This is a zero-feature patch to Postfix version 20010228, the first non-BETA Postfix release. In addition to minor improvements in documentation and in warning messages, this patch contains the following bugfixes: - The Postfix SMTP server could bounce mail instead of replying with a temporary error code when, for example, an LDAP or mysql server was unavailable (Robert Kiessling). - Inter-operability bugfix for recent Sendmail clients with ESMTP command pipelining: the Postfix SMTP server returned an inappropriate 503 status code, causing mail to be bounced when the sender sent DATA while the recipients were rejected because of a temporary error (Lutz Jaenicke). - With a non-default setting of the inet_interfaces parameter, the Postfix master daemon ignored host:port TCP endpoint settings in the master.cf file (Jun-ichiro itojun Hagino). - The Postfix SMTP server mis-parsed the common but illegal address form > in MAIL FROM and RCPT TO commands. The patch is too large to distribute via email. A fully patched version of the source code will be made available from the sites listed on the www.postfix.org web site. The primary distribution site is: ftp://ftp.porcupine.org/mirrors/postfix-release/ postfix-20010228-patch02.gz Source patch postfix-20010228-pl02.tar.sig Source code postfix-20010228-pl02.tar.gz.sig PGP signature Details of the patch can be found in the extracts from the HISTORY files below the signature. Again, this patch introduces no features or compatibility issues. Wietse Prereq: "Postfix-20010228-pl01" diff -cr --new-file ../postfix-20010228-pl01/src/global/mail_version.h ./src/global/mail_version.h *** ../postfix-20010228-pl01/src/global/mail_version.h Thu Mar 29 19:39:46 2001 --- ./src/global/mail_version.h Fri Apr 27 14:41:03 2001 *************** *** 15,21 **** * Version of this program. */ #define VAR_MAIL_VERSION "mail_version" ! #define DEF_MAIL_VERSION "Postfix-20010228-pl01" extern char *var_mail_version; /* LICENSE --- 15,21 ---- * Version of this program. */ #define VAR_MAIL_VERSION "mail_version" ! #define DEF_MAIL_VERSION "Postfix-20010228-pl02" extern char *var_mail_version; /* LICENSE diff -cr --new-file ../postfix-20010228-pl01/HISTORY ./HISTORY *** ../postfix-20010228-pl01/HISTORY Thu Mar 29 12:36:25 2001 --- ./HISTORY Mon Apr 30 20:20:37 2001 *************** *** 4969,4971 **** --- 4969,5026 ---- Portability: workaround for missing prototype problem in dict_ldap.c. This module should move to the global directory, because it depends on Postfix main.cf parameter information. + + 20010403 + + Workaround: the mysql library can return null pointers + rather than zero-length strings. + + 20010404 + + Ergonomics: log additional information about the reason + why "mail for XXX loops back to myself", when the local + machine is the best MX host. File: smtp/smtp_addr.c. + + 20010406 + + Changed some noisy LDAP client warnings into optional + logging. LaMont Jones, util/dict_ldap.c. + + 20010411 + + Bugfix: the SMTP server now replies with 550 instead of + 503 when it receives the DATA command without having received + a valid recipient address. This is needed for the Sendmail + client-side pipelining implementation. Problem reported by + Lutz Jaenicke. File: smtpd/smtpd.c. + + Cleanup: shut up if chattr fails on Reiserfs and other file + systems that do not support the respective attributes. + Files: conf/postfix-script-{no,}sgid. + + 20010413 + + Ergonomics: Postfix applications now warn when a DB or DBM + file is out of date, and recommend to rebuild the table. + Files: util/dict_db.c, util/dict_dbm.c. + + 20010414 + + Bugfix: with a non-default inet_interfaces setting, the + master ignored host information in master.cf host:port + settings. Fix by Jun-ichiro itojun Hagino @ iijlab.net. + Files: master/master.h, master/master_ent.c. + + 20010426 + + Bugfix: the SMTP server did not parse invalid MAIL FROM or + RCPT TO addresses such as > the + way it was supposed to do. I thought this was taken care + of years ago. File: smtpd/smtpd.c. + + 20010427 + + Bugfix: smtpd would reject mail instead of replying with + a 4xx temporary error code when, for example, an LDAP or + mysql server was unavailable. Remotely based on a fix by + Robert Kiessling @ de.easynet.net. File: smtpd/smtpd_check.c. diff -cr --new-file ../postfix-20010228-pl01/INSTALL ./INSTALL *** ../postfix-20010228-pl01/INSTALL Thu Mar 29 14:54:01 2001 --- ./INSTALL Fri Apr 27 13:45:52 2001 *************** *** 67,75 **** Linux RedHat 5.x Linux RedHat 6.x Linux RedHat 7.x ! Linux Slackware 3.5 ! Linux Slackware 4.0 ! Linux Slackware 7.0 Linux SuSE 5.x Linux SuSE 6.x Linux SuSE 7.x --- 67,75 ---- Linux RedHat 5.x Linux RedHat 6.x Linux RedHat 7.x ! Linux Slackware 3.x ! Linux Slackware 4.x ! Linux Slackware 7.x Linux SuSE 5.x Linux SuSE 6.x Linux SuSE 7.x *************** *** 207,212 **** --- 207,216 ---- # make install (interactive version, first time install) # make install &2 ! echo file from a previous Postfix installation. 1>&2 ! echo 1>&2 ! echo Use interactive installation instead. 1>&2 ! exit 1 ! } ! } # Override default settings. diff -cr --new-file ../postfix-20010228-pl01/SASL_README ./SASL_README *** ../postfix-20010228-pl01/SASL_README Wed Mar 28 20:07:24 2001 --- ./SASL_README Mon Apr 2 16:13:16 2001 *************** *** 62,75 **** non-standard SASL LOGIN authentication method. To enable this authentication method, specify ``./configure --enable-login''. ! Older Microsoft SMTP client software implements a non-standard ! version of the AUTH protocol syntax, and expects that the SMTP ! server replies to EHLO with "250 AUTH=stuff" instead of "250 AUTH ! stuff". To accomodate such clients in addition to conformant ! clients, set "broken_sasl_auth_clients = yes" in the main.cf file. ! ! The Postfix SMTP client is backwards compatible with SMTP servers ! that use the non-standard AUTH protocol syntax. Building Postfix with SASL authentication support ================================================= --- 62,69 ---- non-standard SASL LOGIN authentication method. To enable this authentication method, specify ``./configure --enable-login''. ! If you install the Cyrus SASL libraries as per the default, you ! will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl. Building Postfix with SASL authentication support ================================================= *************** *** 94,102 **** Enabling SASL authentication in the Postfix SMTP server ======================================================= - If you installed the Cyrus SASL libraries as per the default, you - will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl. - See conf/sample-auth.cf for examples. In order to enable SASL support in the SMTP server: --- 88,93 ---- *************** *** 141,146 **** --- 132,143 ---- To run software chrooted with SASL support is an interesting exercise. It probably is not worth the trouble. + Older Microsoft SMTP client software implements a non-standard + version of the AUTH protocol syntax, and expects that the SMTP + server replies to EHLO with "250 AUTH=stuff" instead of "250 AUTH + stuff". To accomodate such clients in addition to conformant + clients, set "broken_sasl_auth_clients = yes" in the main.cf file. + Testing SASL authentication in the Postfix SMTP server ====================================================== *************** *** 192,194 **** --- 189,196 ---- The SASL client password file is opened before the SMTP server enters the optional chroot jail, so you can keep the file in /etc/postfix. + + The Postfix SMTP client is backwards compatible with SMTP servers + that use the non-standard AUTH=stuff... syntax in response to the + EHLO command. + diff -cr --new-file ../postfix-20010228-pl01/conf/main.cf ./conf/main.cf *** ../postfix-20010228-pl01/conf/main.cf Wed Mar 28 20:08:11 2001 --- ./conf/main.cf Fri Apr 20 07:02:27 2001 *************** *** 374,379 **** --- 374,381 ---- # localpart), $recipient_delimiter. Specify ${name?value} or # ${name:value} to expand value only when $name does (does not) exist. # + # luser_relay works only for the default Postfix local delivery agent. + # # luser_relay = $user@other.host # luser_relay = $local@other.host # luser_relay = admin+$local diff -cr --new-file ../postfix-20010228-pl01/conf/master.cf ./conf/master.cf *** ../postfix-20010228-pl01/conf/master.cf Sun Jan 28 15:54:01 2001 --- ./conf/master.cf Fri Apr 27 13:49:12 2001 *************** *** 37,42 **** --- 37,43 ---- # Max procs: the maximum number of processes that may execute this # service simultaneously. Default is to use a globally configurable # limit (the default_process_limit configuration parameter in main.cf). + # Specify 0 for no process count limit. # # Command + args: the command to be executed. The command name is # relative to the Postfix program directory (pathname is controlled by diff -cr --new-file ../postfix-20010228-pl01/conf/postfix-script-nosgid ./conf/postfix-script-nosgid *** ../postfix-20010228-pl01/conf/postfix-script-nosgid Sun Feb 25 17:45:42 2001 --- ./conf/postfix-script-nosgid Fri Apr 27 13:49:54 2001 *************** *** 193,199 **** test -d $dir || { $WARN creating missing Postfix $dir directory mkdir $dir || exit 1 ! chmod 700 $dir; $CHATTR $dir chown $mail_owner $dir } done --- 193,199 ---- test -d $dir || { $WARN creating missing Postfix $dir directory mkdir $dir || exit 1 ! chmod 700 $dir; $CHATTR $dir 2>/dev/null chown $mail_owner $dir } done diff -cr --new-file ../postfix-20010228-pl01/conf/postfix-script-sgid ./conf/postfix-script-sgid *** ../postfix-20010228-pl01/conf/postfix-script-sgid Sun Feb 25 17:47:41 2001 --- ./conf/postfix-script-sgid Fri Apr 27 13:50:05 2001 *************** *** 194,200 **** test -d $dir || { $WARN creating missing Postfix $dir directory mkdir $dir || exit 1 ! chmod 700 $dir; $CHATTR $dir chown $mail_owner $dir } done --- 194,200 ---- test -d $dir || { $WARN creating missing Postfix $dir directory mkdir $dir || exit 1 ! chmod 700 $dir; $CHATTR $dir 2>/dev/null chown $mail_owner $dir } done diff -cr --new-file ../postfix-20010228-pl01/conf/sample-local.cf ./conf/sample-local.cf *** ../postfix-20010228-pl01/conf/sample-local.cf Thu Feb 1 20:52:56 2001 --- ./conf/sample-local.cf Fri Apr 20 07:02:37 2001 *************** *** 125,130 **** --- 125,132 ---- # localpart), $recipient_delimiter. Specify ${name?value} or # ${name:value} to expand value only when $name does (does not) exist. # + # luser_relay works only for the default Postfix local delivery agent. + # # luser_relay = $user@other.host # luser_relay = $local@other.host # luser_relay = admin+$local *************** *** 219,230 **** # DELIVERED-TO # ! # The prepend_delivered_header controls when Postfix should prepend ! # a Delivered-To: message header. # ! # By default, Postfix prepends a Delivered-To: header when forwarding ! # mail and when delivering to file (mailbox) and command. Turning off ! # the Delivered-To: header when forwarding mail is not recommended. # # prepend_delivered_header = command, file, forward # prepend_delivered_header = forward --- 221,233 ---- # DELIVERED-TO # ! # The prepend_delivered_header controls when the Postfix local delivery ! # agent should prepend a Delivered-To: message header. # ! # By default, the Postfix local delivery agent prepends a Delivered-To: ! # header when forwarding mail and when delivering to file (mailbox) ! # and command. Turning off the Delivered-To: header when forwarding ! # mail is not recommended. # # prepend_delivered_header = command, file, forward # prepend_delivered_header = forward diff -cr --new-file ../postfix-20010228-pl01/conf/sample-misc.cf ./conf/sample-misc.cf *** ../postfix-20010228-pl01/conf/sample-misc.cf Mon Feb 26 18:56:19 2001 --- ./conf/sample-misc.cf Fri Apr 27 14:50:15 2001 *************** *** 99,105 **** # Specify a list of names separated by whitespace or comma. # # import_environment = MAIL_CONFIG TZ XAUTHORITY DISPLAY HOME PURIFYOPTIONS ! import_environment = MAIL_CONFIG TZ XAUTHORITY DISPLAY # The inet_interfaces parameter specifies the network interface # addresses that this mail system receives mail on. By default, --- 99,105 ---- # Specify a list of names separated by whitespace or comma. # # import_environment = MAIL_CONFIG TZ XAUTHORITY DISPLAY HOME PURIFYOPTIONS ! import_environment = MAIL_CONFIG MAIL_DEBUG TZ XAUTHORITY DISPLAY # The inet_interfaces parameter specifies the network interface # addresses that this mail system receives mail on. By default, diff -cr --new-file ../postfix-20010228-pl01/html/basic.html ./html/basic.html *** ../postfix-20010228-pl01/html/basic.html Wed Feb 28 10:38:17 2001 --- ./html/basic.html Fri Apr 6 12:32:44 2001 *************** *** 19,25 ****

