OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Postfix 19991231 Patchlevel 08 available
From: Admin Mailing Lists (mlistintergrafix.net)
Date: Tue May 30 2000 - 14:14:52 CDT

can the hashed spools patch go into the next patch-level?
pretty please? :)

-Cygnus
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
adminintergrafix.net Intergrafix Internet Services

    "Dream as if you'll live forever, live as if you'll die today"
http://cygnus.ncohafmuta.com http://www.intergrafix.net
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.

On Sun, 28 May 2000, Wietse Venema wrote:

> This patch provides an emergency band-aid for the next wave of
> MicroSoft email worms, fixes one bug, and makes external content
> filtering a bit more robust.
>
> - Feature: specify "body_checks = regexp:/etc/postfix/body_checks"
> for an emergency content filter that looks at non-header lines
> one line at a time (including MIME headers inside the message
> body). This feature uses the same syntax as the header_checks
> patterns. Details in conf/sample-filter.cf.
>
> This feature is also available in Postfix snapshot 20000528.
>
> - Bugfix: the masquerade_exceptions feature was case sensitive.
>
> - Robustness: upon receipt of mail, Postfix maps MAILER-DAEMONmyorigin
> sender address back into the magic null string, which prevents
> mail from looping after processing by an external content filter.
>
> A fully-patched version of the source code is being made available
> via the usual FTP servers, primary site:
>
> ftp://ftp.porcupine.org/mirrors/postfix-release/official/
>
> Files: postfix-19991231-pl08.tar.gz and postfix-19991231-pl08.tar.gz.sig.
>
> Or, if you use a web browser,
>
> ftp://ftp.porcupine.org/mirrors/postfix-release/index.html
>
> Happy Postfixing.
>
> Wietse
>
> Prereq: "Postfix-19991231-pl07"
> diff -cr --new-file /tmp/postfix-19991231-pl07/global/mail_version.h ./global/mail_version.h
> *** /tmp/postfix-19991231-pl07/global/mail_version.h Thu Apr 13 14:47:12 2000
> --- ./global/mail_version.h Sun May 28 18:53:10 2000
> ***************
> *** 15,21 ****
> * Version of this program.
> */
> #define VAR_MAIL_VERSION "mail_version"
> ! #define DEF_MAIL_VERSION "Postfix-19991231-pl07"
> extern char *var_mail_version;
>
> /* LICENSE
> --- 15,21 ----
> * Version of this program.
> */
> #define VAR_MAIL_VERSION "mail_version"
> ! #define DEF_MAIL_VERSION "Postfix-19991231-pl08"
> extern char *var_mail_version;
>
> /* LICENSE
> diff -cr --new-file /tmp/postfix-19991231-pl07/HISTORY ./HISTORY
> *** /tmp/postfix-19991231-pl07/HISTORY Thu May 11 20:40:06 2000
> --- ./HISTORY Sun May 28 18:50:49 2000
> ***************
> *** 3713,3715 ****
> --- 3713,3734 ----
>
> Bugfix: Postfix would incorrectly reject domain names with
> adjacent - characters. File: util/valid_hostname.c.
> +
> + 20000520
> +
> + Robustness: upon receipt of mail, map the mailer-daemon
> + sender address back into the magic null string. File:
> + cleanup/cleanup_envelope.c.
> +
> + 20000524
> +
> + Bugfix: the code for masquerade_exceptions was case sensitive.
> + Reported by Eduard Vopicka. File: cleanup/cleanup_masquerade.c.
> +
> + 20000528
> +
> + Feature: specify "body_checks=regexp:/file/name" for a very
> + crude one line at a time message body content filter. This
> + feature uses the same filtering syntax as the header_checks
> + feature. File: cleanup/cleanup_message.c. See also the
> + conf/sample-filter.cf file.
> diff -cr --new-file /tmp/postfix-19991231-pl07/RELEASE_NOTES ./RELEASE_NOTES
> *** /tmp/postfix-19991231-pl07/RELEASE_NOTES Thu May 11 19:40:45 2000
> --- ./RELEASE_NOTES Sun May 28 19:43:08 2000
> ***************
> *** 1,3 ****
> --- 1,11 ----
> + Major changes with postfix-19991231-pl08:
> + =========================================
> +
> + Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick
> + and dirty emergency content filter that looks at non-header lines
> + one line at a time (including MIME headers inside the message body).
