned by its recipient.
+ The default setting is not backwards compatible.
+ .PP
+ This feature is available in Postfix 2.5.3 and later.
.SH strict_mime_encoding_domain (default: no)
Reject mail with invalid Content-Transfer-Encoding: information
for the message/* or multipart/* MIME content types. This blocks
diff -cr /var/tmp/postfix-2.5.2/man/man8/local.8 ./man/man8/local.8
*** /var/tmp/postfix-2.5.2/man/man8/local.8 Tue Jan 8 17:22:40 2008
--- ./man/man8/local.8 Sun Jul 27 16:30:38 2008
***************
*** 415,420 ****
--- 415,424 ----
address (see prepend_delivered_header) only once, at the start of
a delivery attempt; do not update the Delivered-To: address while
expanding aliases or .forward files.
+ .PP
+ Available in Postfix version 2.5.3 and later:
+ .IP "\fBstrict_mailbox_ownership (yes)\fR"
+ Defer delivery when a mailbox file is not owned by its recipient.
.SH "DELIVERY METHOD CONTROLS"
.na
.nf
***************
*** 513,519 ****
Restrict \fBlocal\fR(8) mail delivery to external files.
.IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"
Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
! $name expansions of $mailbox_command.
.IP "\fBdefault_privs (nobody)\fR"
The default rights used by the \fBlocal\fR(8) delivery agent for delivery
to external file or command.
--- 517,523 ----
Restrict \fBlocal\fR(8) mail delivery to external files.
.IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"
Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
! $name expansions of $mailbox_command and $command_execution_directory.
.IP "\fBdefault_privs (nobody)\fR"
The default rights used by the \fBlocal\fR(8) delivery agent for delivery
to external file or command.
***************
*** 525,530 ****
--- 529,538 ----
.IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR"
Restrict the characters that the \fBlocal\fR(8) delivery agent allows
in $name expansions of $command_execution_directory.
+ .PP
+ Available in Postfix version 2.5.3 and later:
+ .IP "\fBstrict_mailbox_ownership (yes)\fR"
+ Defer delivery when a mailbox file is not owned by its recipient.
.SH "MISCELLANEOUS CONTROLS"
.na
.nf
diff -cr /var/tmp/postfix-2.5.2/man/man8/virtual.8 ./man/man8/virtual.8
*** /var/tmp/postfix-2.5.2/man/man8/virtual.8 Tue Jan 8 17:22:41 2008
--- ./man/man8/virtual.8 Sun Jul 27 17:04:30 2008
***************
*** 213,218 ****
--- 213,222 ----
.IP "\fBvirtual_transport (virtual)\fR"
The default mail delivery transport and next-hop destination for
final delivery to domains listed with $virtual_mailbox_domains.
+ .PP
+ Available in Postfix version 2.5.3 and later:
+ .IP "\fBstrict_mailbox_ownership (yes)\fR"
+ Defer delivery when a mailbox file is not owned by its recipient.
.SH "LOCKING CONTROLS"
.na
.nf
diff -cr /var/tmp/postfix-2.5.2/mantools/postlink ./mantools/postlink
*** /var/tmp/postfix-2.5.2/mantools/postlink Wed Jan 23 20:38:00 2008
--- ./mantools/postlink Sun Jul 27 15:34:16 2008
***************
*** 517,522 ****
--- 517,523 ----
s;\bstrict_8bitmime\b;$&;g;
s;\bstrict_8bitmime_body\b;$&;g;
s;\bstrict_mime_encoding_domain\b;$&;g;
+ s;\bstrict_mailbox_ownership\b;$&;g;
s;\bstrict_rfc821_envelopes\b;$&;g;
s;\bsun_mailtool_compatibility\b;$&;g;
s;\bswap_bangpath\b;$&;g;
diff -cr /var/tmp/postfix-2.5.2/proto/postconf.proto ./proto/postconf.proto
*** /var/tmp/postfix-2.5.2/proto/postconf.proto Sat Apr 26 19:21:28 2008
--- ./proto/postconf.proto Sun Jul 27 15:35:55 2008
***************
*** 11517,11519 ****
--- 11517,11525 ----
This feature is available in Postfix 2.5 and later.
+ %PARAM strict_mailbox_ownership yes
+
+ Defer delivery when a mailbox file is not owned by its recipient.
+ The default setting is not backwards compatible.
