diff --git a/courier-imap-x/Makefile.am b/courier-imap-x/Makefile.am index e7731b95d..05da26d55 100644 --- a/courier-imap-x/Makefile.am +++ b/courier-imap-x/Makefile.am @@ -174,6 +174,9 @@ all-gmake-check: echo "instead of make, as you were told by the INSTALL file (you did read the" ; \ echo "INSTALL file, did you?)" ; echo "" ; exit 1 +check-am: + cd libs/imap; $(MAKE) check-version TOPLEVEL_VERSION="`echo $(VERSION) | cut -d. -f1-3`" + lockmail.html: libs/liblock/lockmail.html cp -f $(srcdir)/libs/liblock/lockmail.html lockmail.html maildir.html: libs/maildir/maildir.html @@ -274,7 +277,7 @@ htmldoc: INSTALL.html libs/imap/README.html $(MAILDROPHTML) \ xsltproc --nonet $(srcdir)/imap-format.xsl \ $$f.tmp2 >$$f; \ rm -f $$f.tmp*; done - mv -f doc/*.html $(WWW)/imap + cp -f doc/*.html $(WWW)/imap cp -f courier-imap.png bg.png $(WWW)/imap cp manpage.css html rm -rf doc diff --git a/courier-imap-x/NEWS b/courier-imap-x/NEWS index df7a05299..45729e1de 100644 --- a/courier-imap-x/NEWS +++ b/courier-imap-x/NEWS @@ -2,8 +2,8 @@ Contents of this NEWS file: - Introduction - Shared folders and access control lists + > Introduction + > Shared folders and access control lists Introduction @@ -34,25 +34,26 @@ supported. Here's a summary of the differences between the two shared folder mechanisms: - POSIX-based shared folders ACL shared folders - May be used with virtual accounts only; - May be used with system cannot be used on systems that have - accounts only^1 end-user login shell access: bypassing ACLs - and accessing the folders directly is - trivial - Access rights based on Access rights based on IMAP access control - traditional POSIX filesystem lists - permissions - Sharable folders must be set A site-specific process must be installed - up manually, using the to compile an index of all virtual - "maildirmake" command mailboxes; afterwords, individual users may - create and manage shared folders themselves - - ^1 This is because access rights are governed by filesystem - permissions. POSIX shared folders may also be used with virtual - accounts, but it will not be possible to grant read-only access to - shared folders, and everyone will be able to delete messages from - shared folders (instead of only the creator of each message) + > POSIX-based shared folders ACL shared folders + > May be used with virtual accounts only; + > May be used with system cannot be used on systems that have + > accounts only^1 end-user login shell access: bypassing + > ACLs and accessing the folders directly is + > trivial + > Access rights based on Access rights based on IMAP access control + > traditional POSIX filesystem lists + > permissions + > A site-specific process must be installed + > Sharable folders must be set up to compile an index of all virtual + > manually, using the mailboxes; afterwords, individual users + > "maildirmake" command may create and manage shared folders + > themselves + + >> ^1 This is because access rights are governed by filesystem + >> permissions. POSIX shared folders may also be used with virtual + >> accounts, but it will not be possible to grant read-only access to + >> shared folders, and everyone will be able to delete messages from + >> shared folders (instead of only the creator of each message) After installation, read the "maildiracl" manual page for a brief overview of access control lists. diff --git a/courier-imap-x/NEWS.html b/courier-imap-x/NEWS.html index 21d8048c9..657397164 100644 --- a/courier-imap-x/NEWS.html +++ b/courier-imap-x/NEWS.html @@ -34,7 +34,7 @@

Introduction

Courier-IMAP 4.0 brings many changes and improvements. All authentication-related code in Courier-IMAP has been moved into the external -Courier Authentication +Courier Authentication Library. See the contents of the INSTALL file for more information. Courier-IMAP now includes an IMAP/POP3 aggregation proxy, like Perdition. See the "imap/README.proxy" file in the source diff --git a/courier-imap-x/conf-version b/courier-imap-x/conf-version index a944d7e61..32a406815 100644 --- a/courier-imap-x/conf-version +++ b/courier-imap-x/conf-version @@ -1 +1 @@ -5.2.6 +5.2.7 diff --git a/courier-imap-x/libs/imap/ChangeLog b/courier-imap-x/libs/imap/ChangeLog index f26958b89..0b10ced53 100644 --- a/courier-imap-x/libs/imap/ChangeLog +++ b/courier-imap-x/libs/imap/ChangeLog @@ -1,3 +1,27 @@ +5.2.7 + +2024-06-14 Sam Varshavchik + + * tcpd: support per-local port custom -haproxy configuration. + Multiple updates to the couriertcpd man page, updated documentation + for ipv6 and CIDR support. + +2024-06-10 Sam Varshavchik + + * tcpd: remove -noidentlookup, implement -haproxy + +2024-05-31 Sam Varshavchik + + * couriertcpd: set the IP_FREEBIND option on all listening sockets. + +2024-04-06 Sam Varshavchik + + * courier-imap.spec.in: Packaging fixes. + +2023-12-23 Sam Varshavchik + + * Update rpm spec to match updated courier-authlib packaging. + 5.2.6 2023-11-17 Sam Varshavchik diff --git a/courier-imap-x/libs/imap/Makefile.am b/courier-imap-x/libs/imap/Makefile.am index 344591034..40150c27f 100644 --- a/courier-imap-x/libs/imap/Makefile.am +++ b/courier-imap-x/libs/imap/Makefile.am @@ -234,3 +234,10 @@ testsuite-imap: testsuite-smap: @LC_ALL=C; export LC_ALL; test "@smap@" = "yes" || exit 0; @SHELL@ $(srcdir)/smaptestsuite | ./testsuitefix.pl | sort + +testsuite-pop3: + @LC_ALL=C @SHELL@ pop3testsuite | sed 's/^--=_.*/--mimeboundary/;s/ENOMEM.*/ENOMEM/;s/boundary=.*/boundary=/' + +check-version: + test "$(VERSION)" = "$(TOPLEVEL_VERSION)" && exit 0; \ + echo "Makefile.am version mismatch"; exit 1 diff --git a/courier-imap-x/libs/imap/imapd.dist.in b/courier-imap-x/libs/imap/imapd.dist.in index d68e60bcc..481b7de43 100644 --- a/courier-imap-x/libs/imap/imapd.dist.in +++ b/courier-imap-x/libs/imap/imapd.dist.in @@ -66,12 +66,15 @@ MAXPERIP=4 PIDFILE=@piddir@/imapd.pid -##NAME: TCPDOPTS:0 +##NAME: TCPDOPTS:1 # -# Miscellaneous couriertcpd options that shouldn't be changed. +# Other couriertcpd(1) options. The following defaults should be fine. # +# See the couriertcpd(1) manual page for a list of other options. Namely: +# -haproxy enables HAProxy version 1 support, see the manual page for more +# information. -TCPDOPTS="-nodnslookup -noidentlookup" +TCPDOPTS="-nodnslookup" ##NAME: ACCESSFILE:0 # diff --git a/courier-imap-x/libs/imap/pop3d.dist.in b/courier-imap-x/libs/imap/pop3d.dist.in index a86293df7..15695b440 100644 --- a/courier-imap-x/libs/imap/pop3d.dist.in +++ b/courier-imap-x/libs/imap/pop3d.dist.in @@ -104,12 +104,15 @@ ADDRESS=0 # AUTHSERVICE110=pop3 # AUTHSERVICE995=pop3s -##NAME: TCPDOPTS:0 +##NAME: TCPDOPTS:1 # # Other couriertcpd(1) options. The following defaults should be fine. # +# See the couriertcpd(1) manual page for a list of other options. Namely: +# -haproxy enables HAProxy version 1 support, see the manual page for more +# information. -TCPDOPTS="-nodnslookup -noidentlookup" +TCPDOPTS="-nodnslookup" ##NAME: LOGGEROPTS:0 # diff --git a/courier-imap-x/libs/maildir/maildir.5 b/courier-imap-x/libs/maildir/maildir.5 index eb5495468..fce6a32a5 100644 --- a/courier-imap-x/libs/maildir/maildir.5 +++ b/courier-imap-x/libs/maildir/maildir.5 @@ -4,12 +4,12 @@ .\" Title: maildir .\" Author: Sam Varshavchik .\" Generator: DocBook XSL Stylesheets vsnapshot -.\" Date: 11/16/2019 +.\" Date: 06/14/2024 .\" Manual: Double Precision, Inc. .\" Source: Courier Mail Server .\" Language: English .\" -.TH "MAILDIR" "5" "11/16/2019" "Courier Mail Server" "Double Precision, Inc\&." +.TH "MAILDIR" "5" "06/14/2024" "Courier Mail Server" "Double Precision, Inc\&." .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -292,7 +292,7 @@ Author .IP " 2." 4 Courier .RS 4 -\%http://www.courier-mta.org +\%https://www.courier-mta.org .RE .IP " 3." 4 \fBdeliverquota\fR(8) diff --git a/courier-imap-x/libs/maildir/maildir.html b/courier-imap-x/libs/maildir/maildir.html index b302571f3..2056611cd 100644 --- a/courier-imap-x/libs/maildir/maildir.html +++ b/courier-imap-x/libs/maildir/maildir.html @@ -164,7 +164,7 @@ call); and cnt is the message's size, in bytes.

The ,S=cnt -part optimizes the Courier mail server's +part optimizes the Courier mail server's maildir quota enhancement; it allows the size of all the mail stored in the maildir to be added up without issuing the stat(2) diff --git a/courier-imap-x/libs/maildir/maildirkw.1 b/courier-imap-x/libs/maildir/maildirkw.1 index d36c7dfc6..7ce3f2185 100644 --- a/courier-imap-x/libs/maildir/maildirkw.1 +++ b/courier-imap-x/libs/maildir/maildirkw.1 @@ -4,12 +4,12 @@ .\" Title: maildirkw .\" Author: Sam Varshavchik .\" Generator: DocBook XSL Stylesheets vsnapshot -.\" Date: 11/04/2020 +.\" Date: 06/14/2024 .\" Manual: Double Precision, Inc. .\" Source: Courier Mail Server .\" Language: English .\" -.TH "MAILDIRKW" "1" "11/04/2020" "Courier Mail Server" "Double Precision, Inc\&." +.TH "MAILDIRKW" "1" "06/14/2024" "Courier Mail Server" "Double Precision, Inc\&." .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -97,7 +97,7 @@ Author .IP " 1." 4 SMAP1 .RS 4 -\%http://www.courier-mta.org/cone/smap1.html +\%https://www.courier-mta.org/cone/smap1.html .RE .IP " 2." 4 \fBmaildiracl\fR(1) diff --git a/courier-imap-x/libs/maildir/maildirkw.html b/courier-imap-x/libs/maildir/maildirkw.html index 9c4885cdb..224c767d9 100644 --- a/courier-imap-x/libs/maildir/maildirkw.html +++ b/courier-imap-x/libs/maildir/maildirkw.html @@ -39,7 +39,7 @@ -c enables case-sensitive keywords. IMAP keywords are normally case insensitive. -c needs to be used if the -SMAP1 +SMAP1 protocol extension is used, which uses case sensitive keywords.