Introduction

! Postfix has about 100 configuration parameters that are controlled via the main.cf file. Fortunately, they have sensible default values. In most cases, you need to configure only two or three parameters before you can use the Postfix mail system: --- 19,25 ----

Introduction

! Postfix has several hundred configuration parameters that are controlled via the main.cf file. Fortunately, they have sensible default values. In most cases, you need to configure only two or three parameters before you can use the Postfix mail system: *************** *** 39,49 **** The default values for many other configuration parameters are ! derived from just these two.

! The third parameter of interest controls the amount of mail sent to the local postmaster:

The default values for many other configuration parameters are ! derived from just these.

! The next parameter of interest controls the amount of mail sent to the local postmaster:

*************** *** 169,174 **** --- 175,183 ----

  • Postfix logs SMTP clients as IP addresses +
  • warning: xxx.xxx.xxx.xxx: address not listed + for hostname yyy.yyy.yyy +

    Mail relaying

    *************** *** 200,205 **** --- 209,217 ----
  • What does "fatal: unknown service: smtp/tcp" mean? +
  • Mail delivery fails with: "unknown + mail transport error" +

    Local (non-virtual) delivery

    *************** *** 232,237 **** --- 244,252 ----
  • What does "fatal: open database /etc/aliases.db" mean? +
  • Mail delivery fails with: "unknown + mail transport error" +

    Mailing lists

    *************** *** 249,255 ****
  • Postfix ignores the owner-list alias !
  • Commands and mailing lists don't work in Postfix virtual maps --- 264,270 ----
  • Postfix ignores the owner-list alias !
  • Commands, mailing lists, and /file/name destinations don't work in Postfix virtual maps *************** *** 266,272 ****
  • Postfix refuses mail for virtual domains with "relay access denied" !
  • Commands and mailing lists don't work in Postfix virtual maps
  • Receiving a virtual domain in a mailbox --- 281,287 ----
  • Postfix refuses mail for virtual domains with "relay access denied" !
  • Commands, mailing lists, and /file/name destinations don't work in Postfix virtual maps
  • Receiving a virtual domain in a mailbox *************** *** 941,954 ****

    What does "fatal: open database /etc/aliases.db" mean?

     ! Your aliases database is corrupt or it is missing. Execute the ! following command as root: 

    !     # newaliases
    --- 956,1029 ----

    What does "fatal: open database /etc/aliases.db" mean?

     ! DB files are maintained by the Berkeley DB library. The above ! message means one of the following things: ! !

    ! !

      ! !
    • The existing file does not have the expected file format. ! The cause is one of the following:

      +

        + +
      • The file was created by Berkeley DB version 1 and you are using + version 2 or 3 (or vice versa). + +

        + +

      • The file was written in "btree" format and Postfix expects + "hash" format (or vice versa). + +
      + +

      + + To fix the problem for Postfix execute the following command as root: + + 

      !     newaliases
      +
      + + This creates the aliases.db in the format that Postfix expects. + +

      + +

    • Or the problem could be something completely different. If the + result of running newaliases is a zero-length aliases.db + file, then you probably suffer from the following problem. + +

      + +

        + +
      • Postfix was compiled with #include files for Berkeley DB version + X and was linked against object library files for Berkeley DB + version Y, where X and Y are different versions + of the Berkeley DB library. + +
      + +

      + + The fix for this is to properly install the Berkeley DB library. + For example, RedHat version 7.0 uses the Berkeley DB version 3 + object library by default, but no /usr/include/db.h file is + installed by default. In order to correctly build Postfix you + must install the db3-devel package. + +

      + + On a properly installed system, including the file <db.h> + and linking with -ldb should access files from the same + Berkeley DB library version. + +

    *************** *** 1257,1262 **** --- 1332,1374 ----
    +

    warning: xxx.xxx.xxx.xxx: address not listed + for hostname yyy.yyy.yyy

    + + Postfix uses hostnames in its junk mail and mail relay controls. + This means that in theory someone could be motivated to set up + bogus DNS information, in order to get past your junk mail or mail + relay controls. + +

    + + When Postfix looks up the SMTP client hostname for the SMTP client + IP address, then Postfix also checks if the SMTP client IP address + is listed under the SMTP client hostname. + +

    + + If the SMTP client IP address is not listed under the SMTP client + hostname, then Postfix concludes that the SMTP client hostname does + not belong to the SMTP client IP address, and ignores the SMTP + client hostname. A warning is logged, so that you can find out why + an SMTP client is or is not stopped by your junk mail or mail relay + checks. + +

    + + You could contact the people who maintain the SMTP client's DNS + records, and explain to them that each IP address needs one PTR + record, and that this one PTR record needs a matching A record. + +

    + + Some people read the RFCs such that one IP address can have multiple + PTR records, but that makes PTR records even less useful than they + already are. And in any case, having multiple names per IP address + would only worsen the problem of finding out the "official name" + of a machine's IP address. +

    Help! Postfix is an open relay

    According to some relay checking software, Postfix accepts *************** *** 1839,1844 **** --- 1951,1986 ---- examples/chroot-setup directory. + +
    + +

    Mail delivery fails with: "unknown + mail transport error"

    + + This is an opportunity to meet your friends egrep and + less. Postfix activity, including progres and failure, is + logged to a logfile, typically named /var/log/maillog. To + find out where Postfix activity is logged on your machine, examine + the /etc/syslog.conf file. + +

    + + To find out the cause for the "unknown mail transport error", type + the following command: + +

    + + egrep '(warning|fatal|panic):' /var/log/maillog | less + +
    + + Pay particular attention to messages that are labeled as fatal + and panic. These describe catastrophic failures that need + to be addressed before Postfix is happy. Problems labeled as + fatal are fixed by you, by adjusting configuration files, + file permissions and so on. Problems labeled as panic are + fixed by the Postfix author, by changing Postfix source code. +

    Root's mail is delivered to nobody

    *************** *** 2416,2427 ****
    !

    Commands and mailing lists don't work in Postfix virtual maps

    Short reply: specify a Sendmail-style     virtual ! domain, and specify the command or mailing list in the local aliases file.

    --- 2558,2569 ----

    !

    Commands, mailing, and /file/name destinations don't work in Postfix virtual maps

    Short reply: specify a Sendmail-style     virtual ! domain, and specify the command, mailing list, or /file/name ! destination in the local aliases file.

    *************** *** 2429,2445 ****

    ! Delivering mail to a command is a security-sensitive operation, ! because the command must be executed with the right privileges. ! Only root-privileged software such as the Postfix local ! delivery agent can set the privileges for a command.

    For security reasons, Postfix tries to avoid using root privileges where possible. In particular, Postfix virtual mapping is done by an unprivileged daemon, so there is no secure way to ! execute commands found in virtual maps.

    --- 2571,2588 ----

    ! Delivering mail to a file or command is a security-sensitive ! operation, because the operation must be executed with the right ! privileges. Only root-privileged software such as the ! Postfix local delivery agent can set the privileges for command ! or file delivery.

    For security reasons, Postfix tries to avoid using root privileges where possible. In particular, Postfix virtual mapping is done by an unprivileged daemon, so there is no secure way to ! execute commands or to deliver to files specified in virtual maps.

    *************** *** 2902,2915 ****

    To avoid queue file name collisions when copying queue files, ! restore queue files in the maildrop directory instead. 

          # postfix stop
!     ... restore queue files under the maildrop directory...
      # postfix start

    --- 3045,3072 ----

    To avoid queue file name collisions when copying queue files, ! restore the incoming, active and deferred queue files under the ! maildrop directory instead. ! !

    ! ! As of late 2000, Postfix queues are all hashed (for example, file ! ABCDEF is stored as A/B/ABCDEF), so you need an additional step to ! move files down from their subdirectories. 

