Prereq: ""2.3.9" diff -cr /var/tmp/postfix-2.3.9/src/global/mail_version.h ./src/global/mail_version.h *** /var/tmp/postfix-2.3.9/src/global/mail_version.h Mon Apr 23 20:08:11 2007 --- ./src/global/mail_version.h Wed May 30 20:19:18 2007 *************** *** 20,27 **** * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20070423" ! #define MAIL_VERSION_NUMBER "2.3.9" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE --- 20,27 ---- * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20070530" ! #define MAIL_VERSION_NUMBER "2.3.10" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -cr /var/tmp/postfix-2.3.9/HISTORY ./HISTORY *** /var/tmp/postfix-2.3.9/HISTORY Mon Apr 23 20:08:47 2007 --- ./HISTORY Wed May 30 20:18:34 2007 *************** *** 12986,12988 **** --- 12986,13041 ---- with deadlock, "postfix stop" forcefully stops all processes in the master's process group. Files: conf/postfix-script, master/master_sig.c. Back-ported from Postfix 2.4. + + 20070425 + + Bugfix: don't falsely report "lost connection from + localhost[127.0.0.1]" when Postfix is being portscanned. + Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c. + + 20070430 + + Robustness: recommend a "0" process limit for policy servers + to avoid "connection refused" problems when the smtpd process + limit exceeds the default process limit. File: + proto/SMTPD_POLICY_README.html. + + 20070501 + + Safety: when IPv6 (or IPv4) is turned off, don't treat an + IPv6 (or IPv4) connection from e.g. inetd as if it comes + from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c, + qmqpd/qmqpd_peer.c. + + 20070508 + + Bugfix: Content-Transfer-Encoding: attribute values are + case insensitive. File: src/cleanup/cleanup_message.c. + + 20070514 + + Bugfix: mailbox_transport(_maps) and fallback_transport(_maps) + were broken when used with the error(8) or discard(8) + transports. Cause: insufficient documentation. Files: + error/error.c, discard/discard.c. + + 20070520 + + Bugfix (problem introduced Postfix 2.3): when DSN support + was introduced it broke "agressive" recipient duplicate + elimination with "enable_original_recipient = no". File: + cleanup/cleanup_out_recipient.c. + + 20070529 + + Bugfix (introduced Postfix 2.3): the sendmail/postdrop + commands would hang when trying to submit a message larger + than the per-message size limit. File: postdrop/postdrop.c. + + 20070530 + + Sabotage the saboteur who insists on breaking Postfix by + adding gethostbyname() calls that cause maildir delivery + to fail when the machine name is not found in /etc/hosts, + or that cause Postfix processes to hang when the network + is down. diff -cr /var/tmp/postfix-2.3.9/README_FILES/SMTPD_POLICY_README ./README_FILES/SMTPD_POLICY_README *** /var/tmp/postfix-2.3.9/README_FILES/SMTPD_POLICY_README Fri Jul 7 15:42:23 2006 --- ./README_FILES/SMTPD_POLICY_README Fri May 11 20:17:21 2007 *************** *** 40,45 **** --- 40,46 ---- Here is an example of all the attributes that the Postfix SMTP server sends in a delegated SMTPD access policy request: + PPoossttffiixx vveerrssiioonn 22..11 aanndd llaatteerr:: request=smtpd_access_policy protocol_state=RCPT protocol_name=SMTP *************** *** 167,173 **** use something like this: 1 /etc/postfix/master.cf: ! 2 policy unix - n n - - spawn 3 user=nobody argv=/some/where/policy-server 4 5 /etc/postfix/main.cf: --- 168,174 ---- use something like this: 1 /etc/postfix/master.cf: ! 2 policy unix - n n - 0 spawn 3 user=nobody argv=/some/where/policy-server 4 5 /etc/postfix/main.cf: *************** *** 187,199 **** "policy_time_limit" setting. The name of the parameter is the name of the master.cf entry ("policy") concatenated with the "_time_limit" suffix. * Lines 8, 9: always specify "check_policy_service" AFTER "reject_unauth_destination" or else your system could become an open relay. * Solaris UNIX-domain sockets do not work reliably. Use TCP sockets instead: 1 /etc/postfix/master.cf: ! 2 127.0.0.1:9998 inet n n n - - spawn 3 user=nobody argv=/some/where/policy-server 4 5 /etc/postfix/main.cf: --- 188,204 ---- "policy_time_limit" setting. The name of the parameter is the name of the master.cf entry ("policy") concatenated with the "_time_limit" suffix. + * Line 2: specify a "0" process limit instead of the default "-", to avoid + "connection refused" and other problems when the smtpd process limit + exceeds the default_process_limit setting. + * Lines 8, 9: always specify "check_policy_service" AFTER "reject_unauth_destination" or else your system could become an open relay. * Solaris UNIX-domain sockets do not work reliably. Use TCP sockets instead: 1 /etc/postfix/master.cf: ! 2 127.0.0.1:9998 inet n n n - 0 spawn 3 user=nobody argv=/some/where/policy-server 4 5 /etc/postfix/main.cf: *************** *** 261,267 **** socket that is accessible by Postfix processes only: 1 /etc/postfix/master.cf: ! 2 policy unix - n n - - spawn 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl 4 5 /etc/postfix/main.cf: --- 266,272 ---- socket that is accessible by Postfix processes only: 1 /etc/postfix/master.cf: ! 2 policy unix - n n - 0 spawn 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl 4 5 /etc/postfix/main.cf: *************** *** 279,289 **** "policy_time_limit" setting. The name of the parameter is the name of the master.cf entry ("policy") concatenated with the "_time_limit" suffix. On Solaris you must use inet: style sockets instead of unix: style, as detailed in the "Policy client/server configuration" section above. 1 /etc/postfix/master.cf: ! 2 127.0.0.1:9998 inet n n n - - spawn 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl 4 5 /etc/postfix/main.cf: --- 284,298 ---- "policy_time_limit" setting. The name of the parameter is the name of the master.cf entry ("policy") concatenated with the "_time_limit" suffix. + * Line 2: specify a "0" process limit instead of the default "-", to avoid + "connection refused" and other problems when the smtpd process limit + exceeds the default_process_limit setting. + On Solaris you must use inet: style sockets instead of unix: style, as detailed in the "Policy client/server configuration" section above. 1 /etc/postfix/master.cf: ! 2 127.0.0.1:9998 inet n n n - 0 spawn 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl 4 5 /etc/postfix/main.cf: diff -cr /var/tmp/postfix-2.3.9/html/SMTPD_POLICY_README.html ./html/SMTPD_POLICY_README.html *** /var/tmp/postfix-2.3.9/html/SMTPD_POLICY_README.html Fri Jul 7 15:42:23 2006 --- ./html/SMTPD_POLICY_README.html Fri May 11 20:17:21 2007 *************** *** 72,77 **** --- 72,78 ---- 
+ Postfix version 2.1 and later:
  request=smtpd_access_policy
  protocol_state=RCPT
  protocol_name=SMTP
***************
*** 238,244 ****
  