SEE ALSO

maildiracl(1), maildirmake(1).

diff --git a/courier-imap-x/libs/maildrop/ChangeLog b/courier-imap-x/libs/maildrop/ChangeLog new file mode 100644 index 000000000..ba77c8bc5 --- /dev/null +++ b/courier-imap-x/libs/maildrop/ChangeLog @@ -0,0 +1,1664 @@ +3.1.7 + +2024-04-06 Sam Varshavchik + + * maildrop.spec.in: Packaging fixes. + +2023-12-29 Sam Varshavchik + + * Improve 'make check' tolerance. + +3.1.6 + +2023-07-12 Sam Varshavchik + + * maildrop: fix compilation error. + +3.1.5 + +2023-04-24 Sam Varshavchik + + * Fix spurious gcc 13 compiler warnings. + +3.1.4 + +2023-04-06 Sam Varshavchik + + * Updated Dovecode authentication fix. + +3.1.3 + +2023-04-05 Sam Varshavchik + + * Fix build with Dovecot authentication turned on. + +3.1.2 + +2023-03-04 Sam Varshavchik + + * Update to C++11, replacing internal classes with modern C++ + library classes. + + * Fix the -V command line option to also explicitly set VERBOSE, + fix assorted -V logging bugs. + +2023-02-19 Sam Varshavchik + + * all: update configure.ac to require at least version 2.0.5 of + libidn + +3.1.1 + +2023-02-15 Sam Varshavchik + + * maildrop: remove unsafe SIGALRM handler. + +3.1.0 + +2022-11-28 Sam Varshavchik + + * Switch to libidn2. + + * Debian/Ubuntu: update lintian overrides + +3.0.9 + * Adjust deb packaging. Check /etc/lsb-release and include the + distribution release in the deb package version, to faciliate + updating to the same version of the package in an updated release. + + Fix build dependencies. + +2022-06-03 Sam Varshavchik + + * Update deliverquota man page. + +3.0.8 + +2022-05-22 Sam Varshavchik + + * gcc 12 and autotools update. OpenSSL 3.0 update. + +2022-04-14 Sam Varshavchik + + * Add scripts to create installable .deb packages, update + documentation. + +3.0.7 + +2022-01-17 Sam Varshavchik + + * configure.ac: Fix configure check for pcre2 + +3.0.6 + +2022-01-16 Arjen de Korte + + * Fix linking failure on some Linux distributions. + +3.0.5 + +2022-01-16 Sam Varshavchik + + * Fix linking failure on some Linux distributions. + +3.0.4 + +2021-11-26 Sam Varshavchik + + * maildrop: update to pcre2 + +2021-05-21 Sam Varshavchik + + * Minor code tweaks, make it compileable with -Wall -Werror. + +3.0.3 + +2021-02-18 Sam Varshavchik + + * Add maildirwatch helper tool. + + * Fully install the maildirwatch tool, its man page, as well as the + maildirkw man page and tool, which should be packaged with maildrop + too. + + +3.0.2 + +2020-11-04 Sam Varshavchik + + * spec file: add BuildRequires: %{__make} (will be required in F34). + +3.0.1 + +2020-05-18 Sam Varshavchik + + * courier-authlib API update. + +2020-04-21 Sam Varshavchik + + * Add AC_PROG_CC_C99 to configure + +3.0.0 + +2018-07-31 Sam Varshavchik + + * rfc2045/reformime: parse utf-8 address types in DSNs. + +2018-07-30 Sam Varshavchik + + * maildrop: explicitly require libidn to build maildrop. + +2018-07-29 Sam Varshavchik + + * mailbot: generate message/global, message/global-delivery-status, + and message/global-headers, when needed, when formatting autoreplies. + + * reformime: -m option uses message/global instead of message/rfc822 + for UTF8 messages. + +2018-06-25 Sam Varshavchik + + * rfc2045/reformime.c (main2): fix crash if -x or -X is specified + without the corresponding -s option. + +2018-02-16 Sam Varshavchik + + * libs/maildrop/search.C: ":H" pattern matching option, matching + only the main message headers. + +2018-01-08 Osamu Aoki + + * libs/maildrop/deliver.C (delivery): Always return 75 upon + delivery failure, for the standalone maildrop build. + +2017-12-26 Sam Varshavchik + + * libs/maildir/maildirmake.c (main): maildirmake's -q option + will create the maildir if it does not exist. + + * libs/rfc2045/reformime.c (main2): Added -rU option, and a new + internal RFC2045_RW_8BIT_ALWAYS conversion option. + + * libs/rfc2045/reformime.c (main2): Fix crash when the -s option + is not valid. + +2.9.3 + +2017-11-26 Sam Varshavchik + + * libs/rfc2045/rfc2045reply.c (mkreply): Fix null pointer + dereferences. + +2.9.2 + +2017-10-03 Sam Varshavchik + + * reformail: fix use after free with -f1 + +2017-09-27 Giovanni Bechis + + * Fix to configure.ac + +2017-09-19 Sam Varshavchik + + * courier: switch default header encoding to UTF-8. + +2.9.0 + +2017-06-17 Sam Varshavchik + + * libs/maildir/maildirquota.c (docheckquota): Skip DT_LNK. + +2017-03-11 Sam Varshavchik + + * courier-unicode library API update. + +2017-01-27 "Stefan Hornburg (Racke)" + + * Merge several Debian patches: + + 0001-Include-cstdio-in-afx.h.patch + 0005-Ignore-and-.dpkg-a-z-files.patch + 0007-Fix-bashisms.patch + 0009-Fix-linking-in-upstream-Makefiles.patch + 0012-Define-and-use-PEMFILE-in-mkesmtpdcert.patch + (*) with some changes. + 0013-Add-P-to-ghostscript-invocation.patch + 0014-Improve-error-reporting-in-preline.c.patch + 0017-Fix-formatting-errors-in-syslog-calls.patch + 0020-Add-perl-stanza-to-perlfilter-scripts.patch + +2.8.5 + +2016-09-20 "Hanno Böck" + + * libs/maildrop/maildir.C (MaildirSave): Fix new/delete mismatch. + +2.8.4 + +2016-08-03 Sam Varshavchik + + * reformime: do not abort due to invalid encoding of the "name" + attributes. + +2015-12-20 Sam Varshavchik + + * maildrop: implement the FLAGS variable. + +2015-12-16 Andreas Kinzler + + * maildrop: fix maildrop not searching last line of text. + +2015-07-19 Sam Varshavchik + + * maildrop: fix parsing of a message without a body. + +2.8.3 + +2015-06-27 "Hanno Böck" + + * libs/maildrop/mailbot.c: Fix bad malloc for --feedback-* command + line parameters. + +2015-06-20 Sam Varshavchik + + * maildrop: Implement option to automatically create home directories. + +2015-05-09 "Jö Fahlke" + + * maildrop: Don't include matched subpatterns in foreach. + +2.8.2 + +2015-04-25 Giovanni Bechis + + * maildircache.c: fix use after free. + + * mkdhparams: make compatible with libressl + +2015-02-28 Sam Varshavchik + + * Update to courier-unicode 1.2. + +2015-02-16 "Hanno Böck" + + * Fix compilation warning, testsuite. + +2.8.0 + +2014-12-13 Sam Varshavchik + + * Update autotools + +2.7.2 + +2014-07-21 Sam Varshavchik + + * gpglib, rfc2045: fix makefiles. + + * maildrop: fix parsing of headers added by the -A option. + +2014-07-13 Sam Varshavchik + + * liblock, couriertls: fix compilation for OpenBSD -- based on a + patch from Giovanni Bechis . + +2014-06-23 Sam Varshavchik + + * libs/gpglib/Makefile.am: Fix -lunicode linkage. + + * libs/rfc2045/Makefile.am: Fix -lunicode linkage. + + * libs/rfc2045/rfc2045decodemsgtoutf8.c (rfc2045_decodemsgtoutf8): + recognize "message" MIME content type, in addition to "text". + +2014-06-18 Sam Varshavchik + + * maildrop: -d option changes groupid only when effective group id + is root. Addresses Debian bug 564601. + + * mailbot: Add -T replydraft/-l options. + +2014-02-02 Osamu Aoki + + * Makefile.am: install makedat.1 and makedat.html + +2014-01-15 Sam Varshavchik + + * libs/maildrop/search.C (search_cb): Fix logged patterns getting + garbled, in log output. + +2014-01-12 Sam Varshavchik + + * Factored out the unicode library into a separate package. + +2.7.1 + +2013-11-25 Sam Varshavchik + + * Fix various compiler warnings about unchecked results from setuid + and setgid calls. + +2.7.0 + +2013-08-28 Sam Varshavchik + + * maildrop: pattern searches are now specified in UTF-8. maildrop + MIME-decodes the search pattern, and transcodes it to the UTF-8 + character set, for searching purposes. + +2012-12-04 Alessandro Vesely + + * rfc2045/makemime.c (openfile_or_pipe): Do not dup stdin filedesc, + sometimes the stdin buffer already gets filled. + +2.6.0 + +2012-09-05 Sam Varshavchik + + * maildir/maildiraclt.c (maildir_acl_delete): Fix double-free on error + path of an ENOMEM. + +2012-06-18 Sam Varshavchik + + * maildrop: make a mention of reformail -D's locking in the manual + pages. + +2012-06-17 Osamu Aoki + + * maildrop/formatmbox.C (GetLineBuffer): Do not skip whitespaces + looking for From: and Subject: headers, to log. + +2012-05-05 Sam Varshavchik + + * rfc2045/rfc2045mkboundary.c (rfc2045_mk_boundary): truncate + the hostname portion of the boundary to 30 chars. + +2012-04-22 Sam Varshavchik + + * liblock/mail.c (dotlock_exists): Quell a compiler warning. + +2012-02-23 Osamu Aoki + + * Miscellaneous spelling fixes. + +2.5.5 + +2011-11-25 Sam Varshavchik + + * rfc2045/rfc2045reply.c (mkreply): Fix copying of the contents of the + original message. + + * rfc2045/reformime.c (do_print_info): rfc2231_udecodeDisposition() + failure is not fatal. + + * rfc2045/reformime.c (get_suitable_filename): Ditto. + +2011-09-06 Sam Varshavchik + + * rfc2045/reformime.c (main2): Fixed segfault on some arches from an + initial null given to strtok. + +2011-08-31 Sam Varshavchik + + * mailbot: add "feedback" and "replyfeedback" formats, generating + RFC 5965-formatted feedback report. -a option attaches the entire + original message, instead of only its headers, for "replydsn", + "feedback", and "replyfeedback" formats. + +2011-08-14 Sam Varshavchik + + * rfc2045/reformime.c (main2): On ia64 and arm, argv is in readonly + memory. + +2.5.4 + +2011-05-17 Sam Varshavchik + + * rfc2045/rfc2045cdecode.c: Tolerate lowercase hexadecimal characters + in quoted-printable-encoded content. + +2011-05-06 Thomas Jacob + + * unicode/unicode.c: Compilation fixes. + +2.5.3 + +2011-03-19 Sam Varshavchik + + * rfc2045/rfc2045reply.c (mkforward): Handle PGP-signed messages. + + * unicode/unicode.h: Added unicode_isspace(). + + * unicode/unicode_wordbreak.c: Implementation of tr29. + + * unicode/unicode.h: unicode_lb_set_opts(), plus derivatives: set + artbirary linebreaking options. Two options that tailor the unicode + linebreaking algorithm. + +2011-03-16 Sam Varshavchik + + * rfc2045/rfc2045reply.c (mkforward): Rewrite from scratch. + + * rfc2045/rfc2045replyunicode.c: Remove rfc2045_makereply_unicode(), + superceded by rfc2045_makereply(). + + * maildrop/testsuite.in (LANG): Additional test suites. + + * maildrop/mailbot.c (usage): Some options were missing from the + usage message. + +2011-03-05 Sam Varshavchik + + * maildrop/mailbot.c (main): mailbot now generates autoreplies using + the flowed text format. Existing autoreplies must be reformatted in + flowed-text format. + + * rfc2045/rfc2045reply.c (rfc2045_makereply_do): Rewrite the reply + and forwarding logic replacing the rfc2646 parser with the new + rfc3676 parser. + + * rfc2045/rfc2045.c (rfc2045_isdelsp): Convenience function + for checking for the presence of delsp=yes parameter. + +2011-01-24 Sam Varshavchik + + * rfc822/rfc2047.c (rfc2047_encode_callback): Rewrite broken logic. + + * unicode/unicode.c (deinit_iconv): Incomplete multibyte character + remaining at the end of conversion was falsely being reported as + a callback failure, rather than a conversion failure. + +2011-01-22 Sam Varshavchik + + * Check if -liconv is needed to get iconv. + + * Clean up leftover unicode-related crud in configure scripts. + +2011-01-04 Sam Varshavchik + + * rfc2045/rfc2045reply.c (mkreply): When copying a message's original + headers into a DSN-formatted mailbot-generated reply, preserve the case + of the original headers' names. + +2011-01-03 Sam Varshavchik + + * rfc2045/rfc2045decodemsgtoutf8.c, rfc2045/rfc2045.h: Replace + function arg and passthrough arg to rfc2045_decodemsgtoutf8() with + a pointer to a structure that gives callback info. The function that + receives the decoded content now takes a character string+count, + instead of a single character. + + * rfc2045/reformime.c (doconvtoutf8_stdout): Corresponding changes. + + * maildrop/maildropfilter.sgml: Clarify wording. + + * maildir/maildirsearch.c (maildir_search_start_unicode): Search was + broken, how did I miss this? + +2011-01-02 Sam Varshavchik + + * rfc2045/rfc2045decodemsgtoutf8.c: Propagate all non-0 exit codes + from the callback function, don't force to a