          # postfix stop
!     # cd /var/spool/postfix/maildrop
!     ... restore incoming/active/deferred queue files under the maildrop directory...
!     # find incoming active deferred -type f -exec mv '{}' . ';'
!     # rm -rf incoming active deferred
      # postfix start
    + + While all this is going on, don't submit new mail locally, because + that could collide with the files you are restoring under the + maildrop directory.

    diff -cr --new-file ../postfix-20010228-pl01/html/master.8.html ./html/master.8.html *** ../postfix-20010228-pl01/html/master.8.html Fri Feb 2 19:14:37 2001 --- ./html/master.8.html Fri Apr 27 15:13:43 2001 *************** *** 9,15 **** master - Postfix master process SYNOPSIS ! master [-c config_dir] [-D] [-t] [-v] DESCRIPTION The master daemon is the resident process that runs Post- --- 9,15 ---- master - Postfix master process SYNOPSIS ! master [-c config_dir] [-e exit_time] [-D] [-t] [-v] DESCRIPTION The master daemon is the resident process that runs Post- *************** *** 37,42 **** --- 37,47 ---- in the named directory instead of the default con- figuration directory. + -e exit_time + Terminate the master process after exit_time sec- + onds. Child processes terminate at their conve- + nience. + -D After initialization, run a debugger on the master process. The debugging command is specified with the debugger_command in the main.cf global configu- *************** *** 54,64 **** Signals: SIGHUP Upon receipt of a HUP signal (e.g., after postfix - reload), the master process re-reads its configura- - tion files. If a service has been removed from the - master.cf file, its running processes are termi- - nated immediately. Otherwise, running processes - are allowed to terminate as soon as is convenient, --- 59,64 ---- *************** *** 71,76 **** --- 71,81 ---- MASTER(8) MASTER(8) + reload), the master process re-reads its configura- + tion files. If a service has been removed from the + master.cf file, its running processes are termi- + nated immediately. Otherwise, running processes + are allowed to terminate as soon as is convenient, so that changes in configuration settings affect only new service requests. *************** *** 119,129 **** daemon_directory Directory with Postfix daemon programs. - queue_directory - Top-level directory of the Postfix queue. This is - also the root directory of Postfix daemons that run - chrooted. - --- 124,129 ---- *************** *** 137,142 **** --- 137,147 ---- MASTER(8) MASTER(8) + queue_directory + Top-level directory of the Postfix queue. This is + also the root directory of Postfix daemons that run + chrooted. + Resource controls default_process_limit Default limit for the number of simultaneous child *************** *** 173,183 **** IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA - - - - - --- 178,183 ---- diff -cr --new-file ../postfix-20010228-pl01/html/pcre_table.5.html ./html/pcre_table.5.html *** ../postfix-20010228-pl01/html/pcre_table.5.html Tue Oct 24 15:24:34 2000 --- ./html/pcre_table.5.html Fri Apr 27 15:13:45 2001 *************** *** 47,59 **** is `U', which makes matching ungreedy (see PCRE documenta- tion and source for more info). ! Each pattern is applied to the entire string being looked ! up. Depending on the application, that string is an ! entire client hostname, an entire client IP address, or an ! entire mail address. Thus, no parent domain or parent ! network search is done, and user@domain mail addresses are ! not broken up into their user and domain constituent ! parts, nor is user+foo broken up into user and foo. Patterns are applied in the order as specified in the table, until a pattern is found that matches the search --- 47,59 ---- is `U', which makes matching ungreedy (see PCRE documenta- tion and source for more info). ! Each pattern is applied to the entire lookup key string. ! Depending on the application, that string is an entire ! client hostname, an entire client IP address, or an entire ! mail address. Thus, no parent domain or parent network ! search is done, and user@domain mail addresses are not ! broken up into their user and domain constituent parts, ! nor is user+foo broken up into user and foo. Patterns are applied in the order as specified in the table, until a pattern is found that matches the search *************** *** 71,81 **** PCRE_TABLE(5) PCRE_TABLE(5) ! Substitution of sub-strings from the matched expression is ! possible using the conventional perl syntax ($1, $2, ! etc.). The macros in the replacement string may need to be ! written as ${n} or $(n) if they aren't followed by whites- ! pace. EXAMPLES # Protect your outgoing majordomo exploders --- 71,81 ---- PCRE_TABLE(5) PCRE_TABLE(5) ! Substitution of substrings from the matched expression ! into the result string is possible using the conventional ! perl syntax ($1, $2, etc.). The macros in the result ! string may need to be written as ${n} or $(n) if they ! aren't followed by whitespace. EXAMPLES # Protect your outgoing majordomo exploders diff -cr --new-file ../postfix-20010228-pl01/html/regexp_table.5.html ./html/regexp_table.5.html *** ../postfix-20010228-pl01/html/regexp_table.5.html Tue Oct 24 15:24:34 2000 --- ./html/regexp_table.5.html Fri Apr 27 15:13:45 2001 *************** *** 50,62 **** Other flags are `x' (disable extended expression syntax), and `m' (enable multi-line mode). ! Each pattern is applied to the entire string being looked ! up. Depending on the application, that string is an ! entire client hostname, an entire client IP address, or an ! entire mail address. Thus, no parent domain or parent ! network search is done, and user@domain mail addresses are ! not broken up into their user and domain constituent ! parts, nor is user+foo broken up into user and foo. Patterns are applied in the order as specified in the --- 50,62 ---- Other flags are `x' (disable extended expression syntax), and `m' (enable multi-line mode). ! Each pattern is applied to the entire lookup key string. ! Depending on the application, that string is an entire ! client hostname, an entire client IP address, or an entire ! mail address. Thus, no parent domain or parent network ! search is done, and user@domain mail addresses are not ! broken up into their user and domain constituent parts, ! nor is user+foo broken up into user and foo. Patterns are applied in the order as specified in the *************** *** 74,83 **** table, until a pattern is found that matches the search string. ! Substitution of sub-strings from the matched expression is ! possible using $1, $2, etc.. The macros in the replacement ! string may need to be written as ${n} or $(n) if they ! aren't followed by whitespace. EXAMPLES # Disallow sender-specified routing. This is a must if you relay mail --- 74,83 ---- table, until a pattern is found that matches the search string. ! Substitution of substrings from the matched expression ! into the result string is possible using $1, $2, etc.. The ! macros in the result string may need to be written as ${n} ! or $(n) if they aren't followed by whitespace. EXAMPLES # Disallow sender-specified routing. This is a must if you relay mail diff -cr --new-file ../postfix-20010228-pl01/html/smtpd.8.html ./html/smtpd.8.html *** ../postfix-20010228-pl01/html/smtpd.8.html Sat Feb 24 10:13:19 2001 --- ./html/smtpd.8.html Fri Apr 27 15:13:44 2001 *************** *** 283,289 **** nasty relay loopholes involving trusted backup MX hosts. ! restriction_classes Declares the name of zero or more parameters that contain a list of UCE restrictions. The names of these parameters can then be used instead of the --- 283,289 ---- nasty relay loopholes involving trusted backup MX hosts. ! smtpd_restriction_classes Declares the name of zero or more parameters that contain a list of UCE restrictions. The names of these parameters can then be used instead of the diff -cr --new-file ../postfix-20010228-pl01/man/man5/pcre_table.5 ./man/man5/pcre_table.5 *** ../postfix-20010228-pl01/man/man5/pcre_table.5 Tue Oct 24 15:24:28 2000 --- ./man/man5/pcre_table.5 Fri Apr 27 15:13:37 2001 *************** *** 41,47 **** matching ungreedy (see PCRE documentation and source for more info). ! Each pattern is applied to the entire string being looked up. Depending on the application, that string is an entire client hostname, an entire client IP address, or an entire mail address. Thus, no parent domain or parent network search is done, and --- 41,47 ---- matching ungreedy (see PCRE documentation and source for more info). ! Each pattern is applied to the entire lookup key string. Depending on the application, that string is an entire client hostname, an entire client IP address, or an entire mail address. Thus, no parent domain or parent network search is done, and *************** *** 52,60 **** Patterns are applied in the order as specified in the table, until a pattern is found that matches the search string. ! Substitution of sub-strings from the matched expression is ! possible using the conventional perl syntax ($1, $2, etc.). The ! macros in the replacement string may need to be written as ${n} or $(n) if they aren't followed by whitespace. .SH EXAMPLES .na --- 52,60 ---- Patterns are applied in the order as specified in the table, until a pattern is found that matches the search string. ! Substitution of substrings from the matched expression into the result ! string is possible using the conventional perl syntax ($1, $2, etc.). ! The macros in the result string may need to be written as ${n} or $(n) if they aren't followed by whitespace. .SH EXAMPLES .na diff -cr --new-file ../postfix-20010228-pl01/man/man5/regexp_table.5 ./man/man5/regexp_table.5 *** ../postfix-20010228-pl01/man/man5/regexp_table.5 Tue Oct 24 15:24:28 2000 --- ./man/man5/regexp_table.5 Fri Apr 27 15:13:37 2001 *************** *** 43,49 **** are `x' (disable extended expression syntax), and `m' (enable multi-line mode). ! Each pattern is applied to the entire string being looked up. Depending on the application, that string is an entire client hostname, an entire client IP address, or an entire mail address. Thus, no parent domain or parent network search is done, and --- 43,49 ---- are `x' (disable extended expression syntax), and `m' (enable multi-line mode). ! Each pattern is applied to the entire lookup key string. Depending on the application, that string is an entire client hostname, an entire client IP address, or an entire mail address. Thus, no parent domain or parent network search is done, and *************** *** 54,61 **** Patterns are applied in the order as specified in the table, until a pattern is found that matches the search string. ! Substitution of sub-strings from the matched expression is ! possible using $1, $2, etc.. The macros in the replacement string may need to be written as ${n} or $(n) if they aren't followed by whitespace. .SH EXAMPLES --- 54,61 ---- Patterns are applied in the order as specified in the table, until a pattern is found that matches the search string. ! Substitution of substrings from the matched expression into the result ! string is possible using $1, $2, etc.. The macros in the result string may need to be written as ${n} or $(n) if they aren't followed by whitespace. .SH EXAMPLES diff -cr --new-file ../postfix-20010228-pl01/man/man8/master.8 ./man/man8/master.8 *** ../postfix-20010228-pl01/man/man8/master.8 Fri Feb 2 19:14:29 2001 --- ./man/man8/master.8 Fri Apr 27 15:13:37 2001 *************** *** 9,15 **** .na .nf .fi ! \fBmaster\fR [\fB-c \fIconfig_dir\fR] [\fB-D\fR] [\fB-t\fR] [\fB-v\fR] .SH DESCRIPTION .ad .fi --- 9,16 ---- .na .nf .fi ! \fBmaster\fR [\fB-c \fIconfig_dir\fR] [\fB-e \fIexit_time\fR] ! [\fB-D\fR] [\fB-t\fR] [\fB-v\fR] .SH DESCRIPTION .ad .fi *************** *** 34,39 **** --- 35,43 ---- .IP "\fB-c \fIconfig_dir\fR" Read the \fBmain.cf\fR and \fBmaster.cf\fR configuration files in the named directory instead of the default configuration directory. + .IP "\fB-e \fIexit_time\fR" + Terminate the master process after \fIexit_time\fR seconds. Child + processes terminate at their convenience. .IP \fB-D\fR After initialization, run a debugger on the master process. The debugging command is specified with the \fBdebugger_command\fR in diff -cr --new-file ../postfix-20010228-pl01/man/man8/smtpd.8 ./man/man8/smtpd.8 *** ../postfix-20010228-pl01/man/man8/smtpd.8 Sat Feb 24 10:13:12 2001 --- ./man/man8/smtpd.8 Fri Apr 27 15:13:37 2001 *************** *** 196,202 **** Allow untrusted clients to specify addresses with sender-specified routing. Enabling this opens up nasty relay loopholes involving trusted backup MX hosts. ! .IP \fBrestriction_classes\fR Declares the name of zero or more parameters that contain a list of UCE restrictions. The names of these parameters can then be used instead of the restriction lists that they represent. --- 196,202 ---- Allow untrusted clients to specify addresses with sender-specified routing. Enabling this opens up nasty relay loopholes involving trusted backup MX hosts. ! .IP \fBsmtpd_restriction_classes\fR Declares the name of zero or more parameters that contain a list of UCE restrictions. The names of these parameters can then be used instead of the restriction lists that they represent. diff -cr --new-file ../postfix-20010228-pl01/proto/pcre_table ./proto/pcre_table *** ../postfix-20010228-pl01/proto/pcre_table Tue Oct 24 15:17:38 2000 --- ./proto/pcre_table Fri Apr 13 15:02:42 2001 *************** *** 35,41 **** # matching ungreedy (see PCRE documentation and source for more # info). # ! # Each pattern is applied to the entire string being looked up. # Depending on the application, that string is an entire client # hostname, an entire client IP address, or an entire mail address. # Thus, no parent domain or parent network search is done, and --- 35,41 ---- # matching ungreedy (see PCRE documentation and source for more # info). # ! # Each pattern is applied to the entire lookup key string. # Depending on the application, that string is an entire client # hostname, an entire client IP address, or an entire mail address. # Thus, no parent domain or parent network search is done, and *************** *** 46,54 **** # Patterns are applied in the order as specified in the table, until a # pattern is found that matches the search string. # ! # Substitution of sub-strings from the matched expression is ! # possible using the conventional perl syntax ($1, $2, etc.). The ! # macros in the replacement string may need to be written as ${n} # or $(n) if they aren't followed by whitespace. # EXAMPLES # # Protect your outgoing majordomo exploders --- 46,54 ---- # Patterns are applied in the order as specified in the table, until a # pattern is found that matches the search string. # ! # Substitution of substrings from the matched expression into the result ! # string is possible using the conventional perl syntax ($1, $2, etc.). ! # The macros in the result string may need to be written as ${n} # or $(n) if they aren't followed by whitespace. # EXAMPLES # # Protect your outgoing majordomo exploders diff -cr --new-file ../postfix-20010228-pl01/proto/regexp_table ./proto/regexp_table *** ../postfix-20010228-pl01/proto/regexp_table Tue Oct 24 15:17:15 2000 --- ./proto/regexp_table Fri Apr 13 15:00:40 2001 *************** *** 37,43 **** # are `x' (disable extended expression syntax), and `m' (enable # multi-line mode). # ! # Each pattern is applied to the entire string being looked up. # Depending on the application, that string is an entire client # hostname, an entire client IP address, or an entire mail address. # Thus, no parent domain or parent network search is done, and --- 37,43 ---- # are `x' (disable extended expression syntax), and `m' (enable # multi-line mode). # ! # Each pattern is applied to the entire lookup key string. # Depending on the application, that string is an entire client # hostname, an entire client IP address, or an entire mail address. # Thus, no parent domain or parent network search is done, and *************** *** 48,55 **** # Patterns are applied in the order as specified in the table, until a # pattern is found that matches the search string. # ! # Substitution of sub-strings from the matched expression is ! # possible using $1, $2, etc.. The macros in the replacement string # may need to be written as ${n} or $(n) if they aren't followed # by whitespace. # EXAMPLES --- 48,55 ---- # Patterns are applied in the order as specified in the table, until a # pattern is found that matches the search string. # ! # Substitution of substrings from the matched expression into the result ! # string is possible using $1, $2, etc.. The macros in the result string # may need to be written as ${n} or $(n) if they aren't followed # by whitespace. # EXAMPLES diff -cr --new-file ../postfix-20010228-pl01/src/lmtp/lmtp_proto.c ./src/lmtp/lmtp_proto.c *** ../postfix-20010228-pl01/src/lmtp/lmtp_proto.c Mon Jan 22 20:44:10 2001 --- ./src/lmtp/lmtp_proto.c Fri Apr 27 15:33:12 2001 *************** *** 173,186 **** int lmtp_lhlo(LMTP_STATE *state) { - char *myname = "lmtp_lhlo"; LMTP_SESSION *session = state->session; LMTP_RESP *resp; int except; char *lines; char *words; char *word; - SOCKOPT_SIZE optlen = sizeof(state->sndbufsize); /* * Prepare for disaster. --- 173,184 ---- diff -cr --new-file ../postfix-20010228-pl01/src/master/Makefile.in ./src/master/Makefile.in *** ../postfix-20010228-pl01/src/master/Makefile.in Thu Mar 29 12:38:20 2001 --- ./src/master/Makefile.in Mon Apr 30 17:04:19 2001 *************** *** 121,126 **** --- 121,128 ---- master_ent.o: ../../include/stringops.h master_ent.o: ../../include/readlline.h master_ent.o: ../../include/inet_addr_list.h + master_ent.o: ../../include/inet_util.h + master_ent.o: ../../include/inet_addr_host.h master_ent.o: ../../include/mail_proto.h master_ent.o: ../../include/iostuff.h master_ent.o: ../../include/mail_params.h diff -cr --new-file ../postfix-20010228-pl01/src/master/master.c ./src/master/master.c *** ../postfix-20010228-pl01/src/master/master.c Fri Feb 2 17:11:24 2001 --- ./src/master/master.c Fri Apr 27 14:29:59 2001 *************** *** 5,11 **** /* Postfix master process /* SYNOPSIS /* .fi ! /* \fBmaster\fR [\fB-c \fIconfig_dir\fR] [\fB-D\fR] [\fB-t\fR] [\fB-v\fR] /* DESCRIPTION /* The \fBmaster\fR daemon is the resident process that runs Postfix /* daemons on demand: daemons to send or receive messages via the --- 5,12 ---- /* Postfix master process /* SYNOPSIS /* .fi ! /* \fBmaster\fR [\fB-c \fIconfig_dir\fR] [\fB-e \fIexit_time\fR] ! /* [\fB-D\fR] [\fB-t\fR] [\fB-v\fR] /* DESCRIPTION /* The \fBmaster\fR daemon is the resident process that runs Postfix /* daemons on demand: daemons to send or receive messages via the *************** *** 28,33 **** --- 29,37 ---- /* .IP "\fB-c \fIconfig_dir\fR" /* Read the \fBmain.cf\fR and \fBmaster.cf\fR configuration files in /* the named directory instead of the default configuration directory. + /* .IP "\fB-e \fIexit_time\fR" + /* Terminate the master process after \fIexit_time\fR seconds. Child + /* processes terminate at their convenience. /* .IP \fB-D\fR /* After initialization, run a debugger on the master process. The /* debugging command is specified with the \fBdebugger_command\fR in *************** *** 163,168 **** --- 167,182 ---- #include "master.h" + /* master_exit_event - exit for memory leak testing purposes */ + + static void master_exit_event(int unused_event, char *unused_context) + { + msg_info("master exit time has arrived"); + exit(0); + } + + /* main - main program */ + int main(int argc, char **argv) { static VSTREAM *lock_fp; *************** *** 