> + Details in conf/sample-filter.cf.
> +
> Incompatible changes with postfix-19991231-pl07:
> ================================================
>
> diff -cr --new-file /tmp/postfix-19991231-pl07/cleanup/cleanup.c ./cleanup/cleanup.c
> *** /tmp/postfix-19991231-pl07/cleanup/cleanup.c Thu Apr 13 13:39:10 2000
> --- ./cleanup/cleanup.c Sun May 28 19:00:34 2000
> ***************
> *** 60,65 ****
> --- 60,74 ----
> /* this program. See the Postfix \fBmain.cf\fR file for syntax details
> /* and for default values. Use the \fBpostfix reload\fR command after
> /* a configuration change.
> + /* .SH Content filtering
> + /* .IP \fBbody_checks\fR
> + /* Lookup tables with content filters for message body lines.
> + /* These filters see physical lines one at a time, in chunks of
> + /* at most line_length_limit bytes.
> + /* .IP \fBheader_checks\fR
> + /* Lookup tables with content filters for message header lines.
> + /* These filters see logical headers one at a time, including headers
> + /* that span multiple lines.
> /* .SH Miscellaneous
> /* .ad
> /* .fi
> ***************
> *** 175,180 ****
> --- 184,190 ----
> char *var_masq_domains; /* masquerade domains */
> char *var_masq_exceptions; /* users not masqueraded */
> char *var_header_checks; /* any header checks */
> + char *var_body_checks; /* any body checks */
> int var_dup_filter_limit; /* recipient dup filter */
> char *var_empty_addr; /* destination of bounced bounces */
> int var_delay_warn_time; /* delay that triggers warning */
> ***************
> *** 189,194 ****
> --- 199,205 ----
> MAPS *cleanup_send_canon_maps;
> MAPS *cleanup_rcpt_canon_maps;
> MAPS *cleanup_header_checks;
> + MAPS *cleanup_body_checks;
> MAPS *cleanup_virtual_maps;
> ARGV *cleanup_masq_domains;
>
> ***************
> *** 420,425 ****
> --- 431,439 ----
> if (*var_header_checks)
> cleanup_header_checks =
> maps_create(VAR_HEADER_CHECKS, var_header_checks, DICT_FLAG_LOCK);
> + if (*var_body_checks)
> + cleanup_body_checks =
> + maps_create(VAR_BODY_CHECKS, var_body_checks, DICT_FLAG_LOCK);
> }
>
> /* pre_accept - see if tables have changed */
> ***************
> *** 473,478 ****
> --- 487,493 ----
> VAR_EMPTY_ADDR, DEF_EMPTY_ADDR, &var_empty_addr, 1, 0,
> VAR_MASQ_EXCEPTIONS, DEF_MASQ_EXCEPTIONS, &var_masq_exceptions, 0, 0,
> VAR_HEADER_CHECKS, DEF_HEADER_CHECKS, &var_header_checks, 0, 0,
> + VAR_BODY_CHECKS, DEF_BODY_CHECKS, &var_body_checks, 0, 0,
> VAR_PROP_EXTENSION, DEF_PROP_EXTENSION, &var_prop_extension, 0, 0,
> VAR_ALWAYS_BCC, DEF_ALWAYS_BCC, &var_always_bcc, 0, 0,
> VAR_RCPT_WITHELD, DEF_RCPT_WITHELD, &var_rcpt_witheld, 1, 0,
> diff -cr --new-file /tmp/postfix-19991231-pl07/cleanup/cleanup.h ./cleanup/cleanup.h
> *** /tmp/postfix-19991231-pl07/cleanup/cleanup.h Sat May 8 19:18:44 1999
> --- ./cleanup/cleanup.h Sun May 28 20:50:09 2000
> ***************
> *** 62,67 ****
> --- 62,68 ----
> extern MAPS *cleanup_send_canon_maps;
> extern MAPS *cleanup_rcpt_canon_maps;
> extern MAPS *cleanup_header_checks;
> + extern MAPS *cleanup_body_checks;
> extern MAPS *cleanup_virtual_maps;
> extern ARGV *cleanup_masq_domains;
>
> diff -cr --new-file /tmp/postfix-19991231-pl07/cleanup/cleanup_envelope.c ./cleanup/cleanup_envelope.c
> *** /tmp/postfix-19991231-pl07/cleanup/cleanup_envelope.c Wed Jun 23 21:40:37 1999
> --- ./cleanup/cleanup_envelope.c Sat May 20 13:00:01 2000
> ***************
> *** 30,35 ****
> --- 30,39 ----
> #include <string.h>
> #include <stdlib.h>
