Postfix 2.0 patch 16 fixes problems in the LMTP client and has
additional workarounds for Solaris.
- The LMTP session caching code had problems with SASL authentication
after the first connection, and commands were not pipelined.
- On Solaris, not only SMTP server sockets can hang, SMTP client
sockets can hang, too, as reported by Leandro Santi. The workaround
is to turn on keepalives. To make effective use, try: "ndd /dev/tcp
tcp_keepalive_interval=1000000".
Prereq: "2.0.15"
diff -cr --new-file /tmp/postfix-2.0.15/src/global/mail_version.h ./src/global/mail_version.h
*** /tmp/postfix-2.0.15/src/global/mail_version.h Fri Sep 5 19:42:38 2003
--- ./src/global/mail_version.h Fri Sep 12 21:16:51 2003
***************
*** 20,29 ****
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
! #define MAIL_RELEASE_DATE "20030905"
#define VAR_MAIL_VERSION "mail_version"
! #define DEF_MAIL_VERSION "2.0.15"
extern char *var_mail_version;
/*
--- 20,29 ----
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
! #define MAIL_RELEASE_DATE "20030913"
#define VAR_MAIL_VERSION "mail_version"
! #define DEF_MAIL_VERSION "2.0.16"
extern char *var_mail_version;
/*
diff -cr --new-file /tmp/postfix-2.0.15/HISTORY ./HISTORY
*** /tmp/postfix-2.0.15/HISTORY Fri Sep 5 19:41:49 2003
--- ./HISTORY Sat Sep 13 21:29:51 2003
***************
*** 7872,7877 ****
--- 7872,7904 ----
util/timed_read.c and as precautionary measure,
util/timed_write.c.
+ 20030908
+
+ The 20030905 workaround triggers too many warnings. TCP
+ sockets are back to blocking, and keepalives are turned on
+ to kill off dead sockets, as suggested by Leandro Santi.
+ Files: master/{single,multi}_server.c, smtpd/smtpd.c,
+ util/sys_defs.h.
+
+ 20030909
+
+ Bugfix: the LMTP session caching code had problems with
+ SASL authentication after the first connection, and pipelining
+ was working poorly. Fix by Viktor Dukhovni, Morgan Stanley.
+ Files: lmtp/lmtp.c, lmtp/lmtp_proto.c.
+
+ 20030912
+
+ Workaround: besides SMTP server sockets, SMTP client sockets
+ can also hang on Solaris, as reported by Leandro Santi. In
+ order to deal with this at the root, all connection management
+ is now done by sane_accept() and sane_connect(). Both turn
+ on keepalives on Solaris.
+
+ 20030913
+
+ Safety: set-gid commands don't trust TZ. File: msg_syslog.c.
+
Open problems:
Doc: mention the proxy_interfaces parameter everywhere the
diff -cr --new-file /tmp/postfix-2.0.15/conf/pcre_table ./conf/pcre_table
*** /tmp/postfix-2.0.15/conf/pcre_table Thu Jul 31 19:03:34 2003
--- ./conf/pcre_table Mon Sep 8 08:36:25 2003
***************
*** 40,142 ****
#
# if /pattern/flags
#
- # if !/pattern/flags
- #
# endif Match the search string against the patterns
# between if and endif, if and only if the search
! # string matches (does not match) pattern. The
! # if..endif can nest.
#
! # Note: do not prepend whitespace to patterns inside
# if..endif.
#
# Each pattern is a perl-like regular expression. The
! # expression delimiter can be any character, except whites-
! # pace or characters that have special meaning (tradition-
! # ally the forward slash is used). The regular expression
# can contain whitespace.
#
# By default, matching is case-insensitive, and newlines are
! # not treated as special characters. The behavior is con-
! # trolled by flags, which are toggled by appending one or
# more of the following characters after the pattern:
#
# i (default: on)
! # Toggles the case sensitivity flag. By default,
# matching is case insensitive.
#
# m (default: off)
! # Toggles the PCRE_MULTILINE flag. When this flag is
! # on, the ^ and $ metacharacters match immediately
! # after and immediately before a newline character,
! # respectively, in addition to matching at the start
# and end of the subject string.
#
# s (default: on)
# Toggles the PCRE_DOTALL flag. When this flag is on,
# the . metacharacter matches the newline character.
! # With Postfix versions prior to 20020528, The flag
# is off by default, which is inconvenient for multi-
# line message header matching.
#
# x (default: off)
! # Toggles the pcre extended flag. When this flag is
! # on, whitespace in the pattern (other than in a
# character class) and characters between a # outside
! # a character class and the next newline character
! # are ignored. An escaping backslash can be used to
! # include a whitespace or # character as part of the
# pattern.
#
# A (default: off)
! # Toggles the PCRE_ANCHORED flag. When this flag is
! # on, the pattern is forced to be "anchored", that
# is, it is constrained to match only at the start of
! # the string which is being searched (the "subject
! # string"). This effect can also be achieved by
# appropriate constructs in the pattern itself.
#
# E (default: off)
! # Toggles the PCRE_DOLLAR_ENDONLY flag. When this
! # flag is on, a $ metacharacter in the pattern
! # matches only at the end of the subject string.
! # Without this flag, a dollar also matches immedi-
# ately before the final character if it is a newline
# character (but not before any other newline charac-
! # ters). This flag is ignored if PCRE_MULTILINE flag
# is set.
#
# U (default: off)
# Toggles the ungreedy matching flag. When this flag
! # is on, the pattern matching engine inverts the
! # "greediness" of the quantifiers so that they are
! # not greedy by default, but become greedy if fol-
! # lowed by "?". This flag can also set by a (?U)
# modifier within the pattern.
#
# X (default: off)
# Toggles the PCRE_EXTRA flag. When this flag is on,
! # any backslash in a pattern that is followed by a
# letter that has no special meaning causes an error,
# thus reserving these combinations for future expan-
# sion.
#
! # Each pattern is applied to the entire lookup key string.
! # Depending on the application, that string is an entire
# client hostname, an entire client IP address, or an entire
! # mail address. Thus, no parent domain or parent network
! # search is done, and user@domain mail addresses are not
! # broken up into their user and domain constituent parts,
# nor is user+foo broken up into user and foo.
#
! # Patterns are applied in the order as specified in the
! # table, until a pattern is found that matches the search
# string.
#
! # Substitution of substrings from the matched expression
! # into the result string is possible using the conventional
! # perl syntax ($1, $2, etc.). The macros in the result
! # string may need to be written as ${n} or $(n) if they
# aren't followed by whitespace.
#
# EXAMPLE SMTPD ACCESS MAP
--- 40,139 ----
#
# if /pattern/flags
#
# endif Match the search string against the patterns
# between if and endif, if and only if the search
! # string matches pattern. The if..endif can nest.
#
! # Note: do not prepend whitespace to patterns inside
# if..endif.
#
# Each pattern is a perl-like regular expression. The
! # expression delimiter can be any character, except whites-
! # pace or characters that have special meaning (tradition-
! # ally the forward slash is used). The regular expression
# can contain whitespace.
#
# By default, matching is case-insensitive, and newlines are
! # not treated as special characters. The behavior is con-
! # trolled by flags, which are toggled by appending one or
# more of the following characters after the pattern:
#
# i (default: on)
! # Toggles the case sensitivity flag. By default,
# matching is case insensitive.
#
# m (default: off)
! # Toggles the PCRE_MULTILINE flag. When this flag is
! # on, the ^ and $ metacharacters match immediately
! # after and immediately before a newline character,
! # respectively, in addition to matching at the start
# and end of the subject string.
#
# s (default: on)
# Toggles the PCRE_DOTALL flag. When this flag is on,
# the . metacharacter matches the newline character.
! # With Postfix versions prior to 20020528, The flag
# is off by default, which is inconvenient for multi-
# line message header matching.
#
# x (default: off)
! # Toggles the pcre extended flag. When this flag is
! # on, whitespace in the pattern (other than in a
# character class) and characters between a # outside
! # a character class and the next newline character
! # are ignored. An escaping backslash can be used to
! # include a whitespace or # character as part of the
# pattern.
#
# A (default: off)
! # Toggles the PCRE_ANCHORED flag. When this flag is
! # on, the pattern is forced to be "anchored", that
# is, it is constrained to match only at the start of
! # the string which is being searched (the "subject
! # string"). This effect can also be achieved by
# appropriate constructs in the pattern itself.
#
# E (default: off)
! # Toggles the PCRE_DOLLAR_ENDONLY flag. When this
! # flag is on, a $ metacharacter in the pattern
! # matches only at the end of the subject string.
