Commit Graph

67 Commits

Author SHA1 Message Date
tron
aa2dcc1a61 Comment out "inet_protocols = ipv4" line which came from up-stream.
We want Postfix to support IPv6 out of the box.

Pointed out by Dieter Roelants on "current-users" mailing list.
2013-01-06 13:58:24 +00:00
tron
a536ee5124 Install documentation and manual pages for Postfix's memcache client support. 2013-01-02 22:33:19 +00:00
tron
d561406f71 Fix build of Postfix 2.9.5. 2013-01-02 19:45:48 +00:00
tron
cf33639979 Resolve conflicts from last import. 2013-01-02 19:18:29 +00:00
tron
a30b880ed6 Import Postfix 2.9.5. Major changes since version 2.8.x:
- Support for long, non-repeating, queue IDs (queue file names). The
  main benefit of non-repeating names is simpler logfile analysis. See
  the description of "enable_long_queue_ids" in postconf(5) for
  details.
- Memcache client support, and support to share postscreen(8) and
  verify(8) caches via the proxymap server. Details about memcache
  support are in memcache_table(5) and MEMCACHE_README.
- Gradual degradation: if a database is unavailable (can't open, most
  read or write errors) a Postfix daemon will log a warning and
  continue providing the services that don't depend on that table,
  instead of immediately terminating with a fatal error. To terminate
  immediately when a database file can't be opened, specify
  "daemon_table_open_error_is_fatal = yes".
- Revised postconf(1) command. It warns about unused parameter
  name=value settings in main.cf or master.cf (likely mistakes),
  understands "dynamic" parameter names such as names that depend on
  the name of a master.cf entry (finally, "postconf -n" shows all
  parameter settings), and it can display main.cf and master.cf in a
  more user-friendly format (postconf -nf, postconf -Mf).
- Read/write deadline support in the SMTP client and server to defend
  against application-level DOS attacks that very slowly write or read
  data one byte at a time.
2013-01-02 18:58:23 +00:00
tron
28fbdc7c77 Resolve conflicts from last import. 2012-12-18 09:10:32 +00:00
tron
c6536f46b6 Import Postfix 2.8.13. Changes since version 2.8.12:
- The postscreen_access_list feature failed to ignore case in the first
  character of a command (e.g., permit, reject, etc.). Reported by Francis
  Picabia. (This fix is incorrectly listed in the HISTORY files of earlier
  releases, and will be removed with a future patch.)
- Strip the datalink suffix (e.g., %eth0) from IPv6 addresses returned by
  the system getaddrinfo() routine. Such suffixes break the default
  mynetworks value, the Postfix SMTP server's reverse/forward DNS
  name/address mapping check, and possibly more.
- To eliminate the possibility of collisions with connection cache lookup
  keys, the Postfix LDAP client now computes those lookup keys by joining
  the number-valued connection properties with ASCII null, just like it
  already did with the string-valued connection properties.
- There was a memory leak during one-time TLS library initialization
  (introduced with Postfix 2.5). Reported by Coverity.
- There was a memory leak in the unused oqmgr(8) program (introduced with
  Postfix 2.3). Reported by Coverity.
2012-12-18 09:01:39 +00:00
tron
56c94b646c Import Postfix 2.8.12. Changes since version 2.8.11:
- The local(8) delivery agent's BIFF client leaked an unprivileged UDP
  socket. Fix by Jaroslav Skarvada. This bug was introduced 19990127.
- The SMTP server did not reject the AUTH command while a MAIL FROM
  transaction was in progress. Reported by Timo Sirainen.
  This bug was introduced 20000314.
- The unused "pass" trigger client could close the wrong file descriptors.
  This bug was introduced with Postfix 2.8.
2012-08-10 12:35:15 +00:00
christos
347727af99 use the modern resolver functions if available. 2012-07-05 17:40:11 +00:00
tron
03f0339393 Resolve conflicts from last import. 2012-06-09 11:32:19 +00:00
tron
b26355a362 Import Postfix 2.8.11. Changes since version 2.8.8:
- The "change header" milter request could replace the wrong header. A long
  header name could match a shorter one, because a length check was done on
  the wrong string. Reported by Vladimir Vassiliev.
- Core dump when postlog emitted the "usage" message, caused by an extraneous
  null assignment. Reported by Kant (fnord.hammer).
- These releases add support to turn off the TLSv1.1 and TLSv1.2 protocols.
  Introduced with OpenSSL version 1.0.1, these protocols are known to cause
  inter-operability problems, for example with some hotmail services.
  The radical workaround is to temporarily turn off problematic protocols
  globally:

	/etc/postfix/main.cf:
	    smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
	    smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2

	    smtpd_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
	    smtpd_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2

  However, it may be better to temporarily turn off problematic protocols for
  broken sites only:

	/etc/postfix/main.cf:
	    smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

	/etc/postfix/tls_policy:
	    example.com         may protocols=!SSLv2:!TLSv1.1:!TLSv1.2

  Notes:

  Note the use of ":" instead of comma or space. Also, note that there is NO
  space around the "=" in "protocols=".

  The smtp_tls_policy_maps lookup key must match the "next-hop" destination
  that is given to the Postfix SMTP client. If you override the next-hop
  destination with transport_maps, relayhost, sender_dependent_relayhost_maps,
  or otherwise, you need to specify the same destination for the
  smtp_tls_policy_maps lookup key.
- OpenSSL related (all supported Postfix versions).
  Some people have reported program crashes when the OpenSSL library was
  updated while Postfix was accessing the Postfix TLS session cache. To avoid
  this, the Postfix TLS session cache ID now includes the OpenSSL library
  version number. This cache ID is not shared via the network.
- The OpenSSL workaround introduced with the previous stable and legacy
  releases did not compile with older gcc compilers. These compilers can't
  handle #ifdef inside a macro invocation (NOT: definition).
- To avoid repeated warnings from postscreen(8) with "connect to
  private/dnsblog service: Connection refused" on FreeBSD, the dnsblog(8)
  daemon now uses the single_server program driver instead of the multi_server
  driver. This one-line code change has no performance impact for other
  systems, and eliminates a high-frequency accept() race on a shared socket
  that appears to cause trouble on FreeBSD. The same single_server program
  driver has proven itself for many years in smtpd(8). Problem reported by
  Sahil Tandon.
- Laptop-friendly support (all supported Postfix versions). A little-known
  secret is that Postfix has always had support to avoid unnecessary disk
  spin-up for MTIME updates, by doing s/fifo/unix/ in master.cf (this is
  currently not supported on Solaris systems). However, two minor fixes are
  needed to make this bullet-proof.
- In laptop-friendly mode, the "postqueue -f" and "sendmail -q" commands did
  not wait until their requests had reached the pickup and qmgr servers before
  closing their UNIX-domain request sockets.
- In laptop-friendly mode, the unused postkick command waited for more than
  a minute because the event_drain() function was comparing bitmasks
  incorrectly on systems with kqueue(2), epoll(2) or /dev/poll support.
2012-06-09 11:26:39 +00:00
tron
afa136001d Add support for SQLite look-up tables to postfix(1), see sqlite_table(5)
for more details.

While here stop installation of pcre_table(5) as this table type
is not supported.
2012-03-04 16:12:24 +00:00
tron
a30206eafe Include "defer.h" to get the prototype for defer_append(). 2012-02-17 09:17:22 +00:00
tron
b8a7952854 Import Postfix 2.8.8. Changes since Postfix 2.8.7:
- The Postfix sqlite client, introduced with Postfix 2.8, had an
  embarassing bug in its quoting routine. As the result of a
  last-minute code cleanup before release, this routine returned the
  unquoted text instead of the quoted text. The opportunities for
  mis-use are limited: Postfix sqlite database files are usually owned
  by root, and Postfix daemons usually run with non-root privileges so
  they can't corrupt the database. This problem was reported by Rob
  McGee (rob0).
- The Postfix 2.8.4 fix for local delivery agent database lookup
  errors was incomplete. The fix correctly added new code to detect
  database lookup errors with mailbox_transport_maps,
  mailbox_command_maps or fallback_transport_maps, but it failed to
  log the problem, and to produce a defer logfile record which is
  needed for "delayed mail" and "mail too old" delivery status
  notifications.
- The trace(8) service, used for DSN SUCCESS notifications, did not
  distinguish between notifications for a non-bounce or a bounce
  message, causing it to "reply" to mail with the null sender
  address. Problem reported by Sabahattin Gucukoglu.
- Support for Dovecot auth over TCP sockets, using code that already
  existed for testing purposes. Patrick Koetter kindly provided an
  update for the SASL_README file.
- Workaround in the LDAP client for changes in the under-documented
  OpenLDAP API, by Victor Duchovni.
2012-02-17 08:35:39 +00:00
joerg
dee7beafd2 Reflect reality, the LDAP man page is installed 2012-01-23 01:28:56 +00:00
joerg
e8bec33be1 Change CMSG_SPACE and CMSG_LEN to provide Integer Constant Expressions
again. This was changed in sys/socket.h r1.51 to work around fallout
from the IPv6 aux data migration. It broke the historic ABI on some
platforms. This commit restores compatibility for netbsd32 code on such
platforms and provides a template for future changes to the CMSG_*
alignment. Revert PCC/Clang workarounds in postfix and tmux.
2012-01-20 14:08:04 +00:00
tron
bb4b748000 Don't build postscreen(8) if "MKCRYPTO" is set to "no". It cannot be
built without TLS support, at least not without major surgery.
I've only tested this by building with "MKCRYPTO" set to "yes"
because the build fails much ealier otherwise.