  
   1 /etc/postfix/master.cf:
!  2     policy  unix  -       n       n       -       -       spawn
   3       user=nobody argv=/some/where/policy-server
   4 
   5 /etc/postfix/main.cf:
--- 239,245 ----
  

  
   1 /etc/postfix/master.cf:
!  2     policy  unix  -       n       n       -       0       spawn
   3       user=nobody argv=/some/where/policy-server
   4 
   5 /etc/postfix/main.cf:
***************
*** 263,268 ****
--- 264,273 ----
  the parameter is the name of the master.cf entry ("policy")
  concatenated with the "_time_limit" suffix.  

  
+ 
  •  
     Line 2: specify a "0" process limit instead of the default
+ "-", to avoid "connection refused" and other problems when the smtpd
+ process limit exceeds the default_process_limit setting. 
    
+ 
  
  •  
     Lines 8, 9: always specify "check_policy_service" AFTER
  "reject_unauth_destination" or else your system could become an
  open relay. 
    
***************
*** 275,281 ****
  
    
  
       1 /etc/postfix/master.cf:
!  2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
   3       user=nobody argv=/some/where/policy-server
   4 
   5 /etc/postfix/main.cf:
--- 280,286 ----
  
    
  
       1 /etc/postfix/master.cf:
!  2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
   3       user=nobody argv=/some/where/policy-server
   4 
   5 /etc/postfix/main.cf:
***************
*** 367,373 ****
  
    
  
      1 /etc/postfix/master.cf:
! 2     policy  unix  -       n       n       -       -       spawn
  3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
  4 
  5 /etc/postfix/main.cf:
--- 372,378 ----
  
    
  
      1 /etc/postfix/master.cf:
! 2     policy  unix  -       n       n       -       0       spawn
  3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
  4 
  5 /etc/postfix/main.cf:
***************
*** 390,395 ****
--- 395,404 ----
  the parameter is the name of the master.cf entry ("policy")
  concatenated with the "_time_limit" suffix.  
    