! # Without this flag, a dollar also matches immedi-
# ately before the final character if it is a newline
# character (but not before any other newline charac-
! # ters). This flag is ignored if PCRE_MULTILINE flag
# is set.
#
# U (default: off)
# Toggles the ungreedy matching flag. When this flag
! # is on, the pattern matching engine inverts the
! # "greediness" of the quantifiers so that they are
! # not greedy by default, but become greedy if fol-
! # lowed by "?". This flag can also set by a (?U)
# modifier within the pattern.
#
# X (default: off)
# Toggles the PCRE_EXTRA flag. When this flag is on,
! # any backslash in a pattern that is followed by a
# letter that has no special meaning causes an error,
# thus reserving these combinations for future expan-
# sion.
#
! # Each pattern is applied to the entire lookup key string.
! # Depending on the application, that string is an entire
# client hostname, an entire client IP address, or an entire
! # mail address. Thus, no parent domain or parent network
! # search is done, and user@domain mail addresses are not
! # broken up into their user and domain constituent parts,
# nor is user+foo broken up into user and foo.
#
! # Patterns are applied in the order as specified in the
! # table, until a pattern is found that matches the search
# string.
#
! # Substitution of substrings from the matched expression
! # into the result string is possible using the conventional
! # perl syntax ($1, $2, etc.). The macros in the result
! # string may need to be written as ${n} or $(n) if they
# aren't followed by whitespace.
#
# EXAMPLE SMTPD ACCESS MAP
diff -cr --new-file /tmp/postfix-2.0.15/html/pcre_table.5.html ./html/pcre_table.5.html
*** /tmp/postfix-2.0.15/html/pcre_table.5.html Thu Jul 31 19:03:34 2003
--- ./html/pcre_table.5.html Mon Sep 8 08:36:26 2003
***************
*** 41,143 ****
if /pattern/flags
- if !/pattern/flags
-
endif Match the search string against the patterns
between if and endif, if and only if the search
! string matches (does not match) pattern. The
! if..endif can nest.
! Note: do not prepend whitespace to patterns inside
if..endif.
Each pattern is a perl-like regular expression. The
! expression delimiter can be any character, except whites-
! pace or characters that have special meaning (tradition-
! ally the forward slash is used). The regular expression
can contain whitespace.
By default, matching is case-insensitive, and newlines are
! not treated as special characters. The behavior is con-
! trolled by flags, which are toggled by appending one or
more of the following characters after the pattern:
i (default: on)
! Toggles the case sensitivity flag. By default,
matching is case insensitive.
m (default: off)
! Toggles the PCRE_MULTILINE flag. When this flag is
! on, the ^ and $ metacharacters match immediately
! after and immediately before a newline character,
! respectively, in addition to matching at the start
and end of the subject string.
s (default: on)
Toggles the PCRE_DOTALL flag. When this flag is on,
the . metacharacter matches the newline character.
! With Postfix versions prior to 20020528, The flag
is off by default, which is inconvenient for multi-
line message header matching.
x (default: off)
! Toggles the pcre extended flag. When this flag is
! on, whitespace in the pattern (other than in a
character class) and characters between a # outside
! a character class and the next newline character
! are ignored. An escaping backslash can be used to
! include a whitespace or # character as part of the
pattern.
A (default: off)
! Toggles the PCRE_ANCHORED flag. When this flag is
! on, the pattern is forced to be "anchored", that
is, it is constrained to match only at the start of
! the string which is being searched (the "subject
! string"). This effect can also be achieved by
appropriate constructs in the pattern itself.
E (default: off)
! Toggles the PCRE_DOLLAR_ENDONLY flag. When this
! flag is on, a $ metacharacter in the pattern
! matches only at the end of the subject string.
! Without this flag, a dollar also matches immedi-
ately before the final character if it is a newline
character (but not before any other newline charac-
! ters). This flag is ignored if PCRE_MULTILINE flag
is set.
U (default: off)
Toggles the ungreedy matching flag. When this flag
! is on, the pattern matching engine inverts the
! "greediness" of the quantifiers so that they are
! not greedy by default, but become greedy if fol-
! lowed by "?". This flag can also set by a (?U)
modifier within the pattern.
X (default: off)
Toggles the PCRE_EXTRA flag. When this flag is on,
! any backslash in a pattern that is followed by a
letter that has no special meaning causes an error,
thus reserving these combinations for future expan-
sion.
! Each pattern is applied to the entire lookup key string.
! Depending on the application, that string is an entire
client hostname, an entire client IP address, or an entire
! mail address. Thus, no parent domain or parent network
! search is done, and user@domain mail addresses are not
! broken up into their user and domain constituent parts,
nor is user+foo broken up into user and foo.
! Patterns are applied in the order as specified in the
! table, until a pattern is found that matches the search
string.
! Substitution of substrings from the matched expression
! into the result string is possible using the conventional
! perl syntax ($1, $2, etc.). The macros in the result
! string may need to be written as ${n} or $(n) if they
aren't followed by whitespace.
EXAMPLE SMTPD ACCESS MAP
--- 41,140 ----
if /pattern/flags
endif Match the search string against the patterns
between if and endif, if and only if the search
! string matches pattern. The if..endif can nest.
! Note: do not prepend whitespace to patterns inside
if..endif.
Each pattern is a perl-like regular expression. The
! expression delimiter can be any character, except whites-
! pace or characters that have special meaning (tradition-
! ally the forward slash is used). The regular expression
can contain whitespace.
By default, matching is case-insensitive, and newlines are
! not treated as special characters. The behavior is con-
! trolled by flags, which are toggled by appending one or
more of the following characters after the pattern:
i (default: on)
! Toggles the case sensitivity flag. By default,
matching is case insensitive.
m (default: off)
! Toggles the PCRE_MULTILINE flag. When this flag is
! on, the ^ and $ metacharacters match immediately
! after and immediately before a newline character,
! respectively, in addition to matching at the start
and end of the subject string.
s (default: on)
Toggles the PCRE_DOTALL flag. When this flag is on,
the . metacharacter matches the newline character.
! With Postfix versions prior to 20020528, The flag
is off by default, which is inconvenient for multi-
line message header matching.
x (default: off)
! Toggles the pcre extended flag. When this flag is
! on, whitespace in the pattern (other than in a
character class) and characters between a # outside
! a character class and the next newline character
! are ignored. An escaping backslash can be used to
! include a whitespace or # character as part of the
pattern.
A (default: off)
! Toggles the PCRE_ANCHORED flag. When this flag is
! on, the pattern is forced to be "anchored", that
is, it is constrained to match only at the start of
! the string which is being searched (the "subject
! string"). This effect can also be achieved by
appropriate constructs in the pattern itself.
E (default: off)
! Toggles the PCRE_DOLLAR_ENDONLY flag. When this
! flag is on, a $ metacharacter in the pattern
! matches only at the end of the subject string.
! Without this flag, a dollar also matches immedi-
ately before the final character if it is a newline
character (but not before any other newline charac-
! ters). This flag is ignored if PCRE_MULTILINE flag
is set.
U (default: off)
Toggles the ungreedy matching flag. When this flag
! is on, the pattern matching engine inverts the
! "greediness" of the quantifiers so that they are
! not greedy by default, but become greedy if fol-
! lowed by "?". This flag can also set by a (?U)
modifier within the pattern.
X (default: off)
Toggles the PCRE_EXTRA flag. When this flag is on,
! any backslash in a pattern that is followed by a
letter that has no special meaning causes an error,
thus reserving these combinations for future expan-
sion.
! Each pattern is applied to the entire lookup key string.
! Depending on the application, that string is an entire
client hostname, an entire client IP address, or an entire
! mail address. Thus, no parent domain or parent network
! search is done, and user@domain mail addresses are not
! broken up into their user and domain constituent parts,
nor is user+foo broken up into user and foo.
! Patterns are applied in the order as specified in the
! table, until a pattern is found that matches the search
string.
! Substitution of substrings from the matched expression
! into the result string is possible using the conventional
! perl syntax ($1, $2, etc.). The macros in the result
! string may need to be written as ${n} or $(n) if they
aren't followed by whitespace.
EXAMPLE SMTPD ACCESS MAP
diff -cr --new-file /tmp/postfix-2.0.15/html/smtpd.8.html ./html/smtpd.8.html
*** /tmp/postfix-2.0.15/html/smtpd.8.html Mon Jun 16 12:55:14 2003
--- ./html/smtpd.8.html Wed Sep 10 19:46:40 2003
***************
*** 62,89 ****
with comments that Sendmail allows.
broken_sasl_auth_clients
! Support older Microsoft clients that mis-implement
! the AUTH protocol, and that expect an EHLO response
! of "250 AUTH=list" instead of "250 AUTH list".
smtpd_noop_commands
List of commands that are treated as NOOP (no oper-
! ation) commands, without any parameter syntax
! checking and without any state change. This list
overrides built-in command definitions.
Content inspection controls
content_filter
! The name of a mail delivery transport that filters
mail and that either bounces mail or re-injects the
! result back into Postfix. This parameter uses the
! same syntax as the right-hand side of a Postfix
transport table.