251,262 **** /* * Process JCL. */ ! while ((ch = GETOPT(argc, argv, "c:Dtv")) > 0) { switch (ch) { case 'c': if (setenv(CONF_ENV_PATH, optarg, 1) < 0) msg_fatal("out of memory"); break; case 'D': debug_me = 1; break; --- 265,279 ---- /* * Process JCL. */ ! while ((ch = GETOPT(argc, argv, "c:e:Dtv")) > 0) { switch (ch) { case 'c': if (setenv(CONF_ENV_PATH, optarg, 1) < 0) msg_fatal("out of memory"); break; + case 'e': + event_request_timer(master_exit_event, (char *) 0, atoi(optarg)); + break; case 'D': debug_me = 1; break; *************** *** 267,273 **** msg_verbose++; break; default: ! msg_fatal("usage: %s [-D] [-t] [-v]", argv[0]); /* NOTREACHED */ } } --- 284,290 ---- msg_verbose++; break; default: ! msg_fatal("usage: %s [-c config_dir] [-e exit_time] [-D (debug)] [-t (test)] [-v]", argv[0]); /* NOTREACHED */ } } *************** *** 282,289 **** /* * Environment import filter, to enforce consistent behavior whether ! * Postfix is started by hand, or at system boot time. The argument list ! * specifies what environment parameters to preserve. */ import_env = argv_split(var_import_environ, ", \t\r\n"); clean_env(import_env->argv); --- 299,305 ---- /* * Environment import filter, to enforce consistent behavior whether ! * Postfix is started by hand, or at system boot time. */ import_env = argv_split(var_import_environ, ", \t\r\n"); clean_env(import_env->argv); diff -cr --new-file ../postfix-20010228-pl01/src/master/master.h ./src/master/master.h *** ../postfix-20010228-pl01/src/master/master.h Sun Oct 1 19:05:57 2000 --- ./src/master/master.h Mon Apr 30 16:49:57 2001 *************** *** 24,31 **** int *listen_fd; /* incoming requests */ int listen_fd_count; /* nr of descriptors */ union { ! struct INET_ADDR_LIST *inet; ! } addr_list; int max_proc; /* upper bound on # processes */ char *path; /* command pathname */ struct ARGV *args; /* argument vector */ --- 24,36 ---- int *listen_fd; /* incoming requests */ int listen_fd_count; /* nr of descriptors */ union { ! struct { ! char *port; /* inet listen port */ ! struct INET_ADDR_LIST *addr;/* inet listen address */ ! } inet_ep; ! #define MASTER_INET_ADDRLIST(s) ((s)->endpoint.inet_ep.addr) ! #define MASTER_INET_PORT(s) ((s)->endpoint.inet_ep.port) ! } endpoint; int max_proc; /* upper bound on # processes */ char *path; /* command pathname */ struct ARGV *args; /* argument vector */ *************** *** 45,50 **** --- 50,56 ---- #define MASTER_FLAG_THROTTLE (1<<0) /* we're having trouble */ #define MASTER_FLAG_MARK (1<<1) /* garbage collection support */ #define MASTER_FLAG_CONDWAKE (1<<2) /* wake up if actually used */ + #define MASTER_FLAG_INETHOST (1<<3) /* endpoint name specifies host */ #define MASTER_THROTTLED(f) ((f)->flags & MASTER_FLAG_THROTTLE) diff -cr --new-file ../postfix-20010228-pl01/src/master/master_ent.c ./src/master/master_ent.c *** ../postfix-20010228-pl01/src/master/master_ent.c Mon Nov 20 13:05:42 2000 --- ./src/master/master_ent.c Mon Apr 30 18:32:27 2001 *************** *** 84,89 **** --- 84,91 ---- #include #include #include + #include + #include /* Global library. */ *************** *** 222,227 **** --- 224,231 ---- MASTER_SERV *serv; char *cp; char *name; + char *host; + char *port; char *transport; int private; int unprivileged; /* passed on to child */ *************** *** 229,234 **** --- 233,239 ---- char *command; int n; char *bufp; + char *atmp; if (master_fp == 0) msg_panic("get_master_ent: config file not open"); *************** *** 270,282 **** transport = get_str_ent(&bufp, "transport type", (char *) 0); if (STR_SAME(transport, MASTER_XPORT_NAME_INET)) { serv->type = MASTER_SERV_TYPE_INET; ! if (strcasecmp(var_inet_interfaces, DEF_INET_INTERFACES) == 0) { ! serv->addr_list.inet = 0; /* wild-card */ serv->listen_fd_count = 1; } else { ! serv->addr_list.inet = own_inet_addr_list(); /* virtual */ ! serv->listen_fd_count = serv->addr_list.inet->used; } } else if (STR_SAME(transport, MASTER_XPORT_NAME_UNIX)) { serv->type = MASTER_SERV_TYPE_UNIX; serv->listen_fd_count = 1; --- 275,297 ---- transport = get_str_ent(&bufp, "transport type", (char *) 0); if (STR_SAME(transport, MASTER_XPORT_NAME_INET)) { serv->type = MASTER_SERV_TYPE_INET; ! atmp = inet_parse(name, &host, &port); ! if (*host) { ! serv->flags |= MASTER_FLAG_INETHOST;/* host:port */ ! MASTER_INET_ADDRLIST(serv) = (INET_ADDR_LIST *) ! mymalloc(sizeof(*MASTER_INET_ADDRLIST(serv))); ! inet_addr_list_init(MASTER_INET_ADDRLIST(serv)); ! inet_addr_host(MASTER_INET_ADDRLIST(serv), host); ! serv->listen_fd_count = MASTER_INET_ADDRLIST(serv)->used; ! } else if (strcasecmp(var_inet_interfaces, DEF_INET_INTERFACES) == 0) { ! MASTER_INET_ADDRLIST(serv) = 0; /* wild-card */ serv->listen_fd_count = 1; } else { ! MASTER_INET_ADDRLIST(serv) = own_inet_addr_list(); /* virtual */ ! serv->listen_fd_count = MASTER_INET_ADDRLIST(serv)->used; } + MASTER_INET_PORT(serv) = mystrdup(port); + myfree(atmp); } else if (STR_SAME(transport, MASTER_XPORT_NAME_UNIX)) { serv->type = MASTER_SERV_TYPE_UNIX; serv->listen_fd_count = 1; *************** *** 449,454 **** --- 464,475 ---- /* * Undo what get_master_ent() created. */ + if (serv->flags & MASTER_FLAG_INETHOST) { + inet_addr_list_free(MASTER_INET_ADDRLIST(serv)); + myfree((char *) MASTER_INET_ADDRLIST(serv)); + } + if (serv->type == MASTER_SERV_TYPE_INET) + myfree(MASTER_INET_PORT(serv)); myfree(serv->name); myfree(serv->path); argv_free(serv->args); diff -cr --new-file ../postfix-20010228-pl01/src/master/master_listen.c ./src/master/master_listen.c *** ../postfix-20010228-pl01/src/master/master_listen.c Sun Mar 21 20:32:59 1999 --- ./src/master/master_listen.c Mon Apr 30 17:01:58 2001 *************** *** 106,120 **** * bound to specific interface addresses. */ case MASTER_SERV_TYPE_INET: ! if (serv->addr_list.inet == 0) { /* wild-card */ serv->listen_fd[0] = ! inet_listen(serv->name, serv->max_proc > var_proc_limit ? serv->max_proc : var_proc_limit, NON_BLOCKING); close_on_exec(serv->listen_fd[0], CLOSE_ON_EXEC); ! } else { /* virtual */ for (n = 0; n < serv->listen_fd_count; n++) { ! end_point = concatenate(inet_ntoa(serv->addr_list.inet->addrs[n]), ! ":", serv->name, (char *) 0); serv->listen_fd[n] = inet_listen(end_point, serv->max_proc > var_proc_limit ? serv->max_proc : var_proc_limit, NON_BLOCKING); --- 106,121 ---- * bound to specific interface addresses. */ case MASTER_SERV_TYPE_INET: ! if (MASTER_INET_ADDRLIST(serv) == 0) { /* wild-card */ serv->listen_fd[0] = ! inet_listen(MASTER_INET_PORT(serv), ! serv->max_proc > var_proc_limit ? serv->max_proc : var_proc_limit, NON_BLOCKING); close_on_exec(serv->listen_fd[0], CLOSE_ON_EXEC); ! } else { /* virtual or host:port */ for (n = 0; n < serv->listen_fd_count; n++) { ! end_point = concatenate(inet_ntoa(MASTER_INET_ADDRLIST(serv)->addrs[n]), ! ":", MASTER_INET_PORT(serv), (char *) 0); serv->listen_fd[n] = inet_listen(end_point, serv->max_proc > var_proc_limit ? serv->max_proc : var_proc_limit, NON_BLOCKING); diff -cr --new-file ../postfix-20010228-pl01/src/pipe/pipe.c ./src/pipe/pipe.c *** ../postfix-20010228-pl01/src/pipe/pipe.c Thu Mar 29 15:07:59 2001 --- ./src/pipe/pipe.c Fri Apr 27 15:28:41 2001 *************** *** 315,321 **** /* expand_argv - expand macros in the argument vector */ ! static ARGV *expand_argv(char **argv, RECIPIENT_LIST *rcpt_list, long data_size) { VSTRING *buf = vstring_alloc(100); ARGV *result; --- 315,321 ---- /* expand_argv - expand macros in the argument vector */ ! static ARGV *expand_argv(char **argv, RECIPIENT_LIST *rcpt_list) { VSTRING *buf = vstring_alloc(100); ARGV *result; *************** *** 710,716 **** vstring_sprintf(buf, "%ld", (long) request->data_size); dict_update(PIPE_DICT_TABLE, PIPE_DICT_SIZE, STR(buf)); vstring_free(buf); ! expanded_argv = expand_argv(attr.command, rcpt_list, request->data_size); export_env = argv_split(var_export_environ, ", \t\r\n"); command_status = pipe_command(request->fp, why, --- 710,716 ---- vstring_sprintf(buf, "%ld", (long) request->data_size); dict_update(PIPE_DICT_TABLE, PIPE_DICT_SIZE, STR(buf)); vstring_free(buf); ! expanded_argv = expand_argv(attr.command, rcpt_list); export_env = argv_split(var_export_environ, ", \t\r\n"); command_status = pipe_command(request->fp, why, diff -cr --new-file ../postfix-20010228-pl01/src/smtp/smtp_addr.c ./src/smtp/smtp_addr.c *** ../postfix-20010228-pl01/src/smtp/smtp_addr.c Sun Feb 4 13:32:39 2001 --- ./src/smtp/smtp_addr.c Wed Apr 4 16:49:38 2001 *************** *** 354,359 **** --- 354,361 ---- } else if (*var_bestmx_transp != 0) { /* we're best MX */ smtp_errno = SMTP_OK; } else { + msg_warn("mailer loop: best MX host for %s is local", + name); vstring_sprintf(why, "mail for %s loops back to myself", name); smtp_errno = SMTP_FAIL; diff -cr --new-file ../postfix-20010228-pl01/src/smtpd/smtpd.c ./src/smtpd/smtpd.c *** ../postfix-20010228-pl01/src/smtpd/smtpd.c Thu Feb 22 15:53:23 2001 --- ./src/smtpd/smtpd.c Fri Apr 27 13:27:29 2001 *************** *** 182,188 **** /* Allow untrusted clients to specify addresses with sender-specified /* routing. Enabling this opens up nasty relay loopholes involving /* trusted backup MX hosts. ! /* .IP \fBrestriction_classes\fR /* Declares the name of zero or more parameters that contain a /* list of UCE restrictions. The names of these parameters can /* then be used instead of the restriction lists that they represent. --- 182,188 ---- /* Allow untrusted clients to specify addresses with sender-specified /* routing. Enabling this opens up nasty relay loopholes involving /* trusted backup MX hosts. ! /* .IP \fBsmtpd_restriction_classes\fR /* Declares the name of zero or more parameters that contain a /* list of UCE restrictions. The names of these parameters can /* then be used instead of the restriction lists that they represent. *************** *** 523,528 **** --- 523,529 ---- int naddr; int