Hello community,
here is the log from the commit of package postfix
checked in at Thu Aug 7 01:34:34 CEST 2008.
--------
--- postfix/postfix.changes 2008-07-09 15:12:07.000000000 +0200
+++ /mounts/work_src_done/STABLE/postfix/postfix.changes 2008-08-06 13:36:06.527530000 +0200
@@ -1,0 +2,17 @@
+Wed Aug 6 13:33:01 CEST 2008 - varkoly@suse.de
+
+- (bnc#414959) postfix doesn't have any "Name: " tag in firewall definition
+- (bnc#405900) SuSEconfig.postfix changes owner and permissions of
+ /tmp if smtpd_tls_CApath is not set
+
+- Update to Version 2.5 patchlevel 3
+ * Cleanup of code
+ * defer delivery when a mailbox file is not owned by the recipient.
+ Requested by Sebastian Krahmer, SuSE.
+ Specify "strict_mailbox_ownership=no" to ignore ownership discrepancies.
+ * Bugfix: null-terminate CN comment string after sanitization.
+ * Bugfix (introduced Postfix 2.0): after "warn_if_reject
+ reject_unlisted_recipient/sender", the SMTP server mistakenly
+ remembered that recipient/sender validation was already done.
+
+-------------------------------------------------------------------
Old:
----
postfix-2.5.1.tar.gz
New:
----
postfix-2.5.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ postfix.spec ++++++
--- /var/tmp/diff_new_pack.eW5282/_old 2008-08-07 01:34:04.000000000 +0200
+++ /var/tmp/diff_new_pack.eW5282/_new 2008-08-07 01:34:04.000000000 +0200
@@ -1,10 +1,17 @@
#
-# spec file for package postfix (Version 2.5.1)
+# spec file for package postfix (Version 2.5.3)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
@@ -24,8 +31,8 @@
Conflicts: sendmail exim
AutoReqProv: on
Summary: A fast, secure, and flexible mailer
-Version: 2.5.1
-Release: 34
+Version: 2.5.3
+Release: 1
Source: postfix-%{version}.tar.gz
Source1: postfix-SuSE.tar.gz
Patch: dynamic_maps.patch
@@ -41,7 +48,6 @@
Summary: postfix plugin to support MySQL maps
AutoReqProv: on
Group: Productivity/Networking/Email/Servers
-Prefix: %{_prefix}
PreReq: %{name} = %{version}
#
@@ -50,7 +56,6 @@
Summary: postfix plugin to support PostgreSQL maps
AutoReqProv: on
Group: Productivity/Networking/Email/Servers
-Prefix: %{_prefix}
PreReq: %{name} = %{version}
#
@@ -67,7 +72,7 @@
%define pf_config_directory /etc/postfix
%define pf_daemon_directory /usr/lib/postfix
%define pf_command_directory /usr/sbin
-%define pf_queue_directory /var/spool/postfix
+%define pf_queue_directory var/spool/postfix
%define pf_sendmail_path /usr/sbin/sendmail
%define pf_newaliases_path /usr/bin/newaliases
%define pf_mailq_path /usr/bin/mailq
@@ -127,7 +132,7 @@
%install
/usr/sbin/groupadd -g %{postfix_gid} -o -r postfix 2> /dev/null || :
/usr/sbin/groupadd -g %{maildrop_gid} -o -r maildrop 2> /dev/null || :
-/usr/sbin/useradd -r -o -g postfix -u %{postfix_uid} -s /bin/false -c "Postfix Daemon" -d /var/spool/postfix postfix 2> /dev/null || :
+/usr/sbin/useradd -r -o -g postfix -u %{postfix_uid} -s /bin/false -c "Postfix Daemon" -d /%{pf_queue_directory} postfix 2> /dev/null || :
mkdir -p $RPM_BUILD_ROOT/%{_libdir}
install lib/*.1 $RPM_BUILD_ROOT/%{_libdir}
for i in $RPM_BUILD_ROOT/%{_libdir}/*.1; do
@@ -145,7 +150,7 @@
config_directory=%{pf_config_directory} \
daemon_directory=%{pf_daemon_directory} \
command_directory=%{pf_command_directory} \
- queue_directory=%{pf_queue_directory} \
+ queue_directory=/%{pf_queue_directory} \
sendmail_path=%{pf_sendmail_path} \
newaliases_path=%{pf_newaliases_path} \
mailq_path=%{pf_mailq_path} \
@@ -200,7 +205,7 @@
install -m 600 postfix-SuSE/smtpd.conf $RPM_BUILD_ROOT/etc/sasl2/smtpd.conf
install -m 644 postfix-SuSE/openssl_postfix.conf.in $RPM_BUILD_ROOT/etc/postfix/openssl_postfix.conf.in
install -m 755 postfix-SuSE/mkpostfixcert $RPM_BUILD_ROOT/usr/sbin/mkpostfixcert
-rm -rf $RPM_BUILD_ROOT/var/spool/postfix
+rm -rf $RPM_BUILD_ROOT/%{pf_queue_directory}
install -m 644 postfix-SuSE/master.cf $RPM_BUILD_ROOT/%{conf_backup_dir}/master.cf
mkdir -p $RPM_BUILD_ROOT/%{omc_dir}
install -m 644 postfix-SuSE/postfix.xml $RPM_BUILD_ROOT/%{omc_dir}
@@ -258,7 +263,7 @@
\$queue_directory*)
path=${path/\$queue_directory/\/var\/spool\/postfix}
group=${group/-/root}
- echo "%dir %attr($mode,$owner,$group) $path" >> %{postfixfiles}
+ echo "%dir %attr($mode,$owner,$group) $path/" >> %{postfixfiles}
mkdir -m $mode -p $RPM_BUILD_ROOT/$path
printf '%%-38s %%-18s %%04d\n' $path "${owner}.${group}" $mode >> $RPM_BUILD_ROOT/etc/permissions.d/postfix
;;
@@ -278,8 +283,8 @@
%pre
VERSIONTEST=$(test -x usr/sbin/postconf && usr/sbin/postconf proxy_read_maps 2>/dev/null)
-if [ -z "$VERSIONTEST" -a -f var/spool/postfix/pid/master.pid ]; then
- if checkproc -p var/spool/postfix/pid/master.pid usr/lib/postfix/master; then
+if [ -z "$VERSIONTEST" -a -f %{pf_queue_directory}/pid/master.pid ]; then
+ if checkproc -p %{pf_queue_directory}/pid/master.pid usr/lib/postfix/master; then
echo "postfix is still running. You have to stop postfix in order to"
echo "install a newer version."
exit 1
@@ -287,7 +292,7 @@
fi
/usr/sbin/groupadd -g %{postfix_gid} -o -r postfix 2> /dev/null || :
/usr/sbin/groupadd -g %{maildrop_gid} -o -r maildrop 2> /dev/null || :
-/usr/sbin/useradd -r -o -g postfix -u %{postfix_uid} -s /bin/false -c "Postfix Daemon" -d /var/spool/postfix postfix 2> /dev/null || :
+/usr/sbin/useradd -r -o -g postfix -u %{postfix_uid} -s /bin/false -c "Postfix Daemon" -d /%{pf_queue_directory} postfix 2> /dev/null || :
%if %suse_version >= 900
%preun
@@ -419,6 +424,7 @@
%restart_on_update postfix
%endif
%insserv_cleanup
+ldconfig
%clean
rm -rf $RPM_BUILD_ROOT
@@ -557,7 +563,8 @@
Wietse Venema
%description mysql
-postfix plugin to support MySQL maps
+Postfix plugin to support MySQL maps. This library will be loaded by
+starting postfix if you'll access a postmap which is stored in mysql.
@@ -566,7 +573,9 @@
Wietse Venema
%description postgresql
-postfix plugin to support PostgreSQL maps
+Postfix plugin to support PostgreSQL maps. This library will be loaded
+by starting postfix if you'll access a postmap which is stored in
+PostgreSQL.
@@ -584,6 +593,19 @@
Wietse Venema
%changelog
+* Wed Aug 06 2008 varkoly@suse.de
+- (bnc#414959) postfix doesn't have any "Name: " tag in firewall definition
+- (bnc#405900) SuSEconfig.postfix changes owner and permissions of
+ /tmp if smtpd_tls_CApath is not set
+- Update to Version 2.5 patchlevel 3
+ * Cleanup of code
+ * defer delivery when a mailbox file is not owned by the recipient.
+ Requested by Sebastian Krahmer, SuSE.
+ Specify "strict_mailbox_ownership=no" to ignore ownership discrepancies.
+ * Bugfix: null-terminate CN comment string after sanitization.
+ * Bugfix (introduced Postfix 2.0): after "warn_if_reject
+ reject_unlisted_recipient/sender", the SMTP server mistakenly
+ remembered that recipient/sender validation was already done.
* Wed Jul 09 2008 varkoly@suse.de
- (fate#305005) Enable SMTPS in postfix ootb
* Tue Jun 17 2008 varkoly@suse.de
++++++ postfix-2.5.1.tar.gz -> postfix-2.5.3.tar.gz ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/HISTORY new/postfix-2.5.3/HISTORY
--- old/postfix-2.5.1/HISTORY 2008-02-11 01:36:18.000000000 +0100
+++ new/postfix-2.5.3/HISTORY 2008-07-27 22:45:34.000000000 +0200
@@ -14297,10 +14297,6 @@
main.cf when "postfix start" is invoked with an obsolete
postfix command. File: conf/post-install.