Authentication controls
! enable_sasl_authentication
! Enable per-session authentication as per RFC 2554
! (SASL). This functionality is available only when
explicitly selected at program build time and
explicitly enabled at runtime.
--- 62,90 ----
with comments that Sendmail allows.
broken_sasl_auth_clients
! Support Microsoft clients that implement an older
! version of the AUTH protocol, and that expect an
! EHLO response of "250 AUTH=list" instead of "250
! AUTH list".
smtpd_noop_commands
List of commands that are treated as NOOP (no oper-
! ation) commands, without any parameter syntax
! checking and without any state change. This list
overrides built-in command definitions.
Content inspection controls
content_filter
! The name of a mail delivery transport that filters
mail and that either bounces mail or re-injects the
! result back into Postfix. This parameter uses the
! same syntax as the right-hand side of a Postfix
transport table.
Authentication controls
! smtpd_sasl_auth_enable
! Enable per-session authentication as per RFC 2554
! (SASL). This functionality is available only when
explicitly selected at program build time and
explicitly enabled at runtime.
***************
*** 109,122 ****
Disallow anonymous logins.
smtpd_sender_login_maps
! Maps that specify the SASL login name that owns a
! MAIL FROM sender address. Used by the
reject_sender_login_mismatch sender anti-spoofing
restriction.
Miscellaneous
always_bcc
! Address to send a copy of each message that enters
the system.
authorized_verp_clients
--- 110,123 ----
Disallow anonymous logins.
smtpd_sender_login_maps
! Maps that specify the SASL login name that owns a
! MAIL FROM sender address. Used by the
reject_sender_login_mismatch sender anti-spoofing
restriction.
Miscellaneous
always_bcc
! Address to send a copy of each message that enters
the system.
authorized_verp_clients
***************
*** 124,146 ****
that are authorized to use the XVERP extension.
debug_peer_level
! Increment in verbose logging level when a remote
host matches a pattern in the debug_peer_list
parameter.
debug_peer_list
! List of domain or network patterns. When a remote
! host matches a pattern, increase the verbose log-
! ging level by the amount specified in the
debug_peer_level parameter.
default_verp_delimiters
The default VERP delimiter characters that are used
! when the XVERP command is specified without
explicit delimiters.
error_notice_recipient
! Recipient of protocol/policy/resource/software
error notices.
hopcount_limit
--- 125,147 ----
that are authorized to use the XVERP extension.
debug_peer_level
! Increment in verbose logging level when a remote
host matches a pattern in the debug_peer_list
parameter.
debug_peer_list
! List of domain or network patterns. When a remote
! host matches a pattern, increase the verbose log-
! ging level by the amount specified in the
debug_peer_level parameter.
default_verp_delimiters
The default VERP delimiter characters that are used
! when the XVERP command is specified without
explicit delimiters.
error_notice_recipient
! Recipient of protocol/policy/resource/software
error notices.
hopcount_limit
***************
*** 149,166 ****
notify_classes
List of error classes. Of special interest are:
! policy When a client violates any policy, mail a
transcript of the entire SMTP session to the
postmaster.
protocol
! When a client violates the SMTP protocol or
issues an unimplemented command, mail a
transcript of the entire SMTP session to the
postmaster.
smtpd_banner
! Text that follows the 220 status code in the SMTP
greeting banner.
smtpd_expansion_filter
--- 150,167 ----
notify_classes
List of error classes. Of special interest are:
! policy When a client violates any policy, mail a
transcript of the entire SMTP session to the
postmaster.
protocol
! When a client violates the SMTP protocol or
issues an unimplemented command, mail a
transcript of the entire SMTP session to the
postmaster.
smtpd_banner
! Text that follows the 220 status code in the SMTP
greeting banner.
smtpd_expansion_filter
***************
*** 168,224 ****
expansion of rbl template responses and other text.
smtpd_recipient_limit
! Restrict the number of recipients that the SMTP
server accepts per message delivery.
smtpd_timeout
! Limit the time to send a server response and to
receive a client request.
soft_bounce
! Change hard (5xx) reject responses into soft (4xx)
! reject responses. This can be useful for testing
purposes.
verp_delimiter_filter
! The characters that Postfix accepts as VERP delim-
iter characters.
Known versus unknown recipients
show_user_unknown_table_name
! Whether or not to reveal the table name in the
! "User unknown" responses. The extra detail makes
! trouble shooting easier but also reveals informa-
tion that is nobody elses business.
unknown_local_recipient_reject_code
The response code when a client specifies a recipi-
! ent whose domain matches $mydestination or
$inet_interfaces, while $local_recipient_maps is
! non-empty and does not list the recipient address
or address local-part.
unknown_relay_recipient_reject_code
The response code when a client specifies a recipi-
ent whose domain matches $relay_domains, while
! $relay_recipient_maps is non-empty and does not
list the recipient address.
unknown_virtual_alias_reject_code
The response code when a client specifies a recipi-
! ent whose domain matches $virtual_alias_domains,
! while the recipient is not listed in $vir-
tual_alias_maps.
unknown_virtual_mailbox_reject_code
The response code when a client specifies a recipi-
! ent whose domain matches $virtual_mailbox_domains,
while the recipient is not listed in $virtual_mail-
box_maps.
Resource controls
line_length_limit
! Limit the amount of memory in bytes used for the
handling of partial input lines.
message_size_limit
--- 169,225 ----
expansion of rbl template responses and other text.
smtpd_recipient_limit
! Restrict the number of recipients that the SMTP
server accepts per message delivery.
smtpd_timeout
! Limit the time to send a server response and to
receive a client request.
soft_bounce
! Change hard (5xx) reject responses into soft (4xx)
! reject responses. This can be useful for testing
purposes.
verp_delimiter_filter
! The characters that Postfix accepts as VERP delim-
iter characters.
Known versus unknown recipients
show_user_unknown_table_name
! Whether or not to reveal the table name in the
! "User unknown" responses. The extra detail makes
! trouble shooting easier but also reveals informa-
tion that is nobody elses business.
unknown_local_recipient_reject_code
The response code when a client specifies a recipi-
! ent whose domain matches $mydestination or
$inet_interfaces, while $local_recipient_maps is
! non-empty and does not list the recipient address
or address local-part.
unknown_relay_recipient_reject_code
The response code when a client specifies a recipi-
ent whose domain matches $relay_domains, while
! $relay_recipient_maps is non-empty and does not
list the recipient address.
unknown_virtual_alias_reject_code
The response code when a client specifies a recipi-
! ent whose domain matches $virtual_alias_domains,
! while the recipient is not listed in $vir-
tual_alias_maps.
unknown_virtual_mailbox_reject_code
The response code when a client specifies a recipi-
! ent whose domain matches $virtual_mailbox_domains,
while the recipient is not listed in $virtual_mail-
box_maps.
Resource controls
line_length_limit
! Limit the amount of memory in bytes used for the
handling of partial input lines.
message_size_limit
***************
*** 226,233 ****
ing on-disk storage for envelope information.
queue_minfree
! Minimal amount of free space in bytes in the queue
! file system for the SMTP server to accept any mail
at all.
smtpd_history_flush_threshold
--- 227,234 ----
ing on-disk storage for envelope information.
queue_minfree
! Minimal amount of free space in bytes in the queue
! file system for the SMTP server to accept any mail
at all.
smtpd_history_flush_threshold
***************
*** 242,264 ****
smtpd_soft_error_limit
When an SMTP client has made this number of errors,
! wait error_count seconds before responding to any
client request.
smtpd_hard_error_limit
! Disconnect after a client has made this number of
errors.
smtpd_junk_command_limit
Limit the number of times a client can issue a junk
! command such as NOOP, VRFY, ETRN or RSET in one
! SMTP session before it is penalized with tarpit
delays.
UCE control restrictions
parent_domain_matches_subdomains
! List of Postfix features that use domain.tld pat-
! terns to match sub.domain.tld (as opposed to
requiring .domain.tld patterns).
smtpd_client_restrictions
--- 243,265 ----
smtpd_soft_error_limit
When an SMTP client has made this number of errors,
! wait error_count seconds before responding to any
client request.
smtpd_hard_error_limit
! Disconnect after a client has made this number of
errors.
smtpd_junk_command_limit
Limit the number of times a client can issue a junk
! command such as NOOP, VRFY, ETRN or RSET in one
! SMTP session before it is penalized with tarpit
delays.