Problem reported by Nick Hudson in private e-mail.
2011-11-28 16:22:14 +00:00
tron
37141b1254 Resolve conflicts from last import. 2011-11-09 19:06:34 +00:00
tron
c3d89ca464 Import Postfix 2.8.7. Changes since version 2.8.6:
Postfix stable release 2.8.7 is available. This contains a workaround for
a problem that is fixed in Postfix 2.9.
- The postscreen daemon, which is not enabled by default, sent non-compliant
  SMTP responses (220- followed by 421) when it could not give a connection
  to a real smtpd process. These responses caused some remote SMTP clients
  to return mail as undeliverable.

  The workaround is to hang up after sending 220- without sending the
  421 "sorry" reply; this is harmless.
2011-11-09 18:58:43 +00:00
joerg
2405db5059 Just because IPV6 support is disabled doesn't mean inet_ntop are not
present. Since the local prototype conflicts, use the system version.
2011-11-08 22:21:30 +00:00
tron
a1f7ffadc0 Resolve conflicts from last import. 2011-10-28 07:12:17 +00:00
tron
1613d646d0 Import Postfix 2.8.6. Changes since version 2.8.5:
- The Postfix SMTP daemon sent "bare" newline characters instead of
  <CR><LF> when a header_checks REJECT pattern matched multi-line
  header. This bug was introduced with Postfix 1.1.
- The Postfix SMTP daemon sent "bare" newline characters instead of
  <CR><LF> when an smtpd_proxy_filter returned a multi-line
  response. This bug was introduced with Postfix 2.1.
- For compatibility with future EAI (email address
  internationalization) implementations, the Postfix MIME processor no
  longer enforces the strict_mime_encoding_domain check on unknown
  message subtypes such as message/global*. This check is disabled by
  default.
- The Postfix master daemon could report a panic error ("master_spawn:
  at process limit") after the process limit for some service was
  reduced with "postfix reload". This bug existed in all Postfix
  versions.
2011-10-28 07:08:57 +00:00
christos
6ee25ca9b9 use cleantags, instead of home grown copy. 2011-10-08 19:28:38 +00:00
tron
01b50dc734 Import Postfix version 2.8.5. Changes since version 2.8.4:
- The Postfix Milter client logged a "milter miltername: malformed reply"
  error when a Milter sent an SMTP response without enhanced status code
  (i.e. "XXX Text" instead of "XXX X.X.X Text").
- The Postfix Milter client sent a random {client_connections} macro value
  when the remote SMTP client was not subject to any smtpd_client_* limit.
  As a workaround, it now sends a zero value instead.
2011-09-10 10:35:21 +00:00
joerg
cd277335a0 Move -Wno-comment for clang to CPPFLAGS, so that mkdep runs are silent. 2011-08-25 17:05:45 +00:00
tron
64a8c34faa Resolve conflicts from last import. 2011-07-31 10:05:03 +00:00
tron
e148fd06c8 Import Postfix version 2.8.4. Changes since version 2.8.3:
- Performance: a high load of DSN success notification requests could
  slow down the queue manager. Solution: make the trace client
  asynchronous, just like the bounce and defer clients.
- The local(8) delivery agent ignored table lookup errors in
  mailbox_command_maps, mailbox_transport_maps, fallback_transport_maps
  and (while bouncing mail to alias) alias owner lookup.
- Workaround: dbl.spamhaus.org rejects lookups with "No IP queries" even
  if the name has an alphanumerical prefix. We play safe, and skip both
  RHSBL and RHSWL queries for names ending in a numerical suffix.
- The "sendmail -t" command reported "protocol error" instead of "file
  too large", "no space left on device" etc.
- The Postfix Milter client reported a temporary error instead of
  "file too large" in three cases.
2011-07-31 10:01:44 +00:00
tron
d14af506f7 Automatically determine and print out the release tag for the import. 2011-07-31 09:54:57 +00:00
pgoyette
ea5a6926a5 Add missing semicolon so it compiles 2011-05-30 18:47:27 +00:00
joerg
f795474780 Hack for clang to workaround non-ICE CMSG_SPACE used in union. 2011-05-30 16:24:13 +00:00
joerg
a216da57a6 Default to -Wno-sign-compare -Wno-pointer-sign for clang.
Push -Wno-array-bounds down to the cases that depend on it.
Selectively disable warnings for 3rd party software or non-trivial
issues to be reviewed later to get clang -Werror to build most of the
tree.
2011-05-26 12:56:24 +00:00
tron
72a05cf740 Import Postfix 2.8.3:
Postfix releases 2.8.3, 2.7.4, 2.6.10 and 2.5.13 are available. These contain
a fix for CVE-2011-1720 which affects Postfix SMTP server configurations that
use Cyrus SASL authentication. Besides full releases, patches are available
for Postfix 1.1 and later.

