Merge postfix-2.3.7

2007-02-05 17:56:11 +00:00 · 2007-02-05 17:56:11 +00:00 · 9cecbd0179
commit 9cecbd0179
parent 231b0ce3a6
5 changed files with 81 additions and 24 deletions
--- a/gnu/dist/postfix/README_FILES/RELEASE_NOTES
+++ b/gnu/dist/postfix/README_FILES/RELEASE_NOTES
@ -11,6 +11,34 @@ instead, a new snapshot is released.
 The mail_release_date configuration parameter (format: yyyymmdd)
 specifies the release date of a stable release or snapshot release.

+Incompatible changes with Postfix 2.3.7
+---------------------------------------
+
+Postfix no longer inserts an empty-line header/body separator into
+malformed MIME attachments, to avoid breaking digital signatures.
+
+This change introduces ambiguity. Postfix still treats the remainder
+of the attachment as body content; header_checks rules will therefore
+not detect forbidden MIME types inside a message/rfc822 attachment.
+
+With the empty-line header/body separator no longer inserted by
+Postfix, other software may process the malformed attachment
+differently, and thus may become exposed to forbidden MIME types.
+
+Incompatible changes with Postfix 2.3.6
+---------------------------------------
+
+The check_smtpd_policy client sends TLS certificate attributes
+(client ccert_subject, ccert_issuer) only after successful client
+certificate verification. The reason is that the certification
+verification status itself is not available in the policy request.
+
+The check_smtpd_policy client sends TLS certificate fingerprint
+information even when the certificate itself was not verified.
+
+The remote SMTP client TLS certificate fingerprint can be used for
+access control even when the certificate itself was not verified.
+
 Incompatible changes with Postfix 2.3.3
 ---------------------------------------

--- a/gnu/dist/postfix/conf/post-install
+++ b/gnu/dist/postfix/conf/post-install
@ -1,5 +1,5 @@
 #!/bin/sh
-#	$NetBSD: post-install,v 1.11 2006/12/21 02:56:37 rpaulo Exp $
+#	$NetBSD: post-install,v 1.12 2007/02/05 17:56:11 rpaulo Exp $
 #

 # To view the formatted manual page of this file, type:
@ -687,8 +687,9 @@ test -n "$first_install_reminder" && {
    Warning: you still need to edit myorigin/mydestination/mynetworks
    parameter settings in $config_directory/main.cf.

-    See also http://www.postfix.org/faq.html for information about
-    dialup sites or about sites inside a firewalled network.
+    See also http://www.postfix.org/STANDARD_CONFIGURATION_README.html
+    for information about dialup sites or about sites inside a
+    firewalled network.

    BTW: Check your $ALIASES file and be sure to set up aliases
    that send mail for root and postmaster to a real person, then
--- a/gnu/dist/postfix/man/man5/postconf.5
+++ b/gnu/dist/postfix/man/man5/postconf.5
@ -1,4 +1,4 @@
-.\"	$NetBSD: postconf.5,v 1.10 2006/11/07 03:09:18 rpaulo Exp $
+.\"	$NetBSD: postconf.5,v 1.11 2007/02/05 17:56:11 rpaulo Exp $
 .\"
 .TH POSTCONF 5 
 .SH NAME
@ -5362,9 +5362,10 @@ restriction that matches wins.
 The following restrictions are specific to client hostname or
 client network address information.
 .IP "\fBcheck_ccert_access \fItype:table\fR\fR"
-When the remote SMTP client certificate is verified successfully,
-use the client certificate fingerprint as lookup key for the specified
-\fBaccess\fR(5) database. This feature is available with Postfix version 2.2.
+Use the client certificate fingerprint as lookup key for the
+specified \fBaccess\fR(5) database; with Postfix version 2.2, also require
+that the SMTP client certificate is verified successfully. This
+feature is available with Postfix version 2.2 and later.
 .IP "\fBcheck_client_access \fItype:table\fR\fR"
 Search the specified access database for the client hostname,
 parent domains, client IP address, or networks obtained by stripping
--- a/gnu/dist/postfix/src/smtpd/smtpd_check.c
+++ b/gnu/dist/postfix/src/smtpd/smtpd_check.c
@ -1,4 +1,4 @@
-/*	$NetBSD: smtpd_check.c,v 1.20 2006/07/19 01:35:40 rpaulo Exp $	*/
+/*	$NetBSD: smtpd_check.c,v 1.21 2007/02/05 17:56:11 rpaulo Exp $	*/