UCE control restrictions
parent_domain_matches_subdomains
! List of Postfix features that use domain.tld pat-
! terns to match sub.domain.tld (as opposed to
requiring .domain.tld patterns).
smtpd_client_restrictions
***************
*** 266,284 ****
tem.
smtpd_helo_required
! Require that clients introduce themselves at the
beginning of an SMTP session.
smtpd_helo_restrictions
! Restrict what client hostnames are allowed in HELO
and EHLO commands.
smtpd_sender_restrictions
! Restrict what sender addresses are allowed in MAIL
FROM commands.
smtpd_recipient_restrictions
! Restrict what recipient addresses are allowed in
RCPT TO commands.
smtpd_etrn_restrictions
--- 267,285 ----
tem.
smtpd_helo_required
! Require that clients introduce themselves at the
beginning of an SMTP session.
smtpd_helo_restrictions
! Restrict what client hostnames are allowed in HELO
and EHLO commands.
smtpd_sender_restrictions
! Restrict what sender addresses are allowed in MAIL
FROM commands.
smtpd_recipient_restrictions
! Restrict what recipient addresses are allowed in
RCPT TO commands.
smtpd_etrn_restrictions
***************
*** 286,358 ****
mands, and what clients may issue ETRN commands.
smtpd_data_restrictions
! Restrictions on the DATA command. Currently, the
! only restriction that makes sense here is
reject_unauth_pipelining.
allow_untrusted_routing
! Allow untrusted clients to specify addresses with
! sender-specified routing. Enabling this opens up
! nasty relay loopholes involving trusted backup MX
hosts.
smtpd_restriction_classes
! Declares the name of zero or more parameters that
! contain a list of UCE restrictions. The names of
! these parameters can then be used instead of the
restriction lists that they represent.
smtpd_null_access_lookup_key
! The lookup key to be used in SMTPD access tables
! instead of the null sender address. A null sender
address cannot be looked up.
maps_rbl_domains (deprecated)
! List of DNS domains that publish the addresses of
blacklisted hosts. This is used with the deprecated
reject_maps_rbl restriction.
permit_mx_backup_networks
! Only domains whose primary MX hosts match the
! listed networks are eligible for the per-
mit_mx_backup feature.
relay_domains
! Restrict what domains this mail system will relay
! mail to. The domains are routed to the delivery
agent specified with the relay_transport setting.
UCE control responses
access_map_reject_code
! Response code when a client violates an access
database restriction.
default_rbl_reply
Default template reply when a request is RBL black-
! listed. This template is used by the reject_rbl_*
! and reject_rhsbl_* restrictions. See also:
rbl_reply_maps and smtpd_expansion_filter.
defer_code
! Response code when a client request is rejected by
the defer restriction.
invalid_hostname_reject_code
! Response code when a client violates the
reject_invalid_hostname restriction.
maps_rbl_reject_code
Response code when a request is RBL blacklisted.
rbl_reply_maps
! Table with template responses for RBL blacklisted
! requests, indexed by RBL domain name. These tem-
plates are used by the reject_rbl_* and
! reject_rhsbl_* restrictions. See also:
default_rbl_reply and smtpd_expansion_filter.
reject_code
! Response code when the client matches a reject
restriction.
relay_domains_reject_code
--- 287,359 ----
mands, and what clients may issue ETRN commands.
smtpd_data_restrictions
! Restrictions on the DATA command. Currently, the
! only restriction that makes sense here is
reject_unauth_pipelining.
allow_untrusted_routing
! Allow untrusted clients to specify addresses with
! sender-specified routing. Enabling this opens up
! nasty relay loopholes involving trusted backup MX
hosts.
smtpd_restriction_classes
! Declares the name of zero or more parameters that
! contain a list of UCE restrictions. The names of
! these parameters can then be used instead of the
restriction lists that they represent.
smtpd_null_access_lookup_key
! The lookup key to be used in SMTPD access tables
! instead of the null sender address. A null sender
address cannot be looked up.
maps_rbl_domains (deprecated)
! List of DNS domains that publish the addresses of
blacklisted hosts. This is used with the deprecated
reject_maps_rbl restriction.
permit_mx_backup_networks
! Only domains whose primary MX hosts match the
! listed networks are eligible for the per-
mit_mx_backup feature.
relay_domains
! Restrict what domains this mail system will relay
! mail to. The domains are routed to the delivery
agent specified with the relay_transport setting.
UCE control responses
access_map_reject_code
! Response code when a client violates an access
database restriction.
default_rbl_reply
Default template reply when a request is RBL black-
! listed. This template is used by the reject_rbl_*
! and reject_rhsbl_* restrictions. See also:
rbl_reply_maps and smtpd_expansion_filter.
defer_code
! Response code when a client request is rejected by
the defer restriction.
invalid_hostname_reject_code
! Response code when a client violates the
reject_invalid_hostname restriction.
maps_rbl_reject_code
Response code when a request is RBL blacklisted.
rbl_reply_maps
! Table with template responses for RBL blacklisted
! requests, indexed by RBL domain name. These tem-
plates are used by the reject_rbl_* and
! reject_rhsbl_* restrictions. See also:
default_rbl_reply and smtpd_expansion_filter.
reject_code
! Response code when the client matches a reject
restriction.
relay_domains_reject_code
***************
*** 360,366 ****
mail relay policy.
unknown_address_reject_code
! Response code when a client violates the
reject_unknown_address restriction.
unknown_client_reject_code
--- 361,367 ----
mail relay policy.
unknown_address_reject_code
! Response code when a client violates the
reject_unknown_address restriction.
unknown_client_reject_code
***************
*** 369,375 ****
tion.
unknown_hostname_reject_code
! Response code when a client violates the
reject_unknown_hostname restriction.
SEE ALSO
--- 370,376 ----
tion.
unknown_hostname_reject_code
! Response code when a client violates the
reject_unknown_hostname restriction.
SEE ALSO
***************
*** 379,385 ****
syslogd(8) system logging
LICENSE
! The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
--- 380,386 ----
syslogd(8) system logging
LICENSE
! The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
diff -cr --new-file /tmp/postfix-2.0.15/man/man5/pcre_table.5 ./man/man5/pcre_table.5
*** /tmp/postfix-2.0.15/man/man5/pcre_table.5 Thu Jul 31 19:03:34 2003
--- ./man/man5/pcre_table.5 Mon Sep 8 08:36:26 2003
***************
*** 38,48 ****
A logical line starts with non-whitespace text. A line that
starts with whitespace continues a logical line.
.IP "\fBif /\fIpattern\fB/\fIflags\fR"
- .IP "\fBif !/\fIpattern\fB/\fIflags\fR"
.IP "\fBendif\fR"
Match the search string against the patterns between \fBif\fR
! and \fBendif\fR, if and only if the search string matches (does
! not match) \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
.sp
Note: do not prepend whitespace to patterns inside
\fBif\fR..\fBendif\fR.
--- 38,47 ----
A logical line starts with non-whitespace text. A line that
starts with whitespace continues a logical line.
.IP "\fBif /\fIpattern\fB/\fIflags\fR"
.IP "\fBendif\fR"
Match the search string against the patterns between \fBif\fR
! and \fBendif\fR, if and only if the search string matches
! \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
.sp
Note: do not prepend whitespace to patterns inside
\fBif\fR..\fBendif\fR.
diff -cr --new-file /tmp/postfix-2.0.15/man/man8/smtpd.8 ./man/man8/smtpd.8
*** /tmp/postfix-2.0.15/man/man8/smtpd.8 Mon Jun 16 12:55:13 2003
--- ./man/man8/smtpd.8 Wed Sep 10 19:46:40 2003
***************
*** 73,79 ****
Disallow non-RFC 821 style addresses in SMTP commands. For example,
the RFC822-style address forms with comments that Sendmail allows.
.IP \fBbroken_sasl_auth_clients\fR
! Support older Microsoft clients that mis-implement the AUTH
protocol, and that expect an EHLO response of "250 AUTH=list"
instead of "250 AUTH list".
.IP \fBsmtpd_noop_commands\fR
--- 73,79 ----
Disallow non-RFC 821 style addresses in SMTP commands. For example,
the RFC822-style address forms with comments that Sendmail allows.
.IP \fBbroken_sasl_auth_clients\fR
! Support Microsoft clients that implement an older version of the AUTH
protocol, and that expect an EHLO response of "250 AUTH=list"
instead of "250 AUTH list".
.IP \fBsmtpd_noop_commands\fR
***************
*** 87,93 ****
This parameter uses the same syntax as the right-hand side of
a Postfix transport table.
.SH "Authentication controls"
! .IP \fBenable_sasl_authentication\fR
Enable per-session authentication as per RFC 2554 (SASL).
This functionality is available only when explicitly selected
at program build time and explicitly enabled at runtime.
--- 87,93 ----
This parameter uses the same syntax as the right-hand side of
a Postfix transport table.
.SH "Authentication controls"
! .IP \fBsmtpd_sasl_auth_enable\fR
Enable per-session authentication as per RFC 2554 (SASL).