non_addr; char *err = 0; + char *junk; /* * Special case. *************** *** 544,550 **** */ if (msg_verbose) msg_info("%s: input: %s", myname, STR(arg->vstrval)); ! tree = tok822_parse(STR(arg->vstrval)); /* * Find trouble. --- 545,557 ---- */ if (msg_verbose) msg_info("%s: input: %s", myname, STR(arg->vstrval)); ! if (STR(arg->vstrval)[0] == '<' ! && STR(arg->vstrval)[LEN(arg->vstrval) - 1] == '>') { ! junk = mystrndup(STR(arg->vstrval) + 1, LEN(arg->vstrval) - 2); ! tree = tok822_parse(junk); ! myfree(junk); ! } else ! tree = tok822_parse(STR(arg->vstrval)); /* * Find trouble. *************** *** 823,831 **** * error. */ if (state->rcpt_count == 0) { ! if (state->cleanup == 0) state->error_mask |= MAIL_ERROR_PROTOCOL; ! smtpd_chat_reply(state, "503 Error: need RCPT command"); return (-1); } if (argc != 1) { --- 830,841 ---- * error. */ if (state->rcpt_count == 0) { ! if (state->cleanup == 0) { state->error_mask |= MAIL_ERROR_PROTOCOL; ! smtpd_chat_reply(state, "503 Error: need RCPT command"); ! } else { ! smtpd_chat_reply(state, "550 Error: no valid recipients"); ! } return (-1); } if (argc != 1) { diff -cr --new-file ../postfix-20010228-pl01/src/smtpd/smtpd_check.c ./src/smtpd/smtpd_check.c *** ../postfix-20010228-pl01/src/smtpd/smtpd_check.c Sun Jan 28 10:24:46 2001 --- ./src/smtpd/smtpd_check.c Mon Apr 30 12:33:53 2001 *************** *** 24,29 **** --- 24,33 ---- /* SMTPD_STATE *state; /* char *recipient; /* + /* char *smtpd_check_rcptmap(state, recipient) + /* SMTPD_STATE *state; + /* char *recipient; + /* /* char *smtpd_check_etrn(state, destination) /* SMTPD_STATE *state; /* char *destination; *************** *** 172,177 **** --- 176,187 ---- /* Restrictions on the recipient address that is sent with the RCPT /* TO command. /* .PP + /* smtpd_check_rcptmap() validates the recipient address provided + /* with an RCPT TO request. Relevant configuration parameters: + /* .IP local_recipients_map + /* Tables of user names (not addresses) that exist in $mydestination. + /* Mail for local users not in these tables is rejected. + /* .PP /* smtpd_check_etrn() validates the domain name provided with the /* ETRN command, and other client-provided information. Relevant /* configuration parameters: *************** *** 565,570 **** --- 575,617 ---- return (SMTPD_CHECK_REJECT); } + /* reject_dict_retry - reject with temporary failure if dict lookup fails */ + + static void reject_dict_retry(SMTPD_STATE *state, const char *reply_name) + { + longjmp(smtpd_check_buf, smtpd_check_reject(state, MAIL_ERROR_RESOURCE, + "%d <%s>: Temporary lookup failure", + 451, reply_name)); + } + + /* check_maps_find - reject with temporary failure if dict lookup fails */ + + static const char *check_maps_find(SMTPD_STATE *state, const char *reply_name, + MAPS *maps, const char *key, int flags) + { + const char *result; + + dict_errno = 0; + if ((result = maps_find(maps, key, flags)) == 0 + && dict_errno == DICT_ERR_RETRY) + reject_dict_retry(state, reply_name); + return (result); + } + + /* check_mail_addr_find - reject with temporary failure if dict lookup fails */ + + static const char *check_mail_addr_find(SMTPD_STATE *state, const char *reply_name, + MAPS *maps, const char *key, char **ext) + { + const char *result; + + dict_errno = 0; + if ((result = mail_addr_find(maps, key, ext)) == 0 + && dict_errno == DICT_ERR_RETRY) + reject_dict_retry(state, reply_name); + return (result); + } + /* reject_unknown_client - fail if client hostname is unknown */ static int reject_unknown_client(SMTPD_STATE *state) *************** *** 769,775 **** return (SMTPD_CHECK_DUNNO); } ! static int permit_auth_destination(char *recipient); /* check_relay_domains - OK/FAIL for message relaying */ --- 816,822 ---- return (SMTPD_CHECK_DUNNO); } ! static int permit_auth_destination(SMTPD_STATE *state, char *recipient); /* check_relay_domains - OK/FAIL for message relaying */ *************** *** 790,796 **** /* * Permit authorized destinations. */ ! if (permit_auth_destination(recipient) == SMTPD_CHECK_OK) return (SMTPD_CHECK_OK); /* --- 837,843 ---- /* * Permit authorized destinations. */ ! if (permit_auth_destination(state, recipient) == SMTPD_CHECK_OK) return (SMTPD_CHECK_OK); /* *************** *** 803,809 **** /* permit_auth_destination - OK for message relaying */ ! static int permit_auth_destination(char *recipient) { char *myname = "permit_auth_destination"; char *domain; --- 850,856 ---- /* permit_auth_destination - OK for message relaying */ ! static int permit_auth_destination(SMTPD_STATE *state, char *recipient) { char *myname = "permit_auth_destination"; char *domain; *************** *** 830,836 **** * virtual_maps. */ if (resolve_local(domain) ! || (*var_virtual_maps && maps_find(virtual_maps, domain, 0))) return (SMTPD_CHECK_OK); /* --- 877,884 ---- * virtual_maps. */ if (resolve_local(domain) ! || (*var_virtual_maps ! && check_maps_find(state, recipient, virtual_maps, domain, 0))) return (SMTPD_CHECK_OK); /* *************** *** 863,869 **** /* * Skip authorized destination. */ ! if (permit_auth_destination(recipient) == SMTPD_CHECK_OK) return (SMTPD_CHECK_DUNNO); /* --- 911,917 ---- /* * Skip authorized destination. */ ! if (permit_auth_destination(state, recipient) == SMTPD_CHECK_OK) return (SMTPD_CHECK_DUNNO); /* *************** *** 936,942 **** /* permit_mx_backup - permit use of me as MX backup for recipient domain */ ! static int permit_mx_backup(SMTPD_STATE *unused_state, const char *recipient) { char *myname = "permit_mx_backup"; char *domain; --- 984,990 ---- /* permit_mx_backup - permit use of me as MX backup for recipient domain */ ! static int permit_mx_backup(SMTPD_STATE *state, const char *recipient) { char *myname = "permit_mx_backup"; char *domain; *************** *** 963,969 **** return (SMTPD_CHECK_OK); domain += 1; if (resolve_local(domain) ! || (*var_virtual_maps && maps_find(virtual_maps, domain, 0))) return (SMTPD_CHECK_OK); if (msg_verbose) --- 1011,1018 ---- return (SMTPD_CHECK_OK); domain += 1; if (resolve_local(domain) ! || (*var_virtual_maps ! && check_maps_find(state, recipient, virtual_maps, domain, 0))) return (SMTPD_CHECK_OK); if (msg_verbose) *************** *** 1104,1110 **** return (SMTPD_CHECK_DUNNO); domain += 1; if (resolve_local(domain) ! || (*var_virtual_maps && maps_find(virtual_maps, domain, 0))) return (SMTPD_CHECK_DUNNO); if (domain[0] == '#') return (SMTPD_CHECK_DUNNO); --- 1153,1160 ---- return (SMTPD_CHECK_DUNNO); domain += 1; if (resolve_local(domain) ! || (*var_virtual_maps ! && check_maps_find(state, reply_name, virtual_maps, domain, 0))) return (SMTPD_CHECK_DUNNO); if (domain[0] == '#') return (SMTPD_CHECK_DUNNO); *************** *** 1441,1446 **** --- 1491,1504 ---- msg_info("%s: %s", myname, state->addr); /* + * IPv4 only for now + */ + #ifdef INET6 + if (inet_pton(AF_INET, state->addr, &a) != 1) + return SMTPD_CHECK_DUNNO; + #endif + + /* * Build the constant part of the RBL query: the reverse client address. */ for (i = octets->argc - 1; i >= 0; i--) { *************** *** 1656,1662 **** status = permit_mx_backup(state, state->recipient); } else if (strcasecmp(name, PERMIT_AUTH_DEST) == 0) { if (state->recipient) ! status = permit_auth_destination(state->recipient); } else if (strcasecmp(name, REJECT_UNAUTH_DEST) == 0) { if (state->recipient) status = reject_unauth_destination(state, state->recipient); --- 1714,1720 ---- status = permit_mx_backup(state, state->recipient); } else if (strcasecmp(name, PERMIT_AUTH_DEST) == 0) { if (state->recipient) ! status = permit_auth_destination(state, state->recipient); } else if (strcasecmp(name, REJECT_UNAUTH_DEST) == 0) { if (state->recipient) status = reject_unauth_destination(state, state->recipient); *************** *** 1925,1930 **** --- 1983,1989 ---- char *myname = "smtpd_check_rcptmap"; char *saved_recipient; char *domain; + int status; /* * XXX This module does a lot of unnecessary guessing. This functionality *************** *** 1941,1946 **** --- 2000,2012 ---- SMTPD_CHECK_PUSH(saved_recipient, state->recipient, recipient); /* + * Return here in case of serious trouble. + */ + if ((status = setjmp(smtpd_check_buf)) != 0) + SMTPD_CHECK_RCPT_RETURN(status == SMTPD_CHECK_REJECT ? + STR(error_text) : 0); + + /* * Resolve the address. */ canon_addr_internal(query, recipient); *************** *** 1958,1969 **** SMTPD_CHECK_RCPT_RETURN(0); #define NOMATCH(map, rcpt) \ ! (mail_addr_find(map, rcpt, (char **) 0) == 0 && dict_errno == 0) /* * Reject mail to unknown addresses in Postfix-style virtual domains. */ ! if (*var_virtual_maps && maps_find(virtual_maps, domain, 0)) { if (NOMATCH(rcpt_canon_maps, STR(reply.recipient)) && NOMATCH(canonical_maps, STR(reply.recipient)) && NOMATCH(relocated_maps, STR(reply.recipient)) --- 2024,2036 ---- SMTPD_CHECK_RCPT_RETURN(0); #define NOMATCH(map, rcpt) \ ! (check_mail_addr_find(state, recipient, map, rcpt, (char **) 0) == 0) /* * Reject mail to unknown addresses in Postfix-style virtual domains. */ ! if (*var_virtual_maps ! && (check_maps_find(state, recipient, virtual_maps, domain, 0))) { if (NOMATCH(rcpt_canon_maps, STR(reply.recipient)) && NOMATCH(canonical_maps, STR(reply.recipient)) && NOMATCH(relocated_maps, STR(reply.recipient)) *************** *** 2067,2074 **** --- 2134,2143 ---- * String-valued configuration parameters. */ char *var_maps_rbl_domains; + char *var_myorigin; char *var_mydest; char *var_inet_interfaces; + char *var_rcpt_delim; char *var_rest_classes; char *var_alias_maps; char *var_rcpt_canon_maps; *************** *** 2085,2092 **** --- 2154,2163 ---- static STRING_TABLE string_table[] = { VAR_MAPS_RBL_DOMAINS, DEF_MAPS_RBL_DOMAINS, &var_maps_rbl_domains, + VAR_MYORIGIN, DEF_MYORIGIN, &var_myorigin, VAR_MYDEST, DEF_MYDEST, &var_mydest, VAR_INET_INTERFACES, DEF_INET_INTERFACES, &var_inet_interfaces, + VAR_RCPT_DELIM, DEF_RCPT_DELIM, &var_rcpt_delim, VAR_REST_CLASSES, DEF_REST_CLASSES, &var_rest_classes, VAR_ALIAS_MAPS, DEF_ALIAS_MAPS, &var_alias_maps, VAR_RCPT_CANON_MAPS, DEF_RCPT_CANON_MAPS, &var_rcpt_canon_maps, *************** *** 