Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/ibm-public/postfix/dist Resolve conflicts from last...
details: https://anonhg.NetBSD.org/src/rev/040632c1bc46
branches: trunk
changeset: 762842:040632c1bc46
user: tron <tron%NetBSD.org@localhost>
date: Wed Mar 02 19:56:37 2011 +0000
description:
Resolve conflicts from last import.
diffstat:
external/ibm-public/postfix/dist/README_FILES/ADDRESS_VERIFICATION_README | 2 +-
external/ibm-public/postfix/dist/README_FILES/INSTALL | 36 +-
external/ibm-public/postfix/dist/README_FILES/TLS_README | 39 +
external/ibm-public/postfix/dist/conf/master.cf | 6 +-
external/ibm-public/postfix/dist/conf/postfix-files | 21 +-
external/ibm-public/postfix/dist/html/ADDRESS_VERIFICATION_README.html | 6 +-
external/ibm-public/postfix/dist/html/INSTALL.html | 3 +
external/ibm-public/postfix/dist/html/TLS_README.html | 48 +
external/ibm-public/postfix/dist/html/postconf.5.html | 1800 +++++++++-
external/ibm-public/postfix/dist/man/man5/postconf.5 | 1239 ++++++-
external/ibm-public/postfix/dist/proto/ADDRESS_VERIFICATION_README.html | 6 +-
external/ibm-public/postfix/dist/proto/INSTALL.html | 3 +
external/ibm-public/postfix/dist/proto/TLS_README.html | 48 +
external/ibm-public/postfix/dist/proto/postconf.proto | 1495 +++++++-
external/ibm-public/postfix/dist/src/cleanup/cleanup.h | 12 +-
external/ibm-public/postfix/dist/src/global/mail_params.h | 466 ++-
external/ibm-public/postfix/dist/src/smtp/smtp.c | 56 +-
external/ibm-public/postfix/dist/src/smtpd/smtpd.c | 287 +-
external/ibm-public/postfix/dist/src/tls/tls_client.c | 36 +-
external/ibm-public/postfix/dist/src/tls/tls_server.c | 133 +-
external/ibm-public/postfix/dist/src/util/unix_recv_fd.c | 4 +-
external/ibm-public/postfix/dist/src/util/unix_send_fd.c | 6 +-
external/ibm-public/postfix/dist/src/util/upass_connect.c | 143 -
external/ibm-public/postfix/dist/src/util/upass_listen.c | 196 -
external/ibm-public/postfix/dist/src/util/upass_trigger.c | 133 -
25 files changed, 5311 insertions(+), 913 deletions(-)
diffs (truncated from 8341 to 300 lines):
diff -r 35bd713d5afb -r 040632c1bc46 external/ibm-public/postfix/dist/README_FILES/ADDRESS_VERIFICATION_README
--- a/external/ibm-public/postfix/dist/README_FILES/ADDRESS_VERIFICATION_README Wed Mar 02 19:52:03 2011 +0000
+++ b/external/ibm-public/postfix/dist/README_FILES/ADDRESS_VERIFICATION_README Wed Mar 02 19:56:37 2011 +0000
@@ -121,7 +121,7 @@
You can change the probe sender address into the null address
("address_verify_sender ="). This is UNSAFE because address probes will
fail with mis-configured sites that reject MAIL FROM: <>, while probes from
- "postmaster@$myorigin" would succeed.
+ "double-bounce@$myorigin" would succeed.
RReecciippiieenntt aaddddrreessss vveerriiffiiccaattiioonn
diff -r 35bd713d5afb -r 040632c1bc46 external/ibm-public/postfix/dist/README_FILES/INSTALL
--- a/external/ibm-public/postfix/dist/README_FILES/INSTALL Wed Mar 02 19:52:03 2011 +0000
+++ b/external/ibm-public/postfix/dist/README_FILES/INSTALL Wed Mar 02 19:56:37 2011 +0000
@@ -157,23 +157,25 @@
Postfix is compiled. The following documents describe how to build Postfix with
support for extensions:
- _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
- |PPoossttffiixx eexxtteennssiioonn |DDooccuummeenntt |AAvvaaiillaabbiilliittyy|
- |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
- |Berkeley DB database |DB_README |Postfix 1.0 |
- |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
- |LDAP database |LDAP_README |Postfix 1.0 |
- |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
- |MySQL database |MYSQL_README|Postfix 1.0 |
- |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
- |Perl compatible regular expression|PCRE_README |Postfix 1.0 |
- |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
- |PostgreSQL database |PGSQL_README|Postfix 2.0 |
- |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
- |SASL authentication |SASL_README |Postfix 1.0 |
- |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
- |STARTTLS session encryption |TLS_README |Postfix 2.2 |
- |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
+ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
+ |PPoossttffiixx eexxtteennssiioonn |DDooccuummeenntt |AAvvaaiillaabbiilliittyy|
+ |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
+ |Berkeley DB database |DB_README |Postfix 1.0 |
+ |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
+ |LDAP database |LDAP_README |Postfix 1.0 |
+ |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
+ |MySQL database |MYSQL_README |Postfix 1.0 |
+ |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
+ |Perl compatible regular expression|PCRE_README |Postfix 1.0 |
+ |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
+ |PostgreSQL database |PGSQL_README |Postfix 2.0 |
+ |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
+ |SASL authentication |SASL_README |Postfix 1.0 |
+ |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
+ |SQLite database |SQLITE_README|Postfix 2.8 |
+ |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
+ |STARTTLS session encryption |TLS_README |Postfix 2.2 |
+ |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
Note: IP version 6 support is compiled into Postfix on operating systems that
have IPv6 support. See the IPV6_README file for details.