This functionality is available only when explicitly selected
at program build time and explicitly enabled at runtime.
diff -cr --new-file /tmp/postfix-2.0.15/proto/pcre_table ./proto/pcre_table
*** /tmp/postfix-2.0.15/proto/pcre_table Thu Jul 31 19:03:33 2003
--- ./proto/pcre_table Mon Sep 8 08:36:18 2003
***************
*** 32,42 ****
# A logical line starts with non-whitespace text. A line that
# starts with whitespace continues a logical line.
# .IP "\fBif /\fIpattern\fB/\fIflags\fR"
- # .IP "\fBif !/\fIpattern\fB/\fIflags\fR"
# .IP "\fBendif\fR"
# Match the search string against the patterns between \fBif\fR
! # and \fBendif\fR, if and only if the search string matches (does
! # not match) \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
# .sp
# Note: do not prepend whitespace to patterns inside
# \fBif\fR..\fBendif\fR.
--- 32,41 ----
# A logical line starts with non-whitespace text. A line that
# starts with whitespace continues a logical line.
# .IP "\fBif /\fIpattern\fB/\fIflags\fR"
# .IP "\fBendif\fR"
# Match the search string against the patterns between \fBif\fR
! # and \fBendif\fR, if and only if the search string matches
! # \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
# .sp
# Note: do not prepend whitespace to patterns inside
# \fBif\fR..\fBendif\fR.
diff -cr --new-file /tmp/postfix-2.0.15/src/bounce/Makefile.in ./src/bounce/Makefile.in
*** /tmp/postfix-2.0.15/src/bounce/Makefile.in Wed May 28 10:50:13 2003
--- ./src/bounce/Makefile.in Sat Sep 13 20:04:14 2003
***************
*** 126,131 ****
--- 126,132 ----
bounce_notify_util.o: ../../include/vbuf.h
bounce_notify_util.o: ../../include/vstream.h
bounce_notify_util.o: ../../include/line_wrap.h
+ bounce_notify_util.o: ../../include/stringops.h
bounce_notify_util.o: ../../include/mail_queue.h
bounce_notify_util.o: ../../include/quote_822_local.h
bounce_notify_util.o: ../../include/quote_flags.h
diff -cr --new-file /tmp/postfix-2.0.15/src/lmtp/Makefile.in ./src/lmtp/Makefile.in
*** /tmp/postfix-2.0.15/src/lmtp/Makefile.in Wed May 28 10:49:59 2003
--- ./src/lmtp/Makefile.in Sat Sep 13 20:04:09 2003
***************
*** 130,135 ****
--- 130,136 ----
lmtp_connect.o: ../../include/timed_connect.h
lmtp_connect.o: ../../include/stringops.h
lmtp_connect.o: ../../include/host_port.h
+ lmtp_connect.o: ../../include/sane_connect.h
lmtp_connect.o: ../../include/mail_params.h
lmtp_connect.o: ../../include/mail_proto.h
lmtp_connect.o: ../../include/attr.h
diff -cr --new-file /tmp/postfix-2.0.15/src/lmtp/lmtp.c ./src/lmtp/lmtp.c
*** /tmp/postfix-2.0.15/src/lmtp/lmtp.c Fri Oct 25 21:13:08 2002
--- ./src/lmtp/lmtp.c Wed Sep 10 20:13:30 2003
***************
*** 337,342 ****
--- 337,346 ----
lmtp_quit(state);
lmtp_chat_reset(state);
state->session = lmtp_session_free(state->session);
+ #ifdef USE_SASL_AUTH
+ if (var_lmtp_sasl_enable)
+ lmtp_sasl_cleanup(state);
+ #endif
}
/*
***************
*** 346,351 ****
--- 350,359 ----
else if (lmtp_rset(state) != 0) {
lmtp_chat_reset(state);
state->session = lmtp_session_free(state->session);
+ #ifdef USE_SASL_AUTH
+ if (var_lmtp_sasl_enable)
+ lmtp_sasl_cleanup(state);
+ #endif
}
/*
***************
*** 380,385 ****
--- 388,397 ----
*/
else if (lmtp_lhlo(state) != 0) {
state->session = lmtp_session_free(state->session);
+ #ifdef USE_SASL_AUTH
+ if (var_lmtp_sasl_enable)
+ lmtp_sasl_cleanup(state);
+ #endif
}
/*
diff -cr --new-file /tmp/postfix-2.0.15/src/lmtp/lmtp.h ./src/lmtp/lmtp.h
*** /tmp/postfix-2.0.15/src/lmtp/lmtp.h Tue May 22 14:37:14 2001
--- ./src/lmtp/lmtp.h Tue Sep 9 20:48:03 2003
***************
*** 53,59 ****
sasl_callback_t *sasl_callbacks; /* stateful callbacks */
#endif
int sndbufsize; /* total window size */
- int sndbuffree; /* remaining window */
int reuse; /* connection being reused */
} LMTP_STATE;
--- 53,58 ----
diff -cr --new-file /tmp/postfix-2.0.15/src/lmtp/lmtp_connect.c ./src/lmtp/lmtp_connect.c
*** /tmp/postfix-2.0.15/src/lmtp/lmtp_connect.c Mon Aug 11 15:10:46 2003
--- ./src/lmtp/lmtp_connect.c Fri Sep 12 20:35:38 2003
***************
*** 93,98 ****
--- 93,99 ----
#include
#include
#include
+ #include
/* Global library. */
***************
*** 221,227 ****
non_blocking(sock, BLOCKING);
errno = saved_errno;
} else {
! conn_stat = connect(sock, sa, len);
}
if (conn_stat < 0) {
vstring_sprintf(why, "connect to %s[%s]: %m",
--- 222,228 ----
non_blocking(sock, BLOCKING);
errno = saved_errno;
} else {
! conn_stat = sane_connect(sock, sa, len);
}
if (conn_stat < 0) {
vstring_sprintf(why, "connect to %s[%s]: %m",
diff -cr --new-file /tmp/postfix-2.0.15/src/lmtp/lmtp_proto.c ./src/lmtp/lmtp_proto.c
*** /tmp/postfix-2.0.15/src/lmtp/lmtp_proto.c Sat Jul 12 19:55:17 2003
--- ./src/lmtp/lmtp_proto.c Tue Sep 9 20:48:03 2003
***************
*** 245,255 ****
if (msg_verbose)
msg_info("server features: 0x%x", state->features);
- #ifdef USE_SASL_AUTH
- if (var_lmtp_sasl_enable && (state->features & LMTP_FEATURE_AUTH))
- return (lmtp_sasl_helo_login(state));
- #endif
-
/*
* We use LMTP command pipelining if the server said it supported it.
* Since we use blocking I/O, RFC 2197 says that we should inspect the
--- 245,250 ----
***************
*** 275,280 ****
--- 270,280 ----
} else
state->sndbufsize = 0;
+ #ifdef USE_SASL_AUTH
+ if (var_lmtp_sasl_enable && (state->features & LMTP_FEATURE_AUTH))
+ return (lmtp_sasl_helo_login(state));
+ #endif
+
return (0);
}
***************
*** 704,711 ****
/*
* Copy the next command to the buffer and update the sender state.
*/
! if (state->sndbuffree > 0)
! state->sndbuffree -= VSTRING_LEN(next_command) + 2;
lmtp_chat_cmd(state, "%s", vstring_str(next_command));
send_state = next_state;
send_rcpt = next_rcpt;
--- 704,711 ----
/*
* Copy the next command to the buffer and update the sender state.
*/
! if (sndbuffree > 0)
! sndbuffree -= VSTRING_LEN(next_command) + 2;
lmtp_chat_cmd(state, "%s", vstring_str(next_command));
send_state = next_state;
send_rcpt = next_rcpt;
diff -cr --new-file /tmp/postfix-2.0.15/src/lmtp/lmtp_sasl_glue.c ./src/lmtp/lmtp_sasl_glue.c
*** /tmp/postfix-2.0.15/src/lmtp/lmtp_sasl_glue.c Wed May 28 10:03:04 2003
--- ./src/lmtp/lmtp_sasl_glue.c Tue Sep 9 20:52:53 2003
***************
*** 36,42 ****
/* authentication.
/*
/* lmtp_sasl_passwd_lookup() looks up the username/password
! /* for the current SMTP server. The result is zero in case
/* of failure.
/*
/* lmtp_sasl_authenticate() implements the SASL authentication
--- 36,42 ----
/* authentication.
/*
/* lmtp_sasl_passwd_lookup() looks up the username/password
! /* for the current LMTP server. The result is zero in case
/* of failure.
/*
/* lmtp_sasl_authenticate() implements the SASL authentication
***************
*** 47,53 ****
/* suceeds.
/*
/* lmtp_sasl_cleanup() cleans up. It must be called at the
! /* end of every SMTP session that uses SASL authentication.
/* This routine is a noop for non-SASL sessions.
/*
/* Arguments:
--- 47,53 ----
/* suceeds.
/*
/* lmtp_sasl_cleanup() cleans up. It must be called at the
! /* end of every LMTP session that uses SASL authentication.