 /*++
 /* NAME
@ -1144,6 +1144,7 @@ static int reject_unknown_hostname(SMTPD_STATE *state, char *name,
 {
    const char *myname = "reject_unknown_hostname";
    int     dns_status;
+    DNS_RR *dummy;

    if (msg_verbose)
 	msg_info("%s: %s", myname, name);
@ -1154,15 +1155,20 @@ static int reject_unknown_hostname(SMTPD_STATE *state, char *name,
 #define RR_ADDR_TYPES	T_A
 #endif

-    dns_status = dns_lookup_l(name, 0, (DNS_RR **) 0, (VSTRING *) 0,
+    dns_status = dns_lookup_l(name, 0, &dummy, (VSTRING *) 0,
 			      (VSTRING *) 0, DNS_REQ_FLAG_STOP_OK,
 			      RR_ADDR_TYPES, T_MX, 0);
+    if (dummy)
+	dns_rr_free(dummy);
    if (dns_status != DNS_OK) {			/* incl. DNS_INVAL */
 	if (dns_status != DNS_RETRY)
 	    return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
 				       var_unk_name_code, "4.7.1",
-				       "<%s>: %s rejected: Host not found",
-				       reply_name, reply_class));
+				       "<%s>: %s rejected: %s",
+				       reply_name, reply_class,
+				       dns_status == DNS_INVAL ?
+				       "Malformed DNS server reply" :
+				       "Host not found"));
 	else
 	    DEFER_IF_PERMIT2(state, MAIL_ERROR_POLICY,
 			     450, "4.7.1",
@ -1179,23 +1185,29 @@ static int reject_unknown_mailhost(SMTPD_STATE *state, const char *name,
 {
    const char *myname = "reject_unknown_mailhost";
    int     dns_status;
+    DNS_RR *dummy;

    if (msg_verbose)
 	msg_info("%s: %s", myname, name);

 #define MAILHOST_LOOKUP_FLAGS	(DNS_REQ_FLAG_STOP_OK | DNS_REQ_FLAG_STOP_INVAL)

-    dns_status = dns_lookup_l(name, 0, (DNS_RR **) 0, (VSTRING *) 0,
+    dns_status = dns_lookup_l(name, 0, &dummy, (VSTRING *) 0,
 			      (VSTRING *) 0, MAILHOST_LOOKUP_FLAGS,
 			      T_MX, RR_ADDR_TYPES, 0);
+    if (dummy)
+	dns_rr_free(dummy);
    if (dns_status != DNS_OK) {			/* incl. DNS_INVAL */
 	if (dns_status != DNS_RETRY)
 	    return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
 				       var_unk_addr_code,
 			       strcmp(reply_class, SMTPD_NAME_SENDER) == 0 ?
 				       "4.1.8" : "4.1.2",
-				       "<%s>: %s rejected: Domain not found",
-				       reply_name, reply_class));
+				       "<%s>: %s rejected: %s",
+				       reply_name, reply_class,
+				       dns_status == DNS_INVAL ?
+				       "Malformed DNS server reply" :
+				       "Domain not found"));
 	else
 	    DEFER_IF_PERMIT2(state, MAIL_ERROR_POLICY,
 			  450, strcmp(reply_class, SMTPD_NAME_SENDER) == 0 ?
@ -1223,8 +1235,12 @@ static int permit_tls_clientcerts(SMTPD_STATE *state, int permit_all_certs)
 	    msg_info("Relaying allowed for all verified client certificates");
 	return (SMTPD_CHECK_OK);
    }
-    if (state->tls_context->peer_verified
-	&& state->tls_context->peer_fingerprint) {
+
+    /*
+     * When directly checking the fingerprint, it is OK if the issuing CA is
+     * not trusted.
+     */
+    if (state->tls_context->peer_fingerprint) {
 	found = maps_find(relay_ccerts, state->tls_context->peer_fingerprint,
 			  DICT_FLAG_NONE);
 	if (found) {
@ -2231,6 +2247,7 @@ static int check_table_result(SMTPD_STATE *state, const char *table,
 				reply_class, def_acl);
    }
    argv_free(restrictions);
+    memcpy(ADDROF(smtpd_check_buf), ADDROF(savebuf), sizeof(smtpd_check_buf));
    return (status);
 }