- Workaround (introduced 20071204): update the wrong proxywrite
- process limit when upgrading an already installed default
- master.cf file. File: conf/post-install.
-
20080207
Cleanup: soft_bounce support for multi-line Milter replies.
@@ -14312,3 +14308,106 @@
Cleanup: multi-line support in SMTP server replies. File:
smtpd/smtpd_chat.c.
+20080215
+
+ Safety: break SASL loop in case both the SASL library and
+ the remote SMTP server are confused. File: smtp/smtp_sasl_glue.c.
+
+20080220
+
+ Safety: the master daemon now sets an exclusive lock on a
+ file $data_directory/master.lock, so that the data directory
+ can't be shared between multiple Postfix instances. This
+ would corrupt files that rely on single-writer updates
+ (examples: verify(8) cache, tlsmgr(8) caches, etc.). File:
+ master/master.c.
+
+20080228
+
+ Bugfix: bounce(8) segfault on one-line template text.
+ Problem found by Sacha Chlytor. File: bounce/bounce_template.c.
+
+20080310
+
+ Safety: the SMTP server's Dovecot authentication client now
+ enforces the SASL mechanism output filter also on client
+ command input. File: src/xsasl/xsasl_dovecot_server.c.
+
+20080311
+
+ Bugfix (introduced 20070811): the MAIL and RCPT Milter
+ application call-backs no longer received {mail_addr} or
+ {rcpt_addr} information. Problem reported by Anton Yuzhaninov.
+ File: smtpd/smtpd.c.
+
+20080318
+
+ Human factors: the PCRE and regexp maps now give more
+ comprehensible error messages when people make the common
+ mistake of indenting if/endif blocks. Files: util/dict_pcre.c,
+ util/dict_regexp.c.
+
+20080411
+
+ Bugfix (introduced Postfix 2.0): after "warn_if_reject
+ reject_unlisted_recipient/sender", the SMTP server mistakenly
+ remembered that recipient/sender validation was already
+ done. File: smtpd/smtpd_check.c.
+
+ Bugfix (introduced Postfix 2.3): the queue manager would
+ initialize missing client logging attributes (from xforward)
+ with real client attributes. Fix: enable this backwards
+ compatibility feature only with queue files that don't
+ contain logging attributes. Problem reported by Liviu Daia.
+ Files *qmgr/qmgr_message.c.
+
+20080424
+
+ Cleanup: some warning messages said "regexp" or "regexp
+ map" instead of "pcre map". File: util/dict_pcre.c.
+
+20080428
+
+ Cleanup: the proxy_read_maps (Postfix 2.0) default setting
+ was not updated when adding sender/recipient_bcc_maps
+ (Postfix 2.1) and smtp/lmtp_generic_maps (Postfix 2.3).
+ File: global/mail_params.h.
+
+ Cleanup: the SMTP server's XFORWARD and XCLIENT support was
+ not updated when the smtpd_client_port_logging configuration
+ parameter was added. Code by Victor Duchovni. Files:
+ smtpd/smtpd.c, smtpd/smtpd_peer.c.
+
+20080509
+
+ Bugfix: null-terminate CN comment string after sanitization.
+ File: smtpd/smtpd.c.
+
+20080603
+
+ Workaround: avoid "bad address pattern" errors with non-address
+ patterns in namadr_list_match() calls. File: util/match_ops.c.
+
+20080620
+
+ Bugfix (introduced 20080207): "cleanup -v" panic because
+ the new "SMTP reply" request flag did not have a printable
+ name. File: global/cleanup_strflags.c.
+
+ Cleanup: using "Before-queue content filter", RFC3848
+ information was not added to the headers. Carlos Velasco.
+ File smtpd/smtpd.c.
+
+20080717
+
+ Cleanup: a poorly-implemented integer overflow check for
+ TCP MSS calculation had the unexpected effect that people
+ broke Postfix on LP64 systems while attempting to silence
+ a compiler warning. File: util/vstream_tweak.c.
+
+20080725
+
+ Paranoia: defer delivery when a mailbox file is not owned
+ by the recipient. Requested by Sebastian Krahmer, SuSE.
+ Specify "strict_mailbox_ownership=no" to ignore ownership
+ discrepancies. Files: local/mailbox.c, virtual/mailbox.c.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/html/ADDRESS_VERIFICATION_README.html new/postfix-2.5.3/html/ADDRESS_VERIFICATION_README.html
--- old/postfix-2.5.1/html/ADDRESS_VERIFICATION_README.html 2008-02-14 01:41:16.000000000 +0100
+++ new/postfix-2.5.3/html/ADDRESS_VERIFICATION_README.html 2008-05-09 02:11:57.000000000 +0200
@@ -207,9 +207,10 @@
transferred. Postfix address verification does not work with such
sites. </p>
-<li> <p> By default, Postfix probe messages have "postmaster@$<a href="postconf.5.html#myorigin">myorigin</a>"
-as the sender address. This is SAFE because the Postfix SMTP server
-does not reject mail for this address. </p>
+<li> <p> By default, Postfix probe messages have "double-bounce@$<a href="postconf.5.html#myorigin">myorigin</a>"
+as the sender address (with Postfix versions before 2.5, the default
+is "postmaster@$<a href="postconf.5.html#myorigin">myorigin</a>"). This is SAFE because the Postfix SMTP
+server does not reject mail for this address. </p>
<p> You can change this into the null address ("<a href="postconf.5.html#address_verify_sender">address_verify_sender</a>
="). This is UNSAFE because address probes will fail with
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/html/local.8.html new/postfix-2.5.3/html/local.8.html
--- old/postfix-2.5.1/html/local.8.html 2008-01-08 23:22:42.000000000 +0100
+++ new/postfix-2.5.3/html/local.8.html 2008-07-27 22:30:39.000000000 +0200
@@ -398,60 +398,66 @@
attempt; do not update the Delivered-To: address
while expanding aliases or .forward files.
+ Available in Postfix version 2.5.3 and later:
+
+ <b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
+ Defer delivery when a mailbox file is not owned by
+ its recipient.
+
<b>DELIVERY METHOD CONTROLS</b>
- The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to
- low is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>,
- <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>,
- <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, fallback_trans-
+ The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to
+ low is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>,
+ <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>,
+ <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, fallback_trans-
port_maps, <a href="postconf.5.html#fallback_transport">fallback_transport</a>, and <a href="postconf.5.html#luser_relay">luser_relay</a>.
<b><a href="postconf.5.html#alias_maps">alias_maps</a> (see 'postconf -d' output)</b>
- The alias databases that are used for <a href="local.8.html"><b>local</b>(8)</a>
+ The alias databases that are used for <a href="local.8.html"><b>local</b>(8)</a>
delivery.
<b><a href="postconf.5.html#forward_path">forward_path</a> (see 'postconf -d' output)</b>
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent search list for finding
- a .forward file with user-specified delivery meth-
+ a .forward file with user-specified delivery meth-
ods.
<b><a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a> (empty)</b>
- Optional lookup tables with per-recipient message
- delivery transports to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox
- delivery, whether or not the recipients are found
+ Optional lookup tables with per-recipient message
+ delivery transports to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox
+ delivery, whether or not the recipients are found
in the UNIX passwd database.
<b><a href="postconf.5.html#mailbox_transport">mailbox_transport</a> (empty)</b>
- Optional message delivery transport that the
- <a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for mailbox
- delivery to all local recipients, whether or not
+ Optional message delivery transport that the
+ <a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for mailbox
+ delivery to all local recipients, whether or not
they are found in the UNIX passwd database.
<b><a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a> (empty)</b>
- Optional lookup tables with per-recipient external
+ Optional lookup tables with per-recipient external
commands to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox delivery.
<b><a href="postconf.5.html#mailbox_command">mailbox_command</a> (empty)</b>
- Optional external command that the <a href="local.8.html"><b>local</b>(8)</a> deliv-
+ Optional external command that the <a href="local.8.html"><b>local</b>(8)</a> deliv-
ery agent should use for mailbox delivery.
<b><a href="postconf.5.html#home_mailbox">home_mailbox</a> (empty)</b>
- Optional pathname of a mailbox file relative to a
+ Optional pathname of a mailbox file relative to a
<a href="local.8.html"><b>local</b>(8)</a> user's home directory.
<b><a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> (see 'postconf -d' output)</b>
- The directory where <a href="local.8.html"><b>local</b>(8)</a> UNIX-style mailboxes
+ The directory where <a href="local.8.html"><b>local</b>(8)</a> UNIX-style mailboxes
are kept.
<b><a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a> (empty)</b>
- Optional lookup tables with per-recipient message
- delivery transports for recipients that the
- <a href="local.8.html"><b>local</b>(8)</a> delivery agent could not find in the
+ Optional lookup tables with per-recipient message
+ delivery transports for recipients that the
+ <a href="local.8.html"><b>local</b>(8)</a> delivery agent could not find in the
<a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password database.
<b><a href="postconf.5.html#fallback_transport">fallback_transport</a> (empty)</b>
- Optional message delivery transport that the
- <a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for names that
- are not found in the <a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password
+ Optional message delivery transport that the
+ <a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for names that
+ are not found in the <a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password
database.
<b><a href="postconf.5.html#luser_relay">luser_relay</a> (empty)</b>
@@ -461,7 +467,7 @@
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a> (empty)</b>
- The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for
delivery to external command.