negative value. + + * rfc2045/rfc2045decodemimesectionu.c: Add descriptive comments. + + * rfc2045/testsuite (Content-Type): Add additional test for proper + iconv-based decoding implementation. + +2010-12-12 Sam Varshavchik + + * maildir/maildirsearch.h: maildir_searchengine uses unicode chars + internally. Replace maildir_search_start with + maildir_search_start_unicode() and provide a replacement + maildir_search_start_str() that widens a narrow char string to unicode + char size. + + * rfc2045/rfc2045decodemsgtoutf8.c (rfc2045_decodemsgtoutf8): Add a + pass-through opaque pointer, closure. + + * rfc2045/rfc2045decodemimesectionu.c (rfc2045_decodetextmimesection): + Total rewrite that uses iconv, rather the built-in libunicode. + +2010-12-09 Sam Varshavchik + + * rfc2045/rfc2045decodemsgtoutf8.c: new function: + rfc2045_decodemsgtoutf8(). + +2.5.2 + +2010-10-22 Sam Varshavchik + + * maildrop/maildropex.sgml: Fix formatting problem with man page + stylesheet. + +2.5.1 + +2010-10-04 Sam Varshavchik + + * rfc2045/makemime.c (createsimplemime): Use charset specified in the + MIME autoresponse text. + +2010-09-21 Sam Varshavchik + + * maildrop/mailbot.c: Sanity check on the contents of a MIME-formatted + autoreply template: it must specify text/plain content type, and its + charset gets used as the charset of the formatted autoreply. + Drop the existing C-T-E header, and document the requirement that it + cannot be a quoted-printable formatted MIME autoreply. + +2010-08-15 Sam Varshavchik + + * rfc2045/rfc2045reply.c: added donotquote option, to suppress autoreply + text. + + * maildrop/mailbot.c (main): Add the -N option to mailbot, to set the + donotquote option. + + * maildir/maildirfilter.c: "noquote" autoreply option adds the -N + option to the mailbot command line. + +2010-06-28 Sam Varshavchik + + * rfc822/rfc822.c (rfc822_print_common_nameaddr): Prevent segfault if + address decode fails. + + * Fix make check failure when libidn is not available. + +2010-05-31 shin2s2 + + * rfc2045/reformime.c (main2): Allow multiple sections to be specified + by the -s option. + +2010-05-31 Sam Varshavchik + + * Implemented elsif, based on a patch by shin2s2@gmail.com. + +2010-05-31 Sam Varshavchik + + * Rebuilt man pages with updated stylesheets. + +2.5.0 + +2010-04-26 Sam Varshavchik + + * maildrop/mailbot.c (main): Set close-on-exec bit on opened files. + +2010-04-15 Sam Varshavchik + + * rfc2045/rfc2045reply.c (mkreply): Fix sender's name in the + reply salutation. + +2010-04-10 Sam Varshavchik + + * rfc2045/reformime.sgml: Document the -c option to reformime. + +2010-03-18 Hugo Monteiro + + * Big quota patch (with some changes). + +2.4.3 + +2010-03-15 Brian Candler + + * configure.in: Fix typo that prevents compiling against bdb + +2010-03-08 Sam Varshavchik + + * maildrop.spec: Make rpmlint happy. + +2.4.2 + +2010-02-24 Sam Varshavchik + + * maildrop/mailbot.c (main): Fix memory corruption if the -c option + was passed to mailbot. + +2.4.1 + +2010-02-14 Sam Varshavchik + + * mailbot, reformime: Default to ISO-8859-1 in case of an unknown + default charset (probably we are in the C locale). + +2.4 + +2010-01-14 Josip Rodin + + * maildrop/main.C (run): When using system authentication on + platforms where the mail directory does not use the sticky bit, + use groupid set by the set-group-id bit on the binary executable, + if any. + +2010-01-12 Sam Varshavchik + + * maildrop/main.C (run): In delivery mode, preserve LANG, LANGUAGE, + and LC_* environment variables from the parent. + +2.3 + +2009-11-22 Sam Varshavchik + + * maildrop/reformail.C (main): Removed the -r, -p, -P, -t, -k options, + replaced by new mailbot options. + + * maildrop/mailbot.c (main): New options that set the corresponding + parameters to rfc2045_makereply_unicode(): -e, -T, -F -S + + * rfc2045/rfc2045replyunicode.c (rfc2045_makereply_unicode): Added + replytoenvelope setting. Added sophisticated formatting for + replysalut. + +2009-11-21 Sam Varshavchik + + * rfc822/rfc822_getaddr.c: Remove rfc822_prname() and + rfc822_prname_orlist(), replaced by rfc822_display_name() with a NULL + character set. + + * rfc822/rfc2047u.c (rfc822_display_name): Semantical change -- + without an explicit name, display the address as the name. If the + requested character set is NULL, do not decode RFC2047-encoded content, + return it as is. + +2009-11-17 Sam Varshavchik + + * rfc822/rfc2047u.c (rfc2047_print_unicodeaddr): Fix several formatting + issues with deprecated RFC 822 distribution lists: spurious comma + adter the last address, pass the space after the ':' as a separator + character. + + * rfc822/rfc2047.c (counts2/save): Fix line-wrapping of encoded + addresses. + + * rfc822/rfc2047u.c (rfc822_display_addr_tobuf): New function. + + * rfc2045/rfc2045reply.c (mkreply): Fix logic for locating the + name used for salutation. + +2009-11-14 Sam Varshavchik + + * rfc822/rfc822.c (rfc822_print_common): Rewrite. + + * rfc822/rfc2047u.c (rfc822_display_name_int): Fixed various rules for + encoding names to be more MIME compliant. + (rfc822_display_addr_str): Renamed from rfc822_display_addr(), for a + consistent API. + (rfc822_display_addr): New function, decode the wire format of a single + address. Names are MIME decoded, addresses are IDN-decoded. + (rfc2047_print_unicodeaddr): Do not output a dummy name for an + address without one. + (rfc822_display_addr_str_tobuf): New function, version of + rfc822_display_addr_str() that collects the output into a buffer. + + * rfc822/rfc2047.c (rfc822_encode_domain): New function -- IDN-encode + a domain, with an optional "user@". + (rfc2047_encode_header_addr): Renamed rfc2047_encode_header(), for a + consistent API. + (rfc2047_encode_header_tobuf): New function, encode a header from + displayed format to wire format. Names are encoded using RFC 2047, + addresses using IDN. + +2009-11-12 Sam Varshavchik + + * maildrop/maildropfilter.sgml: Typo fix. + +2009-11-08 Sam Varshavchik + + * rfc822/rfc2047.h: Expose raw RFC 2047 decoding function, + rfc2047_decoder(). + + * rfc822/rfc822hdr.c (rfc822hdr_is_addr): New function. + + * rfc822/rfc822.c (tokenize): Tweak the logic for collecting RFC 2047 + atoms. + + * rfc822/rfc2047u.c (rfc822_display_name): New function, + replaces rfc2047_print(). + (rfc822_display_name_tobuf): New function, + replaces rfc2047_print(). + (rfc822_display_namelist): New function, + replaces rfc822_namelist(). + (rfc822_display_addr): New function, replaces rfc2047_print(). + (rfc2047_print_unicodeaddr): Renamed from rfc2047_print_unicode(). + (rfc822_display_hdrvalue): New function, replaces rfc2047_decode(), + rfc2047_decode_simple(), rfc2047_decode_enhanced(). + (rfc822_display_hdrvalue_tobuf): New function, ditto. + + * rfc822/rfc2047.c: Removed rfc2047_decode(), rfc2047_decode_simple(), + rfc2047_decode_enhanced(), rfc2047_print(). + + * rfc822/Makefile.am: Link against GNU IDN library. + + * rfc2045/rfc2045.h: Added "replydsn" option to rfc2045_makereply(), + incorporates the MIME bounce format generated by mailbot. + Added "subject" -- override subject of the reply. + Added "dsnfrom" -- for the replydsn option. + Added two callbacks used by the replydsn option. + Remove rfc2045_makereply(), leaving just rfc2045_makereply_unicode(). + + * rfc2045/reformime.c (do_print_info): MIME-decode the content + description. + (main2): New -H option. + + * maildrop/mailbot.c (main): Use the default character set from the + system locale. + (usage): Added the -n option, for debugging purposes. + (opensendmail): Pass the autoreply to sendmail in a file descriptor + for a temporary file on stdin, instead of piping the resulting + message to sendmail, running as a child process. + (savemessage): Save the input message in a temporary file, and + RFC2045-parse it. + (main): Use rfc2045_makereply_unicode() to prepare the autoreply + message. Clarify mailbot man page as to the slightly changed + requirements for the autoreply text that must be given to mailbot. + +2009-11-07 Josip Rodin + + * Fix makefile to install makedat only if gdbm or db is available. + +2009-09-05 Sam Varshavchik + + * Add -W option to deliverquota and maildrop. Remove the + --enable-maildirquota configure option -- maildir quotas are now + always enabled. + +2.2 + +2009-06-27 Sam Varshavchik + + * all: gcc 4.4 fixes + +2.1 + +2009-05-10 Sam Varshavchik + + * Documentation refresh. + +2008-07-26 Mr. Sam + + * maildrop/testsuite: Put additional stuff into testsuite + + * maildrop/reformail.C (add_messageid): Make generated Message-ID: + field longer. + + * maildrop/deliver.C (delivery): If child process did not fully + consume stdin, but terminated with a zero exit status, ignore SIGPIPE. + + * maildrop/reformail.C (extract_headers): If stdin is seekable, + don't waste time on discarding stdin's content. + +2007-07-26 Mr. Sam + + * GPL 3. + +2007-07-04 Mr. Sam + + * Makefile.am (EXTRA_DIST): Drop automake fixups -- can't maintain them + any more. + +2.0.4 + +2007-04-05 Mr. Sam + + * Update man pages and documentation to Docbook XML V4.4 + +2007-03-31 Mr. Sam + + * Makefile.am (uninstall-maildrop): Include the makedat script + in the maildrop package (the man page is already included ). + +2007-02-25 Kurt Roeckx + + * Clean up configure scripts + +2.0.3 + +2006-10-01 Josip Rodin + + * maildrop: configure option to make courier-authlib authentication + optional; -a option to maildrop. + +2006-09-19 Josip Rodin + + * maildirmake: Clarify some error messages. + + * maildir/maildirmake.sgml: Documentation fixup. + + * maildrop/maildropex.sgml: Documentation fixup. + +2006-09-19 Mr. Sam + + * liblock/lockmail.c (main): Save the hide of some knucklehead who + changed the ownership and permissions of how lockmail gets installed + by my Makefile. Max Vozeler via Debian's maildrop + maintainer. + +2006-09-17 Mr. Sam + + * maildrop/main.C (run): -f ""? I really mean it. + +2006-09-05 Josip Rodin + + * maildrop/dotlock.C (attemptlock): Clean up some error messages. + +2006-09-05 Mr. Sam + + * deliverquota: messages created by deliverquota will use the umask + setting. +2.0.2 + +2006-02-19 Mr. Sam + + * Makefile/configure: upgrade libtool/autoconf/automake toolchain. + +2006-01-21 Mr. Sam + + * rfc822/rfc2047.c (encodebase64): Fix compiler warning. + + * rfc822/rfc822.c (parseaddr): Ditto. + +2005-11-15 Mr. Sam + + * rfc2045/rfc2045rewrite.c: Cleanup. Remove duplicate quoted-printable + implementation, use one in rfc822/encode.c + + * gpglib/gpg.c: Ditto. + + * rfc822/encode.c (quoted_printable): encode spaces that precede a + newline. + +2.0.1 + +2005-09-23 Mr. Sam + + * configure.in: Look for pcre/pcre.h if pcre is not installed. + maildir: skip parts of make check if libpcre is not installed (used + by other courier packages). + +2005-09-21 Mr. Sam + + * maildir/Makefile.am (testmaildirfilter_LDADD): The 2005-09-07 patch + was not included in the 2.0.0 build :-( + +2.0.0 + +2005-09-07 Mr. Sam + + * maildir/Makefile.am (testmaildirfilter_LDADD): Move -lpcre to LDADD, + from LDFLAGS. + +2005-08-29 Mr. Sam + + * maildrop/search.C: Use PCRE (http://www.pcre.org) for mattern + matching. + + Most visible change is a different syntax for subexpression matching, + using (...). MATCH2 becomes MATCH1, MATCH3 becomes MATCH2, etc... + + "w" account option dropped. + + During a transitional period, setting MAILDROP_OLD_REGEXP + reverts to the old pattern matching engine. + +2005-08-04 Mr. Sam + + * maildrop/mailbot.c (check_dsn): Do not autoreply to messages + with an Auto-Submitted: header, unless it's contents are "no". + (main): Add Auto-Submitted: auto-replied. + +2005-06-18 Andres Salomon + + * Prefer /var/mail to /var/spool/mail, update docs accordingly. + +2005-06-11 Mr. Sam + + * COPYING.GPL: Update FSF mailing address. + +1.8.1 + +2005-05-09 Mr. Sam + + * maildrop/main.C (find_in_authlib): Exit with TEMPFAIL if