2250,2255 **** --- 2321,2353 ---- reply->recipient = vstring_alloc(100); } + #ifdef USE_SASL_AUTH + + bool var_smtpd_sasl_enable = 0; + + /* smtpd_sasl_connect - stub */ + + void smtpd_sasl_connect(SMTPD_STATE *state) + { + msg_panic("smtpd_sasl_connect was called"); + } + + /* smtpd_sasl_disconnect - stub */ + + void smtpd_sasl_disconnect(SMTPD_STATE *state) + { + msg_panic("smtpd_sasl_disconnect was called"); + } + + /* permit_sasl_auth - stub */ + + int permit_sasl_auth(SMTPD_STATE *state, int ifyes, int ifnot) + { + return (ifnot); + } + + #endif + /* canon_addr_internal - stub */ VSTRING *canon_addr_internal(VSTRING *result, const char *addr) *************** *** 2362,2368 **** --- 2460,2490 ---- /* * Try config settings. */ + #define UPDATE_MAPS(ptr, var, val, lock) \ + { if (ptr) maps_free(ptr); ptr = maps_create(var, val, lock); } + case 2: + if (strcasecmp(args->argv[0], "virtual_maps") == 0) { + UPDATE_STRING(var_virtual_maps, args->argv[1]); + UPDATE_MAPS(virtual_maps, VAR_VIRTUAL_MAPS, + var_virtual_maps, DICT_FLAG_LOCK); + resp = 0; + break; + } + if (strcasecmp(args->argv[0], "local_recipient_maps") == 0) { + UPDATE_STRING(var_local_rcpt_maps, args->argv[1]); + UPDATE_MAPS(local_rcpt_maps, VAR_LOCAL_RCPT_MAPS, + var_local_rcpt_maps, DICT_FLAG_LOCK); + resp = 0; + break; + } + if (strcasecmp(args->argv[0], "canonical_maps") == 0) { + UPDATE_STRING(var_canonical_maps, args->argv[1]); + UPDATE_MAPS(canonical_maps, VAR_CANONICAL_MAPS, + var_canonical_maps, DICT_FLAG_LOCK); + resp = 0; + break; + } if (strcasecmp(args->argv[0], "mynetworks") == 0) { namadr_list_free(mynetworks); mynetworks = namadr_list_init(args->argv[1]); *************** *** 2400,2406 **** UPDATE_STRING(state.sender, args->argv[1]); } else if (strcasecmp(args->argv[0], "rcpt") == 0) { state.where = "RCPT"; ! resp = smtpd_check_rcpt(&state, args->argv[1]); } break; --- 2522,2529 ---- UPDATE_STRING(state.sender, args->argv[1]); } else if (strcasecmp(args->argv[0], "rcpt") == 0) { state.where = "RCPT"; ! (resp = smtpd_check_rcpt(&state, args->argv[1])) ! || (resp = smtpd_check_rcptmap(&state, args->argv[1])); } break; diff -cr --new-file ../postfix-20010228-pl01/src/smtpd/smtpd_check.in ./src/smtpd/smtpd_check.in *** ../postfix-20010228-pl01/src/smtpd/smtpd_check.in Sun Dec 26 19:47:02 1999 --- ./src/smtpd/smtpd_check.in Sun Apr 29 18:22:39 2001 *************** *** 111,122 **** # # MX backup # ! mydestination spike.porcupine.org,localhost.porcupine.org ! inet_interfaces 168.100.189.2,127.0.0.1 ! recipient_restrictions permit_mx_backup,reject ! rcpt wietse@wzv.win.tue.nl ! rcpt wietse@trouble.org ! rcpt wietse@porcupine.org # # Deferred restrictions # --- 111,122 ---- # # MX backup # ! #mydestination spike.porcupine.org,localhost.porcupine.org ! #inet_interfaces 168.100.189.2,127.0.0.1 ! #recipient_restrictions permit_mx_backup,reject ! #rcpt wietse@wzv.win.tue.nl ! #rcpt wietse@trouble.org ! #rcpt wietse@porcupine.org # # Deferred restrictions # diff -cr --new-file ../postfix-20010228-pl01/src/smtpd/smtpd_check.in3 ./src/smtpd/smtpd_check.in3 *** ../postfix-20010228-pl01/src/smtpd/smtpd_check.in3 Wed Dec 31 19:00:00 1969 --- ./src/smtpd/smtpd_check.in3 Sun Apr 29 20:40:09 2001 *************** *** 0 **** --- 1,27 ---- + #msg_verbose 1 + smtpd_delay_reject 0 + mynetworks 127.0.0.0/8,168.100.189.0/28 + relay_domains porcupine.org + local_recipient_maps unix:passwd.byname + client unknown 131.155.210.17 + canonical_maps tcp:localhost:200 + # + recipient_restrictions permit + rcpt no.such.user@[127.0.0.1] + # + virtual_maps tcp:localhost:100 + # + recipient_restrictions permit_mx_backup + rcpt wietse@nowhere1.com + # + recipient_restrictions check_relay_domains + rcpt wietse@nowhere2.com + # + recipient_restrictions reject_unknown_recipient_domain + rcpt wietse@nowhere3.com + # + recipient_restrictions permit_auth_destination + rcpt wietse@nowhere4.com + # + recipient_restrictions reject_unauth_destination + rcpt wietse@nowhere5.com diff -cr --new-file ../postfix-20010228-pl01/src/smtpd/smtpd_check.ref ./src/smtpd/smtpd_check.ref *** ../postfix-20010228-pl01/src/smtpd/smtpd_check.ref Sat Nov 18 17:24:36 2000 --- ./src/smtpd/smtpd_check.ref Sun Apr 29 18:23:05 2001 *************** *** 47,54 **** >>> client foo 123.123.123.123 OK >>> helo foo. - ./smtpd_check: warning: valid_hostname: misplaced delimiter: foo. - ./smtpd_check: warning: valid_hostname: misplaced delimiter: foo. ./smtpd_check: reject: HELO from foo[123.123.123.123]: 450 : Helo command rejected: Host not found 450 : Helo command rejected: Host not found >>> helo foo --- 47,52 ---- *************** *** 66,74 **** >>> helo_restrictions reject_invalid_hostname,reject_unknown_hostname OK >>> helo 123.123.123.123 - ./smtpd_check: warning: valid_hostname: numeric hostname: 123.123.123.123 - ./smtpd_check: warning: valid_hostname: numeric hostname: 123.123.123.123 - ./smtpd_check: warning: valid_hostname: numeric hostname: 123.123.123.123 ./smtpd_check: reject: HELO from foo[123.123.123.123]: 450 <123.123.123.123>: Helo command rejected: Host not found 450 <123.123.123.123>: Helo command rejected: Host not found >>> helo_restrictions permit_naked_ip_address,reject_invalid_hostname,reject_unknown_hostname --- 64,69 ---- *************** *** 186,193 **** >>> client spike.porcupine.org 168.100.189.2 OK >>> client foo 127.0.0.2 ! ./smtpd_check: reject: CONNECT from foo[127.0.0.2]: 554 Service unavailable; [127.0.0.2] blocked using rbl.maps.vix.com, reason: Blackholed - see ; from= ! 554 Service unavailable; [127.0.0.2] blocked using rbl.maps.vix.com, reason: Blackholed - see >>> # >>> # Hybrids >>> # --- 181,188 ---- >>> client spike.porcupine.org 168.100.189.2 OK >>> client foo 127.0.0.2 ! ./smtpd_check: reject: CONNECT from foo[127.0.0.2]: 554 Service unavailable; [127.0.0.2] blocked using blackholes.mail-abuse.org, reason: Blackholed - see ; from= ! 554 Service unavailable; [127.0.0.2] blocked using blackholes.mail-abuse.org, reason: Blackholed - see >>> # >>> # Hybrids >>> # *************** *** 215,221 **** ./smtpd_check: reject: RCPT from foo[131.155.210.17]: 554 : Helo command rejected: match bad.domain; from= to= 554 : Helo command rejected: match bad.domain >>> helo 131.155.210.17 - ./smtpd_check: warning: valid_hostname: numeric hostname: 131.155.210.17 OK >>> rcpt foo@porcupine.org OK --- 210,215 ---- *************** *** 234,252 **** >>> # >>> # MX backup >>> # ! >>> mydestination spike.porcupine.org,localhost.porcupine.org ! OK ! >>> inet_interfaces 168.100.189.2,127.0.0.1 ! OK ! >>> recipient_restrictions permit_mx_backup,reject ! OK ! >>> rcpt wietse@wzv.win.tue.nl ! OK ! >>> rcpt wietse@trouble.org ! ./smtpd_check: reject: RCPT from foo[131.155.210.17]: 554 : Recipient address rejected: Access denied; from= to= ! 554 : Recipient address rejected: Access denied ! >>> rcpt wietse@porcupine.org ! OK >>> # >>> # Deferred restrictions >>> # --- 228,239 ---- >>> # >>> # MX backup >>> # ! >>> #mydestination spike.porcupine.org,localhost.porcupine.org ! >>> #inet_interfaces 168.100.189.2,127.0.0.1 ! >>> #recipient_restrictions permit_mx_backup,reject ! >>> #rcpt wietse@wzv.win.tue.nl ! >>> #rcpt wietse@trouble.org ! >>> #rcpt wietse@porcupine.org >>> # >>> # Deferred restrictions >>> # *************** *** 316,383 **** >>> helo [1.2.3.4] OK >>> helo [321.255.255.255] - ./smtpd_check: warning: valid_hostaddr: invalid octet value: 321.255.255.255 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[321.255.255.255]>: Helo command rejected: invalid ip address; from= 501 <[321.255.255.255]>: Helo command rejected: invalid ip address >>> helo [0.255.255.255] - ./smtpd_check: warning: valid_hostaddr: bad initial octet value: 0.255.255.255 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[0.255.255.255]>: Helo command rejected: invalid ip address; from= 501 <[0.255.255.255]>: Helo command rejected: invalid ip address >>> helo [1.2.3.321] - ./smtpd_check: warning: valid_hostaddr: invalid octet value: 1.2.3.321 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[1.2.3.321]>: Helo command rejected: invalid ip address; from= 501 <[1.2.3.321]>: Helo command rejected: invalid ip address >>> helo [1.2.3] - ./smtpd_check: warning: valid_hostaddr: invalid octet count: 1.2.3 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[1.2.3]>: Helo command rejected: invalid ip address; from= 501 <[1.2.3]>: Helo command rejected: invalid ip address >>> helo [1.2.3.4.5] - ./smtpd_check: warning: valid_hostaddr: invalid octet count: 1.2.3.4.5 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[1.2.3.4.5]>: Helo command rejected: invalid ip address; from= 501 <[1.2.3.4.5]>: Helo command rejected: invalid ip address >>> helo [1..2.3.4] - ./smtpd_check: warning: valid_hostaddr: misplaced dot: 1..2.3.4 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[1..2.3.4]>: Helo command rejected: invalid ip address; from= 501 <[1..2.3.4]>: Helo command rejected: invalid ip address >>> helo [.1.2.3.4] - ./smtpd_check: warning: valid_hostaddr: misplaced dot: .1.2.3.4 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[.1.2.3.4]>: Helo command rejected: invalid ip address; from= 501 <[.1.2.3.4]>: Helo command rejected: invalid ip address >>> helo [1.2.3.4.5.] - ./smtpd_check: warning: valid_hostaddr: misplaced dot: 1.2.3.4.5. ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[1.2.3.4.5.]>: Helo command rejected: invalid ip address; from= 501 <[1.2.3.4.5.]