<b>MAILBOX LOCKING CONTROLS</b>
@@ -470,15 +476,15 @@
sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
- The time between attempts to acquire an exclusive
+ The time between attempts to acquire an exclusive
lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
- The time after which a stale exclusive mailbox
+ The time after which a stale exclusive mailbox
lockfile is removed.
<b><a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> (see 'postconf -d' output)</b>
- How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before
+ How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before
attempting delivery.
<b>RESOURCE AND RATE CONTROLS</b>
@@ -486,17 +492,17 @@
Time limit for delivery to external commands.
<b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
- The maximal number of addresses remembered by the
- address duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>vir-</b></a>
+ The maximal number of addresses remembered by the
+ address duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>vir-</b></a>
<a href="virtual.5.html"><b>tual</b>(5)</a> alias expansion, or for <a href="showq.8.html"><b>showq</b>(8)</a> queue dis-
plays.
<b><a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> (2)</b>
- The maximal number of parallel deliveries via the
+ The maximal number of parallel deliveries via the
local mail delivery transport to the same recipient
- (when "<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> = 1") or
- the maximal number of parallel deliveries to the
- same <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> (when "local_destination_recipi-
+ (when "<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> = 1") or
+ the maximal number of parallel deliveries to the
+ same <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> (when "local_destination_recipi-
ent_limit > 1").
<b><a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> (1)</b>
@@ -509,33 +515,39 @@
<b>SECURITY CONTROLS</b>
<b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> (alias, forward)</b>
- Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external com-
+ Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external com-
mands.
<b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a> (alias, forward)</b>
- Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external files.
+ Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external files.
<b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a> (see 'postconf -d' output)</b>
- Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
- agent allows in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_com</a>-
- <a href="postconf.5.html#mailbox_command">mand</a>.
+ Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
+ agent allows in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_com</a>-
+ <a href="postconf.5.html#mailbox_command">mand</a> and $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>.
<b><a href="postconf.5.html#default_privs">default_privs</a> (nobody)</b>
- The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery
+ The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent for delivery to external file or command.
<b><a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a> (see 'postconf -d' output)</b>
- Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
- agent allows in $name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>.
+ Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
+ agent allows in $name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a> (see 'postconf -d'</b>
<b>output)</b>
- Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
+ Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execu</a>-
<a href="postconf.5.html#command_execution_directory">tion_directory</a>.
+ Available in Postfix version 2.5.3 and later:
+
+ <b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
+ Defer delivery when a mailbox file is not owned by
+ its recipient.
+
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/html/master.8.html new/postfix-2.5.3/html/master.8.html
--- old/postfix-2.5.1/html/master.8.html 2007-07-13 22:16:55.000000000 +0200
+++ new/postfix-2.5.3/html/master.8.html 2008-05-09 02:12:00.000000000 +0200
@@ -171,6 +171,7 @@
/etc/postfix/<a href="postconf.5.html">main.cf</a>, global configuration file.
/etc/postfix/<a href="master.5.html">master.cf</a>, master server configuration file.
/var/spool/postfix/pid/master.pid, master lock file.
+ /var/lib/postfix/master.lock, master lock file.
<b>SEE ALSO</b>
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/html/postconf.5.html new/postfix-2.5.3/html/postconf.5.html
--- old/postfix-2.5.1/html/postconf.5.html 2008-02-14 01:41:27.000000000 +0100
+++ new/postfix-2.5.3/html/postconf.5.html 2008-07-27 21:47:10.000000000 +0200
@@ -12497,6 +12497,17 @@
</DD>
+<DT><b><a name="strict_mailbox_ownership">strict_mailbox_ownership</a>
+(default: yes)</b></DT><DD>
+
+<p> Defer delivery when a mailbox file is not owned by its recipient.
+The default setting is not backwards compatible. </p>
+
+<p> This feature is available in Postfix 2.5.3 and later. </p>
+
+
+</DD>
+
<DT><b><a name="strict_mime_encoding_domain">strict_mime_encoding_domain</a>
(default: no)</b></DT><DD>
@@ -13211,7 +13222,7 @@
(default: 450)</b></DT><DD>
<p>
-The numerical Postfix SMTP server response code when a recipient
+The numerical Postfix SMTP server response code when a sender
address is rejected by the <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
</p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/html/smtpd.8.html new/postfix-2.5.3/html/smtpd.8.html
--- old/postfix-2.5.1/html/smtpd.8.html 2008-02-11 01:49:26.000000000 +0100
+++ new/postfix-2.5.3/html/smtpd.8.html 2008-07-27 20:01:01.000000000 +0200
@@ -956,7 +956,7 @@
<b><a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> (450)</b>
The numerical Postfix SMTP server response code
- when a recipient address is rejected by the
+ when a sender address is rejected by the
<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
<b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/html/virtual.8.html new/postfix-2.5.3/html/virtual.8.html
--- old/postfix-2.5.1/html/virtual.8.html 2008-01-08 23:22:44.000000000 +0100
+++ new/postfix-2.5.3/html/virtual.8.html 2008-07-27 22:33:17.000000000 +0200
@@ -200,9 +200,15 @@
destination for final delivery to domains listed
with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
+ Available in Postfix version 2.5.3 and later:
+
+ <b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
+ Defer delivery when a mailbox file is not owned by
+ its recipient.
+
<b>LOCKING CONTROLS</b>
<b><a href="postconf.5.html#virtual_mailbox_lock">virtual_mailbox_lock</a> (see 'postconf -d' output)</b>
- How to lock a UNIX-style <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox before
+ How to lock a UNIX-style <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox before
attempting delivery.
<b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
@@ -210,41 +216,41 @@
sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
- The time between attempts to acquire an exclusive
+ The time between attempts to acquire an exclusive
lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
- The time after which a stale exclusive mailbox
+ The time after which a stale exclusive mailbox
lockfile is removed.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
- The maximal number of parallel deliveries to the
- same destination via the virtual message delivery
+ The maximal number of parallel deliveries to the
+ same destination via the virtual message delivery
transport.
<b><a href="postconf.5.html#virtual_destination_recipient_limit">virtual_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
- The maximal number of recipients per delivery via
+ The maximal number of recipients per delivery via
the virtual message delivery transport.
<b><a href="postconf.5.html#virtual_mailbox_limit">virtual_mailbox_limit</a> (51200000)</b>
- The maximal size in bytes of an individual mailbox
+ The maximal size in bytes of an individual mailbox
or maildir file, or zero (no limit).
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
+ The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@@ -252,33 +258,33 @@
over an internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
+ The maximum amount of time that an idle Postfix
+ daemon process waits for an incoming connection
before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
@@ -291,20 +297,20 @@
<a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
- This delivery agent was originally based on the Postfix
- local delivery agent. Modifications mainly consisted of
- removing code that either was not applicable or that was
- not safe in this context: aliases, ~user/.forward files,
+ This delivery agent was originally based on the Postfix
+ local delivery agent. Modifications mainly consisted of
+ removing code that either was not applicable or that was
+ not safe in this context: aliases, ~user/.forward files,
delivery to "|command" or to /file/name.
The <b>Delivered-To:</b> message header appears in the <b>qmail</b> sys-
tem by Daniel Bernstein.
- The <b>maildir</b> structure appears in the <b>qmail</b> system by
+ The <b>maildir</b> structure appears in the <b>qmail</b> system by
Daniel Bernstein.
<b>AUTHOR(S)</b>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/man/man5/postconf.5 new/postfix-2.5.3/man/man5/postconf.5
--- old/postfix-2.5.1/man/man5/postconf.5 2008-02-14 01:41:28.000000000 +0100
+++ new/postfix-2.5.3/man/man5/postconf.5 2008-07-27 21:47:10.000000000 +0200
@@ -7771,6 +7771,11 @@
because it is likely to reject legitimate email.
.PP
This feature is available in Postfix 2.0 and later.
+.SH strict_mailbox_ownership (default: yes)
+Defer delivery when a mailbox file is not owned by its recipient.
+The default setting is not backwards compatible.
+.PP
+This feature is available in Postfix 2.5.3 and later.
.SH strict_mime_encoding_domain (default: no)
Reject mail with invalid Content-Transfer-Encoding: information
for the message/* or multipart/* MIME content types. This blocks
@@ -8132,7 +8137,7 @@
.PP
This feature is available in Postfix 2.1 and later.
.SH unverified_sender_reject_code (default: 450)
-The numerical Postfix SMTP server response code when a recipient
+The numerical Postfix SMTP server response code when a sender
address is rejected by the reject_unverified_sender restriction.
.PP
Unlike elsewhere in Postfix, you can specify 250 in order to
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/man/man8/local.8 new/postfix-2.5.3/man/man8/local.8
--- old/postfix-2.5.1/man/man8/local.8 2008-01-08 23:22:40.000000000 +0100
+++ new/postfix-2.5.3/man/man8/local.8 2008-07-27 22:30:38.000000000 +0200
@@ -415,6 +415,10 @@
address (see prepend_delivered_header) only once, at the start of
a delivery attempt; do not update the Delivered-To: address while
expanding aliases or .forward files.
+.PP
+Available in Postfix version 2.5.3 and later:
+.IP "\fBstrict_mailbox_ownership (yes)\fR"
+Defer delivery when a mailbox file is not owned by its recipient.