+
+ This feature is available in Postfix 2.5.3 and later.
diff -cr /var/tmp/postfix-2.5.2/src/global/cleanup_strflags.c ./src/global/cleanup_strflags.c
*** /var/tmp/postfix-2.5.2/src/global/cleanup_strflags.c Tue Jun 13 17:36:58 2006
--- ./src/global/cleanup_strflags.c Tue Mar 11 20:12:23 2008
***************
*** 52,57 ****
--- 52,58 ----
CLEANUP_FLAG_BCC_OK, "enable_automatic_bcc",
CLEANUP_FLAG_MAP_OK, "enable_address_mapping",
CLEANUP_FLAG_MILTER, "enable_milters",
+ CLEANUP_FLAG_SMTP_REPLY, "enable_smtp_reply",
};
/* cleanup_strflags - map flags code to printable string */
diff -cr /var/tmp/postfix-2.5.2/src/global/mail_params.h ./src/global/mail_params.h
*** /var/tmp/postfix-2.5.2/src/global/mail_params.h Tue Apr 29 20:39:01 2008
--- ./src/global/mail_params.h Sun Jul 27 15:10:27 2008
***************
*** 2932,2937 ****
--- 2932,2944 ----
#define DEF_STRESS ""
extern char *var_stress;
+ /*
+ * Mailbox ownership.
+ */
+ #define VAR_STRICT_MBOX_OWNER "strict_mailbox_ownership"
+ #define DEF_STRICT_MBOX_OWNER 1
+ extern bool var_strict_mbox_owner;
+
/* LICENSE
/* .ad
/* .fi
diff -cr /var/tmp/postfix-2.5.2/src/local/local.c ./src/local/local.c
*** /var/tmp/postfix-2.5.2/src/local/local.c Tue Jan 8 15:36:13 2008
--- ./src/local/local.c Sun Jul 27 16:01:33 2008
***************
*** 381,386 ****
--- 381,390 ----
/* address (see prepend_delivered_header) only once, at the start of
/* a delivery attempt; do not update the Delivered-To: address while
/* expanding aliases or .forward files.
+ /* .PP
+ /* Available in Postfix version 2.5.3 and later:
+ /* .IP "\fBstrict_mailbox_ownership (yes)\fR"
+ /* Defer delivery when a mailbox file is not owned by its recipient.
/* DELIVERY METHOD CONTROLS
/* .ad
/* .fi
***************
*** 471,477 ****
/* Restrict \fBlocal\fR(8) mail delivery to external files.
/* .IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"
/* Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
! /* $name expansions of $mailbox_command.
/* .IP "\fBdefault_privs (nobody)\fR"
/* The default rights used by the \fBlocal\fR(8) delivery agent for delivery
/* to external file or command.
--- 475,481 ----
/* Restrict \fBlocal\fR(8) mail delivery to external files.
/* .IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"
/* Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
! /* $name expansions of $mailbox_command and $command_execution_directory.
/* .IP "\fBdefault_privs (nobody)\fR"
/* The default rights used by the \fBlocal\fR(8) delivery agent for delivery
/* to external file or command.
***************
*** 483,488 ****
--- 487,496 ----
/* .IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR"
/* Restrict the characters that the \fBlocal\fR(8) delivery agent allows
/* in $name expansions of $command_execution_directory.
+ /* .PP
+ /* Available in Postfix version 2.5.3 and later:
+ /* .IP "\fBstrict_mailbox_ownership (yes)\fR"
+ /* Defer delivery when a mailbox file is not owned by its recipient.