temporary + error indication from authlib. + +2005-04-03 Mr. Sam + + * maildrop/maildropfilter.sgml: Explicitly document the | character. + +2005-02-26 Mr. Sam + + * maildrop.spec.in (BuildPreReq): Fix SPEC file. + +2005-01-27 Andres Salomon + + * maildrop/main.C (tempfail): More descriptive error messages when + permissions check fails. + +2005-01-27 Andres Salomon + + * rfc2045/reformime.sgml: Fix typo. + +1.8.0 + +2004-11-29 Dmitry Lebkov + + * maildrop/main.C (find_in_authlib): Fix the "service" parameter in + the authentication request, so that the correct attribute is read + for the default maildir setting. + +2004-11-04 Mr. Sam + + * maildrop: remove maildrop's mysql and ldap modules, replace with + Courier Authentication Library. + +2004-09-07 Mr. Sam + + * makedat/configure.in: Make build without db/gdbm work again. + +1.7.0 + +2004-07-25 Mr. Sam + + * Makefile.am: Moved some man pages to more appropriate man sections. + + * configure.in: Default to enabling maildirquota support. + +2004-06-07 Jeff Williams + + * mdmysql.C: Specify multiple mysql servers for fallback purposes via + a comma-separated list. + +2004-06-07 John Morrissey + + * main.C: Fixa segfault in maildrop if the LDAP or MySQL backend + doesn't return a maildir and the user does not have a quota + configured. + * mdldap.C, mdmysql.C: Add default_quota directives to the LDAP + and MySQL backend configurations, which will apply to any + LDAP/MySQL users that don't have an explicit quota defined. + +2004-06-06 Mr. Sam + + * rfc2045/rfc2045.h: Clean up and re-factor out MIME header parsing + into a new function: rfc2045_parse_mime_header. + +2004-05-19 Mr. Sam + + * maildir/maildirquota.c (do_deliver_warning): Make quota warning + message work correctly with NFS. + (do_maildir_openquotafile): Make quota calculations 64bit-safe (based + on patch from Michael Kefeder ). + +2004-04-24 Mr. Sam + + * maildrop/recipenode.C (Evaluate): Do not trap the exit statement + within an exception {} block. exit will now really exit. + +2004-03-13 Flavio Stanchina + + * rfc2045/reformime.c (extract_pipe): Program invoked by reformime -X + must exit with zero exit status. A non-zero exit status terminates + reformime. reformime's exist status will be 20+child process's exit + status. + +2004-03-13 Mr. Sam + + * Resync against the Courier tree. + +2004-01-31 Tony Earnshaw + + * README.postfix: Additional info. + +2004-01-14 Courier User + + * VAR="" does not remove the variable. New unset command does that. + +2004-01-14 Troy Benjegerdes + + * maildrop/maildir.C: AFS patch - rename if link fails due to EXDEV + +1.6.3 + +2003-10-15 Filipe Brandenburger + + * message.C (Init): If compiled with CRLF_TERM, account for CRs + in the message size. + +2003-10-10 Dmitry Lebkov + + * maildrop/mdldapconfig.c (get_ldap_config): Allow comments in + ldap config file. + + * maildrop/mdmysqlconfig.c (get_mysql_config): Allow comments + in mysql config file. Remove redundant mailstatus field. + +1.6.2 + +2003-09-29 Mr. Sam + + * maildrop/mio.C: Cleanup. Drop some dead code. + +2003-09-25 Mr. Sam + + * bdbobj/bdbobj.c (bdbobj_open): Fix dbf_open call for db 3.x + +2003-09-21 Mr. Sam + + * userdb/makeuserdb.in: Make sure makeuserdb emits a trailing + newline after each processed file. + +1.6.1 + +2003-09-07 Mr. Sam + + * maildrop/main.C (nouser): Really use EX_NOUSER for undefined + recipients. + +1.6.0 + +2003-08-09 Mr. Sam + + * maildrop/main.C (nouser): Use EX_NOUSER for undefined virtual + recipients. + + * maildrop/maildir.C (MaildirSave): Use KEYWORDS to initialize + keywords for a maildir message. + + * CVS Refresh: + + * + Maildir keyword support. + +2003-06-23 Mr. Sam + + * maildrop/main.C (find_in_ldap): Fix crash if ldap is enabled but + ldapconfig is not installed. + +1.5.3 + +2003-04-29 Mr. Sam + + * Replace U+0x00A0 in SGML documentation with spaces. + +2003-04-21 Mr. Sam + + * Updated toolchain to automake 1.6.3, autoconf 2.57, + libtool 1.4.3, gettext 0.11.4, new Docbook style sheets. + + * bdbobj/bdbobj2.c (bdbobj_nextkey): Eliminate 0-length malloc. + +2003-04-12 Mr. Sam + + * All beta and releases will now be signed by + http://www.courier-mta.org/KEYS.bin + +2003-04-09 Mr. Sam + + + CVS refresh: + + * autoconf 2.57 fixes. + + * rfc2045/rfc2045.c (content_location): Plug a leak. + + * maildir/maildirpurgetmp.c (maildir_purge): Fix maildir_purge("."); + + * rfc2047.c (rfc2047_encode_callback): Fix MIME encoding of "_". + + * maildrop/maildropex.sgml: Fix typo. + + * rfc2045/configure.in: rename config.h to rfc2045_config.h + + * rfc2045/reformime.c (read_message): Use rfc2045_parse_partial() to + properly size-up content without trailing newlines. + + * rfc2045/rfc2646create.c (rfc2646create_free): Emit the trailing + newline. + + * rfc2045/pcpd.c (start): Use SA_NOCLDWAIT, if blessed by configure. + + * maildir/maildirwatch.c: Fix timeout. + + * rfc2045/rfc2045encode.c: clean up base64/qp encoding. + + +2003-04-09 Jeff Williams + + * maildrop/main.C (run): Code cleanup. + +1.5.2 + +2003-01-25 Mr. Sam + + * maildir(5) man page added. Finalized new maildir creation code + that uses both dev_t and ino_t as part of the filename. + +2003-01-19 Mr. Sam + + * maildir/maildircreateh.c (maildir_tmpcreate_fd): Add openmode to + struct maildir_tmpcreate_info + + * maildrop/maildir.C (MaildirOpen): Use new maildir creation code. + +1.5.1 + +2002-12-29 Mr. Sam + + * New docbook support scripts/css for docbook-generated man pages. + +2002-12-23 Mr. Sam + + * rfc2047.c (rfc2047_encode_callback): Fix hang on + locales where isspace(U+0x00A0) is true. + +2002-11-23 John Morrissey + + * Add -w option to maildrop by moving quota warning code from + deliverquota to libmaildir.a, and reusing it. + +1.5.0 + +2002-10-08 Mr. Sam + + * maildrop/maildropfilter.sgml (ADDRLIST): Typo fix. + +2002-10-07 Mr. Sam + + * Major toolchain upgrade - gcc 3.2, automake 1.6, autoconf 2.53, + libtool 1.4. + +2002-10-02 Mr. Sam + + * maildrop/maildir.C: new configure switch --with-dirsync + +2002-09-20 Mr. Sam + + * reformime, makemime: implemented RFC 2231-parsing of Content-Type: + and Content-Disposition: headers. + + Dropped rfc2045_dispositioninfo. Access rfc2045.content_disposition + directly, and use the rfc2231 functions to access the attributes. + +2002-09-05 Mr. Sam + + * Replace dotlock with lockmail. + +2002-08-21 Mr. Sam + + * maildrop/maildir.C (MaildirOpen): Clean up temp file if delivery + to maildir goes over quota. + +1.4.0 + +2002-06-12 Mr. Sam + + * maildir/maildirquota.c (do_maildir_openquotafile): Fix quotas + on FreeBSD (fcntl("/dev/null", F_SETFL) doesn't work on FreeBSD) + + * maildrop/configure.in: do not use qmail-inject for SENDMAIL_DEF + (problems with the -t flag used by sqwebmail's mail filter). + +2002-06-09 Mr. Sam + + * numlib/strofft.c: off_t may be negative. + + * +++ maildirquota API update +++ + + + allows documented way to change the set quota on a maildir + + + major internal cleanup, established a sane API library + + External changes: + + + quota no longer set by deliverquota or MAILDIRQUOTA, new -q + option to maildirmake. Both deliverquota, maildrop, and + Courier now read the maildirsize no matter what, and observe + the quota + + + maildirmake and deliverquota now installed by the Courier-IMAP, + maildrop, and sqwebmail standalone builds. + + + updated README.maildirquota, and man pages to reflect all these + changes. + +2002-06-09 Christian Kratzer + + * maildrop/mdldap.c: Check ldap_get_values() exit code. + +2002-05-16 Mr. Sam + + * maildrop/rematchmsg.C (SetCurrentPos): Fix an obscure bug that + can sometimes result in an invalid seek error. + +1.3.9 + +2002-04-24 Mr. Sam + + * maildrop/filter.C (xfilter): Set O_NDELAY on file descriptors for + xfilter() since select() only works correctly on non-blocking fds. + +2002-04-08 Mr. Sam + + * maildrop/formatmbox.C (GetFromLine): Do not write a newline before + every From_ line... + + * maildrop/deliver.C (delivery): ... only for 2nd and subsequent msgs. + + +2002-03-09 Mr. Sam + + * rfc2047.c (rfc2047_encode_callback): Fix MIME-encoding of spaces. + +2002-03-04 Mr. Sam + + * rfc822.c (rfc822_prname_orlist): Dequote quoted-strings. + +1.3.8 + +2002-03-18 Mr. Sam + + * rfc2045/reformime: Fix handling of unencoded nulls in text/plain + content. + +2002-02-27 Josip Rodin + + * Makefile.am cleanup. + +2002-03-01 Mr. Sam + + * configure/makefile script update for autoconf 2.52/automake 1.5 + +2002-02-15 Mr. Sam + + * rfc2045/reformime.sgml: Documented the -m and -D options. + +2002-02-02 Mr. Sam + + * Update README.postfix + +2002-01-27 Mr. Sam + + * userdb/configure.in: Fix typo. + +2002-01-25 Mr. Sam + + * rfc2045/rfc2045.c (doline): Fix incorrect calculation of the + end of a multipart MIME section that's inside another multipart + MIME section. + +2002-01-09 Mr. Sam + + * maildir/maildirfiltertypelist.h: Fix typo. + +1.3.7 + +2001-12-23 Mr. Sam + + * Converted makemime, rfc2045, rfc822, makedat man pages to Docbook. + +2001-12-22 Mr. Sam + + * Converted dotlock, mailbot, reformail, reformime man pages to + Docbook. + +2001-12-21 Mr. Sam + + * Converted maildrop, maildropfilter, maildropgdbm, maildropex man + pages to Docbook. + +2001-12-08 Mr. Sam + + * Convert maildir documentation to SGML docbook. + +2001-12-04 "Bjoern A. Zeeb" + + * Fix mysql support. + +1.3.6 + +2001-11-25 Bjoern A. Zeeb + + * Updates to mysql support. Note - patch did not apply cleanly, + there were some whitespace differences, so take care. + +2001-11-25 Mr. Sam + + * reformime: Loosen up the parsing of the content-type header. Strict + parsing allowed viruses to slip through using malformed content-type + headers which still got picked up by Microsoft's crapware which + does not strictly parse the MIME headers. + +2001-11-24 Mr. Sam + + * Convert userdb documentation to SGML docbook (more to follow). + +2001-11-01 Mr. Sam + + * rfc822/rfc2047.c - case insensitive charset comparison + + * userdb: initialize PATH variable + +1.3.5 + +2001-09-30 Mr. Sam + + * Drop install setuid. + + * Add UMASK variable, that sets the permissions on new mailboxes + or messages. Hence, drop MAILBOX_MODE from configure script. + + * Resync with the Courier tree. Changes: maildir/maildirmake.c (add): + Explicitly fseek() to start of file, for system where fopen("a+") + initially positions to EOF. + Problem noted by Vojtech Karny + + authlib/authuserdbpwd.c (auth_userdb_passwd): Fix trashed pointer + dereference. Problem noted by James Knight + + Updated configure.in/Makefile.am to automake 1.4p5 and autoconf 2.13 + +2001-08-02 Mr. Sam + + * Resync with the Courier tree. Changes: Net::CIDR support in makedat + (N/A for maildrop); fixes for maildirfilter filter recipe generation + (N/A for maildrop); fix a division by zero due to the quota being + set to 0; removed incorrect documentation from maildirfilter man + page. + +1.3.4 + +2001-06-25 Mr. Sam + + * Disable MSIE smart tags in all html files + +2001-06-24 Dmitry Lebkov + + * Added experimental MySQL support. + +2001-06-24 Mr. Sam + + * userdb: Adjusted makeuserdb imported from Courier build, to support + Courier 0.35 + + * maildrop/recipenode.C (Evaluate): Allow exception { } to pass + through regular mail delivery terminations. + +1.3.3 + +2001-06-06 Mr. Sam + + * liblock/lockdaemon.c: fix several improper tests for failed fopen(). + +2001-05-26 Mr. Sam + + * reformime: strip leading/trailing spaces from attachment filename. + +2001-05-04 Mr. Sam + + * Created mailbot(1). + +2001-04-23 Mr. Sam + + * --- Merge from Courier tree --- + + * rfc2045/reformime.c (main): Allow both -i and -x at the same time. + + * maildrop/main.C (run): Disable pw lookup for delivery mode in the + Courier build -- we'll import it from the environment + --- This is an FYI - this should not affect the maildrop build. + + * Global search and replace of certain C++ include files, for + compatibility with ISO C++: + + -> + -> + -> + -> + -> + -> + -> + -> + -> + -> + + * rfc822.c (rfc822t_alloc): Explicitly cast arg to (void *). + + * Cosmetic fixes. Replace // with /* */ comments in some .c files + and replace return of void datatype with an explicit return. + Other misc stuff too. + + * rfc2045/rfc2045.c (rfc2045_mimepos): Fix a long-time glitch where + a garbled message with no body will have its headers logically placed + in the body section, and the supposed headers will be NULL -- this was + a benign artifact of the parsing logic. + + * rfc2045/reformime.c, submit.C: Reject ambigous nested MIME + boundary delimiters (suggestion by leonid@latte.harvard.edu). + + * Added /usr/local/bin to AC_PATH macros in all configure.in scripts. + + + * maildrop/main.C (run): Disable pw lookup for delivery mode in the + Courier build -- we'll import it from the environment. Import + MAILDROPDEFAULT from environment as DEFAULT. This should not affect + the standalone maildrop build. + +2001-04-11 Mr. Sam + + * maildrop/configure.in (LIBLDAP): Try to probe whether -lsocket and + -lnsl is required to link with libldap. + + * README.postfix (maildrop_destination_recipient_limit): Added + a note about a potential misconfiguration. + + * rfc2045/reformime.c: Added -V option to reformime which validates + MIME message formatting, and reports several common errors. + + * Added /usr/local/bin to AC_PATH macros in all configure.in scripts. + +2001-03-11 Mr. Sam + + * reformime: add the hostname to the manufactured MIME boundary + delimiter, in order to generate more noise; skip over + multipart/signed content; prefer appending Content-Transfer-Encoding: + to the individual content sections, instead of multipart sections. + + tweak arg to putc, in order to prevent a fake EOF indication? + +1.3.1 + +2001-03-03 Mr. Sam + + * maildrop/configure.in: Changed mailing list address. + +1.3.0 + +2001-01-20 Mr. Sam + + * Applied LDAP patch (Terry Katz) + +2001-01-13 Mr. Sam + + * maildrop/re.C (parsechar): Actually made octal notation work. + +2000-12-16 Mr. Sam + + * Added setlocale() to eliminate some unexpected surprises in glibc. + +2000-11-26 Mr. Sam + + * Replaced rfc822t_alloc() with rfc822t_alloc_new(). + +* V1.2.2 - Adjust truncation in reformiem to truncate to the last 32 + characters in a long filename (to preserve any filename extension). + +* V1.2.1 - A small patch to reformime that truncates long MIME filenames + to 32 characters. + +* V1.2 - Switched installation layout to GNU layout. Packaged development + libraries. reformime -x option now MIME decodes 8-bit filenames + (then promptly strips 8bit characters :-) ). Change permissions + that files in the maildir are created to 0644 from 0600, in order + to support delivery to shared folders. Since maildirmake, by + default, uses mode 0700 for creating standard, non-shared, maildirs, + there is no issue with private folders. The maildrop package + also now includes installation of "development" libraries. + +* V1.1 - Added makemime utility. Made --disable-tempdir option to be the + default. + +* V1.0 - Berkeley DB 3.0 support. Patches reformime to avoid clobbering of + existing files. + +* V0.99.2 - added README.postfix. Removed default permissions of g+rw + for mbox files created on systems with spool directory that + does not have a sticky bit set -- potential exploit. + +* V0.99.1 - additional fixes to the makefile and configuration scripts. +RPM spec file upgraded to RPM 3.0. Some additional sanity checks when +delivering to maildirs (checks for rogue soft links -- needed to support +delivery to sharable maildirs). maildirmake update - creates sharable +maildirs. Added hooks for integrating maildrop into Courier. Added -m +to reformime (make MIME digests). Added trusted groups, to complement +"trusted users" concept. + +* V0.76 - minor compilation warning fix that was accidentally left +out of 0.75. Part of the cleanup: legacy code in +maildirmake removed. maildirmake should NO LONGER be installed +with any suid/gid bits set. Added vchkpw2userdb script. Arg to -M +will convert all periods and slashes to :s, instead of complaining. +Moved setprocgroup call. + +* V0.75 - new installation layout - will install into +/usr/local/lib/maildrop/minor fixes to configuration scripts. +Minor typos in userdb. Bug fix: exception statement will now trap +maildir quota errors. AIX fixes. + +* V0.74- fix compilation errors for SuSE 6.0. Qmail bug fix. userdb +update. + +* V0.73 - bug fix in getaddr()/hasaddr() functions, and reformail -r +option. + +* V0.72 - reformime enhancement/update. Maildir support update. + +* V0.71 - a maintenance release. Patches for AIX and AFS support. +Updates to documentation. Internal cleanup of the source code +directory layout, which will allow me to include maildrop as parts +of other projects. Fixed a bug in the reformime utility. + +* V0.70 - option to enable soft enforcement of maildir quotas, see +README.maildirquota in the maildir subdirectory. Virtual account +support. Renamed makegdbm to makedat. Removed installation option +to gzip manual pages -- too messy. Let target platform +packagers/porters worry about it. to and cc commands that pipe the +message to an external process will now set the EXITCODE variable +to the exit code of the external process. External processes that +terminate with a non-zero exit code will NOT automatically cause +maildrop to terminate with the exit code of 75. The exit code will +be saved in the EXITCODE variable. If the delivery command was to, +maildrop simply terminates with the same exit code. If the +delivery command was cc, maildrop continues after initializing +EXITCODE. + +* V0.65 - option to compile Berkeley DB library, instead of GDBM. +Added the import keyword. Some cleanup of HTML documentation. + +* V0.64 - reformime fix - handle systems with broken pipe fseeks +semantics. rfc822 library sync. Standardized names of some legacy +.h files. Red Hat RPMs changed to install a tiny sh/bash/csh login +script (from maildroptips) to purge $HOME/.tmp. makegdbm can now +read from standard input. Some obscure fixes to rfc822 functions. +Moved reformime to rfc2045 subpackage - it belongs there, and can +be shared by other projects. + +* V0.63 - maintenance. Minor enhancements and bug fixes to the +reformime utility. reformime can now convert 8-bit messages to or +from quoted-printable encoding. reformime can now also add missing +MIME headers to a message. + +* V0.62 - array out of bounds bug fix in rfc822.c. Some additional +options to configure to specify various directories. Option to +configure to use /usr/local/etc instead of /etc. + +* V0.61(prerelease) - rfc822 library sync. Added reformime +standalone utility. Added support for GDBM database files. Because +GDBM support adds significant amount of code to maildrop, GDBM +support can be optionally disabled during installation. Added the +time function. Changed how maildrop automatically converts results +of floating point mathematical operation back into text - should +not affect any existing filters. + +* V0.60 - no changes to the main maildrop code from version 0.55c, +except for cosmetic changes to some shared modules in order to +accomodate the new reformime utility. The main maildrop code +appears to be stable. Edited the documentation, and changed the +flags that the RPM is built with. NEW: Experimental set of MIME +functions, which are implemented as a separate program for now. +The reformime program can be used to decode the MIME structure of +a message, and extract different parts of it. At some point later, +this functionality will be added as native functions in the +maildrop filtering language. See reformime.html for more +information. + +* V0.55c - BUG FIX: maildrop would botch the situation where it had +problems creating or writing to a temporary file. Fixed error +handling so this condition correctly results in deferred mail. +Added some sendmail-related notes to INSTALL. Added additional +punctuation characters recognized by the escape() function. The +chance that this would break existing scripts is very remote, but +possible, however the additional escaped punctuation would allow +the function to be used to hack-proof shell commands. + +* V0.55b - enhancement: an optional parameter to configure, +--enable-syslog, which will enable logging of fatal errors to +syslog. sendmail discards standard error, making diagnosis of +maildrop problems difficult. An optional switch to configure will +have maildrop log all fatal error to syslog. Fixed core dump if +reformail is given an invalid switch: '-f'. + +* V0.55a - fixed some miscellaneous glitches in the configuration +script. Fixed potential security problem on some platform with +reformail incorrectly being installed with setuid privileges. Only +cosmetic changes to the main maildrop program: made some error +messages more descriptive; maildrop will now attempt to create a +process group upon startup and upon termination maildrop will send +a SIGHUP signal to its process group, hopefully terminating any +child processes. No bug fixes are known, or have been reported. + +* V0.55 - added HOSTNAME and FROM environment variables. Added -f +option. Added support for /etc/maildroprcs - see maildrop(1). +Fixed obscure bug that can trash a file descriptor. + +* V0.54b - Changed auto-configuration logic for enabling dotlocks. +If the configure script detects that the system mailbox directly +does NOT have the sticky bit set, dot-locks are disabled by +default. --enable-use-dotlock option to configure can override +that. Added --enable-keep-fromline option to preserve the original +From_ line address of messages. Note that the default value of +this option may change maildrop's behavior from previous versions. +See INSTALL for additional information. Documented some additional +options to configure that were actually implemented in a previous +version. Fixed error in select() logic that may cause the backtick +command to fail in some situations. + +* V0.54a - miscellaneous fixes. Changed the hasaddr() function to +look at Resent-To: and Resent-Cc: headers. Default SHELL to +/bin/sh if the shell is not specified in /etc/passwd. FreeBSD does +not support lockf() on /dev/null - lockf() will no longer cause a +fatal error if it fails on a character or a block special file. +Fixed bug in configure script regarding failed initialization of +--enable-restrict-trusted flag. + +* V0.54 - edited the documentation. Added support for VPATH builds +using automake - suggested by Harlan Stenn +. Major rework of the configuration code. +Changed all #define-s in config.h to use the configure script. + +* V0.51c - Fixed the subtraction operator bug. Added sendmail +documentation. + +* V0.51b - Fixed compilation error for BSD. Fixed spurious "invalid +directory permission" error if $HOME/.mailfilters does not exist +in special embedded mode - maildrop will simply indicate quiet +acceptance. + +* V0.51 - ported to RedHat 5.1, added /etc/maildroprc global filter +file. + +* V0.50 - first public release. diff --git a/courier-imap-x/libs/maildrop/Makefile.am b/courier-imap-x/libs/maildrop/Makefile.am index 274641c2a..fb5919bbb 100644 --- a/courier-imap-x/libs/maildrop/Makefile.am +++ b/courier-imap-x/libs/maildrop/Makefile.am @@ -73,7 +73,11 @@ EXTRA_DIST = maildroptips.html $(BUILT_SOURCES)\ maildrop.lsm testsuite.txt.idn testsuite2 check-am: testsuite - VALGRIND="`which valgrind 2>/dev/null`"; export VALGRIND; @SHELL@ ./testsuite >testsuite.diff || exit 1; diff -U 3 testsuite.diff $(srcdir)/testsuite.txt.idn || exit 1; rm -f testsuite.diff + VALGRIND="`which valgrind 2>/dev/null`"; export VALGRIND; \ + @SHELL@ ./testsuite >testsuite.diff || exit 1; \ + sed '/^Message envelope sender/d' I've started a list of "tips and tricks" for writing mail filters with maildrop.