.SH "DELIVERY METHOD CONTROLS"
.na
.nf
@@ -513,7 +517,7 @@
Restrict \fBlocal\fR(8) mail delivery to external files.
.IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"
Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
-$name expansions of $mailbox_command.
+$name expansions of $mailbox_command and $command_execution_directory.
.IP "\fBdefault_privs (nobody)\fR"
The default rights used by the \fBlocal\fR(8) delivery agent for delivery
to external file or command.
@@ -525,6 +529,10 @@
.IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR"
Restrict the characters that the \fBlocal\fR(8) delivery agent allows
in $name expansions of $command_execution_directory.
+.PP
+Available in Postfix version 2.5.3 and later:
+.IP "\fBstrict_mailbox_ownership (yes)\fR"
+Defer delivery when a mailbox file is not owned by its recipient.
.SH "MISCELLANEOUS CONTROLS"
.na
.nf
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/man/man8/master.8 new/postfix-2.5.3/man/man8/master.8
--- old/postfix-2.5.1/man/man8/master.8 2007-03-17 18:59:49.000000000 +0100
+++ new/postfix-2.5.3/man/man8/master.8 2008-05-09 02:11:59.000000000 +0200
@@ -151,6 +151,7 @@
/etc/postfix/main.cf, global configuration file.
/etc/postfix/master.cf, master server configuration file.
/var/spool/postfix/pid/master.pid, master lock file.
+/var/lib/postfix/master.lock, master lock file.
.SH "SEE ALSO"
.na
.nf
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/man/man8/smtpd.8 new/postfix-2.5.3/man/man8/smtpd.8
--- old/postfix-2.5.1/man/man8/smtpd.8 2008-02-11 01:49:21.000000000 +0100
+++ new/postfix-2.5.3/man/man8/smtpd.8 2008-07-27 20:00:58.000000000 +0200
@@ -769,7 +769,7 @@
The sender address to use in address verification probes; prior
to Postfix 2.5 the default was "postmaster".
.IP "\fBunverified_sender_reject_code (450)\fR"
-The numerical Postfix SMTP server response code when a recipient
+The numerical Postfix SMTP server response code when a sender
address is rejected by the reject_unverified_sender restriction.
.IP "\fBunverified_recipient_reject_code (450)\fR"
The numerical Postfix SMTP server response when a recipient address
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/man/man8/virtual.8 new/postfix-2.5.3/man/man8/virtual.8
--- old/postfix-2.5.1/man/man8/virtual.8 2008-01-08 23:22:41.000000000 +0100
+++ new/postfix-2.5.3/man/man8/virtual.8 2008-07-27 22:33:17.000000000 +0200
@@ -213,6 +213,10 @@
.IP "\fBvirtual_transport (virtual)\fR"
The default mail delivery transport and next-hop destination for
final delivery to domains listed with $virtual_mailbox_domains.
+.PP
+Available in Postfix version 2.5.3 and later:
+.IP "\fBstrict_mailbox_ownership (yes)\fR"
+Defer delivery when a mailbox file is not owned by its recipient.
.SH "LOCKING CONTROLS"
.na
.nf
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/mantools/postlink new/postfix-2.5.3/mantools/postlink
--- old/postfix-2.5.1/mantools/postlink 2008-01-24 02:38:00.000000000 +0100
+++ new/postfix-2.5.3/mantools/postlink 2008-07-27 21:34:16.000000000 +0200
@@ -517,6 +517,7 @@
s;\bstrict_8bitmime\b;<a href="postconf.5.html#strict_8bitmime">$&</a>;g;
s;\bstrict_8bitmime_body\b;<a href="postconf.5.html#strict_8bitmime_body">$&</a>;g;
s;\bstrict_mime_encoding_domain\b;<a href="postconf.5.html#strict_mime_encoding_domain">$&</a>;g;
+ s;\bstrict_mailbox_ownership\b;<a href="postconf.5.html#strict_mailbox_ownership">$&</a>;g;
s;\bstrict_rfc821_envelopes\b;<a href="postconf.5.html#strict_rfc821_envelopes">$&</a>;g;
s;\bsun_mailtool_compatibility\b;<a href="postconf.5.html#sun_mailtool_compatibility">$&</a>;g;
s;\bswap_bangpath\b;<a href="postconf.5.html#swap_bangpath">$&</a>;g;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/proto/ADDRESS_VERIFICATION_README.html new/postfix-2.5.3/proto/ADDRESS_VERIFICATION_README.html
--- old/postfix-2.5.1/proto/ADDRESS_VERIFICATION_README.html 2008-01-29 23:18:00.000000000 +0100
+++ new/postfix-2.5.3/proto/ADDRESS_VERIFICATION_README.html 2008-05-03 02:28:20.000000000 +0200
@@ -207,9 +207,10 @@
transferred. Postfix address verification does not work with such
sites. </p>
-<li> <p> By default, Postfix probe messages have "postmaster@$myorigin"
-as the sender address. This is SAFE because the Postfix SMTP server
-does not reject mail for this address. </p>
+<li> <p> By default, Postfix probe messages have "double-bounce@$myorigin"
+as the sender address (with Postfix versions before 2.5, the default
+is "postmaster@$myorigin"). This is SAFE because the Postfix SMTP
+server does not reject mail for this address. </p>
<p> You can change this into the null address ("address_verify_sender
="). This is UNSAFE because address probes will fail with
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/proto/postconf.proto new/postfix-2.5.3/proto/postconf.proto
--- old/postfix-2.5.1/proto/postconf.proto 2008-02-14 01:40:29.000000000 +0100
+++ new/postfix-2.5.3/proto/postconf.proto 2008-07-27 21:35:55.000000000 +0200
@@ -6165,7 +6165,7 @@
%PARAM unverified_sender_reject_code 450
<p>
-The numerical Postfix SMTP server response code when a recipient
+The numerical Postfix SMTP server response code when a sender
address is rejected by the reject_unverified_sender restriction.
</p>
@@ -11517,3 +11517,9 @@
<p> This feature is available in Postfix 2.5 and later. </p>
+%PARAM strict_mailbox_ownership yes
+
+<p> Defer delivery when a mailbox file is not owned by its recipient.
+The default setting is not backwards compatible. </p>
+
+<p> This feature is available in Postfix 2.5.3 and later. </p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/README_FILES/ADDRESS_VERIFICATION_README new/postfix-2.5.3/README_FILES/ADDRESS_VERIFICATION_README
--- old/postfix-2.5.1/README_FILES/ADDRESS_VERIFICATION_README 2008-02-14 01:41:27.000000000 +0100
+++ new/postfix-2.5.3/README_FILES/ADDRESS_VERIFICATION_README 2008-05-09 02:11:59.000000000 +0200
@@ -103,9 +103,10 @@
response to end of DATA after a message is transferred. Postfix address
verification does not work with such sites.
- * By default, Postfix probe messages have "postmaster@$myorigin" as the
- sender address. This is SAFE because the Postfix SMTP server does not
- reject mail for this address.
+ * By default, Postfix probe messages have "double-bounce@$myorigin" as the
+ sender address (with Postfix versions before 2.5, the default is
+ "postmaster@$myorigin"). This is SAFE because the Postfix SMTP server does
+ not reject mail for this address.
You can change this into the null address ("address_verify_sender ="). This
is UNSAFE because address probes will fail with mis-configured sites that
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/RELEASE_NOTES new/postfix-2.5.3/RELEASE_NOTES
--- old/postfix-2.5.1/RELEASE_NOTES 2008-01-24 02:10:19.000000000 +0100
+++ new/postfix-2.5.3/RELEASE_NOTES 2008-07-27 22:27:56.000000000 +0200
@@ -11,8 +11,16 @@
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
-Incompatibility with Postfix 2.3 and earlier
---------------------------------------------
+Incompatibility with Postfix 2.5.3
+==================================
+
+When a mailbox file is not owned by its recipient, the local and
+virtual delivery agents now log a warning and defer delivery.
+Specify "strict_mailbox_ownership = no" to ignore such ownership
+discrepancies.
+
+Postfix 2.5.0 Release Notes
+===========================
If you upgrade from Postfix 2.3 or earlier, read RELEASE_NOTES-2.4
before proceeding.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/bounce/bounce_template.c new/postfix-2.5.3/src/bounce/bounce_template.c
--- old/postfix-2.5.1/src/bounce/bounce_template.c 2008-01-08 22:03:33.000000000 +0100
+++ new/postfix-2.5.3/src/bounce/bounce_template.c 2008-02-28 21:52:27.000000000 +0100
@@ -343,7 +343,7 @@
* Is this 7bit or 8bit text? If the character set is US-ASCII, then
* don't allow 8bit text. Don't assume 8bit when charset was changed.