  
+ 
  •  
     Line 2: specify a "0" process limit instead of the default
+ "-", to avoid "connection refused" and other problems when the smtpd
+ process limit exceeds the default_process_limit setting. 
    
+ 
  
  
  
     On Solaris you must use inet: style sockets instead of unix:
***************
*** 399,405 ****
  
    
  
      1 /etc/postfix/master.cf:
! 2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
  3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
  4 
  5 /etc/postfix/main.cf:
--- 408,414 ----
  
    
  
      1 /etc/postfix/master.cf:
! 2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
  3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
  4 
  5 /etc/postfix/main.cf:
diff -cr /var/tmp/postfix-2.3.9/html/postconf.1.html ./html/postconf.1.html
*** /var/tmp/postfix-2.3.9/html/postconf.1.html	Sun Dec 24 15:10:28 2006
--- ./html/postconf.1.html	Fri May 11 20:41:53 2007
***************
*** 177,184 ****
                tcp (read-only)
                       Perform lookups using a simple request-reply
                       protocol that is described in  tcp_table(5).
!                      This  feature  is  not included with Postfix
!                      2.2.
  
                unix (read-only)
                       A limited way to query the UNIX  authentica-
--- 177,184 ----
                tcp (read-only)
                       Perform lookups using a simple request-reply
                       protocol that is described in  tcp_table(5).
!                      This feature is not included with the stable
!                      Postfix release.
  
                unix (read-only)
                       A limited way to query the UNIX  authentica-
diff -cr /var/tmp/postfix-2.3.9/man/man1/postconf.1 ./man/man1/postconf.1
*** /var/tmp/postfix-2.3.9/man/man1/postconf.1	Sun Dec 24 15:10:28 2006
--- ./man/man1/postconf.1	Fri May 11 20:41:53 2007
***************
*** 152,158 ****
  .IP "\fBtcp\fR (read-only)"
  Perform lookups using a simple request-reply protocol that is
  described in \fBtcp_table\fR(5).
! This feature is not included with Postfix 2.2.
  .IP "\fBunix\fR (read-only)"
  A limited way to query the UNIX authentication database. The
  following tables are implemented:
--- 152,158 ----
  .IP "\fBtcp\fR (read-only)"
  Perform lookups using a simple request-reply protocol that is
  described in \fBtcp_table\fR(5).
! This feature is not included with the stable Postfix release.
  .IP "\fBunix\fR (read-only)"
  A limited way to query the UNIX authentication database. The
  following tables are implemented:
diff -cr /var/tmp/postfix-2.3.9/proto/SMTPD_POLICY_README.html ./proto/SMTPD_POLICY_README.html
*** /var/tmp/postfix-2.3.9/proto/SMTPD_POLICY_README.html	Fri Jul  7 15:42:17 2006
--- ./proto/SMTPD_POLICY_README.html	Fri May 11 20:14:45 2007
***************
*** 72,77 ****
--- 72,78 ----
  
  
    
  
    + Postfix version 2.1 and later:
  request=smtpd_access_policy
  protocol_state=RCPT
  protocol_name=SMTP
***************
*** 238,244 ****
  
    
  
       1 /etc/postfix/master.cf:
!  2     policy  unix  -       n       n       -       -       spawn
   3       user=nobody argv=/some/where/policy-server
   4 
   5 /etc/postfix/main.cf:
--- 239,245 ----
  
    
  
       1 /etc/postfix/master.cf:
!  2     policy  unix  -       n       n       -       0       spawn
   3       user=nobody argv=/some/where/policy-server
   4 
   5 /etc/postfix/main.cf:
***************
*** 263,268 ****
--- 264,273 ----
  the parameter is the name of the master.cf entry ("policy")
  concatenated with the "_time_limit" suffix.  
    
  
+ 
  •  
     Line 2: specify a "0" process limit instead of the default
+ "-", to avoid "connection refused" and other problems when the smtpd
+ process limit exceeds the default_process_limit setting. 
    
+ 
  
  •  
     Lines 8, 9: always specify "check_policy_service" AFTER
  "reject_unauth_destination" or else your system could become an
  open relay. 
    