>: Helo command rejected: invalid ip address >>> helo 1.2.3.4 OK >>> helo 321.255.255.255 - ./smtpd_check: warning: valid_hostaddr: invalid octet value: 321.255.255.255 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <321.255.255.255>: Helo command rejected: invalid ip address; from= 501 <321.255.255.255>: Helo command rejected: invalid ip address >>> helo 0.255.255.255 - ./smtpd_check: warning: valid_hostaddr: bad initial octet value: 0.255.255.255 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <0.255.255.255>: Helo command rejected: invalid ip address; from= 501 <0.255.255.255>: Helo command rejected: invalid ip address >>> helo 1.2.3.321 - ./smtpd_check: warning: valid_hostaddr: invalid octet value: 1.2.3.321 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <1.2.3.321>: Helo command rejected: invalid ip address; from= 501 <1.2.3.321>: Helo command rejected: invalid ip address >>> helo 1.2.3 - ./smtpd_check: warning: valid_hostaddr: invalid octet count: 1.2.3 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <1.2.3>: Helo command rejected: invalid ip address; from= 501 <1.2.3>: Helo command rejected: invalid ip address >>> helo 1.2.3.4.5 - ./smtpd_check: warning: valid_hostaddr: invalid octet count: 1.2.3.4.5 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <1.2.3.4.5>: Helo command rejected: invalid ip address; from= 501 <1.2.3.4.5>: Helo command rejected: invalid ip address >>> helo 1..2.3.4 - ./smtpd_check: warning: valid_hostaddr: misplaced dot: 1..2.3.4 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <1..2.3.4>: Helo command rejected: invalid ip address; from= 501 <1..2.3.4>: Helo command rejected: invalid ip address >>> helo .1.2.3.4 - ./smtpd_check: warning: valid_hostaddr: misplaced dot: .1.2.3.4 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <.1.2.3.4>: Helo command rejected: invalid ip address; from= 501 <.1.2.3.4>: Helo command rejected: invalid ip address >>> helo 1.2.3.4.5. - ./smtpd_check: warning: valid_hostaddr: misplaced dot: 1.2.3.4.5. ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <1.2.3.4.5.>: Helo command rejected: invalid ip address; from= 501 <1.2.3.4.5.>: Helo command rejected: invalid ip address --- 303,354 ---- diff -cr --new-file ../postfix-20010228-pl01/src/smtpd/smtpd_check.ref2 ./src/smtpd/smtpd_check.ref2 *** ../postfix-20010228-pl01/src/smtpd/smtpd_check.ref2 Sat Nov 18 17:24:48 2000 --- ./src/smtpd/smtpd_check.ref2 Sun Apr 29 18:24:03 2001 *************** *** 47,54 **** >>> client foo 123.123.123.123 OK >>> helo foo. - ./smtpd_check: warning: valid_hostname: misplaced delimiter: foo. - ./smtpd_check: warning: valid_hostname: misplaced delimiter: foo. ./smtpd_check: reject: HELO from foo[123.123.123.123]: 450 : Helo command rejected: Host not found 450 : Helo command rejected: Host not found >>> helo foo --- 47,52 ---- *************** *** 174,181 **** >>> client spike.porcupine.org 168.100.189.2 OK >>> client foo 127.0.0.2 ! ./smtpd_check: reject: CONNECT from foo[127.0.0.2]: 554 Service unavailable; [127.0.0.2] blocked using rbl.maps.vix.com, reason: Blackholed - see ; from= ! 554 Service unavailable; [127.0.0.2] blocked using rbl.maps.vix.com, reason: Blackholed - see >>> # >>> # unknown sender/recipient domain >>> # --- 172,179 ---- >>> client spike.porcupine.org 168.100.189.2 OK >>> client foo 127.0.0.2 ! ./smtpd_check: reject: CONNECT from foo[127.0.0.2]: 554 Service unavailable; [127.0.0.2] blocked using blackholes.mail-abuse.org, reason: Blackholed - see ; from= ! 554 Service unavailable; [127.0.0.2] blocked using blackholes.mail-abuse.org, reason: Blackholed - see >>> # >>> # unknown sender/recipient domain >>> # diff -cr --new-file ../postfix-20010228-pl01/src/util/dict_db.c ./src/util/dict_db.c *** ../postfix-20010228-pl01/src/util/dict_db.c Sun Feb 4 13:04:28 2001 --- ./src/util/dict_db.c Sat Apr 14 14:42:24 2001 *************** *** 439,444 **** --- 439,451 ---- db_path = concatenate(path, ".db", (char *) 0); + /* + * Note: DICT_FLAG_LOCK is used only by programs that do fine-grained (in + * the time domain) locking while accessing individual database records. + * + * Programs such as postmap/postalias use their own large-grained (in the + * time domain) locks while rewriting the entire file. + */ if (dict_flags & DICT_FLAG_LOCK) { if ((lock_fd = open(db_path, open_flags, 0644)) < 0) msg_fatal("open database %s: %m", db_path); *************** *** 517,529 **** if (fstat(dict_db->dict.fd, &st) < 0) msg_fatal("dict_db_open: fstat: %m"); dict_db->dict.mtime = st.st_mtime; close_on_exec(dict_db->dict.fd, CLOSE_ON_EXEC); dict_db->dict.flags = dict_flags | DICT_FLAG_FIXED; if ((dict_flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0) dict_db->dict.flags |= (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL); dict_db->db = db; myfree(db_path); ! return (DICT_DEBUG(&dict_db->dict)); } /* dict_hash_open - create association with data base */ --- 524,547 ---- if (fstat(dict_db->dict.fd, &st) < 0) msg_fatal("dict_db_open: fstat: %m"); dict_db->dict.mtime = st.st_mtime; + + /* + * Warn if the source file is newer than the indexed file, except when + * the source file changed only seconds ago. + */ + if ((dict_flags & DICT_FLAG_LOCK) != 0 + && stat(path, &st) == 0 + && st.st_mtime > dict_db->dict.mtime + && st.st_mtime < time((time_t *) 0) - 100) + msg_warn("database %s is older than source file %s", db_path, path); + close_on_exec(dict_db->dict.fd, CLOSE_ON_EXEC); dict_db->dict.flags = dict_flags | DICT_FLAG_FIXED; if ((dict_flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0) dict_db->dict.flags |= (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL); dict_db->db = db; myfree(db_path); ! return (DICT_DEBUG (&dict_db->dict)); } /* dict_hash_open - create association with data base */ diff -cr --new-file ../postfix-20010228-pl01/src/util/dict_dbm.c ./src/util/dict_dbm.c *** ../postfix-20010228-pl01/src/util/dict_dbm.c Sun Feb 4 13:04:33 2001 --- ./src/util/dict_dbm.c Sat Apr 14 14:15:03 2001 *************** *** 371,376 **** --- 371,383 ---- char *dbm_path; int lock_fd; + /* + * Note: DICT_FLAG_LOCK is used only by programs that do fine-grained (in + * the time domain) locking while accessing individual database records. + * + * Programs such as postmap/postalias use their own large-grained (in the + * time domain) locks while rewriting the entire file. + */ if (dict_flags & DICT_FLAG_LOCK) { dbm_path = concatenate(path, ".pag", (char *) 0); if ((lock_fd = open(dbm_path, open_flags, 0644)) < 0) *************** *** 390,396 **** msg_fatal("unlock database %s for open: %m", dbm_path); if (close(lock_fd) < 0) msg_fatal("close database %s: %m", dbm_path); - myfree(dbm_path); } dict_dbm = (DICT_DBM *) dict_alloc(DICT_TYPE_DBM, path, sizeof(*dict_dbm)); dict_dbm->dict.lookup = dict_dbm_lookup; --- 397,402 ---- *************** *** 402,407 **** --- 408,424 ---- if (fstat(dict_dbm->dict.fd, &st) < 0) msg_fatal("dict_dbm_open: fstat: %m"); dict_dbm->dict.mtime = st.st_mtime; + + /* + * Warn if the source file is newer than the indexed file, except when + * the source file changed only seconds ago. + */ + if ((dict_flags & DICT_FLAG_LOCK) != 0 + && stat(path, &st) == 0 + && st.st_mtime > dict_dbm->dict.mtime + && st.st_mtime < time((time_t *) 0) - 100) + msg_warn("database %s is older than source file %s", dbm_path, path); + close_on_exec(dbm_pagfno(dbm), CLOSE_ON_EXEC); close_on_exec(dbm_dirfno(dbm), CLOSE_ON_EXEC); dict_dbm->dict.flags = dict_flags | DICT_FLAG_FIXED; *************** *** 409,415 **** dict_dbm->dict.flags |= (DICT_FLAG_TRY0NULL | DICT_FLAG_TRY1NULL); dict_dbm->dbm = dbm; ! return (DICT_DEBUG(&dict_dbm->dict)); } #endif --- 426,435 ---- dict_dbm->dict.flags |= (DICT_FLAG_TRY0NULL | DICT_FLAG_TRY1NULL); dict_dbm->dbm = dbm; ! if ((dict_flags & DICT_FLAG_LOCK)) ! myfree(dbm_path); ! ! return (DICT_DEBUG (&dict_dbm->dict)); } #endif diff -cr --new-file ../postfix-20010228-pl01/src/util/dict_ldap.c ./src/util/dict_ldap.c *** ../postfix-20010228-pl01/src/util/dict_ldap.c Thu Mar 29 12:27:40 2001 --- ./src/util/dict_ldap.c Fri Apr 6 10:29:21 2001 *************** *** 297,303 **** entry = ldap_next_entry(dict_ldap->ld, entry)) { attr = ldap_first_attribute(dict_ldap->ld, entry, &ber); if (attr == NULL) { ! msg_warn("%s: no attributes found", myname); continue; } for (; attr != NULL; --- 297,304 ---- entry = ldap_next_entry(dict_ldap->ld, entry)) { attr = ldap_first_attribute(dict_ldap->ld, entry, &ber); if (attr == NULL) { ! if (msg_verbose) ! msg_info("%s: no attributes found", myname); continue; } for (; attr != NULL; *************** *** 305,312 **** vals = ldap_get_values(dict_ldap->ld, entry, attr); if (vals == NULL) { ! msg_warn("%s: Entry doesn't have any values for %s", ! myname, attr); continue; } for (i = 0; dict_ldap->result_attributes->argv[i]; i++) { --- 306,314 ---- vals = ldap_get_values(dict_ldap->ld, entry, attr); if (vals == NULL) { ! if (msg_verbose) ! msg_info("%s: Entry doesn't have any values for %s", ! myname, attr); continue; } for (i = 0; dict_ldap->result_attributes->argv[i]; i++) { diff -cr --new-file ../postfix-20010228-pl01/src/util/dict_mysql.c ./src/util/dict_mysql.c *** ../postfix-20010228-pl01/src/util/dict_mysql.c Sun Feb 4 13:09:29 2001 --- ./src/util/dict_mysql.c Wed Apr 4 16:58:52 2001 *************** *** 201,206 **** --- 201,212 ---- if (i > 0) vstring_strcat(result, ","); for (j = 0; j < mysql_num_fields(query_res); j++) { + if (row[j] == 0) { + if (msg_verbose > 1) + msg_info("dict_mysql_lookup: null field #%d row #%d", j, i); + mysql_free_result(query_res); + return (0); + } if (j > 0) vstring_strcat(result, ","); vstring_strcat(result, row[j]); diff -cr --new-file ../postfix-20010228-pl01/src/util/dict_unix.c ./src/util/dict_unix.c *** ../postfix-20010228-pl01/src/util/dict_unix.c Sun Feb 4 13:10:03 2001 --- ./src/util/dict_unix.c Mon Apr 30 19:40:27 2001 *************** *** 112,119 **** static void dict_unix_close(DICT *dict) { - DICT_UNIX *dict_unix = (DICT_UNIX *) dict; - dict_free(dict); } --- 112,117 ----