The HTML version of the maildrop README is located at - http://www.courier-mta.org/maildrop/. Although the following + https://www.courier-mta.org/maildrop/. Although the following files may also be found there, please check your favorite archive for any local copies:

The RPMs are signed with my GnuPG key: http://www.courier-mta.org/KEYS.bin.

+ "https://www.courier-mta.org/KEYS.bin">https://www.courier-mta.org/KEYS.bin.

maildrop includes documentation in HTML, as well as traditional man pages. The HTML versions may also be found at http://www.courier-mta.org/maildrop/maildrop.html.

+ "maildrop.html">https://www.courier-mta.org/maildrop/maildrop.html.

Introduction

maildrop is a replacement for your local mail delivery agent. maildrop reads a mail message from standard input, then delivers the diff --git a/courier-imap-x/libs/maildrop/configure.ac b/courier-imap-x/libs/maildrop/configure.ac index 16c8a61f6..104e5e324 100644 --- a/courier-imap-x/libs/maildrop/configure.ac +++ b/courier-imap-x/libs/maildrop/configure.ac @@ -2,7 +2,7 @@ dnl dnl Copyright 1998 - 2022 Double Precision, Inc. See COPYING for dnl distribution information. -AC_INIT([maildrop],[3.1.4],[courier-users@lists.sourceforge.net]) +AC_INIT([maildrop],[3.1.7],[courier-users@lists.sourceforge.net]) AC_CONFIG_MACRO_DIR([m4]) >confdefs.h # Kill PACKAGE_ macros diff --git a/courier-imap-x/libs/maildrop/maildrop.1.in b/courier-imap-x/libs/maildrop/maildrop.1.in index 33ba57e0c..7a5876220 100644 --- a/courier-imap-x/libs/maildrop/maildrop.1.in +++ b/courier-imap-x/libs/maildrop/maildrop.1.in @@ -4,12 +4,12 @@ .\" Title: maildrop .\" Author: Sam Varshavchik .\" Generator: DocBook XSL Stylesheets vsnapshot -.\" Date: 09/24/2019 +.\" Date: 07/13/2024 .\" Manual: Double Precision, Inc. .\" Source: Courier Mail Server .\" Language: English .\" -.TH "MAILDROP" "1" "09/24/2019" "Courier Mail Server" "Double Precision, Inc\&." +.TH "MAILDROP" "1" "07/13/2024" "Courier Mail Server" "Double Precision, Inc\&." .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -382,18 +382,8 @@ option is \fImailfilter\-lists\-maildrop\fR, \fBmaildrop\fR will try to open the following files, in order: -.IP \[bu] 2 -$HOME/\&.mailfilters/mailfilter\-lists\-maildrop -.IP \[bu] -$HOME/\&.mailfilters/mailfilter\-lists\-maildrop\-default -.IP \[bu] -$HOME/\&.mailfilters/mailfilter\-lists\-default -.IP \[bu] -$HOME/\&.mailfilters/mailfilter\-default -.IP \[bu] -$HOME/\&.mailfilters/default +.sp .if n \{\ .RS 4 .\} .nf $HOME/\&.mailfilters/mailfilter\-lists\-maildrop $HOME/\&.mailfilters/mailfilter\-lists\-maildrop\-default $HOME/\&.mailfilters/mailfilter\-lists\-default $HOME/\&.mailfilters/mailfilter\-default $HOME/\&.mailfilters/default .fi .if n \{\ .RE .\} .sp -.RS 0 Note that \fBmaildrop\fR looks for \-default files ONLY if @@ -711,7 +701,7 @@ Author .IP " 1." 4 Courier .RS 4 -\%http://www.courier-mta.org +\%https://www.courier-mta.org .RE .IP " 2." 4 "Environment" diff --git a/courier-imap-x/libs/maildrop/maildrop.html.in b/courier-imap-x/libs/maildrop/maildrop.html.in index 419edec6b..64e017698 100644 --- a/courier-imap-x/libs/maildrop/maildrop.html.in +++ b/courier-imap-x/libs/maildrop/maildrop.html.in @@ -47,7 +47,7 @@ in the default mailbox.

files; it also knows how to deliver to maildirs. A maildir is a directory-based mail format used by the -Courier +Courier and Qmail mail servers. @@ -80,7 +80,7 @@ home directory, then reads @withetcdir@/maildroprc then $HOME/.mailfilter.

Embedded mode

maildrop functions as a part of another application. The embedded mode is used by the -Courier +Courier mail server to integrate mail filtering directly into the process of receiving mail from a remote mail relay, thus rejecting unwanted mail before it is even accepted for local mail delivery. @@ -88,7 +88,7 @@ Embedded mode is used when either the -m, or the -M, option is specified, and is described below. See below for a more extensive description of the embedded mode.

SECURITY

It is safe to install maildrop as a root setuid program. -The Courier mail server +The Courier mail server installs maildrop as a root setuid program by default, in order to be able to use maildrop in embedded mode. If root runs maildrop (or it is setuided to root) @@ -263,7 +263,7 @@ Note that maildrop looks for -defa -M is used.

-D uuu/ggg

This option is reserved for use by the version of maildrop that comes integrated with the -Courier mail server.

-V level

+Courier mail server.

-V level

Initialize the VERBOSE variable to level. Because maildrop parses the diff --git a/courier-imap-x/libs/maildrop/maildropfilter.7.in b/courier-imap-x/libs/maildrop/maildropfilter.7.in index 6894b3f9f..325c67834 100644 --- a/courier-imap-x/libs/maildrop/maildropfilter.7.in +++ b/courier-imap-x/libs/maildrop/maildropfilter.7.in @@ -4,12 +4,12 @@ .\" Title: maildropfilter .\" Author: Sam Varshavchik .\" Generator: DocBook XSL Stylesheets vsnapshot -.\" Date: 04/02/2023 +.\" Date: 07/13/2024 .\" Manual: Double Precision, Inc. .\" Source: Courier Mail Server .\" Language: English .\" -.TH "MAILDROPFILTER" "7" "04/02/2023" "Courier Mail Server" "Double Precision, Inc\&." +.TH "MAILDROPFILTER" "7" "07/13/2024" "Courier Mail Server" "Double Precision, Inc\&." .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -2646,7 +2646,7 @@ Author .IP " 1." 4 Courier mail server .RS 4 -\%http://www.courier-mta.org/ +\%https://www.courier-mta.org/ .RE .IP " 2." 4 \fBdot-courier\fR(5) diff --git a/courier-imap-x/libs/maildrop/maildropfilter.html.in b/courier-imap-x/libs/maildrop/maildropfilter.html.in index ca716db1f..f92503845 100644 --- a/courier-imap-x/libs/maildrop/maildropfilter.html.in +++ b/courier-imap-x/libs/maildrop/maildropfilter.html.in @@ -70,7 +70,7 @@ to $FILE SENDMAIL and LOGNAME.