***************
*** 275,281 ****
  
    
  
       1 /etc/postfix/master.cf:
!  2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
   3       user=nobody argv=/some/where/policy-server
   4 
   5 /etc/postfix/main.cf:
--- 280,286 ----
  
    
  
       1 /etc/postfix/master.cf:
!  2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
   3       user=nobody argv=/some/where/policy-server
   4 
   5 /etc/postfix/main.cf:
***************
*** 367,373 ****
  
    
  
      1 /etc/postfix/master.cf:
! 2     policy  unix  -       n       n       -       -       spawn
  3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
  4 
  5 /etc/postfix/main.cf:
--- 372,378 ----
  
    
  
      1 /etc/postfix/master.cf:
! 2     policy  unix  -       n       n       -       0       spawn
  3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
  4 
  5 /etc/postfix/main.cf:
***************
*** 390,395 ****
--- 395,404 ----
  the parameter is the name of the master.cf entry ("policy")
  concatenated with the "_time_limit" suffix.  
    
  
+ 
  •  
     Line 2: specify a "0" process limit instead of the default
+ "-", to avoid "connection refused" and other problems when the smtpd
+ process limit exceeds the default_process_limit setting. 
    
+ 
  
  
  
     On Solaris you must use inet: style sockets instead of unix:
***************
*** 399,405 ****
  
    
  
      1 /etc/postfix/master.cf:
! 2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
  3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
  4 
  5 /etc/postfix/main.cf:
--- 408,414 ----
  
    
  
      1 /etc/postfix/master.cf:
! 2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
  3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
  4 
  5 /etc/postfix/main.cf:
diff -cr /var/tmp/postfix-2.3.9/src/cleanup/cleanup_message.c ./src/cleanup/cleanup_message.c
*** /var/tmp/postfix-2.3.9/src/cleanup/cleanup_message.c	Fri Dec  1 19:24:40 2006
--- ./src/cleanup/cleanup_message.c	Tue May  8 12:42:00 2007
***************
*** 515,521 ****
      if (hdr_opts->type == HDR_CONTENT_TRANSFER_ENCODING) {
  	for (cmp = code_map; cmp->name != 0; cmp++) {
  	    if (strcasecmp(hdrval, cmp->name) == 0) {
! 		if (strcmp(cmp->encoding, MAIL_ATTR_ENC_8BIT) == 0)
  		    nvtable_update(state->attr, MAIL_ATTR_ENCODING,
  				   cmp->encoding);
  		break;
--- 515,521 ----
      if (hdr_opts->type == HDR_CONTENT_TRANSFER_ENCODING) {
  	for (cmp = code_map; cmp->name != 0; cmp++) {
  	    if (strcasecmp(hdrval, cmp->name) == 0) {
! 		if (strcasecmp(cmp->encoding, MAIL_ATTR_ENC_8BIT) == 0)
  		    nvtable_update(state->attr, MAIL_ATTR_ENCODING,
  				   cmp->encoding);
  		break;
diff -cr /var/tmp/postfix-2.3.9/src/cleanup/cleanup_out_recipient.c ./src/cleanup/cleanup_out_recipient.c
*** /var/tmp/postfix-2.3.9/src/cleanup/cleanup_out_recipient.c	Thu Jan  5 19:22:04 2006
--- ./src/cleanup/cleanup_out_recipient.c	Sun May 20 12:29:53 2007
***************
*** 127,139 ****
       * Distinguish between different original recipient addresses that map
       * onto the same mailbox. The recipient will use our original recipient
       * message header to figure things out.
       */
  #define STREQ(x, y) (strcmp((x), (y)) == 0)
  
      if ((state->flags & CLEANUP_FLAG_MAP_OK) == 0
  	|| cleanup_virt_alias_maps == 0) {
! 	if (been_here(state->dups, "%s\n%d\n%s\n%s",
! 		      dsn_orcpt, dsn_notify, orcpt, recip) == 0) {
  	    if (dsn_notify)
  		cleanup_out_format(state, REC_TYPE_ATTR, "%s=%d",
  				   MAIL_ATTR_DSN_NOTIFY, dsn_notify);
--- 127,146 ----
       * Distinguish between different original recipient addresses that map
       * onto the same mailbox. The recipient will use our original recipient
       * message header to figure things out.
+      * 
+      * Postfix 2.2 compatibility: when ignoring differences in Postfix original
+      * recipient information, also ignore differences in DSN attributes. We
+      * do, however, keep the DSN attributes of the recipient that survives
+      * duplicate elimination.
       */
  #define STREQ(x, y) (strcmp((x), (y)) == 0)
  