*/
-#define NON_ASCII(p) (*(p) && !allascii((p)))
+#define NON_ASCII(p) ((p) && *(p) && !allascii((p)))
if (NON_ASCII(cp) || NON_ASCII(tval)) {
if (strcasecmp(tp->mime_charset, "us-ascii") == 0) {
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/global/cleanup_strflags.c new/postfix-2.5.3/src/global/cleanup_strflags.c
--- old/postfix-2.5.1/src/global/cleanup_strflags.c 2006-06-13 23:36:58.000000000 +0200
+++ new/postfix-2.5.3/src/global/cleanup_strflags.c 2008-03-12 01:12:23.000000000 +0100
@@ -52,6 +52,7 @@
CLEANUP_FLAG_BCC_OK, "enable_automatic_bcc",
CLEANUP_FLAG_MAP_OK, "enable_address_mapping",
CLEANUP_FLAG_MILTER, "enable_milters",
+ CLEANUP_FLAG_SMTP_REPLY, "enable_smtp_reply",
};
/* cleanup_strflags - map flags code to printable string */
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/global/mail_params.h new/postfix-2.5.3/src/global/mail_params.h
--- old/postfix-2.5.1/src/global/mail_params.h 2008-01-24 02:10:19.000000000 +0100
+++ new/postfix-2.5.3/src/global/mail_params.h 2008-07-27 21:10:27.000000000 +0200
@@ -2057,7 +2057,11 @@
" $" VAR_RCPT_CANON_MAPS \
" $" VAR_RELOCATED_MAPS \
" $" VAR_TRANSPORT_MAPS \
- " $" VAR_MYNETWORKS
+ " $" VAR_MYNETWORKS \
+ " $" VAR_SEND_BCC_MAPS \
+ " $" VAR_RCPT_BCC_MAPS \
+ " $" VAR_SMTP_GENERIC_MAPS \
+ " $" VAR_LMTP_GENERIC_MAPS
extern char *var_proxy_read_maps;
#define VAR_PROXY_WRITE_MAPS "proxy_write_maps"
@@ -2928,6 +2932,13 @@
#define DEF_STRESS ""
extern char *var_stress;
+ /*
+ * Mailbox ownership.
+ */
+#define VAR_STRICT_MBOX_OWNER "strict_mailbox_ownership"
+#define DEF_STRICT_MBOX_OWNER 1
+extern bool var_strict_mbox_owner;
+
/* LICENSE
/* .ad
/* .fi
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/global/mail_version.h new/postfix-2.5.3/src/global/mail_version.h
--- old/postfix-2.5.1/src/global/mail_version.h 2008-02-17 02:44:19.000000000 +0100
+++ new/postfix-2.5.3/src/global/mail_version.h 2008-07-26 03:47:08.000000000 +0200
@@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20080216"
-#define MAIL_VERSION_NUMBER "2.5.1"
+#define MAIL_RELEASE_DATE "20080726"
+#define MAIL_VERSION_NUMBER "2.5.3"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/local/local.c new/postfix-2.5.3/src/local/local.c
--- old/postfix-2.5.1/src/local/local.c 2008-01-08 21:36:13.000000000 +0100
+++ new/postfix-2.5.3/src/local/local.c 2008-07-27 22:01:33.000000000 +0200
@@ -381,6 +381,10 @@
/* address (see prepend_delivered_header) only once, at the start of
/* a delivery attempt; do not update the Delivered-To: address while
/* expanding aliases or .forward files.
+/* .PP
+/* Available in Postfix version 2.5.3 and later:
+/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
+/* Defer delivery when a mailbox file is not owned by its recipient.
/* DELIVERY METHOD CONTROLS
/* .ad
/* .fi
@@ -471,7 +475,7 @@
/* Restrict \fBlocal\fR(8) mail delivery to external files.
/* .IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"
/* Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
-/* $name expansions of $mailbox_command.
+/* $name expansions of $mailbox_command and $command_execution_directory.
/* .IP "\fBdefault_privs (nobody)\fR"
/* The default rights used by the \fBlocal\fR(8) delivery agent for delivery
/* to external file or command.
@@ -483,6 +487,10 @@
/* .IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR"
/* Restrict the characters that the \fBlocal\fR(8) delivery agent allows
/* in $name expansions of $command_execution_directory.
+/* .PP
+/* Available in Postfix version 2.5.3 and later:
+/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
+/* Defer delivery when a mailbox file is not owned by its recipient.
/* MISCELLANEOUS CONTROLS
/* .ad
/* .fi
@@ -644,6 +652,7 @@
char *var_mailbox_lock;
int var_mailbox_limit;
bool var_frozen_delivered;
+bool var_strict_mbox_owner;
int local_cmd_deliver_mask;
int local_file_deliver_mask;
@@ -891,6 +900,7 @@
VAR_STAT_HOME_DIR, DEF_STAT_HOME_DIR, &var_stat_home_dir,
VAR_MAILTOOL_COMPAT, DEF_MAILTOOL_COMPAT, &var_mailtool_compat,
VAR_FROZEN_DELIVERED, DEF_FROZEN_DELIVERED, &var_frozen_delivered,
+ VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner,
0,
};
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/local/mailbox.c new/postfix-2.5.3/src/local/mailbox.c
--- old/postfix-2.5.1/src/local/mailbox.c 2007-05-15 22:14:21.000000000 +0200
+++ new/postfix-2.5.3/src/local/mailbox.c 2008-07-26 03:21:22.000000000 +0200
@@ -194,6 +194,12 @@
vstream_fclose(mp->fp);
dsb_simple(why, "5.2.0",
"destination %s is not a regular file", mailbox);
+ } else if (var_strict_mbox_owner && st.st_uid != usr_attr.uid) {
+ vstream_fclose(mp->fp);
+ dsb_simple(why, "4.2.0",
+ "destination %s is not owned by recipient", mailbox);
+ msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch",
+ VAR_STRICT_MBOX_OWNER);
} else {
end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/master/master.c new/postfix-2.5.3/src/master/master.c
--- old/postfix-2.5.1/src/master/master.c 2007-03-17 18:59:38.000000000 +0100
+++ new/postfix-2.5.3/src/master/master.c 2008-04-29 23:03:46.000000000 +0200
@@ -133,6 +133,7 @@
/* /etc/postfix/main.cf, global configuration file.
/* /etc/postfix/master.cf, master server configuration file.
/* /var/spool/postfix/pid/master.pid, master lock file.
+/* /var/lib/postfix/master.lock, master lock file.
/* SEE ALSO
/* qmgr(8), queue manager
/* verify(8), address verification
@@ -177,6 +178,8 @@
#include
#include
#include
+#include
+#include
/* Global library. */
@@ -216,7 +219,9 @@
int main(int argc, char **argv)
{
static VSTREAM *lock_fp;
+ static VSTREAM *data_lock_fp;
VSTRING *lock_path;
+ VSTRING *data_lock_path;
off_t inherited_limit;
int debug_me = 0;
int ch;
@@ -390,6 +395,7 @@
* isn't locked.
*/
lock_path = vstring_alloc(10);
+ data_lock_path = vstring_alloc(10);
why = vstring_alloc(10);
vstring_sprintf(lock_path, "%s/%s.pid", DEF_PID_DIR, var_procname);
@@ -407,8 +413,29 @@
msg_fatal("cannot update lock file %s: %m", vstring_str(lock_path));
close_on_exec(vstream_fileno(lock_fp), CLOSE_ON_EXEC);
+ /*
+ * Lock down the Postfix-writable data directory.
+ */
+ vstring_sprintf(data_lock_path, "%s/%s.lock", var_data_dir, var_procname);
+ set_eugid(var_owner_uid, var_owner_gid);
+ data_lock_fp =
+ open_lock(vstring_str(data_lock_path), O_RDWR | O_CREAT, 0644, why);
+ set_ugid(getuid(), getgid());
+ if (data_lock_fp == 0)
+ msg_fatal("open lock file %s: %s",
+ vstring_str(data_lock_path), vstring_str(why));
+ vstream_fprintf(data_lock_fp, "%*lu\n", (int) sizeof(unsigned long) * 4,
+ (unsigned long) var_pid);
+ if (vstream_fflush(data_lock_fp))
+ msg_fatal("cannot update lock file %s: %m", vstring_str(data_lock_path));
+ close_on_exec(vstream_fileno(data_lock_fp), CLOSE_ON_EXEC);
+
+ /*
+ * Clean up.
+ */
vstring_free(why);
vstring_free(lock_path);
+ vstring_free(data_lock_path);
/*
* Optionally start the debugger on ourself.
@@ -440,6 +467,9 @@
if (myflock(vstream_fileno(lock_fp), INTERNAL_LOCK,
MYFLOCK_OP_EXCLUSIVE) < 0)
msg_fatal("refresh exclusive lock: %m");
+ if (myflock(vstream_fileno(data_lock_fp), INTERNAL_LOCK,
+ MYFLOCK_OP_EXCLUSIVE) < 0)
+ msg_fatal("refresh exclusive lock: %m");
#endif
watchdog_start(watchdog); /* same as trigger servers */
event_loop(-1);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/oqmgr/qmgr_message.c new/postfix-2.5.3/src/oqmgr/qmgr_message.c
--- old/postfix-2.5.1/src/oqmgr/qmgr_message.c 2007-12-12 23:30:42.000000000 +0100
+++ new/postfix-2.5.3/src/oqmgr/qmgr_message.c 2008-04-11 23:36:04.000000000 +0200
@@ -311,6 +311,7 @@
int dsn_notify = 0;
char *dsn_orcpt = 0;
int n;
+ int have_log_client_attr = 0;
/*
* Initialize. No early returns or we have a memory leak.
@@ -612,18 +613,24 @@
* client information. To support old queue files, we accept both
* names for the purpose of logging; the new name overrides the
* old one.
+ *
+ * XXX Do not use the "legacy" client_name etc. attribute values for
+ * initializing the logging attributes, when this file already
+ * contains the "modern" log_client_name etc. logging attributes.
+ * Otherwise, logging attributes that are not present in the
+ * queue file would be set with information from the real client.