@ -2580,8 +2597,11 @@ static int check_ccert_access(SMTPD_STATE *state, const char *table,
    if (!state->tls_context)
 	return SMTPD_CHECK_DUNNO;

-    if (state->tls_context->peer_verified
-	&& state->tls_context->peer_fingerprint) {
+    /*
+     * When directly checking the fingerprint, it is OK if the issuing CA is
+     * not trusted.
+     */
+    if (state->tls_context->peer_fingerprint) {
 	if (msg_verbose)
 	    msg_info("%s: %s", myname, state->tls_context->peer_fingerprint);

@ -3337,11 +3357,18 @@ static int check_policy_service(SMTPD_STATE *state, const char *server,
 #define IF_VERIFIED(x) \
    ((state->tls_context && \
      state->tls_context->peer_verified && ((x) != 0)) ? (x) : "")
-			  ATTR_TYPE_STR, MAIL_ATTR_CCERT_SUBJECT, subject,
-			  ATTR_TYPE_STR, MAIL_ATTR_CCERT_ISSUER, issuer,
-			  ATTR_TYPE_STR, MAIL_ATTR_CCERT_FINGERPRINT,
-			  IF_VERIFIED(state->tls_context->peer_fingerprint),
 #define IF_ENCRYPTED(x, y) ((state->tls_context && ((x) != 0)) ? (x) : (y))
+			  ATTR_TYPE_STR, MAIL_ATTR_CCERT_SUBJECT,
+			  IF_VERIFIED(subject),
+			  ATTR_TYPE_STR, MAIL_ATTR_CCERT_ISSUER,
+			  IF_VERIFIED(issuer),
+
+    /*
+     * When directly checking the fingerprint, it is OK if the issuing CA is
+     * not trusted.
+     */
+			  ATTR_TYPE_STR, MAIL_ATTR_CCERT_FINGERPRINT,
+		     IF_ENCRYPTED(state->tls_context->peer_fingerprint, ""),
 			  ATTR_TYPE_STR, MAIL_ATTR_CRYPTO_PROTOCOL,
 			  IF_ENCRYPTED(state->tls_context->protocol, ""),
 			  ATTR_TYPE_STR, MAIL_ATTR_CRYPTO_CIPHER,
--- a/gnu/dist/postfix/src/util/match_list.c
+++ b/gnu/dist/postfix/src/util/match_list.c
@ -1,4 +1,4 @@
-/*	$NetBSD: match_list.c,v 1.8 2006/07/19 01:35:40 rpaulo Exp $	*/
+/*	$NetBSD: match_list.c,v 1.9 2007/02/05 17:56:11 rpaulo Exp $	*/

 /*++
 /* NAME
@ -98,7 +98,7 @@ struct MATCH_LIST {
 };

 #define MATCH_DICTIONARY(pattern) \
-    ((pattern)[0] != '[' && strchr((pattern), ':') != 0)
+    ((pattern + strspn(pattern, "!"))[0] != '[' && strchr((pattern), ':') != 0)

 /* match_list_parse - parse buffer, destroy buffer */