      if ((state->flags & CLEANUP_FLAG_MAP_OK) == 0
  	|| cleanup_virt_alias_maps == 0) {
! 	if ((var_enable_orcpt ?
! 	     been_here(state->dups, "%s\n%d\n%s\n%s",
! 		       dsn_orcpt, dsn_notify, orcpt, recip) :
! 	     been_here_fixed(state->dups, recip)) == 0) {
  	    if (dsn_notify)
  		cleanup_out_format(state, REC_TYPE_ATTR, "%s=%d",
  				   MAIL_ATTR_DSN_NOTIFY, dsn_notify);
***************
*** 181,186 ****
--- 188,198 ----
       * notifications. The queue manager will flush the trace (and bounce)
       * logfile, possibly after it has generated its own success or failure
       * notification records.
+      * 
+      * Postfix 2.2 compatibility: when ignoring differences in Postfix original
+      * recipient information, also ignore differences in DSN attributes. We
+      * do, however, keep the DSN attributes of the recipient that survives
+      * duplicate elimination.
       */
      else {
  	RECIPIENT rcpt;
***************
*** 198,205 ****
  			  dsn_notify & ~DSN_NOTIFY_SUCCESS);
  	}
  	for (cpp = argv->argv; *cpp; cpp++) {
! 	    if (been_here(state->dups, "%s\n%d\n%s\n%s",
! 			  dsn_orcpt, dsn_notify, orcpt, *cpp) == 0) {
  		if (dsn_notify)
  		    cleanup_out_format(state, REC_TYPE_ATTR, "%s=%d",
  				       MAIL_ATTR_DSN_NOTIFY, dsn_notify);
--- 210,219 ----
  			  dsn_notify & ~DSN_NOTIFY_SUCCESS);
  	}
  	for (cpp = argv->argv; *cpp; cpp++) {
! 	    if ((var_enable_orcpt ?
! 		 been_here(state->dups, "%s\n%d\n%s\n%s",
! 			   dsn_orcpt, dsn_notify, orcpt, *cpp) :
! 		 been_here_fixed(state->dups, *cpp)) == 0) {
  		if (dsn_notify)
  		    cleanup_out_format(state, REC_TYPE_ATTR, "%s=%d",
  				       MAIL_ATTR_DSN_NOTIFY, dsn_notify);
diff -cr /var/tmp/postfix-2.3.9/src/discard/discard.c ./src/discard/discard.c
*** /var/tmp/postfix-2.3.9/src/discard/discard.c	Mon Jun 26 08:59:19 2006
--- ./src/discard/discard.c	Tue May 15 17:06:46 2007
***************
*** 173,185 ****
      (void) DSN_SIMPLE(&dsn, DSN_STATUS(dp.dsn), dp.text);
      for (nrcpt = 0; nrcpt < request->rcpt_list.len; nrcpt++) {
  	rcpt = request->rcpt_list.info + nrcpt;
! 	if (rcpt->offset >= 0) {
! 	    status = sent(BOUNCE_FLAGS(request), request->queue_id,
! 			  &request->msg_stats, rcpt, "none", &dsn);
! 	    if (status == 0 && (request->flags & DEL_REQ_FLAG_SUCCESS))
! 		deliver_completed(src, rcpt->offset);
! 	    result |= status;
! 	}
      }
  
      /*
--- 173,183 ----
      (void) DSN_SIMPLE(&dsn, DSN_STATUS(dp.dsn), dp.text);
      for (nrcpt = 0; nrcpt < request->rcpt_list.len; nrcpt++) {
  	rcpt = request->rcpt_list.info + nrcpt;
! 	status = sent(BOUNCE_FLAGS(request), request->queue_id,
! 		      &request->msg_stats, rcpt, "none", &dsn);
! 	if (status == 0 && (request->flags & DEL_REQ_FLAG_SUCCESS))
! 	    deliver_completed(src, rcpt->offset);
! 	result |= status;
      }
  