There's one exception to this rule which applies to the version of maildrop that comes with the - Courier mail server. The following + Courier mail server. The following does not apply to the standalone version of maildrop: when running in delivery mode, if the -d flag was not used, or if it specifies @@ -286,7 +286,7 @@ MAILBOX="${HOME-WORD}/Mailbox" The KEYWORDS variable is used only when delivering a message to a maildir, and implements the optional IMAP keyword extension as implemented in the - Courier IMAP server. + Courier IMAP server. It may be optionally initialized to contain a comma-separate list of keywords. The to, or the cc command, delivers the message diff --git a/courier-imap-x/libs/maildrop/testsuite.in b/courier-imap-x/libs/maildrop/testsuite.in index d8bf1c15e..45a6e3896 100644 --- a/courier-imap-x/libs/maildrop/testsuite.in +++ b/courier-imap-x/libs/maildrop/testsuite.in @@ -139,7 +139,7 @@ to "./testsuite.maildir" EOF echo "Subject: msg1" | $VALGRIND ./maildrop testsuite.recipe echo "Subject: msg2" | $VALGRIND ./maildrop testsuite.recipe -sed '/^From MAILER-DAEMON/d' testsuite.recipe <allrrs[index]->rr.inaddr); + } + else + { + in=mxreply->allrrs[index]->rr.in6addr; + } + + { + struct rfc1035_mxlist *q; + /* See if it's already here */ for (q= *list; q; q=q->next) @@ -282,13 +299,12 @@ static int harvest_records(struct rfc1035_res *res, memcpy(&sin6, &q->address, sizeof(sin6)); if (memcmp(&sin6.sin6_addr, &in, sizeof(in)) - == 0 && q->priority == mxpreference) + == 0 && q->priority == mxpreference && + strcmp(q->hostname, mxname) == 0) break; } - if ((flags & HARVEST_NODUPE) && q) continue; + if (q) continue; } - else - in=mxreply->allrrs[index]->rr.in6addr; #else in.s_addr=mxreply->allrrs[index]->rr.inaddr.s_addr; #endif diff --git a/courier-imap-x/libs/rfc2045/rfc2045.h b/courier-imap-x/libs/rfc2045/rfc2045.h index 71c012190..3476b2db9 100644 --- a/courier-imap-x/libs/rfc2045/rfc2045.h +++ b/courier-imap-x/libs/rfc2045/rfc2045.h @@ -70,6 +70,7 @@ struct rfc2045 { char *content_location; struct rfc2045ac *rfc2045acptr; int has8bitchars; /* For rewriting */ + int hasraw8bitchars; /* For rewriting */ int haslongline; /* For rewriting */ unsigned rfcviolation; /* Boo-boos */ diff --git a/courier-imap-x/libs/rfc2045/rfc2045acchk.c b/courier-imap-x/libs/rfc2045/rfc2045acchk.c index e92eec588..e44e47a13 100644 --- a/courier-imap-x/libs/rfc2045/rfc2045acchk.c +++ b/courier-imap-x/libs/rfc2045/rfc2045acchk.c @@ -37,6 +37,8 @@ int is8bitte; hasnon7bit=1; if (c->has8bitchars) p->has8bitchars=1; + if (c->hasraw8bitchars) + p->hasraw8bitchars=1; } if (RFC2045_ISMIME1DEF(p->mime_version) && !p->content_type) @@ -60,9 +62,8 @@ int is8bitte; if (p->mime_version && p->firstpart == 0 /* sam - don't trigger rewrites on changes to multipart headers */ - && !p->firstpart /* sam - don't trigger rewrites on changes to multipart headers */ - ) + ) { flag=1; } @@ -77,7 +78,7 @@ int is8bitte; if (p->mime_version && !p->firstpart /* sam - don't trigger rewrites on changes to multipart headers */ - ) + ) { flag=1; } diff --git a/courier-imap-x/libs/rfc2045/rfc2045acprep.c b/courier-imap-x/libs/rfc2045/rfc2045acprep.c index f3defa321..b4ad07c65 100644 --- a/courier-imap-x/libs/rfc2045/rfc2045acprep.c +++ b/courier-imap-x/libs/rfc2045/rfc2045acprep.c @@ -76,7 +76,10 @@ static void do_rwprep(const char * p, size_t n) else if (++curlinepos > 500) currwp->haslongline=1; if ((unsigned char)*p >= 127) + { currwp->has8bitchars=1; + currwp->hasraw8bitchars=1; + } break; case qpseeneq: if (*p == '\n') diff --git a/courier-imap-x/libs/tcpd/Makefile.am b/courier-imap-x/libs/tcpd/Makefile.am index ba2aa57e9..c69e900fb 100644 --- a/courier-imap-x/libs/tcpd/Makefile.am +++ b/courier-imap-x/libs/tcpd/Makefile.am @@ -24,7 +24,7 @@ libcouriertls_la_LIBADD=@TLSLIBRARY@ libcouriertls_la_DEPENDENCIES=@TLSLIBRARY@ couriertcpd_SOURCES=argparse.c argparse.h \ - tcpd.c tcpdaccess.c tcpremoteinfo.c tcpremoteinfo.h + tcpd.c tcpdaccess.c couriertcpd_DEPENDENCIES= libspipe.la \ ../rfc1035/librfc1035.a \ diff --git a/courier-imap-x/libs/tcpd/couriertcpd.1 b/courier-imap-x/libs/tcpd/couriertcpd.1 index 954bbce70..1ff9a5a67 100644 --- a/courier-imap-x/libs/tcpd/couriertcpd.1 +++ b/courier-imap-x/libs/tcpd/couriertcpd.1 @@ -1,15 +1,15 @@ '\" t -.\" +.\" .\" .\" Title: couriertcpd .\" Author: Sam Varshavchik .\" Generator: DocBook XSL Stylesheets vsnapshot -.\" Date: 11/04/2020 +.\" Date: 07/14/2024 .\" Manual: Double Precision, Inc. .\" Source: Courier Mail Server .\" Language: English .\" -.TH "COURIERTCPD" "1" "11/04/2020" "Courier Mail Server" "Double Precision, Inc." +.TH "COURIERTCPD" "1" "07/14/2024" "Courier Mail Server" "Double Precision, Inc." .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -88,7 +88,9 @@ accept connections only to one specific IP address\&. Most systems have multiple \-address=127\&.0\&.0\&.1 accepts connections only from the local system\&. When multiple port numbers are specified, it is also possible to selectively bind different network addresses to each port number when \fIlist\fR -specifies more than one port number\&. See "\m[blue]\fBMultiple port list\fR\m[]\&\s-2\u[1]\d\s+2" below for more information\&. +specifies more than one port number\&. See +the section called \(lqMULTIPLE PORT LIST\(rq +below for information\&. .RE .PP \-block=\fIzone\fR[=\fIdisplay_zone\fR][,\fIvar\fR[/\fIn\&.n\&.n\&.n\fR][,\fImsg\fR]] or \-allow=\fIzone\fR[=\fIdisplay_zone\fR][,\fIvar\fR[/\fIn\&.n\&.n\&.n\fR[,]]] @@ -169,7 +171,7 @@ The option can be overridden for a given IP address by setting the \fBMAXCPERIP\fR environment variable, see -\(lqSetting environment variables\(rq +the section called \(lqSetting environment variables\(rq for more information\&. .RE .PP @@ -202,13 +204,13 @@ or environment variables (see below)\&. .RE .PP -\-noidentlookup +\-haproxy\fI=options\fR .RS 4 -Do not perform an -\fIident\fR -lookup, and do not initialize the -\fBTCPREMOTEINFO\fR -environment variable\&. +Enable the +HAProxy +protocol\&. See +the section called \(lqENABLING HAPROXY\(rq +for more information\&. .RE .PP \-pid=\fIfilename\fR @@ -308,7 +310,8 @@ The \fIlist\fR argument can be a comma\-separated list of multiple port numbers\&. \fBcouriertcpd\fR -will create network connections on any listed port\&. Each port number can be optionally specified as "address\&.port", for example: +listens for network connections on every listed port\&. Each port number is optionally specified as +\(lqaddress\&.port\(rq, for example: .sp .if n \{\ .RS 4 @@ -363,11 +366,11 @@ will accept or reject connections from\&. An access file is optional\&. Without \fBcouriertcpd\fR accepts a connection from any IP address\&. .PP -Both IPv4 and IPv6 addresses can be specified, if IPv6 support is available\&. A non\-standard syntax is currently used to specify IPv6 addresses\&. This is subject to change in the near future\&. IPv6 support is currently considered to be experimental\&. +Both IPv4 and IPv6 addresses can be specified, if IPv6 support is available\&. A slightly non\-standard syntax is used to specify IPv6 addresses\&. .PP The access file is a binary database file that\*(Aqs usually created by a script, such as -\m[blue]\fB\fBmakesmtpaccess\fR(8)\fR\m[]\&\s-2\u[2]\d\s+2, or -\m[blue]\fB\fBmakeimapaccess\fR(8)\fR\m[]\&\s-2\u[3]\d\s+2, from one or more plain text files\&. Blank lines in the text file are ignored\&. Lines that start with the # character are also ignored\&. +\m[blue]\fB\fBmakesmtpaccess\fR(8)\fR\m[]\&\s-2\u[1]\d\s+2, or +\m[blue]\fB\fBmakeimapaccess\fR(8)\fR\m[]\&\s-2\u[2]\d\s+2, from one or more plain text files\&. Blank lines in the text file are ignored\&. Lines that start with the # character are also ignored\&. .SS "Rejecting and accepting connections by IP address" .PP The following line instructs @@ -386,7 +389,7 @@ netblockdeny .PP \fInetblock\fR is an IP address, such as -192\&.68\&.0\&.2\&. +192\&.168\&.0\&.2\&. is the ASCII tab character\&. There MUST be exactly one tab character after the IP address and the word "deny"\&. .PP @@ -396,16 +399,16 @@ You can also block connections from an entire network C block: .RS 4 .\} .nf -192\&.68\&.0deny +192\&.168\&.0deny .fi .if n \{\ .RE .\} .PP This blocks connections from IP addresses -192\&.68\&.0\&.0 +192\&.168\&.0\&.0 through -192\&.68\&.0\&.255\&. Blocking connections from an entire B or A network block works the same way\&. +192\&.168\&.0\&.255\&. Blocking connections from an entire B or A network block works the same way\&. .PP Use the word "allow" instead of "deny" to explicitly allow connections from that IP address or netblock\&. For example: .sp @@ -413,19 +416,19 @@ Use the word "allow" instead of "deny" to explicitly allow connections from that .RS 4 .\} .nf -192\&.68\&.0deny -192\&.68\&.0\&.10allow +192\&.168\&.0deny +192\&.168\&.0\&.10allow .fi .if n \{\ .RE .\} .PP This blocks all connections from -192\&.68\&.0\&.0 +192\&.168\&.0\&.0 to -192\&.68\&.0\&.255 +192\&.168\&.0\&.255 except for -192\&.68\&.0\&.10\&. These two lines can occur in any order\&. +192\&.168\&.0\&.10\&. These two lines can occur in any order\&. \fBcouriertcpd\fR always uses the line with the most specific IP address\&. .PP @@ -441,22 +444,6 @@ If the IP address of the connection is not found in the access file the connecti .RE .\} .SS "IPv6 addresses" -.if n \{\ -.sp -.\} -.RS 4 -.it 1 an-trap -.nr an-no-space-flag 1 -.nr an-break-flag 1 -.br -.ps +1 -\fBNote\fR -.ps -1 -.br -.PP -IPv6 support in the access file is experimental, and is subject to change in a future release\&. The following syntax is subject to change at any time\&. -.sp .5v -.RE .PP The access file can also specify IPv6 addresses, if IPv6 support is available\&. The existing IPv4 address format is used for IPv6\-mapped IPv4 addresses, and no changes are required\&. For all other IPv6 addresses use the following format: .sp @@ -519,8 +506,8 @@ or checking access lists (see below)\&. For example: .RS 4 .\} .nf -192\&.68\&.0allow,RELAYCLIENT -192\&.68\&.0\&.10allow,RELAYCLIENT,SIZELIMIT=1000000 +192\&.168\&.0allow,RELAYCLIENT +192\&.168\&.0\&.10allow,RELAYCLIENT,SIZELIMIT=1000000 .fi .if n \{\ .RE @@ -529,18 +516,18 @@ or checking access lists (see below)\&. For example: This sets \fBRELAYCLIENT\fR environment variable for connections from the -192\&.68\&.0 +192\&.168\&.0 block\&. In addition to that, the \fBSIZELIMIT\fR environment variable is set to 1000000 if the connection comes from the IP address -192\&.68\&.0\&.10\&. +192\&.168\&.0\&.10\&. .PP Note that \fBRELAYCLIENT\fR must be explicitly specified for the IP address -192\&.68\&.0\&.10\&. The first line is NOT used for connections from this IP address\&. +192\&.168\&.0\&.10\&. The first line is NOT used for connections from this IP address\&. \fBcouriertcpd\fR only reads one entry from the access file, the entry for the most specific IP address\&. .sp @@ -548,7 +535,7 @@ only reads one entry from the access file, the entry for the most specific IP ad .RS 4 .\} .nf -192\&.68\&.0\&.10allow,MAXCPERIP=100 +192\&.168\&.0\&.10allow,MAXCPERIP=100 .fi .if n \{\ .RE @@ -846,7 +833,238 @@ Including \(lqallowok\(rq keyword in an SPF setting automatically passes the SPF check for senders whose IP address is found in an \fB\-allow\fR\-ed access list\&. See -\m[blue]\fB\fBcourier\fR(8)\fR\m[]\&\s-2\u[4]\d\s+2\&. +\m[blue]\fB\fBcourier\fR(8)\fR\m[]\&\s-2\u[3]\d\s+2\&. +.SS "Using CIDR notation for IPv4 and IPv6 addresses" +.PP +\m[blue]\fB\fBmakesmtpaccess\fR(8)\fR\m[]\&\s-2\u[1]\d\s+2 +and +\m[blue]\fB\fBmakeimapaccess\fR(8)\fR\m[]\&\s-2\u[2]\d\s+2 +scripts check if the Perl +Net::CIDR +module is installed\&. This allows netblocks in the access files to use the CIDR notation: +.sp +.if n \{\ +.RS 4 +.\} +.nf +192\&.168\&.0\&.0/22allow,RELAYCLIENT +.fi +.if n \{\ +.RE +.\} +.PP +The scripts internally duplicate this access file entry for +\(lq192\&.168\&.0\(rq, +\(lq192\&.168\&.1\(rq, +\(lq192\&.168\&.2\(rq, and +\(lq192\&.168\&.3\(rq\&. +.SH "ENABLING HAPROXY" +.PP +The +\fB\-haproxy\fR +option enables support for +HAProxy +version 1\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf +\-haproxy +.fi +.if n \{\ +.RE +.\} +.PP +The default value of this option makes all connections, on all ports (see +the section called \(lqMULTIPLE PORT LIST\(rq) use the +\m[blue]\fBHAProxy protocol\fR\m[]\&\s-2\u[4]\d\s+2 +(see below on additional settings for controlling this)\&. The +\fB\-haproxy\fR +option has the following requirements: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +A firewall is required to blocks all connections except the ones from +HAProxy +server\*(Aqs IP address (to ports that use the +HAProxy +protocol), this is something that must be done separately\&. Do not use +\fB\-haproxy\fR +without a firewall that blocks all other connections (to the listening port)\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +The network connection between the +HAProxy +server and +\fBcouriertcpd\fR +must be a high availability, and a high quality connection\&. After accepting each client connection +\fBcouriertcpd\fR +waits to read the +HAProxy +protocol header +\fIbefore accepting any more connections\fR\&. +.RE +.sp +.if n \{\ +.RS 4 +.\} +.nf +\-haproxy=5 +.fi +.if n \{\ +.RE +.\} +.PP +An optional +\fB\-haproxy\fR +value sets a failsafe timeout in seconds (defaults to 15 seconds)\&. +\fBcouriertcpd\fR +closes the socket if the +HAProxy +protocol header is not received in the set timeout\&. +.PP +The default 15 second timeout setting should be sufficiently conservative\&. Additionally: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +With a high quality, reliable network, and +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +A robust +HAProxy +server that sends the protocol header instantly, without delay: +.RE +.PP +It should not be a problem to use a short timeout of four or five seconds in order to minimize the impact of rare, momentary, network hiccups\&. +.if n \{\ +.sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBNote\fR +.ps -1 +.br +.PP +Enabling TCP Fast Open (TFO) with +HAProxy +effectively guarantees an immediate receipt of the protocol header for most connections\&. It is recommended that TFO is enabled on the the +HAProxy +(the TFO client) and +\fBcouriertcpd\fR +(the TFO server)\&. +.sp .5v +.RE +.PP +Additional settings follow the timeout value, each setting is prefixed with a +\(lq/\(rq: +.sp +.if n \{\ +.RS 4 +.\} +.nf +\-haproxy=5/port=143 + +\-haproxy=/port=143 +.fi +.if n \{\ +.RE +.\} +.PP +The +\(lq/\(rq +is still required when the default timeout value is ommited\&. One setting is available: +.PP +/port=\fIn\fR +.RS 4 +Enable +HAProxy +support only for connections to this port (this is when when +\fBcouriertcpd\fR +accepts connections on multiple ports, see +the section called \(lqMULTIPLE PORT LIST\(rq)\&. +\fIn\fR +is one of the ports that +\fBcouriertcpd\fR +listens for connection (no error is reported if +\fIn\fR +is not, and this gets ignored)\&. Connections to any other port, that +\fBcouriertcpd\fR +listens on, will not have +HAProxy +support enabled\&. +.RE +.PP +/port=\fIip\fR\&.\fIn\fR +.RS 4 +A port number is optionally specified as +\(lqaddress\&.port\(rq, for example: +.sp +.if n \{\ +.RS 4 +.\} +.nf +\-haproxy=/port=192\&.168\&.0\&.1\&.8000 +.fi +.if n \{\ +.RE +.\} +This enables +HAProxy +for connections to port 8000 with IP address 192\&.168\&.0\&.1 (presumably this machine\*(Aqs IP address)\&. Connections to port 8000 via the loopback interface (localhost) will not use +HAProxy\&. +.RE +.PP +\fB\-haproxy\fR +option\*(Aqs value is actually a comma\-separated list: +.sp +.if n \{\ +.RS 4 +.\} +.nf +\-haproxy=/port=25,/port=587 +.fi +.if n \{\ +.RE +.\} +.PP +This is logically equivalent to using two +\fB\-haproxy\fR +options, one for each value (but only one +\fB\-haproxy\fR +option is allowed as a command\-line argument, so this is the only way to specify multiple proxy endpoints)\&. .SH "ENVIRONMENT VARIABLES" .PP \fBcouriertcpd\fR @@ -871,11 +1089,49 @@ will not be set if the reverse DNS lookup fails completely\&. TCPLOCALIP .RS 4 The IP address of the local end of the network connection\&. +.if n \{\ +.sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBNote\fR +.ps -1 +.br +With the +\fB\-haproxy\fR +option this is the local end of the connection on the +HAProxy +server\&. +.sp .5v +.RE .RE .PP TCPLOCALPORT .RS 4 -Rhe number of the port of the local end of the network connection\&. +The number of the port of the local end of the network connection\&. +.if n \{\ +.sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBNote\fR +.ps -1 +.br +With the +\fB\-haproxy\fR +option this is the local end of the connection on the +HAProxy +server\&. +.sp .5v +.RE .RE .PP TCPREMOTEHOST @@ -884,25 +1140,70 @@ The hostname of the connecting host\&. Like \fBTCPLOCALHOST\fR, but for the connecting IP address\&. .RE .PP -TCPREMOTEIP +TCPREMOTEINFO .RS 4 -Connecting IP address\&. +This is set only when the +\fB\-haproxy\fR +option is used, and contains brief text that repeats the contents of +\fBTCPLOCALIP\fR +and +\fBTCPLOCALPORT\fR\&. +Courier +adds this text to the +Received: +header\&. .RE .PP -TCPREMOTEINFO +TCPREMOTEIP .RS 4 -Identification string received from the IDENT server on the remote IP address\&. Not set if the IDENT server returned an error, or if the -\fB\-noidentlookup\fR -option was specified\&. +Connecting IP address\&. +.if n \{\ +.sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBNote\fR +.ps -1 +.br +With the +\fB\-haproxy\fR +option this is the remote end of the connection on the +HAProxy +server\&. +.sp .5v +.RE .RE .PP TCPREMOTEPORT .RS 4 TCP port of the remote end of the network connection\&. +.if n \{\ +.sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBNote\fR +.ps -1 +.br +With the +\fB\-haproxy\fR +option this is the remote end of the connection on the +HAProxy +server\&. +.sp .5v +.RE .RE .SH "SEE ALSO" .PP -\m[blue]\fB\fBcourier\fR(8)\fR\m[]\&\s-2\u[4]\d\s+2\&. +\m[blue]\fB\fBcourier\fR(8)\fR\m[]\&\s-2\u[3]\d\s+2\&. .SH "AUTHOR" .PP \fBSam Varshavchik\fR @@ -911,23 +1212,23 @@ Author .RE .SH "NOTES" .IP " 1." 4 -Multiple port list -.RS 4 -\%http://www.courier-mta.org/#list -.RE -.IP " 2." 4 \fBmakesmtpaccess\fR(8) .RS 4 \%http://www.courier-mta.org/makesmtpaccess.html .RE -.IP " 3." 4 +.IP " 2." 4 \fBmakeimapaccess\fR(8) .RS 4 \%http://www.courier-mta.org/makeimapaccess.html .RE -.IP " 4." 4 +.IP " 3." 4 \fBcourier\fR(8) .RS 4 \%http://www.courier-mta.org/courier.html .RE +.IP " 4." 4 +HAProxy protocol +.RS 4 +\%https://www.haproxy.org +.RE diff --git a/courier-imap-x/libs/tcpd/couriertcpd.html b/courier-imap-x/libs/tcpd/couriertcpd.html index 94c364717..09587ff0f 100644 --- a/courier-imap-x/libs/tcpd/couriertcpd.html +++ b/courier-imap-x/libs/tcpd/couriertcpd.html @@ -50,8 +50,8 @@ local system. When multiple port numbers are specified, it is also possible to selectively bind different network addresses to each port number when list specifies more than one port -number. See "Multiple port list" below for more -information.