/* MISCELLANEOUS CONTROLS
/* .ad
/* .fi
***************
*** 644,649 ****
--- 652,658 ----
char *var_mailbox_lock;
int var_mailbox_limit;
bool var_frozen_delivered;
+ bool var_strict_mbox_owner;
int local_cmd_deliver_mask;
int local_file_deliver_mask;
***************
*** 891,896 ****
--- 900,906 ----
VAR_STAT_HOME_DIR, DEF_STAT_HOME_DIR, &var_stat_home_dir,
VAR_MAILTOOL_COMPAT, DEF_MAILTOOL_COMPAT, &var_mailtool_compat,
VAR_FROZEN_DELIVERED, DEF_FROZEN_DELIVERED, &var_frozen_delivered,
+ VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner,
0,
};
diff -cr /var/tmp/postfix-2.5.2/src/local/mailbox.c ./src/local/mailbox.c
*** /var/tmp/postfix-2.5.2/src/local/mailbox.c Tue May 15 16:14:21 2007
--- ./src/local/mailbox.c Fri Jul 25 21:21:22 2008
***************
*** 194,199 ****
--- 194,205 ----
vstream_fclose(mp->fp);
dsb_simple(why, "5.2.0",
"destination %s is not a regular file", mailbox);
+ } else if (var_strict_mbox_owner && st.st_uid != usr_attr.uid) {
+ vstream_fclose(mp->fp);
+ dsb_simple(why, "4.2.0",
+ "destination %s is not owned by recipient", mailbox);
+ msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch",
+ VAR_STRICT_MBOX_OWNER);
} else {
end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,
diff -cr /var/tmp/postfix-2.5.2/src/smtpd/smtpd.c ./src/smtpd/smtpd.c
*** /var/tmp/postfix-2.5.2/src/smtpd/smtpd.c Thu May 8 20:12:00 2008
--- ./src/smtpd/smtpd.c Fri Jun 20 07:59:45 2008
***************
*** 2506,2511 ****
--- 2506,2512 ----
}
while (pc-- > 0)
VSTRING_ADDCH(comment_string, ')');
+ VSTRING_TERMINATE(comment_string);
}
/* data_cmd - process DATA command */
***************
*** 2687,2693 ****
if (state->rcpt_count == 1 && state->recipient) {
out_fprintf(out_stream, REC_TYPE_NORM,
state->cleanup ? "\tby %s (%s) with %s%s%s id %s" :
! "\tby %s (%s) with %s",
var_myhostname, var_mail_name,
state->protocol, rfc3848_sess,
rfc3848_auth, state->queue_id);
--- 2688,2694 ----
if (state->rcpt_count == 1 && state->recipient) {
out_fprintf(out_stream, REC_TYPE_NORM,
state->cleanup ? "\tby %s (%s) with %s%s%s id %s" :
! "\tby %s (%s) with %s%s%s",
var_myhostname, var_mail_name,
state->protocol, rfc3848_sess,
rfc3848_auth, state->queue_id);
***************
*** 2698,2704 ****
} else {
out_fprintf(out_stream, REC_TYPE_NORM,
state->cleanup ? "\tby %s (%s) with %s%s%s id %s;" :
! "\tby %s (%s) with %s;",
var_myhostname, var_mail_name,
state->protocol, rfc3848_sess,
rfc3848_auth, state->queue_id);
--- 2699,2705 ----
} else {
out_fprintf(out_stream, REC_TYPE_NORM,
state->cleanup ? "\tby %s (%s) with %s%s%s id %s;" :
! "\tby %s (%s) with %s%s%s;",
var_myhostname, var_mail_name,
state->protocol, rfc3848_sess,
rfc3848_auth, state->queue_id);
diff -cr /var/tmp/postfix-2.5.2/src/util/match_ops.c ./src/util/match_ops.c
*** /var/tmp/postfix-2.5.2/src/util/match_ops.c Thu Jun 15 14:07:16 2006
--- ./src/util/match_ops.c Fri Jun 6 15:52:05 2008
***************
*** 234,245 ****
* Postfix; if not, then Postfix has no business dealing with IPv4
* addresses anyway.
*
! * - Don't bother if the pattern is a bare IPv4 address. That form would
! * have been matched with the strcasecmp() call above.
*
! * - Don't bother if the pattern isn't an address or address/mask.
*/
if (!strchr(addr, ':') != !strchr(pattern, ':')
|| pattern[strspn(pattern, V4_ADDR_STRING_CHARS)] == 0
|| pattern[strspn(pattern, V6_ADDR_STRING_CHARS "[]/")] != 0)
return (0);
--- 234,253 ----
* Postfix; if not, then Postfix has no business dealing with IPv4
* addresses anyway.
*
! * - Don't bother unless the pattern is either an IPv6 address or net/mask.
*
! * We can safely skip IPv4 address patterns because their form is
! * unambiguous and they did not match in the strcasecmp() calls above.
! *
! * XXX We MUST skip (parent) domain names, which may appear in NAMADR_LIST
! * input, to avoid triggering false cidr_match_parse() errors.