/* This routine is a noop for non-SASL sessions.
/*
/* Arguments:
diff -cr --new-file /tmp/postfix-2.0.15/src/lmtp/lmtp_state.c ./src/lmtp/lmtp_state.c
*** /tmp/postfix-2.0.15/src/lmtp/lmtp_state.c Fri Jan 19 19:36:50 2001
--- ./src/lmtp/lmtp_state.c Tue Sep 9 20:48:03 2003
***************
*** 80,86 ****
lmtp_sasl_connect(state);
#endif
state->sndbufsize = 0;
- state->sndbuffree = 0;
state->reuse = 0;
return (state);
}
--- 80,85 ----
diff -cr --new-file /tmp/postfix-2.0.15/src/smtp/Makefile.in ./src/smtp/Makefile.in
*** /tmp/postfix-2.0.15/src/smtp/Makefile.in Wed May 28 10:50:10 2003
--- ./src/smtp/Makefile.in Sat Sep 13 20:04:13 2003
***************
*** 137,142 ****
--- 137,143 ----
smtp_connect.o: ../../include/timed_connect.h
smtp_connect.o: ../../include/stringops.h
smtp_connect.o: ../../include/host_port.h
+ smtp_connect.o: ../../include/sane_connect.h
smtp_connect.o: ../../include/mail_params.h
smtp_connect.o: ../../include/own_inet_addr.h
smtp_connect.o: ../../include/dns.h
diff -cr --new-file /tmp/postfix-2.0.15/src/smtp/smtp_connect.c ./src/smtp/smtp_connect.c
*** /tmp/postfix-2.0.15/src/smtp/smtp_connect.c Mon Aug 11 15:11:05 2003
--- ./src/smtp/smtp_connect.c Fri Sep 12 20:35:53 2003
***************
*** 112,117 ****
--- 112,118 ----
#include
#include
#include
+ #include
/* Global library. */
***************
*** 208,214 ****
non_blocking(sock, BLOCKING);
errno = saved_errno;
} else {
! conn_stat = connect(sock, (struct sockaddr *) & sin, sizeof(sin));
}
if (conn_stat < 0) {
vstring_sprintf(why, "connect to %s[%s]: %m",
--- 209,215 ----
non_blocking(sock, BLOCKING);
errno = saved_errno;
} else {
! conn_stat = sane_connect(sock, (struct sockaddr *) & sin, sizeof(sin));
}
if (conn_stat < 0) {
vstring_sprintf(why, "connect to %s[%s]: %m",
diff -cr --new-file /tmp/postfix-2.0.15/src/smtpd/smtpd.c ./src/smtpd/smtpd.c
*** /tmp/postfix-2.0.15/src/smtpd/smtpd.c Wed Jun 11 11:51:34 2003
--- ./src/smtpd/smtpd.c Wed Sep 10 19:42:19 2003
***************
*** 59,65 ****
/* Disallow non-RFC 821 style addresses in SMTP commands. For example,
/* the RFC822-style address forms with comments that Sendmail allows.
/* .IP \fBbroken_sasl_auth_clients\fR
! /* Support older Microsoft clients that mis-implement the AUTH
/* protocol, and that expect an EHLO response of "250 AUTH=list"
/* instead of "250 AUTH list".
/* .IP \fBsmtpd_noop_commands\fR
--- 59,65 ----
/* Disallow non-RFC 821 style addresses in SMTP commands. For example,
/* the RFC822-style address forms with comments that Sendmail allows.
/* .IP \fBbroken_sasl_auth_clients\fR
! /* Support Microsoft clients that implement an older version of the AUTH
/* protocol, and that expect an EHLO response of "250 AUTH=list"
/* instead of "250 AUTH list".
/* .IP \fBsmtpd_noop_commands\fR
***************
*** 73,79 ****
/* This parameter uses the same syntax as the right-hand side of
/* a Postfix transport table.
/* .SH "Authentication controls"
! /* .IP \fBenable_sasl_authentication\fR
/* Enable per-session authentication as per RFC 2554 (SASL).
/* This functionality is available only when explicitly selected
/* at program build time and explicitly enabled at runtime.
--- 73,79 ----
/* This parameter uses the same syntax as the right-hand side of
/* a Postfix transport table.
/* .SH "Authentication controls"
! /* .IP \fBsmtpd_sasl_auth_enable\fR
/* Enable per-session authentication as per RFC 2554 (SASL).
/* This functionality is available only when explicitly selected
/* at program build time and explicitly enabled at runtime.
***************
*** 1585,1597 ****
*/
smtpd_state_init(&state, stream);
msg_info("connect from %s[%s]", state.name, state.addr);
-
- /*
- * XXX non_blocking() aborts upon error.
- */
- #ifdef BROKEN_READ_SELECT_ON_BLOCKING_SOCKET
- non_blocking(vstream_fileno(stream), NON_BLOCKING);
- #endif
/*
* See if we need to turn on verbose logging for this client.
--- 1585,1590 ----
diff -cr --new-file /tmp/postfix-2.0.15/src/smtpstone/Makefile.in ./src/smtpstone/Makefile.in
*** /tmp/postfix-2.0.15/src/smtpstone/Makefile.in Wed May 28 10:49:37 2003
--- ./src/smtpstone/Makefile.in Sat Sep 13 20:04:03 2003
***************
*** 103,108 ****
--- 103,109 ----
qmqp-source.o: ../../include/events.h
qmqp-source.o: ../../include/find_inet.h
qmqp-source.o: ../../include/netstring.h
+ qmqp-source.o: ../../include/sane_connect.h
qmqp-source.o: ../../include/mail_date.h
qmqp-source.o: ../../include/qmqp_proto.h
smtp-sink.o: smtp-sink.c
***************
*** 119,124 ****
--- 120,126 ----
smtp-sink.o: ../../include/mymalloc.h
smtp-sink.o: ../../include/msg_vstream.h
smtp-sink.o: ../../include/stringops.h
+ smtp-sink.o: ../../include/sane_accept.h
smtp-sink.o: ../../include/smtp_stream.h
smtp-source.o: smtp-source.c
smtp-source.o: ../../include/sys_defs.h
***************
*** 135,139 ****
--- 137,142 ----
smtp-source.o: ../../include/mymalloc.h
smtp-source.o: ../../include/events.h
smtp-source.o: ../../include/find_inet.h
+ smtp-source.o: ../../include/sane_connect.h
smtp-source.o: ../../include/smtp_stream.h
smtp-source.o: ../../include/mail_date.h
diff -cr --new-file /tmp/postfix-2.0.15/src/smtpstone/qmqp-source.c ./src/smtpstone/qmqp-source.c
*** /tmp/postfix-2.0.15/src/smtpstone/qmqp-source.c Fri Sep 7 12:17:46 2001
--- ./src/smtpstone/qmqp-source.c Fri Sep 12 20:45:39 2003
***************
*** 83,88 ****
--- 83,89 ----
#include
#include
#include
+ #include
/* Global library. */
***************
*** 306,312 ****
session->stream = vstream_fdopen(fd, O_RDWR);
event_enable_write(fd, connect_done, (char *) session);
netstring_setup(session->stream, var_timeout);
! if (connect(fd, sa, sa_length) < 0 && errno != EINPROGRESS)
fail_connect(session);
}
--- 307,313 ----
session->stream = vstream_fdopen(fd, O_RDWR);
event_enable_write(fd, connect_done, (char *) session);
netstring_setup(session->stream, var_timeout);
! if (sane_connect(fd, sa, sa_length) < 0 && errno != EINPROGRESS)
fail_connect(session);
}
diff -cr --new-file /tmp/postfix-2.0.15/src/smtpstone/smtp-sink.c ./src/smtpstone/smtp-sink.c
*** /tmp/postfix-2.0.15/src/smtpstone/smtp-sink.c Fri Aug 16 11:05:25 2002
--- ./src/smtpstone/smtp-sink.c Fri Sep 12 20:46:56 2003
***************
*** 98,103 ****
--- 98,104 ----
#include
#include
#include
+ #include
/* Global library. */
***************
*** 496,502 ****
SINK_STATE *state;
int fd;
! if ((fd = accept(sock, &sa, &len)) >= 0) {
if (msg_verbose)
msg_info("connect (%s)",
#ifdef AF_LOCAL
--- 497,503 ----
SINK_STATE *state;
int fd;
! if ((fd = sane_accept(sock, &sa, &len)) >= 0) {
if (msg_verbose)
msg_info("connect (%s)",
#ifdef AF_LOCAL