diff -r 35bd713d5afb -r 040632c1bc46 external/ibm-public/postfix/dist/README_FILES/TLS_README
--- a/external/ibm-public/postfix/dist/README_FILES/TLS_README Wed Mar 02 19:52:03 2011 +0000
+++ b/external/ibm-public/postfix/dist/README_FILES/TLS_README Wed Mar 02 19:56:37 2011 +0000
@@ -10,6 +10,11 @@
is written as carefully as Wietse's own code, every 1000 lines introduce one
additional bug into Postfix.
+At this time, you should no longer be using OpenSSL releases prior to the most
+recent 0.9.8 release unless all relevant security fixes have been backported to
+the earlier release by you or your O/S vendor. OpenSSL 0.9.7 and earlier are no
+longer maintained by the OpenSSL team.
+
WWhhaatt PPoossttffiixx TTLLSS ssuuppppoorrtt ddooeess ffoorr yyoouu
Transport Layer Security (TLS, formerly called SSL) provides certificate-based
@@ -588,6 +593,23 @@
# Postfix >= 2.6:
smtpd_tls_eecdh_grade = strong
+Postfix 2.8 and later, in combination with OpenSSL 0.9.7 and later allows TLS
+servers to preempt the TLS client's cipher preference list. This is only
+possible with SSLv3, as in SSLv2 the client chooses the cipher from a list
+supplied by the server.
+
+By default, the OpenSSL server selects the client's most preferred cipher that
+the server supports. With SSLv3 and later, the server may choose its own most
+preferred cipher that is supported (offered) by the client. Setting
+"tls_preempt_cipherlist = yes" enables server cipher preferences. The default
+OpenSSL behaviour applies with "tls_preempt_cipherlist = no".
+
+While server cipher selection may in some cases lead to a more secure or
+performant cipher choice, there is some risk of interoperability issues. In the
+past, some SSL clients have listed lower priority ciphers that they did not
+implement correctly. If the server chooses a cipher that the client prefers
+less, it may select a cipher whose client implementation is flawed.
+
MMiisscceellllaanneeoouuss sseerrvveerr ccoonnttrroollss
The smtpd_starttls_timeout parameter limits the time of Postfix SMTP server
@@ -598,6 +620,23 @@
/etc/postfix/main.cf:
smtpd_starttls_timeout = 300s
+With Postfix 2.8 and later, the tls_disable_workarounds parameter specifies a
+list or bit-mask of OpenSSL bug work-arounds to disable. This may be necessary
+if one of the work-arounds enabled by default in OpenSSL proves to pose a
+security risk, or introduces an unexpected interoperability issue. Some bug
+work-arounds known to be problematic are disabled in the default value of the
+parameter when linked with an OpenSSL library that could be vulnerable.
+
+Example:
+
+ /etc/postfix/main.cf:
+ tls_disable_workarounds = 0xFFFFFFFF
+ tls_disable_workarounds = CVE-2010-4180, LEGACY_SERVER_CONNECT
+
+Note: Disabling LEGACY_SERVER_CONNECT is not wise at this time, lots of servers
+are still unpatched and Postfix is not significantly vulnerable to the
+renegotiation issue in the TLS protocol.