      /*
diff -cr /var/tmp/postfix-2.3.9/src/error/error.c ./src/error/error.c
*** /var/tmp/postfix-2.3.9/src/error/error.c	Thu Jun 15 14:07:15 2006
--- ./src/error/error.c	Tue May 15 17:06:58 2007
***************
*** 176,188 ****
      (void) DSN_SIMPLE(&dsn, DSN_STATUS(dp.dsn), dp.text);
      for (nrcpt = 0; nrcpt < request->rcpt_list.len; nrcpt++) {
  	rcpt = request->rcpt_list.info + nrcpt;
! 	if (rcpt->offset >= 0) {
! 	    status = bounce_append(BOUNCE_FLAGS(request), request->queue_id,
! 				   &request->msg_stats, rcpt, "none", &dsn);
! 	    if (status == 0)
! 		deliver_completed(src, rcpt->offset);
! 	    result |= status;
! 	}
      }
  
      /*
--- 176,186 ----
      (void) DSN_SIMPLE(&dsn, DSN_STATUS(dp.dsn), dp.text);
      for (nrcpt = 0; nrcpt < request->rcpt_list.len; nrcpt++) {
  	rcpt = request->rcpt_list.info + nrcpt;
! 	status = bounce_append(BOUNCE_FLAGS(request), request->queue_id,
! 			       &request->msg_stats, rcpt, "none", &dsn);
! 	if (status == 0)
! 	    deliver_completed(src, rcpt->offset);
! 	result |= status;
      }
  
      /*
diff -cr /var/tmp/postfix-2.3.9/src/local/mailbox.c ./src/local/mailbox.c
*** /var/tmp/postfix-2.3.9/src/local/mailbox.c	Mon Jun 26 08:59:19 2006
--- ./src/local/mailbox.c	Tue May 15 16:14:21 2007
***************
*** 271,276 ****
--- 271,277 ----
      if (*var_mbox_transp_maps && transp_maps == 0)
  	transp_maps = maps_create(VAR_MBOX_TRANSP_MAPS, var_mbox_transp_maps,
  				  DICT_FLAG_LOCK | DICT_FLAG_NO_REGSUB);
+     /* The -1 is a hint for the down-stream deliver_completed() function. */
      if (*var_mbox_transp_maps
  	&& (map_transport = maps_find(transp_maps, state.msg_attr.user,
  				      DICT_FLAG_NONE)) != 0) {
diff -cr /var/tmp/postfix-2.3.9/src/local/unknown.c ./src/local/unknown.c
*** /var/tmp/postfix-2.3.9/src/local/unknown.c	Mon Jun 26 08:59:19 2006
--- ./src/local/unknown.c	Tue May 15 16:14:28 2007
***************
*** 109,117 ****
--- 109,119 ----
      if (*var_fbck_transp_maps && transp_maps == 0)
  	transp_maps = maps_create(VAR_FBCK_TRANSP_MAPS, var_fbck_transp_maps,
  				  DICT_FLAG_LOCK | DICT_FLAG_NO_REGSUB);
+     /* The -1 is a hint for the down-stream deliver_completed() function. */
      if (*var_fbck_transp_maps
  	&& (map_transport = maps_find(transp_maps, state.msg_attr.user,
  				      DICT_FLAG_NONE)) != 0) {
+ 	state.msg_attr.rcpt.offset = -1L;
  	return (deliver_pass(MAIL_CLASS_PRIVATE, map_transport,
  			     state.request, &state.msg_attr.rcpt));
      }
diff -cr /var/tmp/postfix-2.3.9/src/postconf/postconf.c ./src/postconf/postconf.c
*** /var/tmp/postfix-2.3.9/src/postconf/postconf.c	Tue Dec 12 18:04:33 2006
--- ./src/postconf/postconf.c	Fri May 11 20:23:10 2007
***************
*** 146,152 ****
  /* .IP "\fBtcp\fR (read-only)"
  /*	Perform lookups using a simple request-reply protocol that is
  /*	described in \fBtcp_table\fR(5).
! /*	This feature is not included with Postfix 2.2.
  /* .IP "\fBunix\fR (read-only)"
  /*	A limited way to query the UNIX authentication database. The
  /*	following tables are implemented:
--- 146,152 ----
  /* .IP "\fBtcp\fR (read-only)"
  /*	Perform lookups using a simple request-reply protocol that is
  /*	described in \fBtcp_table\fR(5).
! /*	This feature is not included with the stable Postfix release.
  /* .IP "\fBunix\fR (read-only)"
  /*	A limited way to query the UNIX authentication database. The
  /*	following tables are implemented:
diff -cr /var/tmp/postfix-2.3.9/src/postdrop/postdrop.c ./src/postdrop/postdrop.c
*** /var/tmp/postfix-2.3.9/src/postdrop/postdrop.c	Tue Mar  6 12:42:47 2007
--- ./src/postdrop/postdrop.c	Wed May 30 19:51:20 2007
***************
*** 428,436 ****
  	if (REC_PUT_BUF(dst->stream, rec_type, buf) < 0) {
  	    /* rec_get() errors must not clobber errno. */
  	    saved_errno = errno;
! 	    while (rec_get_raw(VSTREAM_IN, buf, var_line_limit,
! 			       REC_FLAG_NONE) > 0)
! 		 /* void */ ;
  	    errno = saved_errno;
  	    break;
  	}
--- 428,438 ----
  	if (REC_PUT_BUF(dst->stream, rec_type, buf) < 0) {
  	    /* rec_get() errors must not clobber errno. */
  	    saved_errno = errno;
! 	    while ((rec_type = rec_get_raw(VSTREAM_IN, buf, var_line_limit,
! 					   REC_FLAG_NONE)) != REC_TYPE_END
! 		   && rec_type != REC_TYPE_EOF)
! 		if (rec_type == REC_TYPE_ERROR)
! 		    msg_fatal("uid=%ld: malformed input", (long) uid);
  	    errno = saved_errno;
  	    break;
  	}
diff -cr /var/tmp/postfix-2.3.9/src/qmqpd/qmqpd_peer.c ./src/qmqpd/qmqpd_peer.c
*** /var/tmp/postfix-2.3.9/src/qmqpd/qmqpd_peer.c	Mon Jun 26 08:59:19 2006
--- ./src/qmqpd/qmqpd_peer.c	Tue May  1 17:10:51 2007
***************
*** 91,97 ****
      /*
       * If peer went away, give up.
       */
!     if (errno == ECONNRESET || errno == ECONNABORTED) {
  	state->name = mystrdup(CLIENT_NAME_UNKNOWN);
  	state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
  	state->rfc_addr = mystrdup(CLIENT_ADDR_UNKNOWN);
--- 91,97 ----
      /*
       * If peer went away, give up.
       */
!     if (errno != 0 && errno != ENOTSOCK) {
  	state->name = mystrdup(CLIENT_NAME_UNKNOWN);
  	state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
  	state->rfc_addr = mystrdup(CLIENT_ADDR_UNKNOWN);
***************
*** 100,112 ****
  