This defect was introduced with the Postfix SASL patch, and is present in all
Postfix versions where the command "postconf mail_release_date" reports a
value of 20000314 (March 14, 2000) or greater.

Note: CVE-2011-1720 does not affect Postfix SMTP servers that use Dovecot
SASL authentication. It also does not affect the common Postfix SMTP server
configurations that use only Cyrus SASL mechanisms PLAIN and LOGIN.

More details will be available at http://www.postfix.org/CVE-2011-1720.html.
2011-05-11 09:10:01 +00:00
tron
09880ffbca Remove (off by default) option to build Postfix with Cyrus SASL support.
As "libsasl" integration can now be considered stable it is no longer
necessary to suppor this hack.
2011-04-29 15:21:44 +00:00
tron
f2fcdb20a6 Resolve conflict from last import. 2011-03-23 19:10:44 +00:00
tron
7196e8ad9c Import Postfix 2.8.2. Changes since version 2.8.1:
- Bugfix: postscreen DNSBL scoring error.  When a client disconnected
  and then reconnected before all DNSBL results for the earlier
  session arrived, DNSBL results for the earlier session would be
  added to the score for the later session. This is very unlikely
  to have affected any legitimate mail.
- Workaround: the SMTP client did not support mail to [ipv6:ipv6addr].
2011-03-23 19:06:45 +00:00
tron
56bb44cae5 Build new Postfix components dnsblog(8), postscreen(8) and tlsproxy(8)
and install new documentation files.
2011-03-02 22:24:55 +00:00
tron
c1bec41104 Fix build of Postfix 2.8.1. 2011-03-02 20:12:29 +00:00
tron
d14acb8d0b Resolve conflicts from last import. 2011-03-02 19:56:37 +00:00
tron
ff6d749d99 Import Postfix 2.8.1. Changes since version 2.7.*:
Postfix stable release 2.8.0 is available. This release continues the
move towards improving code and documentation, and making the system
better prepared for changes in the threat environment.

The postscreen daemon (a zombie blocker in front of Postfix) is now
included with the stable release. postscreen now supports TLS and can
log the rejected sender, recipient and helo information. See the
POSTSCREEN_README file for recommended usage scenarios.

Support for DNS whitelisting (permit_rhswl_client), and for pattern
matching to filter the responses from DNS white/blacklist servers
(e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]).

Improved message tracking across SMTP-based content filters; the
after-filter SMTP server can log the before-filter queue ID (the
XCLIENT protocol was extended).

Read-only support for sqlite databases. See sqlite_table(5) and
SQLITE_README.