*/
else if (strcmp(name, MAIL_ATTR_ACT_CLIENT_NAME) == 0) {
- if (message->client_name == 0)
+ if (have_log_client_attr == 0 && message->client_name == 0)
message->client_name = mystrdup(value);
} else if (strcmp(name, MAIL_ATTR_ACT_CLIENT_ADDR) == 0) {
- if (message->client_addr == 0)
+ if (have_log_client_attr == 0 && message->client_addr == 0)
message->client_addr = mystrdup(value);
} else if (strcmp(name, MAIL_ATTR_ACT_PROTO_NAME) == 0) {
- if (message->client_proto == 0)
+ if (have_log_client_attr == 0 && message->client_proto == 0)
message->client_proto = mystrdup(value);
} else if (strcmp(name, MAIL_ATTR_ACT_HELO_NAME) == 0) {
- if (message->client_helo == 0)
+ if (have_log_client_attr == 0 && message->client_helo == 0)
message->client_helo = mystrdup(value);
}
/* Original client attributes. */
@@ -631,22 +638,27 @@
if (message->client_name != 0)
myfree(message->client_name);
message->client_name = mystrdup(value);
+ have_log_client_attr = 1;
} else if (strcmp(name, MAIL_ATTR_LOG_CLIENT_ADDR) == 0) {
if (message->client_addr != 0)
myfree(message->client_addr);
message->client_addr = mystrdup(value);
+ have_log_client_attr = 1;
} else if (strcmp(name, MAIL_ATTR_LOG_CLIENT_PORT) == 0) {
if (message->client_port != 0)
myfree(message->client_port);
message->client_port = mystrdup(value);
+ have_log_client_attr = 1;
} else if (strcmp(name, MAIL_ATTR_LOG_PROTO_NAME) == 0) {
if (message->client_proto != 0)
myfree(message->client_proto);
message->client_proto = mystrdup(value);
+ have_log_client_attr = 1;
} else if (strcmp(name, MAIL_ATTR_LOG_HELO_NAME) == 0) {
if (message->client_helo != 0)
myfree(message->client_helo);
message->client_helo = mystrdup(value);
+ have_log_client_attr = 1;
} else if (strcmp(name, MAIL_ATTR_SASL_METHOD) == 0) {
if (message->sasl_method == 0)
message->sasl_method = mystrdup(value);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/qmgr/qmgr_message.c new/postfix-2.5.3/src/qmgr/qmgr_message.c
--- old/postfix-2.5.1/src/qmgr/qmgr_message.c 2007-12-12 23:29:47.000000000 +0100
+++ new/postfix-2.5.3/src/qmgr/qmgr_message.c 2008-04-11 23:35:10.000000000 +0200
@@ -334,6 +334,7 @@
int dsn_notify = 0;
char *dsn_orcpt = 0;
int n;
+ int have_log_client_attr = 0;
/*
* Initialize. No early returns or we have a memory leak.
@@ -653,18 +654,24 @@
* client information. To support old queue files we accept both
* names for the purpose of logging; the new name overrides the
* old one.
+ *
+ * XXX Do not use the "legacy" client_name etc. attribute values for
+ * initializing the logging attributes, when this file already
+ * contains the "modern" log_client_name etc. logging attributes.
+ * Otherwise, logging attributes that are not present in the
+ * queue file would be set with information from the real client.
*/
else if (strcmp(name, MAIL_ATTR_ACT_CLIENT_NAME) == 0) {
- if (message->client_name == 0)
+ if (have_log_client_attr == 0 && message->client_name == 0)
message->client_name = mystrdup(value);
} else if (strcmp(name, MAIL_ATTR_ACT_CLIENT_ADDR) == 0) {
- if (message->client_addr == 0)
+ if (have_log_client_attr == 0 && message->client_addr == 0)
message->client_addr = mystrdup(value);
} else if (strcmp(name, MAIL_ATTR_ACT_PROTO_NAME) == 0) {
- if (message->client_proto == 0)
+ if (have_log_client_attr == 0 && message->client_proto == 0)
message->client_proto = mystrdup(value);
} else if (strcmp(name, MAIL_ATTR_ACT_HELO_NAME) == 0) {
- if (message->client_helo == 0)
+ if (have_log_client_attr == 0 && message->client_helo == 0)
message->client_helo = mystrdup(value);
}
/* Original client attributes. */
@@ -672,22 +679,27 @@
if (message->client_name != 0)
myfree(message->client_name);
message->client_name = mystrdup(value);
+ have_log_client_attr = 1;
} else if (strcmp(name, MAIL_ATTR_LOG_CLIENT_ADDR) == 0) {
if (message->client_addr != 0)
myfree(message->client_addr);
message->client_addr = mystrdup(value);
+ have_log_client_attr = 1;
} else if (strcmp(name, MAIL_ATTR_LOG_CLIENT_PORT) == 0) {
if (message->client_port != 0)
myfree(message->client_port);
message->client_port = mystrdup(value);
+ have_log_client_attr = 1;
} else if (strcmp(name, MAIL_ATTR_LOG_PROTO_NAME) == 0) {
if (message->client_proto != 0)
myfree(message->client_proto);
message->client_proto = mystrdup(value);
+ have_log_client_attr = 1;
} else if (strcmp(name, MAIL_ATTR_LOG_HELO_NAME) == 0) {
if (message->client_helo != 0)
myfree(message->client_helo);
message->client_helo = mystrdup(value);
+ have_log_client_attr = 1;
} else if (strcmp(name, MAIL_ATTR_SASL_METHOD) == 0) {
if (message->sasl_method == 0)
message->sasl_method = mystrdup(value);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/smtp/smtp_sasl_glue.c new/postfix-2.5.3/src/smtp/smtp_sasl_glue.c
--- old/postfix-2.5.1/src/smtp/smtp_sasl_glue.c 2008-01-15 02:09:35.000000000 +0100
+++ new/postfix-2.5.3/src/smtp/smtp_sasl_glue.c 2008-02-17 01:12:29.000000000 +0100
@@ -291,6 +291,7 @@
const char *mechanism;
int result;
char *line;
+ int steps = 0;
/*
* Sanity check.
@@ -357,6 +358,16 @@
while ((resp = smtp_chat_resp(session))->code / 100 == 3) {
/*
+ * Sanity check.
+ */
+ if (++steps > 100) {
+ dsb_simple(why, "4.3.0", "SASL authentication failed; "
+ "authentication protocol loop with server %s",
+ session->namaddr);
+ return (-1);
+ }
+
+ /*
* Process a server challenge.
*/
line = resp->str;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/smtpd/smtpd.c new/postfix-2.5.3/src/smtpd/smtpd.c
--- old/postfix-2.5.1/src/smtpd/smtpd.c 2008-02-07 22:20:33.000000000 +0100
+++ new/postfix-2.5.3/src/smtpd/smtpd.c 2008-06-20 13:59:45.000000000 +0200
@@ -719,7 +719,7 @@
/* The sender address to use in address verification probes; prior
/* to Postfix 2.5 the default was "postmaster".
/* .IP "\fBunverified_sender_reject_code (450)\fR"
-/* The numerical Postfix SMTP server response code when a recipient
+/* The numerical Postfix SMTP server response code when a sender
/* address is rejected by the reject_unverified_sender restriction.
/* .IP "\fBunverified_recipient_reject_code (450)\fR"
/* The numerical Postfix SMTP server response when a recipient address
@@ -2108,14 +2108,14 @@
if (smtpd_milters != 0
&& SMTPD_STAND_ALONE(state) == 0
&& (state->saved_flags & MILTER_SKIP_FLAGS) == 0) {
+ PUSH_STRING(saved_sender, state->sender, STR(state->addr_buf));
err = milter_mail_event(smtpd_milters,
milter_argv(state, argc - 2, argv + 2));
if (err != 0) {
/* Log reject etc. with correct sender information. */
- PUSH_STRING(saved_sender, state->sender, STR(state->addr_buf));
err = check_milter_reply(state, err);
- POP_STRING(saved_sender, state->sender);
}
+ POP_STRING(saved_sender, state->sender);
if (err != 0) {
/* XXX Reset access map side effects. */
mail_reset(state);
@@ -2362,14 +2362,14 @@
}
if (smtpd_milters != 0
&& (state->saved_flags & MILTER_SKIP_FLAGS) == 0) {
+ PUSH_STRING(saved_rcpt, state->recipient, STR(state->addr_buf));
err = milter_rcpt_event(smtpd_milters,
milter_argv(state, argc - 2, argv + 2));
if (err != 0) {
/* Log reject etc. with correct recipient information. */
- PUSH_STRING(saved_rcpt, state->recipient, STR(state->addr_buf));
err = check_milter_reply(state, err);
- POP_STRING(saved_rcpt, state->recipient);
}
+ POP_STRING(saved_rcpt, state->recipient);
if (err != 0) {
smtpd_chat_reply(state, "%s", err);
return (-1);
@@ -2506,6 +2506,7 @@
}
while (pc-- > 0)
VSTRING_ADDCH(comment_string, ')');
+ VSTRING_TERMINATE(comment_string);
}
/* data_cmd - process DATA command */
@@ -2687,7 +2688,7 @@
if (state->rcpt_count == 1 && state->recipient) {
out_fprintf(out_stream, REC_TYPE_NORM,
state->cleanup ? "\tby %s (%s) with %s%s%s id %s" :
- "\tby %s (%s) with %s",
+ "\tby %s (%s) with %s%s%s",
var_myhostname, var_mail_name,
state->protocol, rfc3848_sess,
rfc3848_auth, state->queue_id);
@@ -2698,7 +2699,7 @@
} else {
out_fprintf(out_stream, REC_TYPE_NORM,
state->cleanup ? "\tby %s (%s) with %s%s%s id %s;" :
- "\tby %s (%s) with %s;",
+ "\tby %s (%s) with %s%s%s;",
var_myhostname, var_mail_name,
state->protocol, rfc3848_sess,
rfc3848_auth, state->queue_id);
@@ -3405,8 +3406,7 @@
if (state->namaddr)
myfree(state->namaddr);
state->namaddr =
- concatenate(state->name, "[", state->addr, "]:",
- state->port, (char *) 0);
+ SMTPD_BUILD_NAMADDRPORT(state->name, state->addr, state->port);
}
/*
@@ -3671,10 +3671,10 @@
myfree(state->xforward.namaddr);
state->xforward.namaddr =
IS_AVAIL_CLIENT_ADDR(state->xforward.addr) ?