      /*
       * Convert the client address to printable address and hostname.
       */
      else if (errno == 0
! 	     && strchr((char *) proto_info->sa_family_list, sa->sa_family)) {
  	MAI_HOSTNAME_STR client_name;
  	MAI_HOSTADDR_STR client_addr;
  	int     aierr;
  	char   *colonp;
  
  	/*
  	 * Sorry, but there are some things that we just cannot do while
--- 100,130 ----
  
      /*
       * Convert the client address to printable address and hostname.
+      * 
+      * XXX If we're given an IPv6 (or IPv4) connection from, e.g., inetd, while
+      * Postfix IPv6 (or IPv4) support is turned off, don't (skip to the final
+      * else clause, pretend the origin is localhost[127.0.0.1], and become an
+      * open relay).
       */
      else if (errno == 0
! 	     && (sa->sa_family == AF_INET
! #ifdef AF_INET6
! 		 || sa->sa_family == AF_INET6
! #endif
! 		 )) {
  	MAI_HOSTNAME_STR client_name;
  	MAI_HOSTADDR_STR client_addr;
  	int     aierr;
  	char   *colonp;
+ 
+ 	/*
+ 	 * Sanity check: we can't use sockets that we're not configured for.
+ 	 */
+ 	if (strchr((char *) proto_info->sa_family_list, sa->sa_family) == 0)
+ 	    msg_fatal("cannot handle socket type %s with \"%s = %s\"",
+ 		      sa->sa_family == AF_INET6 ? "AF_INET6" :
+ 		      sa->sa_family == AF_INET ? "AF_INET" :
+ 		      "other", VAR_INET_PROTOCOLS, var_inet_protocols);
  