diff -cr --new-file /tmp/postfix-2.0.15/src/smtpstone/smtp-source.c ./src/smtpstone/smtp-source.c
*** /tmp/postfix-2.0.15/src/smtpstone/smtp-source.c Mon Mar 24 15:27:09 2003
--- ./src/smtpstone/smtp-source.c Fri Sep 12 20:45:54 2003
***************
*** 103,108 ****
--- 103,109 ----
#include
#include
#include
+ #include
/* Global library. */
***************
*** 411,417 ****
session->stream = vstream_fdopen(fd, O_RDWR);
event_enable_write(fd, connect_done, (char *) session);
smtp_timeout_setup(session->stream, var_timeout);
! if (connect(fd, sa, sa_length) < 0 && errno != EINPROGRESS)
fail_connect(session);
}
--- 412,418 ----
session->stream = vstream_fdopen(fd, O_RDWR);
event_enable_write(fd, connect_done, (char *) session);
smtp_timeout_setup(session->stream, var_timeout);
! if (sane_connect(fd, sa, sa_length) < 0 && errno != EINPROGRESS)
fail_connect(session);
}
diff -cr --new-file /tmp/postfix-2.0.15/src/util/Makefile.in ./src/util/Makefile.in
*** /tmp/postfix-2.0.15/src/util/Makefile.in Tue Aug 12 11:10:42 2003
--- ./src/util/Makefile.in Sat Sep 13 20:03:54 2003
***************
*** 26,32 ****
unix_connect.c unix_listen.c unix_trigger.c unsafe.c username.c \
valid_hostname.c vbuf.c vbuf_print.c vstream.c vstream_popen.c \
vstring.c vstring_vstream.c watchdog.c writable.c write_buf.c \
! write_wait.c strcasecmp.c nvtable.c host_port.c
OBJS = alldig.o argv.o argv_split.o attr_print0.o attr_print64.o \
attr_scan0.o attr_scan64.o base64_code.o basename.o binhash.o \
chroot_uid.o clean_env.o close_on_exec.o concatenate.o ctable.o \
--- 26,32 ----
unix_connect.c unix_listen.c unix_trigger.c unsafe.c username.c \
valid_hostname.c vbuf.c vbuf_print.c vstream.c vstream_popen.c \
vstring.c vstring_vstream.c watchdog.c writable.c write_buf.c \
! write_wait.c strcasecmp.c nvtable.c host_port.c sane_connect.c
OBJS = alldig.o argv.o argv_split.o attr_print0.o attr_print64.o \
attr_scan0.o attr_scan64.o base64_code.o basename.o binhash.o \
chroot_uid.o clean_env.o close_on_exec.o concatenate.o ctable.o \
***************
*** 54,60 ****
unix_connect.o unix_listen.o unix_trigger.o unsafe.o username.o \
valid_hostname.o vbuf.o vbuf_print.o vstream.o vstream_popen.o \
vstring.o vstring_vstream.o watchdog.o writable.o write_buf.o \
! write_wait.o nvtable.o $(STRCASE) host_port.o
HDRS = argv.h attr.h base64_code.h binhash.h chroot_uid.h clean_env.h \
connect.h ctable.h dict.h dict_db.h dict_dbm.h dict_env.h \
dict_ht.h dict_ldap.h dict_mysql.h dict_ni.h dict_nis.h \
--- 54,60 ----
unix_connect.o unix_listen.o unix_trigger.o unsafe.o username.o \
valid_hostname.o vbuf.o vbuf_print.o vstream.o vstream_popen.o \
vstring.o vstring_vstream.o watchdog.o writable.o write_buf.o \
! write_wait.o nvtable.o host_port.o sane_connect.o $(STRCASE)
HDRS = argv.h attr.h base64_code.h binhash.h chroot_uid.h clean_env.h \
connect.h ctable.h dict.h dict_db.h dict_dbm.h dict_env.h \
dict_ht.h dict_ldap.h dict_mysql.h dict_ni.h dict_nis.h \
***************
*** 72,78 ****
split_at.h stat_as.h stringops.h sys_defs.h timed_connect.h \
timed_wait.h trigger.h username.h valid_hostname.h vbuf.h \
vbuf_print.h vstream.h vstring.h vstring_vstream.h watchdog.h \
! nvtable.h host_port.h
TESTSRC = fifo_open.c fifo_rdwr_bug.c fifo_rdonly_bug.c select_bug.c \
stream_test.c dup2_pass_on_exec.c
WARN = -W -Wformat -Wimplicit -Wmissing-prototypes \
--- 72,78 ----
split_at.h stat_as.h stringops.h sys_defs.h timed_connect.h \
timed_wait.h trigger.h username.h valid_hostname.h vbuf.h \
vbuf_print.h vstream.h vstring.h vstring_vstream.h watchdog.h \
! nvtable.h host_port.h sane_connect.h
TESTSRC = fifo_open.c fifo_rdwr_bug.c fifo_rdonly_bug.c select_bug.c \
stream_test.c dup2_pass_on_exec.c
WARN = -W -Wformat -Wimplicit -Wmissing-prototypes \
***************
*** 808,813 ****
--- 808,814 ----
inet_connect.o: find_inet.h
inet_connect.o: inet_util.h
inet_connect.o: iostuff.h
+ inet_connect.o: sane_connect.h
inet_connect.o: connect.h
inet_connect.o: timed_connect.h
inet_listen.o: inet_listen.c
***************
*** 919,924 ****
--- 920,926 ----
msg_syslog.o: msg.h
msg_syslog.o: msg_output.h
msg_syslog.o: msg_syslog.h
+ msg_syslog.o: safe.h
msg_vstream.o: msg_vstream.c
msg_vstream.o: sys_defs.h
msg_vstream.o: vstream.h
***************
*** 1039,1044 ****
--- 1041,1050 ----
sane_accept.o: sys_defs.h
sane_accept.o: msg.h
sane_accept.o: sane_accept.h
+ sane_connect.o: sane_connect.c
+ sane_connect.o: sys_defs.h
+ sane_connect.o: msg.h
+ sane_connect.o: sane_connect.h
sane_link.o: sane_link.c
sane_link.o: sys_defs.h
sane_link.o: msg.h
***************
*** 1146,1154 ****
--- 1152,1162 ----
timed_connect.o: sys_defs.h
timed_connect.o: msg.h
timed_connect.o: iostuff.h
+ timed_connect.o: sane_connect.h
timed_connect.o: timed_connect.h
timed_read.o: timed_read.c
timed_read.o: sys_defs.h
+ timed_read.o: msg.h
timed_read.o: iostuff.h
timed_wait.o: timed_wait.c
timed_wait.o: sys_defs.h
***************
*** 1157,1162 ****
--- 1165,1171 ----
timed_wait.o: timed_wait.h
timed_write.o: timed_write.c
timed_write.o: sys_defs.h
+ timed_write.o: msg.h
timed_write.o: iostuff.h
translit.o: translit.c
translit.o: sys_defs.h
***************
*** 1177,1182 ****
--- 1186,1192 ----
unix_connect.o: sys_defs.h
unix_connect.o: msg.h
unix_connect.o: iostuff.h
+ unix_connect.o: sane_connect.h
unix_connect.o: connect.h
unix_connect.o: timed_connect.h
unix_listen.o: unix_listen.c
diff -cr --new-file /tmp/postfix-2.0.15/src/util/inet_connect.c ./src/util/inet_connect.c
*** /tmp/postfix-2.0.15/src/util/inet_connect.c Mon Nov 20 13:06:31 2000
--- ./src/util/inet_connect.c Fri Sep 12 21:04:12 2003
***************
*** 63,68 ****
--- 63,69 ----
#include "find_inet.h"
#include "inet_util.h"
#include "iostuff.h"
+ #include "sane_connect.h"
#include "connect.h"
#include "timed_connect.h"
***************
*** 114,120 ****
*/
else {
non_blocking(sock, block_mode);
! if (connect(sock, (struct sockaddr *) & sin, sizeof(sin)) < 0
&& errno != EINPROGRESS) {
close(sock);
return (-1);
--- 115,121 ----
*/
else {
non_blocking(sock, block_mode);
! if (sane_connect(sock, (struct sockaddr *) & sin, sizeof(sin)) < 0
&& errno != EINPROGRESS) {
close(sock);
return (-1);
diff -cr --new-file /tmp/postfix-2.0.15/src/util/inet_listen.c ./src/util/inet_listen.c
*** /tmp/postfix-2.0.15/src/util/inet_listen.c Mon Nov 20 13:06:32 2000
--- ./src/util/inet_listen.c Fri Sep 12 19:50:50 2003
***************
*** 116,120 ****
int inet_accept(int fd)
{
! return (sane_accept(fd, (struct sockaddr *) 0, (SOCKADDR_SIZE *) 0));
}
--- 116,123 ----
int inet_accept(int fd)
{
! struct sockaddr_in sin;
! SOCKADDR_SIZE len = sizeof(sin);
!