- concatenate(state->xforward.name, "[",
- state->xforward.addr, "]:",
- state->xforward.port,
- (char *) 0) : mystrdup(state->xforward.name);
+ SMTPD_BUILD_NAMADDRPORT(state->xforward.name,
+ state->xforward.addr,
+ state->xforward.port) :
+ mystrdup(state->xforward.name);
}
smtpd_chat_reply(state, "250 2.0.0 Ok");
return (0);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/smtpd/smtpd_check.c new/postfix-2.5.3/src/smtpd/smtpd_check.c
--- old/postfix-2.5.1/src/smtpd/smtpd_check.c 2008-01-08 21:59:07.000000000 +0100
+++ new/postfix-2.5.3/src/smtpd/smtpd_check.c 2008-04-11 21:46:54.000000000 +0200
@@ -4295,7 +4295,9 @@
return (0);
if (state->recipient_rcptmap_checked == 1)
return (0);
- state->recipient_rcptmap_checked = 1;
+ if (state->warn_if_reject == 0)
+ /* We really validate the recipient address. */
+ state->recipient_rcptmap_checked = 1;
return (check_rcpt_maps(state, recipient, SMTPD_NAME_RECIPIENT));
}
@@ -4312,7 +4314,9 @@
return (0);
if (state->sender_rcptmap_checked == 1)
return (0);
- state->sender_rcptmap_checked = 1;
+ if (state->warn_if_reject == 0)
+ /* We really validate the sender address. */
+ state->sender_rcptmap_checked = 1;
return (check_rcpt_maps(state, sender, SMTPD_NAME_SENDER));
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/smtpd/smtpd.h new/postfix-2.5.3/src/smtpd/smtpd.h
--- old/postfix-2.5.1/src/smtpd/smtpd.h 2008-01-08 02:21:49.000000000 +0100
+++ new/postfix-2.5.3/src/smtpd/smtpd.h 2008-04-30 02:49:01.000000000 +0200
@@ -280,6 +280,14 @@
#define SMTPD_PEER_CODE_FORGED 6
/*
+ * Construct name[addr] or name[addr]:port as appropriate
+ */
+#define SMTPD_BUILD_NAMADDRPORT(name, addr, port) \
+ concatenate((name), "[", (addr), "]", \
+ var_smtpd_client_port_log ? ":" : (char *) 0, \
+ (port), (char *) 0)
+
+ /*
* Choose between normal or forwarded attributes.
*
* Note 1: inside the SMTP server, forwarded attributes must have the exact
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/smtpd/smtpd_peer.c new/postfix-2.5.3/src/smtpd/smtpd_peer.c
--- old/postfix-2.5.1/src/smtpd/smtpd_peer.c 2007-10-07 02:07:08.000000000 +0200
+++ new/postfix-2.5.3/src/smtpd/smtpd_peer.c 2008-04-29 02:06:08.000000000 +0200
@@ -25,7 +25,7 @@
/* The verified client hostname. This name is represented by
/* the string "unknown" when 1) the address->name lookup failed,
/* 2) the name->address mapping fails, or 3) the name->address
-/* does not produce the client IP address.
+/* mapping does not produce the client IP address.
/* .IP reverse_name
/* The unverified client hostname as found with address->name
/* lookup; it is not verified for consistency with the client
@@ -373,10 +373,8 @@
/*
* Do the name[addr]:port formatting for pretty reports.
*/
- state->namaddr =
- concatenate(state->name, "[", state->addr, "]",
- var_smtpd_client_port_log ? ":" : (char *) 0,
- state->port, (char *) 0);
+ state->namaddr = SMTPD_BUILD_NAMADDRPORT(state->name, state->addr,
+ state->port);
}
/* smtpd_peer_reset - destroy peer information */
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/util/dict_pcre.c new/postfix-2.5.3/src/util/dict_pcre.c
--- old/postfix-2.5.1/src/util/dict_pcre.c 2007-01-04 15:35:38.000000000 +0100
+++ new/postfix-2.5.3/src/util/dict_pcre.c 2008-04-24 21:52:18.000000000 +0200
@@ -180,7 +180,7 @@
if (ret == PCRE_ERROR_NOSUBSTRING)
return (MAC_PARSE_UNDEF);
else
- msg_fatal("regexp %s, line %d: pcre_get_substring error: %d",
+ msg_fatal("pcre map %s, line %d: pcre_get_substring error: %d",
dict_pcre->dict.name, match_rule->rule.lineno, ret);
}
if (*pp == 0) {
@@ -671,7 +671,7 @@
msg_panic("pcre map %s, line %d: pcre_fullinfo failed",
mapname, lineno);
if (prescan_context.max_sub > actual_sub) {
- msg_warn("regexp map %s, line %d: out of range replacement index \"%d\": "
+ msg_warn("pcre map %s, line %d: out of range replacement index \"%d\": "
"skipping this rule", mapname, lineno,
(int) prescan_context.max_sub);
if (engine.pattern)
@@ -722,9 +722,12 @@
*/
while (*p && ISSPACE(*p))
++p;
- if (*p)
- msg_warn("pcre map %s, line %d: ignoring extra text after IF",
- mapname, lineno);
+ if (*p) {
+ msg_warn("pcre map %s, line %d: ignoring extra text after "
+ "IF statement: \"%s\"", mapname, lineno, p);
+ msg_warn("pcre map %s, line %d: do not prepend whitespace"
+ " to statements between IF and ENDIF", mapname, lineno);
+ }
/*
* Compile the pattern.
@@ -782,7 +785,7 @@
* Unrecognized input.
*/
else {
- msg_warn("regexp map %s, line %d: ignoring unrecognized request",
+ msg_warn("pcre map %s, line %d: ignoring unrecognized request",
mapname, lineno);
return (0);
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/util/dict_regexp.c new/postfix-2.5.3/src/util/dict_regexp.c
--- old/postfix-2.5.1/src/util/dict_regexp.c 2007-01-04 15:35:52.000000000 +0100
+++ new/postfix-2.5.3/src/util/dict_regexp.c 2008-03-18 13:17:12.000000000 +0100
@@ -683,9 +683,12 @@
return (0);
while (*p && ISSPACE(*p))
++p;
- if (*p)
- msg_warn("regexp map %s, line %d: ignoring extra text after IF",
- mapname, lineno);
+ if (*p) {
+ msg_warn("regexp map %s, line %d: ignoring extra text after"
+ " IF statement: \"%s\"", mapname, lineno, p);
+ msg_warn("regexp map %s, line %d: do not prepend whitespace"
+ " to statements between IF and ENDIF", mapname, lineno);
+ }
if ((expr = dict_regexp_compile_pat(mapname, lineno, &pattern)) == 0)
return (0);
if_rule = (DICT_REGEXP_IF_RULE *)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/util/match_ops.c new/postfix-2.5.3/src/util/match_ops.c
--- old/postfix-2.5.1/src/util/match_ops.c 2006-06-15 20:07:16.000000000 +0200
+++ new/postfix-2.5.3/src/util/match_ops.c 2008-06-06 21:52:05.000000000 +0200
@@ -234,12 +234,20 @@
* Postfix; if not, then Postfix has no business dealing with IPv4
* addresses anyway.
*
- * - Don't bother if the pattern is a bare IPv4 address. That form would
- * have been matched with the strcasecmp() call above.
+ * - Don't bother unless the pattern is either an IPv6 address or net/mask.
*
- * - Don't bother if the pattern isn't an address or address/mask.
+ * We can safely skip IPv4 address patterns because their form is
+ * unambiguous and they did not match in the strcasecmp() calls above.
+ *
+ * XXX We MUST skip (parent) domain names, which may appear in NAMADR_LIST
+ * input, to avoid triggering false cidr_match_parse() errors.
+ *
+ * The last two conditions below are for backwards compatibility with
+ * earlier Postfix versions: don't abort with fatal errors on junk that
+ * was silently ignored (principle of least astonishment).