+
SSMMTTPP CClliieenntt ssppeecciiffiicc sseettttiinnggss
Topics covered in this section:
diff -r 35bd713d5afb -r 040632c1bc46 external/ibm-public/postfix/dist/conf/master.cf
--- a/external/ibm-public/postfix/dist/conf/master.cf Wed Mar 02 19:52:03 2011 +0000
+++ b/external/ibm-public/postfix/dist/conf/master.cf Wed Mar 02 19:56:37 2011 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: master.cf,v 1.3 2010/06/17 18:18:14 tron Exp $
+# $NetBSD: master.cf,v 1.4 2011/03/02 19:56:37 tron Exp $
#
#
# Postfix master process configuration file. For details on the format
@@ -11,6 +11,10 @@
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
#smtp inet n - n - - smtpd
+#smtp inet n - n - 1 postscreen
+#smtpd pass - - n - - smtpd
+#dnsblog unix - - n - 0 dnsblog
+#tlsproxy unix - - n - 0 tlsproxy
#submission inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
diff -r 35bd713d5afb -r 040632c1bc46 external/ibm-public/postfix/dist/conf/postfix-files
--- a/external/ibm-public/postfix/dist/conf/postfix-files Wed Mar 02 19:52:03 2011 +0000
+++ b/external/ibm-public/postfix/dist/conf/postfix-files Wed Mar 02 19:56:37 2011 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: postfix-files,v 1.2 2009/06/23 11:41:06 tron Exp $
+# $NetBSD: postfix-files,v 1.3 2011/03/02 19:56:37 tron Exp $
#
# Commented out entries mean files not installed under NetBSD.
#
@@ -70,6 +70,7 @@
$daemon_directory/bounce:f:root:-:755
$daemon_directory/cleanup:f:root:-:755
$daemon_directory/discard:f:root:-:755
+$daemon_directory/dnsblog:f:root:-:755
$daemon_directory/error:f:root:-:755
$daemon_directory/flush:f:root:-:755
#$daemon_directory/lmtp:f:root:-:755
@@ -85,6 +86,7 @@
$daemon_directory/postfix-script:f:root:-:755
$daemon_directory/postfix-wrapper:f:root:-:755
$daemon_directory/postmulti-script:f:root:-:755
+$daemon_directory/postscreen:f:root:-:755
$daemon_directory/proxymap:f:root:-:755
$daemon_directory/qmgr:f:root:-:755
#$daemon_directory/qmqpd:f:root:-:755
@@ -93,6 +95,7 @@
$daemon_directory/smtp:f:root:-:755
$daemon_directory/smtpd:f:root:-:755
$daemon_directory/spawn:f:root:-:755
+$daemon_directory/tlsproxy:f:root:-:755
$daemon_directory/tlsmgr:f:root:-:755
$daemon_directory/trivial-rewrite:f:root:-:755
$daemon_directory/verify:f:root:-:755
@@ -167,6 +170,7 @@
#$manpage_directory/man5/ldap_table.5:f:root:-:644
$manpage_directory/man5/master.5:f:root:-:644
#$manpage_directory/man5/mysql_table.5:f:root:-:644
+#$manpage_directory/man5/sqlite_table.5:f:root:-:644
$manpage_directory/man5/nisplus_table.5:f:root:-:644
$manpage_directory/man5/pcre_table.5:f:root:-:644
#$manpage_directory/man5/pgsql_table.5:f:root:-:644
@@ -182,6 +186,7 @@
$manpage_directory/man8/anvil.8:f:root:-:644
$manpage_directory/man8/defer.8:f:root:-:644
$manpage_directory/man8/discard.8:f:root:-:644
+$manpage_directory/man8/dnsblog.8:f:root:-:644
$manpage_directory/man8/error.8:f:root:-:644
$manpage_directory/man8/flush.8:f:root:-:644
$manpage_directory/man8/lmtp.8:f:root:-:644
@@ -191,6 +196,7 @@
$manpage_directory/man8/oqmgr.8:f:root:-:644:
$manpage_directory/man8/pickup.8:f:root:-:644
$manpage_directory/man8/pipe.8:f:root:-:644
+$manpage_directory/man8/postscreen.8:f:root:-:644
$manpage_directory/man8/proxymap.8:f:root:-:644
$manpage_directory/man8/qmgr.8:f:root:-:644
#$manpage_directory/man8/qmqpd.8:f:root:-:644
@@ -199,6 +205,7 @@
$manpage_directory/man8/smtp.8:f:root:-:644
$manpage_directory/man8/smtpd.8:f:root:-:644
$manpage_directory/man8/spawn.8:f:root:-:644
+$manpage_directory/man8/tlsproxy.8:f:root:-:644
$manpage_directory/man8/tlsmgr.8:f:root:-:644
$manpage_directory/man8/trace.8:f:root:-:644
$manpage_directory/man8/trivial-rewrite.8:f:root:-:644
@@ -263,11 +270,13 @@
$readme_directory/MILTER_README:f:root:-:644
$readme_directory/MULTI_INSTANCE_README:f:root:-:644
$readme_directory/MYSQL_README:f:root:-:644