! return (sane_accept(fd, (struct sockaddr *) & sin, &len));
}
diff -cr --new-file /tmp/postfix-2.0.15/src/util/msg_syslog.c ./src/util/msg_syslog.c
*** /tmp/postfix-2.0.15/src/util/msg_syslog.c Tue Mar 27 16:54:27 2001
--- ./src/util/msg_syslog.c Sat Sep 13 21:34:33 2003
***************
*** 49,54 ****
--- 49,55 ----
#include
#include
#include
+ #include
/* Application-specific. */
***************
*** 57,62 ****
--- 58,64 ----
#include "msg.h"
#include "msg_output.h"
#include "msg_syslog.h"
+ #include "safe.h"
/*
* Stay a little below the 2048-byte limit of older syslog()
***************
*** 167,172 ****
--- 169,181 ----
{
static int first_call = 1;
+ /*
+ * XXX If this program is set-gid, then TZ must not be trusted.
+ * This scrubbing code is in the wrong place.
+ */
+ if (unsafe())
+ putenv("TZ=");
+ tzset();
openlog(name, LOG_NDELAY | logopt, facility);
if (first_call) {
first_call = 0;
diff -cr --new-file /tmp/postfix-2.0.15/src/util/sane_accept.c ./src/util/sane_accept.c
*** /tmp/postfix-2.0.15/src/util/sane_accept.c Sat Aug 9 19:44:09 2003
--- ./src/util/sane_accept.c Fri Sep 12 19:52:21 2003
***************
*** 13,18 ****
--- 13,21 ----
/* DESCRIPTION
/* sane_accept() implements the accept(2) socket call, and maps
/* known harmless error results to EAGAIN.
+ /*
+ /* If the buf and len arguments are not null, then additional
+ /* workarounds may be enabled that depend on the socket type.
/* BUGS
/* Bizarre systems may have other harmless error results. Such
/* systems encourage programers to ignore error results, and
***************
*** 89,93 ****
--- 92,112 ----
}
}
}
+
+ /*
+ * XXX Solaris select() produces false read events, so that read() blocks
+ * forever on a blocking socket, and fails with EAGAIN on a non-blocking
+ * socket. Turning on keepalives will fix a blocking socket provided that
+ * the kernel's keepalive timer expires before the Postfix watchdog
+ * timer.
+ */
+ #if defined(BROKEN_READ_SELECT_ON_TCP_SOCKET) && defined(SO_KEEPALIVE)
+ else if (sa != 0 && sa->sa_family == AF_INET) {
+ int on = 1;
+
+ (void) setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE,
+ (char *) &on, sizeof(on));
+ }
+ #endif
return (fd);
}
diff -cr --new-file /tmp/postfix-2.0.15/src/util/sane_connect.c ./src/util/sane_connect.c
*** /tmp/postfix-2.0.15/src/util/sane_connect.c Wed Dec 31 19:00:00 1969
--- ./src/util/sane_connect.c Sat Sep 13 20:17:29 2003
***************
*** 0 ****
--- 1,63 ----
+ /*++
+ /* NAME
+ /* sane_connect 3
+ /* SUMMARY
+ /* sanitize connect() results
+ /* SYNOPSIS
+ /* #include
+ /*
+ /* int sane_connect(sock, buf, len)
+ /* int sock;
+ /* struct sockaddr *buf;
+ /* SOCKADDR_SIZE *len;
+ /* DESCRIPTION
+ /* sane_connect() implements the accept(2) socket call, and maps
+ /* known harmless error results to EAGAIN.
+ /* BUGS
+ /* Bizarre systems may have other harmless error results. Such
+ /* systems encourage programers to ignore error results, and
+ /* penalizes programmers who code defensively.
+ /* LICENSE
+ /* .ad
+ /* .fi
+ /* The Secure Mailer license must be distributed with this software.
+ /* AUTHOR(S)
+ /* Wietse Venema
+ /* IBM T.J. Watson Research
+ /* P.O. Box 704
+ /* Yorktown Heights, NY 10598, USA
+ /*--*/
+
+ /* System library. */
+
+ #include "sys_defs.h"
+ #include
+ #include
+
+ /* Utility library. */
+
+ #include "msg.h"
+ #include "sane_connect.h"
+
+ /* sane_connect - sanitize connect() results */
+
+ int sane_connect(int sock, struct sockaddr * sa, SOCKADDR_SIZE len)
+ {
+
+ /*
+ * XXX Solaris select() produces false read events, so that read() blocks
+ * forever on a blocking socket, and fails with EAGAIN on a non-blocking
+ * socket. Turning on keepalives will fix a blocking socket provided that
+ * the kernel's keepalive timer expires before the Postfix watchdog
+ * timer.
+ */
+ #if defined(BROKEN_READ_SELECT_ON_TCP_SOCKET) && defined(SO_KEEPALIVE)
+ if (sa->sa_family == AF_INET) {
+ int on = 1;
+
+ (void) setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
+ (char *) &on, sizeof(on));
+ }
+ #endif
+ return (connect(sock, sa, len));
+ }
diff -cr --new-file /tmp/postfix-2.0.15/src/util/sane_connect.h ./src/util/sane_connect.h
*** /tmp/postfix-2.0.15/src/util/sane_connect.h Wed Dec 31 19:00:00 1969
--- ./src/util/sane_connect.h Fri Sep 12 15:37:08 2003
***************
*** 0 ****
--- 1,29 ----
+ #ifndef _SANE_CONNECT_H_
+ #define _SANE_CONNECT_H_
+
+ /*++
+ /* NAME
+ /* sane_connect 3h
+ /* SUMMARY
+ /* sanitize connect() results
+ /* SYNOPSIS
+ /* #include
+ /* DESCRIPTION
+ /* .nf
+
+ /* External interface. */
+
+ extern int sane_connect(int, struct sockaddr *, SOCKADDR_SIZE);
+
+ /* LICENSE
+ /* .ad
+ /* .fi
+ /* The Secure Mailer license must be distributed with this software.
+ /* AUTHOR(S)
+ /* Wietse Venema
+ /* IBM T.J. Watson Research
+ /* P.O. Box 704
+ /* Yorktown Heights, NY 10598, USA
+ /*--*/
+
+ #endif
diff -cr --new-file /tmp/postfix-2.0.15/src/util/sys_defs.h ./src/util/sys_defs.h
*** /tmp/postfix-2.0.15/src/util/sys_defs.h Mon Jun 9 20:11:56 2003
--- ./src/util/sys_defs.h Wed Sep 10 20:33:31 2003
***************
*** 261,267 ****
#define LOCAL_CONNECT stream_connect
#define LOCAL_TRIGGER stream_trigger
#define HAS_VOLATILE_LOCKS
! #define BROKEN_READ_SELECT_ON_BLOCKING_SOCKET
/*
* Allow build environment to override paths.
*/
--- 261,267 ----
#define LOCAL_CONNECT stream_connect
#define LOCAL_TRIGGER stream_trigger
#define HAS_VOLATILE_LOCKS
! #define BROKEN_READ_SELECT_ON_TCP_SOCKET
/*
* Allow build environment to override paths.
*/
diff -cr --new-file /tmp/postfix-2.0.15/src/util/timed_connect.c ./src/util/timed_connect.c
*** /tmp/postfix-2.0.15/src/util/timed_connect.c Mon Nov 20 13:06:36 2000
--- ./src/util/timed_connect.c Fri Sep 12 19:53:08 2003
***************
*** 59,64 ****
--- 59,65 ----
#include "msg.h"
#include "iostuff.h"
+ #include "sane_connect.h"
#include "timed_connect.h"
/* timed_connect - connect with deadline */
***************
*** 78,84 ****
/*
* Start the connection, and handle all possible results.
*/
! if (connect(sock, sa, len) == 0)
return (0);
if (errno != EINPROGRESS)
return (-1);
--- 79,85 ----
/*
* Start the connection, and handle all possible results.
*/
! if (sane_connect(sock, sa, len) == 0)
return (0);
if (errno != EINPROGRESS)
return (-1);
diff -cr --new-file /tmp/postfix-2.0.15/src/util/unix_connect.c ./src/util/unix_connect.c
*** /tmp/postfix-2.0.15/src/util/unix_connect.c Mon Nov 20 13:06:37 2000
--- ./src/util/unix_connect.c Fri Sep 12 19:48:25 2003
***************
*** 50,55 ****
--- 50,56 ----
#include "msg.h"
#include "iostuff.h"
+ #include "sane_connect.h"
#include "connect.h"
#include "timed_connect.h"
***************
*** 99,105 ****
*/
else {
non_blocking(sock, block_mode);
! if (connect(sock, (struct sockaddr *) & sun, sizeof(sun)) < 0
&& errno != EINPROGRESS) {
close(sock);
return (-1);
--- 100,106 ----
*/
else {
non_blocking(sock, block_mode);
! if (sane_connect(sock, (struct sockaddr *) & sun, sizeof(sun)) < 0
&& errno != EINPROGRESS) {
close(sock);
return (-1);