*/
if (!strchr(addr, ':') != !strchr(pattern, ':')
+ || pattern[strcspn(pattern, ":/")] == 0
|| pattern[strspn(pattern, V4_ADDR_STRING_CHARS)] == 0
|| pattern[strspn(pattern, V6_ADDR_STRING_CHARS "[]/")] != 0)
return (0);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/util/vstream_tweak.c new/postfix-2.5.3/src/util/vstream_tweak.c
--- old/postfix-2.5.1/src/util/vstream_tweak.c 2007-07-31 23:14:02.000000000 +0200
+++ new/postfix-2.5.3/src/util/vstream_tweak.c 2008-07-17 17:03:07.000000000 +0200
@@ -115,7 +115,7 @@
*/
#ifdef VSTREAM_CTL_BUFSIZE
if (mss > 0) {
- if (mss < __MAXINT__(ssize_t) /2)
+ if (mss < INT_MAX / 2)
mss *= 2;
vstream_control(fp,
VSTREAM_CTL_BUFSIZE, (ssize_t) mss,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/virtual/mailbox.c new/postfix-2.5.3/src/virtual/mailbox.c
--- old/postfix-2.5.1/src/virtual/mailbox.c 2006-06-26 14:59:19.000000000 +0200
+++ new/postfix-2.5.3/src/virtual/mailbox.c 2008-07-26 03:22:37.000000000 +0200
@@ -125,6 +125,12 @@
msg_warn("recipient %s: destination %s is not a regular file",
state.msg_attr.rcpt.address, usr_attr.mailbox);
dsb_simple(why, "5.3.5", "mail system configuration error");
+ } else if (var_strict_mbox_owner && st.st_uid != usr_attr.uid) {
+ vstream_fclose(mp->fp);
+ dsb_simple(why, "4.2.0",
+ "destination %s is not owned by recipient", usr_attr.mailbox);
+ msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch",
+ VAR_STRICT_MBOX_OWNER);
} else {
end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/virtual/virtual.c new/postfix-2.5.3/src/virtual/virtual.c
--- old/postfix-2.5.1/src/virtual/virtual.c 2008-01-08 21:35:08.000000000 +0100
+++ new/postfix-2.5.3/src/virtual/virtual.c 2008-07-27 23:00:11.000000000 +0200
@@ -183,6 +183,10 @@
/* .IP "\fBvirtual_transport (virtual)\fR"
/* The default mail delivery transport and next-hop destination for
/* final delivery to domains listed with $virtual_mailbox_domains.
+/* .PP
+/* Available in Postfix version 2.5.3 and later:
+/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
+/* Defer delivery when a mailbox file is not owned by its recipient.
/* LOCKING CONTROLS
/* .ad
/* .fi
@@ -329,6 +333,7 @@
char *var_virt_mailbox_lock;
int var_virt_mailbox_limit;
char *var_mail_spool_dir; /* XXX dependency fix */
+bool var_strict_mbox_owner;
/*
* Mappings.
@@ -504,6 +509,10 @@
VAR_VIRT_MAILBOX_LOCK, DEF_VIRT_MAILBOX_LOCK, &var_virt_mailbox_lock, 1, 0,
0,
};
+ static const CONFIG_BOOL_TABLE bool_table[] = {
+ VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner,
+ 0,
+ };
/*
* Fingerprint executables and core dumps.
@@ -513,6 +522,7 @@
single_server_main(argc, argv, local_service,
MAIL_SERVER_INT_TABLE, int_table,
MAIL_SERVER_STR_TABLE, str_table,
+ MAIL_SERVER_BOOL_TABLE, bool_table,
MAIL_SERVER_PRE_INIT, pre_init,
MAIL_SERVER_POST_INIT, post_init,
MAIL_SERVER_PRE_ACCEPT, pre_accept,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-2.5.1/src/xsasl/xsasl_dovecot_server.c new/postfix-2.5.3/src/xsasl/xsasl_dovecot_server.c
--- old/postfix-2.5.1/src/xsasl/xsasl_dovecot_server.c 2008-01-08 21:36:13.000000000 +0100
+++ new/postfix-2.5.3/src/xsasl/xsasl_dovecot_server.c 2008-03-17 00:09:04.000000000 +0100
@@ -50,6 +50,10 @@
#include
#include
+#ifdef STRCASECMP_IN_STRINGS_H
+#include
+#endif
+
/* Utility library. */
#include
@@ -60,6 +64,7 @@
#include
#include
#include
+#include
/* Global library. */
@@ -156,6 +161,7 @@
VSTRING *sasl_line;
unsigned int sec_props; /* Postfix mechanism filter */
char *mechanism_list; /* filtered mechanism list */
+ ARGV *mechanism_argv; /* ditto */
} XSASL_DOVECOT_SERVER;
/*
@@ -208,7 +214,8 @@
/* xsasl_dovecot_server_mech_filter - filter server mechanism list */
-static char *xsasl_dovecot_server_mech_filter(XSASL_DCSRV_MECH *mechanism_list,
+static char *xsasl_dovecot_server_mech_filter(ARGV *mechanism_argv,
+ XSASL_DCSRV_MECH *mechanism_list,
unsigned int conf_props)
{
const char *myname = "xsasl_dovecot_server_mech_filter";
@@ -226,6 +233,7 @@
if (VSTRING_LEN(mechanisms_str) > 0)
VSTRING_ADDCH(mechanisms_str, ' ');
vstring_strcat(mechanisms_str, mp->mech_name);
+ argv_add(mechanism_argv, mp->mech_name, (char *) 0);
if (msg_verbose)
msg_info("%s: keep mechanism: %s", myname, mp->mech_name);
} else {
@@ -400,6 +408,7 @@
server->service = mystrdup(service);
server->last_request_id = 0;
server->mechanism_list = 0;
+ server->mechanism_argv = 0;
server->sec_props =
name_mask_opt(myname, xsasl_dovecot_conf_sec_props,
sec_props, NAME_MASK_ANY_CASE | NAME_MASK_FATAL);
@@ -417,10 +426,13 @@
if (xsasl_dovecot_server_connect(server->impl) < 0)
return (0);
}
- if (server->mechanism_list == 0)
+ if (server->mechanism_list == 0) {
+ server->mechanism_argv = argv_alloc(2);
server->mechanism_list =
- xsasl_dovecot_server_mech_filter(server->impl->mechanism_list,
+ xsasl_dovecot_server_mech_filter(server->mechanism_argv,
+ server->impl->mechanism_list,
server->sec_props);
+ }
return (server->mechanism_list[0] ? server->mechanism_list : 0);
}
@@ -433,8 +445,10 @@
vstring_free(server->sasl_line);
if (server->username)
myfree(server->username);
- if (server->mechanism_list)
+ if (server->mechanism_list) {
myfree(server->mechanism_list);
+ argv_free(server->mechanism_argv);
+ }
myfree(server->service);
myfree((char *) server);
}
@@ -558,6 +572,7 @@
const char *myname = "xsasl_dovecot_server_first";
XSASL_DOVECOT_SERVER *server = (XSASL_DOVECOT_SERVER *) xp;
int i;
+ char **cpp;
#define IFELSE(e1,e2,e3) ((e1) ? (e2) : (e3))
@@ -566,6 +581,17 @@
IFELSE(init_response, ", init_response ", ""),
IFELSE(init_response, init_response, ""));
+ if (server->mechanism_argv == 0)
+ msg_panic("%s: no mechanism list", myname);
+
+ for (cpp = server->mechanism_argv->argv; /* see below */ ; cpp++) {
+ if (*cpp == 0) {
+ vstring_strcpy(reply, "Invalid authentication mechanism");
+ return XSASL_AUTH_FAIL;
+ }
+ if (strcasecmp(sasl_method, *cpp) == 0)
+ break;
+ }
if (init_response)
if (!is_valid_base64(init_response)) {
vstring_strcpy(reply, "Invalid base64 data in initial response");
++++++ postfix-SuSE.tar.gz ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-SuSE/postfix-fw new/postfix-SuSE/postfix-fw
--- old/postfix-SuSE/postfix-fw 2007-02-26 10:29:47.000000000 +0100
+++ new/postfix-SuSE/postfix-fw 2008-08-06 13:42:31.000000000 +0200
@@ -1,3 +1,4 @@
+## Name: SMTP with Postfix
## Description: Firewall Configuration file for postfix
# space separated list of allowed TCP ports
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-SuSE/rc.postfix new/postfix-SuSE/rc.postfix
--- old/postfix-SuSE/rc.postfix 2007-06-21 08:30:20.000000000 +0200
+++ new/postfix-SuSE/rc.postfix 2008-07-30 10:14:30.000000000 +0200
@@ -10,7 +10,7 @@
#
### BEGIN INIT INFO
# Provides: smtp sendmail postfix
-# Required-Start: $network $named $syslog $time
+# Required-Start: $network $named $syslog $time $remote_fs
# Should-Start: cyrus ldap ypbind openslp amavisd
# Required-Stop:
# Default-Start: 3 5
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/postfix-SuSE/SuSEconfig.postfix new/postfix-SuSE/SuSEconfig.postfix
--- old/postfix-SuSE/SuSEconfig.postfix 2008-07-09 15:02:48.000000000 +0200
+++ new/postfix-SuSE/SuSEconfig.postfix 2008-07-17 09:42:26.000000000 +0200
@@ -101,9 +101,9 @@
# CA
CAPATH=`postconf -h smtpd_tls_CApath`
- if [ "CAPATH" ]
+ if [ "$CAPATH" ]
then
- cpifnewer $CAPATH ./$CAPATH
+ cpifnewer "$CAPATH/*" ./$CAPATH
fi
# PAM
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org