>
> + #ifdef STRCASECMP_IN_STRINGS_H
> + #include <strings.h>
> + #endif
> +
> /* Utility library. */
>
> #include <msg.h>
> ***************
> *** 45,50 ****
> --- 49,56 ----
> #include <tok822.h>
> #include <mail_params.h>
> #include <ext_prop.h>
> + #include <mail_addr.h>
> + #include <canon_addr.h>
>
> /* Application-specific. */
>
> ***************
> *** 106,111 ****
> --- 112,123 ----
> cleanup_fullname = mystrdup(STR(cleanup_inbuf));
> } else if (type == REC_TYPE_FROM) {
> cleanup_rewrite_internal(clean_addr, STR(cleanup_inbuf));
> + if (strncasecmp(STR(clean_addr), MAIL_ADDR_MAIL_DAEMON "",
> + sizeof(MAIL_ADDR_MAIL_DAEMON)) == 0) {
> + canon_addr_internal(cleanup_temp1, MAIL_ADDR_MAIL_DAEMON);
> + if (strcasecmp(STR(clean_addr), STR(cleanup_temp1)) == 0)
> + vstring_strcpy(clean_addr, "");
> + }
> if (cleanup_send_canon_maps)
> cleanup_map11_internal(clean_addr, cleanup_send_canon_maps,
> cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
> diff -cr --new-file /tmp/postfix-19991231-pl07/cleanup/cleanup_masquerade.c ./cleanup/cleanup_masquerade.c
> *** /tmp/postfix-19991231-pl07/cleanup/cleanup_masquerade.c Tue Jan 19 09:02:22 1999
> --- ./cleanup/cleanup_masquerade.c Sun May 28 18:54:03 2000
> ***************
> *** 99,105 ****
> masq_except_table = htable_create(5);
> ptr = saved_names = mystrdup(var_masq_exceptions);
> while ((name = mystrtok(&ptr, ", \t\r\n")) != 0)
> ! htable_enter(masq_except_table, name, (char *) 0);
> myfree(saved_names);
> }
>
> --- 99,105 ----
> masq_except_table = htable_create(5);
> ptr = saved_names = mystrdup(var_masq_exceptions);
> while ((name = mystrtok(&ptr, ", \t\r\n")) != 0)
> ! htable_enter(masq_except_table, lowercase(name), (char *) 0);
> myfree(saved_names);
> }
>
> ***************
> *** 116,122 ****
> */
> if (masq_except_table) {
> name = mystrndup(STR(addr), domain - 1 - STR(addr));
> ! excluded = (htable_locate(masq_except_table, name) != 0);
> myfree(name);
> if (excluded)
> return;
> --- 116,122 ----
> */
> if (masq_except_table) {
> name = mystrndup(STR(addr), domain - 1 - STR(addr));
> ! excluded = (htable_locate(masq_except_table, lowercase(name)) != 0);
> myfree(name);
> if (excluded)
> return;
> diff -cr --new-file /tmp/postfix-19991231-pl07/cleanup/cleanup_message.c ./cleanup/cleanup_message.c
> *** /tmp/postfix-19991231-pl07/cleanup/cleanup_message.c Thu Apr 13 17:23:31 2000
> --- ./cleanup/cleanup_message.c Sun May 28 21:20:35 2000
> ***************
> *** 240,246 ****
>
> if ((value = maps_find(cleanup_header_checks, header, 0)) != 0) {
> if (strcasecmp(value, "REJECT") == 0) {
> ! msg_warn("%s: reject: header %.100s", cleanup_queue_id, header);
> cleanup_errs |= CLEANUP_STAT_CONT;
> }
> }
> --- 240,246 ----
>
> if ((value = maps_find(cleanup_header_checks, header, 0)) != 0) {
> if (strcasecmp(value, "REJECT") == 0) {
> ! msg_warn("%s: reject: header %.200s", cleanup_queue_id, header);
> cleanup_errs |= CLEANUP_STAT_CONT;
> }
> }
> ***************
> *** 460,465 ****
> --- 460,487 ----
> if (in_header) {
> vstring_strcpy(cleanup_header_buf, start);
> } else {
> +
> + /*
> + * Crude message body content filter for emergencies. This
> + * code has several problems: it sees one line at a time, and
> + * therefore does not recognize multi-line MIME headers in
> + * the body; it looks at long lines only in chunks of
> + * line_length_limit (2048) characters; it is easily bypassed
> + * with encodings and with multi-line tricks.