  	/*
  	 * Sorry, but there are some things that we just cannot do while
diff -cr /var/tmp/postfix-2.3.9/src/smtpd/smtpd_peer.c ./src/smtpd/smtpd_peer.c
*** /var/tmp/postfix-2.3.9/src/smtpd/smtpd_peer.c	Fri Jul  7 20:51:33 2006
--- ./src/smtpd/smtpd_peer.c	Fri May 11 20:08:28 2007
***************
*** 155,161 ****
      /*
       * If peer went away, give up.
       */
!     if (errno == ECONNRESET || errno == ECONNABORTED) {
  	state->name = mystrdup(CLIENT_NAME_UNKNOWN);
  	state->reverse_name = mystrdup(CLIENT_NAME_UNKNOWN);
  	state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
--- 155,161 ----
      /*
       * If peer went away, give up.
       */
!     if (errno != 0 && errno != ENOTSOCK) {
  	state->name = mystrdup(CLIENT_NAME_UNKNOWN);
  	state->reverse_name = mystrdup(CLIENT_NAME_UNKNOWN);
  	state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
***************
*** 167,179 ****
  
      /*
       * Convert the client address to printable address and hostname.
       */
      else if (errno == 0
! 	     && strchr((char *) proto_info->sa_family_list, sa->sa_family)) {
  	MAI_HOSTNAME_STR client_name;
  	MAI_HOSTADDR_STR client_addr;
  	int     aierr;
  	char   *colonp;
  
  	/*
  	 * Sorry, but there are some things that we just cannot do while
--- 167,197 ----
  
      /*
       * Convert the client address to printable address and hostname.
+      * 
+      * XXX If we're given an IPv6 (or IPv4) connection from, e.g., inetd, while
+      * Postfix IPv6 (or IPv4) support is turned off, don't (skip to the final
+      * else clause, pretend the origin is localhost[127.0.0.1], and become an
+      * open relay).
       */
      else if (errno == 0
! 	     && (sa->sa_family == AF_INET
! #ifdef AF_INET6
! 		 || sa->sa_family == AF_INET6
! #endif
! 		 )) {
  	MAI_HOSTNAME_STR client_name;
  	MAI_HOSTADDR_STR client_addr;
  	int     aierr;
  	char   *colonp;
+ 
+ 	/*
+ 	 * Sanity check: we can't use sockets that we're not configured for.
+ 	 */
+ 	if (strchr((char *) proto_info->sa_family_list, sa->sa_family) == 0)
+ 	    msg_fatal("cannot handle socket type %s with \"%s = %s\"",
+ 		      sa->sa_family == AF_INET6 ? "AF_INET6" :
+ 		      sa->sa_family == AF_INET ? "AF_INET" :
+ 		      "other", VAR_INET_PROTOCOLS, var_inet_protocols);
  
  	/*
  	 * Sorry, but there are some things that we just cannot do while
diff -cr /var/tmp/postfix-2.3.9/src/util/get_hostname.c ./src/util/get_hostname.c
*** /var/tmp/postfix-2.3.9/src/util/get_hostname.c	Sun Jan 28 09:00:12 2001
--- ./src/util/get_hostname.c	Wed May 30 20:08:21 2007
***************
*** 61,73 ****
--- 61,83 ----
       * part of the socket interface library. We avoid the more politically-
       * correct uname() routine because that has no portable way of dealing
       * with long (FQDN) hostnames.
+      * 
+      * DO NOT CALL GETHOSTBYNAME FROM THIS FUNCTION. IT BREAKS MAILDIR DELIVERY
+      * AND OTHER THINGS WHEN THE MACHINE NAME IS NOT FOUND IN /ETC/HOSTS OR
+      * CAUSES PROCESSES TO HANG WHEN THE NETWORK IS DISCONNECTED.
+      * 
+      * POSTFIX NO LONGER NEEDS A FULLY QUALIFIED HOSTNAME. INSTEAD POSTFIX WILL
+      * USE A DEFAULT DOMAIN NAME "LOCALDOMAIN".
       */
      if (my_host_name == 0) {
+ 	/* DO NOT CALL GETHOSTBYNAME FROM THIS FUNCTION */
  	if (gethostname(namebuf, sizeof(namebuf)) < 0)
  	    msg_fatal("gethostname: %m");
  	namebuf[MAXHOSTNAMELEN] = 0;
+ 	/* DO NOT CALL GETHOSTBYNAME FROM THIS FUNCTION */
  	if (valid_hostname(namebuf, DO_GRIPE) == 0)
  	    msg_fatal("unable to use my own hostname");
+ 	/* DO NOT CALL GETHOSTBYNAME FROM THIS FUNCTION */
  	my_host_name = mystrdup(namebuf);
      }
      return (my_host_name);