! *
! * The last two conditions below are for backwards compatibility with
! * earlier Postfix versions: don't abort with fatal errors on junk that
! * was silently ignored (principle of least astonishment).
*/
if (!strchr(addr, ':') != !strchr(pattern, ':')
+ || pattern[strcspn(pattern, ":/")] == 0
|| pattern[strspn(pattern, V4_ADDR_STRING_CHARS)] == 0
|| pattern[strspn(pattern, V6_ADDR_STRING_CHARS "[]/")] != 0)
return (0);
diff -cr /var/tmp/postfix-2.5.2/src/util/vstream_tweak.c ./src/util/vstream_tweak.c
*** /var/tmp/postfix-2.5.2/src/util/vstream_tweak.c Tue Jul 31 17:14:02 2007
--- ./src/util/vstream_tweak.c Thu Jul 17 11:03:07 2008
***************
*** 115,121 ****
*/
#ifdef VSTREAM_CTL_BUFSIZE
if (mss > 0) {
! if (mss < __MAXINT__(ssize_t) /2)
mss *= 2;
vstream_control(fp,
VSTREAM_CTL_BUFSIZE, (ssize_t) mss,
--- 115,121 ----
*/
#ifdef VSTREAM_CTL_BUFSIZE
if (mss > 0) {
! if (mss < INT_MAX / 2)
mss *= 2;
vstream_control(fp,
VSTREAM_CTL_BUFSIZE, (ssize_t) mss,
diff -cr /var/tmp/postfix-2.5.2/src/virtual/mailbox.c ./src/virtual/mailbox.c
*** /var/tmp/postfix-2.5.2/src/virtual/mailbox.c Mon Jun 26 08:59:19 2006
--- ./src/virtual/mailbox.c Fri Jul 25 21:22:37 2008
***************
*** 125,130 ****
--- 125,136 ----
msg_warn("recipient %s: destination %s is not a regular file",
state.msg_attr.rcpt.address, usr_attr.mailbox);
dsb_simple(why, "5.3.5", "mail system configuration error");
+ } else if (var_strict_mbox_owner && st.st_uid != usr_attr.uid) {
+ vstream_fclose(mp->fp);
+ dsb_simple(why, "4.2.0",
+ "destination %s is not owned by recipient", usr_attr.mailbox);
+ msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch",
+ VAR_STRICT_MBOX_OWNER);
} else {
end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,
diff -cr /var/tmp/postfix-2.5.2/src/virtual/virtual.c ./src/virtual/virtual.c
*** /var/tmp/postfix-2.5.2/src/virtual/virtual.c Tue Jan 8 15:35:08 2008
--- ./src/virtual/virtual.c Sun Jul 27 17:00:11 2008
***************
*** 183,188 ****
--- 183,192 ----
/* .IP "\fBvirtual_transport (virtual)\fR"
/* The default mail delivery transport and next-hop destination for
/* final delivery to domains listed with $virtual_mailbox_domains.
+ /* .PP
+ /* Available in Postfix version 2.5.3 and later:
+ /* .IP "\fBstrict_mailbox_ownership (yes)\fR"
+ /* Defer delivery when a mailbox file is not owned by its recipient.
/* LOCKING CONTROLS
/* .ad
/* .fi
***************
*** 329,334 ****
--- 333,339 ----
char *var_virt_mailbox_lock;
int var_virt_mailbox_limit;
char *var_mail_spool_dir; /* XXX dependency fix */
+ bool var_strict_mbox_owner;
/*
* Mappings.
***************
*** 504,509 ****
--- 509,518 ----
VAR_VIRT_MAILBOX_LOCK, DEF_VIRT_MAILBOX_LOCK, &var_virt_mailbox_lock, 1, 0,
0,
};
+ static const CONFIG_BOOL_TABLE bool_table[] = {
+ VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner,
+ 0,
+ };
/*
* Fingerprint executables and core dumps.
***************
*** 513,518 ****
--- 522,528 ----
single_server_main(argc, argv, local_service,
MAIL_SERVER_INT_TABLE, int_table,
MAIL_SERVER_STR_TABLE, str_table,
+ MAIL_SERVER_BOOL_TABLE, bool_table,
MAIL_SERVER_PRE_INIT, pre_init,
MAIL_SERVER_POST_INIT, post_init,
MAIL_SERVER_PRE_ACCEPT, pre_accept,