Support for 'footers' that are appended to SMTP server "reject"
responses. See "smtpd_reject_footer" in the postconf(5) manpage.
2011-03-02 19:31:23 +00:00
tron
ad49390408 Move default definition of "PKGROOT" inside the "HAVE_CYRUS_SASL" block
as it shouldn't be used anywhere else.
2011-02-15 23:17:02 +00:00
christos
99c6c22267 From Anon Ymous:
1) libsaslc is an SASL client only.
2) dovecot is an SASL server only.
3) cyrus-sasl is both a client and a server.
4) postfix allows us to have multiple SASL servers and clients.
5) The SASL server to use at runtime is determined by the setting of
   "smtpd_sasl_type" in main.cf (note that is smtpd_ not smtp_).  If
   that is not set, then it defaults to the value of
   DEF_SERVER_SASL_TYPE at build time, which if not set, defaults to
   "cyrus".  See postfix/dist/src/global/mail_params.h.
6) The SASL client to use at runtime is determined by the setting of
   "smtp_sasl_type" in main.cf.  If that is not set, then it defaults
   to the value of DEF_CLIENT_SASL_TYPE at build time, which if not
   set, defaults to "cyrus".  See postfix/dist/src/global/mail_params.h.
7) If MKCRYPTO is "no", libsaslc will not link as it requires the
   crypto libraries, so libsaslc cannot be enabled (as it was before)
   without crypto.
8) I have made the definition of DEF_CLIENT_SASL_TYPE conditional on
   MKCRYPTO due to (7).  Without crypto it will default to cyrus.
9) HAVE_CYRUS_SASL is _never_ defined during a normal build and _never_
   should be!  It is there for the convenience of users who wish to
   install cyrus-sasl and rebuild postfix with it.  It is also very
   useful for testing if it is suspected that something might be wrong
   with libsaslc.  PLEASE DO NOT REMOVE IT!
2011-02-15 16:19:33 +00:00
christos
8ee9afa985 fix typos. 2011-02-13 05:45:47 +00:00
christos
ed60d7cf1f change the variable to USE_LIB_SASL that can be set to saslc or cyrus 2011-02-13 05:12:55 +00:00
christos
e0ddd90246 don't hard-code /usr/pkg 2011-02-13 01:53:50 +00:00
christos
326b019630 change the saslc define to USE_ and test against "no" instead of just defined. 2011-02-13 01:50:03 +00:00
christos
44dcb1b9f4 better dependency support for saslc. 2011-02-13 00:41:20 +00:00
christos
18b1a8268b Add SASL client support using the libsaslc(3) library.
From Anon Ymous
2011-02-12 19:07:08 +00:00
tron
b7f896571b Resolve conflicts from last import. 2010-11-27 10:41:16 +00:00
tron
d1d83b6f73 Import Postfix 2.7.2. Changes since Postfix 2.7.1:
- Postfix no longer automatically appends the system default CA
  (certificate authority) certificates, when it reads the CA
  certificates specified with {smtp, lmtp, smtpd}_tls_CAfile or
  with {smtp, lmtp, smtpd}_tls_CApath.  This prevents third-party
  certificates from getting mail relay permission with the
  permit_tls_all_clientcerts feature.  Unfortunately, this change
  may cause compatibility problems with configurations that rely
  on certificate verification for other purposes.  To get the old
  behavior, specify "tls_append_default_CA = yes".
- A prior fix for compatibility with Postfix < 2.3 was incomplete.
  When pipe-to-command delivery fails with a signal, mail is now
  correctly deferred, instead of being returned to sender.
- Poor smtpd_proxy_filter TCP performance over loopback (127.0.0.1)
  connections was fixed by adapting the output buffer size to the
  MTU.
- The SMTP server no longer applies the reject_rhsbl_helo feature
  to non-domain forms such as network addresses.  This would cause
  false positives with dbl.spamhaus.org.
- The Postfix SMTP server failed to deliver a "421" response and
  hang up the connection after Milter error.  Instead, the server
  delivered a "503 Access denied" response and left the connection
  open, due to some Postfix 1.1 workaround for RFC 2821.
- The milter_header_checks parser failed to enable any of the actions
  that have no effect on message delivery (warn, replace, prepend,
  ignore, dunno, and ok).
2010-11-27 10:34:30 +00:00
mrg
363e39cc2c don't list tlsmgr twice; espcially one of them being outside of
the ${MKCRYPTO} != no check.
2010-07-11 05:37:32 +00:00