> + */
> + if ((cleanup_flags & CLEANUP_FLAG_FILTER)
> + && cleanup_body_checks) {
> + char *body = vstring_str(cleanup_inbuf);
> + const char *value;
> +
> + if ((value = maps_find(cleanup_body_checks, body, 0)) != 0) {
> + if (strcasecmp(value, "REJECT") == 0) {
> + msg_warn("%s: reject: body %.200s",
> + cleanup_queue_id, body);
> + cleanup_errs |= CLEANUP_STAT_CONT;
> + }
> + }
> + }
> CLEANUP_OUT_BUF(type, cleanup_inbuf);
> }
> }
> diff -cr --new-file /tmp/postfix-19991231-pl07/conf/sample-filter.cf ./conf/sample-filter.cf
> *** /tmp/postfix-19991231-pl07/conf/sample-filter.cf Wed Dec 31 19:00:00 1969
> --- ./conf/sample-filter.cf Sun May 28 18:57:56 2000
> ***************
> *** 0 ****
> --- 1,24 ----
> + # DO NOT EDIT THIS FILE. EDIT THE MAIN.CF FILE INSTEAD. THE STUFF
> + # HERE JUST SERVES AS AN EXAMPLE.
> + #
> + # This file contains example settings for miscellaneous Postfix
> + # content filtering parameters.
> +
> + # The header_checks parameter specifies an optional table with patterns
> + # that each logical message header is matched against, including
> + # headers that span multiple physical lines. Patterns are matched
> + # in the specified order, and the search stops upon the first match.
> + # When a pattern matches, and the associated action is REJECT, the
> + # entire message is rejected.
> + #
> + header_checks = regexp:/etc/postfix/header_checks
> +
> + # The body_checks parameter specifies an optional table with patterns
> + # that each physical non-header line is matched against (including
> + # MIME headers inside the message body). Lines are matched one at
> + # a time. Long lines are matched in chunks of at most $line_length_limit
> + # characters. Patterns are matched in the specified order, and the
> + # search stops upon the first match. When a pattern matches, and
> + # the associated action is REJECT, the entire message is rejected.
> + #
> + body_checks = regexp:/etc/postfix/body_checks
> diff -cr --new-file /tmp/postfix-19991231-pl07/global/mail_params.h ./global/mail_params.h
> *** /tmp/postfix-19991231-pl07/global/mail_params.h Sun Apr 16 12:00:49 2000
> --- ./global/mail_params.h Sun May 28 18:52:09 2000
> ***************
> *** 661,666 ****
> --- 661,670 ----
> #define DEF_HEADER_CHECKS ""
> extern char *var_header_checks;
>
> + #define VAR_BODY_CHECKS "body_checks"
> + #define DEF_BODY_CHECKS ""
> + extern char *var_body_checks;
> +
> /*
> * Bounce service: truncate bounce message that exceed $bounce_size_limit.
> */
>
>