+$readme_directory/SQLITE_README:f:root:-:644
$readme_directory/NFS_README:f:root:-:644
$readme_directory/OVERVIEW:f:root:-:644
#$readme_directory/PACKAGE_README:f:root:-:644
$readme_directory/PCRE_README:f:root:-:644
$readme_directory/PGSQL_README:f:root:-:644
+$readme_directory/POSTSCREEN_README:f:root:-:644
$readme_directory/QMQP_README:f:root:-:644:o
$readme_directory/QSHAPE_README:f:root:-:644
$readme_directory/RELEASE_NOTES:f:root:-:644
@@ -277,6 +286,7 @@
$readme_directory/SMTPD_ACCESS_README:f:root:-:644
$readme_directory/SMTPD_POLICY_README:f:root:-:644
$readme_directory/SMTPD_PROXY_README:f:root:-:644
+$readme_directory/SOHO_README:f:root:-:644
$readme_directory/STANDARD_CONFIGURATION_README:f:root:-:644
$readme_directory/STRESS_README:f:root:-:644
$readme_directory/TLS_LEGACY_README:f:root:-:644
@@ -313,11 +323,13 @@
$html_directory/MILTER_README.html:f:root:-:644
$html_directory/MULTI_INSTANCE_README.html:f:root:-:644
$html_directory/MYSQL_README.html:f:root:-:644
+$html_directory/SQLITE_README.html:f:root:-:644
$html_directory/NFS_README.html:f:root:-:644
$html_directory/OVERVIEW.html:f:root:-:644
$html_directory/PACKAGE_README.html:f:root:-:644
$html_directory/PCRE_README.html:f:root:-:644
$html_directory/PGSQL_README.html:f:root:-:644
+$html_directory/POSTSCREEN_README.html:f:root:-:644
$html_directory/QMQP_README.html:f:root:-:644:o
$html_directory/QSHAPE_README.html:f:root:-:644
$html_directory/RESTRICTION_CLASS_README.html:f:root:-:644
@@ -326,6 +338,7 @@
$html_directory/SMTPD_ACCESS_README.html:f:root:-:644
$html_directory/SMTPD_POLICY_README.html:f:root:-:644
$html_directory/SMTPD_PROXY_README.html:f:root:-:644
+$html_directory/SOHO_README.html:f:root:-:644
$html_directory/STANDARD_CONFIGURATION_README.html:f:root:-:644
$html_directory/STRESS_README.html:f:root:-:644
$html_directory/TLS_LEGACY_README.html:f:root:-:644
@@ -346,6 +359,7 @@
$html_directory/cleanup.8.html:f:root:-:644
$html_directory/defer.8.html:h:$html_directory/bounce.8.html:-:644
$html_directory/discard.8.html:f:root:-:644
+$html_directory/dnsblog.8.html:f:root:-:644
$html_directory/error.8.html:f:root:-:644
$html_directory/flush.8.html:f:root:-:644
$html_directory/generics.5.html:f:root:-:644:o
@@ -358,7 +372,8 @@
$html_directory/mailq.1.html:f:root:-:644
$html_directory/master.5.html:f:root:-:644
$html_directory/master.8.html:f:root:-:644
-$html_directory/mysql_table.5.html:f:root:-:644
+#$html_directory/mysql_table.5.html:f:root:-:644
+#$html_directory/sqlite_table.5.html:f:root:-:644
$html_directory/nisplus_table.5.html:f:root:-:644
$html_directory/newaliases.1.html:h:$html_directory/mailq.1.html:-:644
$html_directory/oqmgr.8.html:f:root:-:644
@@ -381,6 +396,7 @@
$html_directory/postmap.1.html:f:root:-:644
$html_directory/postmulti.1.html:f:root:-:644
$html_directory/postqueue.1.html:f:root:-:644
+$html_directory/postscreen.8.html:f:root:-:644
$html_directory/postsuper.1.html:f:root:-:644
$html_directory/qshape.1.html:f:root:-:644
$html_directory/proxymap.8.html:f:root:-:644
@@ -397,6 +413,7 @@
$html_directory/smtp.8.html:h:$html_directory/lmtp.8.html:-:644
$html_directory/smtpd.8.html:f:root:-:644
$html_directory/spawn.8.html:f:root:-:644
+$html_directory/tlsproxy.8.html:f:root:-:644
#$html_directory/tcp_table.5.html:f:root:-:644
$html_directory/trace.8.html:h:$html_directory/bounce.8.html:-:644
$html_directory/transport.5.html:f:root:-:644
diff -r 35bd713d5afb -r 040632c1bc46 external/ibm-public/postfix/dist/html/ADDRESS_VERIFICATION_README.html
--- a/external/ibm-public/postfix/dist/html/ADDRESS_VERIFICATION_README.html Wed Mar 02 19:52:03 2011 +0000
+++ b/external/ibm-public/postfix/dist/html/ADDRESS_VERIFICATION_README.html Wed Mar 02 19:56:37 2011 +0000
@@ -106,7 +106,7 @@
</tr>
-<tr> </tr>
+<tr> <td> </td> </tr>
<tr>
@@ -165,7 +165,7 @@
</tr>
Home |
Main Index |
Thread Index |
Old Index