-block=zone[=display_zone][,var[/n.n.n.n][,msg]] +number. See the section called “MULTIPLE PORT LIST” +below for information.

-block=zone[=display_zone][,var[/n.n.n.n][,msg]] or -allow=zone[=display_zone][,var[/n.n.n.n[,]]]

Initialize the environment variable var if both of @@ -107,8 +107,7 @@ The -maxperip option can be overridden for a given IP address by setting the MAXCPERIP environment - variable, see Setting environment - variables for more information. + variable, see the section called “Setting environment variables” for more information.

-maxprocs=n

Maximum number of connection slots, or the maximum number of processes started. This effectively specifies @@ -126,10 +125,11 @@ Do not look up the hostname associated with connecting IP address and the local addres, do not initialize the TCPREMOTEHOST or TCPLOCALHOST environment -variables (see below).

-noidentlookup

-Do not perform an ident -lookup, and do not initialize the TCPREMOTEINFO environment -variable.

-pid=filename

+variables (see below).

-haproxy=options

+ Enable the HAProxy + protocol. See the section called “Enabling HAProxy + for more information. +

-pid=filename

If given, couriertcpd puts itself into the background and saves its process ID in this file, usually somewhere in /var/run.

This option must also be present when using the -restart @@ -166,12 +166,13 @@ Set couriertcpd's user ID. Also, the group ID is set to the user's group ID. Using both -group and -user is not necessary. Only the -superuser can specify -user.

MULTIPLE PORT LIST

-The list argument can be a comma-separated list of -multiple port -numbers. couriertcpd will create network connections on any -listed port. Each port number can be optionally specified as "address.port", -for example:

+superuser can specify -user.

MULTIPLE PORT LIST

+ The list argument can be a comma-separated + list of multiple port numbers. + couriertcpd listens for network connections on every + listed port. Each port number is optionally specified as + address.port, + for example:

 couriertcpd -pid=/var/run/smtp.pid 127.0.0.1.25,999 program

This instance accepts network connections to either port 25 or port 999, @@ -202,9 +203,8 @@ access file couriertcpd accepts a connection from any IP address.

Both IPv4 and IPv6 addresses can be specified, if IPv6 support is -available. A non-standard syntax is currently used to specify IPv6 addresses. -This is subject to change in the near future. IPv6 support is currently -considered to be experimental.

+available. A slightly non-standard syntax is used to specify IPv6 +addresses.

The access file is a binary database file that's usually created by a script, such as makesmtpaccess(8), or @@ -216,34 +216,31 @@ connections from an IP address range:

 netblock<tab>deny

netblock is an IP address, such as -192.68.0.2. <tab> +192.168.0.2. <tab> is the ASCII tab character. There MUST be exactly one tab character after the IP address and the word "deny".

You can also block connections from an entire network C block:

-192.68.0<tab>deny
+192.168.0<tab>deny

-This blocks connections from IP addresses 192.68.0.0 -through 192.68.0.255. +This blocks connections from IP addresses 192.168.0.0 +through 192.168.0.255. Blocking connections from an entire B or A network block works the same way.

Use the word "allow" instead of "deny" to explicitly allow connections from that IP address or netblock. For example:

-192.68.0<tab>deny
-192.68.0.10<tab>allow
+192.168.0<tab>deny
+192.168.0.10<tab>allow

-This blocks all connections from 192.68.0.0 to -192.68.0.255 except for 192.68.0.10. +This blocks all connections from 192.168.0.0 to +192.168.0.255 except for 192.168.0.10. These two lines can occur in any order. couriertcpd always uses the line with the most specific IP address.

If the IP address of the connection is not found in the access file the connection is accepted by default. The following line causes unlisted connections to be rejected:

 *<tab>deny
-

IPv6 addresses

Note

-IPv6 support in the access file is experimental, and is subject to -change in a future release. The following syntax is subject to change at any -time.

+

IPv6 addresses

The access file can also specify IPv6 addresses, if IPv6 support is available. The existing IPv4 address format is used for IPv6-mapped IPv4 addresses, and no changes are required. For all other IPv6 addresses use the @@ -273,19 +270,19 @@ assignments, separated by commas. The environment variables are set before executing program or checking access lists (see below). For example:

-192.68.0<tab>allow,RELAYCLIENT
-192.68.0.10<tab>allow,RELAYCLIENT,SIZELIMIT=1000000
+192.168.0<tab>allow,RELAYCLIENT
+192.168.0.10<tab>allow,RELAYCLIENT,SIZELIMIT=1000000

This sets RELAYCLIENT environment variable for connections -from the 192.68.0 block. In addition to that, the SIZELIMIT +from the 192.168.0 block. In addition to that, the SIZELIMIT environment variable is set to 1000000 if the connection comes from the IP -address 192.68.0.10.

+address 192.168.0.10.

Note that RELAYCLIENT must be explicitly specified for the IP -address 192.68.0.10. The first line is NOT used for +address 192.168.0.10. The first line is NOT used for connections from this IP address. couriertcpd only reads one entry from the access file, the entry for the most specific IP address.

-192.68.0.10<tab>allow,MAXCPERIP=100
+192.168.0.10<tab>allow,MAXCPERIP=100

couriertcpd itself implements the MAXCPERIP environment variable setting @@ -454,7 +451,109 @@ See courier(8) . -

ENVIRONMENT VARIABLES

+

Using CIDR notation for IPv4 and IPv6 addresses

+ makesmtpaccess(8) and + makeimapaccess(8) + scripts check if the Perl Net::CIDR module is + installed. This allows netblocks in the access files to + use the CIDR notation: + 

+192.168.0.0/22<tab>allow,RELAYCLIENT
+

+ The scripts internally duplicate this access file entry for + 192.168.0, + 192.168.1, + 192.168.2, and + 192.168.3. +

Enabling HAProxy

+ The -haproxy option enables support for + HAProxy version 1. + 

-haproxy

+ The default value of this option makes + all connections, on all ports (see + the section called “MULTIPLE PORT LIST”) use the + HAProxy protocol + (see below on additional settings for controlling this). + + The -haproxy option has the following requirements: +

  • + A firewall is required to blocks all connections + except the ones from HAProxy server's + IP address (to ports that use + the HAProxy protocol), this is + something that must be done separately. Do not use + -haproxy without a firewall that blocks + all other connections (to the listening port). +

  • + The network connection between the + HAProxy server and + couriertcpd must be a high availability, + and a high quality connection. + After accepting each client connection + couriertcpd waits to read the + HAProxy + protocol header + before accepting any more connections. + 

-haproxy=5

+ An optional -haproxy value + sets a failsafe timeout in seconds (defaults to 15 + seconds). couriertcpd closes the socket + if the HAProxy protocol header is not + received in the set + timeout. +

+ The default 15 second timeout setting should be sufficiently + conservative. Additionally: +

  • With a high quality, reliable network, and
  • A robust HAProxy server + that sends the protocol header instantly, without delay:

+ It should not be a problem to use a short timeout of + four or five seconds in order to minimize the impact of rare, + momentary, network hiccups. +

Note

+ Enabling TCP Fast Open (TFO) + with HAProxy + effectively guarantees an immediate receipt of the protocol header + for most connections. It is recommended that TFO is enabled on the + the HAProxy (the TFO client) and + couriertcpd (the TFO server). +

+ Additional settings follow the timeout value, each setting is prefixed + with a /: + 

-haproxy=5/port=143
+
+-haproxy=/port=143

+ The / is still required when + the default timeout value is ommited. One setting is available: +

/port=n

+ Enable HAProxy support only for + connections to this port (this is when + when couriertcpd accepts connections on + multiple ports, see + the section called “MULTIPLE PORT LIST”). + n is one of the ports that + couriertcpd listens for connection + (no error is reported if n is not, + and this gets ignored). Connections to any other port, that + couriertcpd listens on, will not have + HAProxy support enabled. +

/port=ip.n

+ A port number is optionally specified as + address.port, + for example:

-haproxy=/port=192.168.0.1.8000

+ This enables HAProxy for connections + to port 8000 with IP address 192.168.0.1 (presumably this + machine's IP address). Connections to port 8000 via the loopback + interface (localhost) + will not use HAProxy. +

+ -haproxy option's value is actually a comma-separated + list: + 

-haproxy=/port=25,/port=587

+ This is logically equivalent to using two -haproxy + options, one for each value (but only one -haproxy + option is allowed as a command-line argument, so this is the only way + to specify multiple proxy endpoints). +

ENVIRONMENT VARIABLES

couriertcpd also initializes the following environment variables prior to running program:

TCPLOCALHOST

The name of the host on the local end of @@ -468,14 +567,35 @@ with it), or if the reverse and forward DNS lookups do not match. TCPLOCALHOST will not be set if the reverse DNS lookup fails completely.

TCPLOCALIP

-The IP address of the local end of the network connection.

TCPLOCALPORT

-Rhe number of the port of the local end of the network connection.

TCPREMOTEHOST

+ The IP address of the local end of the network connection. +

Note

+ With the -haproxy option this is the local + end of the connection on the HAProxy + server. +

TCPLOCALPORT

+ The number of the port of the local end of the network + connection. +

Note

+ With the -haproxy option this is the local + end of the connection on the HAProxy + server. +

TCPREMOTEHOST

The hostname of the connecting host. Like -TCPLOCALHOST, but for the connecting IP address.

TCPREMOTEIP

-Connecting IP address.

TCPREMOTEINFO

-Identification string received from the -IDENT server on the remote IP address. Not set if the IDENT server -returned an error, or if the -noidentlookup option was -specified.

TCPREMOTEPORT

-TCP port of the remote end of the network connection.

SEE ALSO

+TCPLOCALHOST, but for the connecting IP address.

TCPREMOTEINFO

+ This is set only when the -haproxy option is used, + and contains brief text that repeats the contents of + TCPLOCALIP and TCPLOCALPORT. + Courier adds this text to the + Received: header. +

TCPREMOTEIP

+Connecting IP address.

Note

+ With the -haproxy option this is the remote + end of the connection on the HAProxy + server. +

TCPREMOTEPORT

+TCP port of the remote end of the network connection.

Note

+ With the -haproxy option this is the remote + end of the connection on the HAProxy + server. +

SEE ALSO

courier(8).

diff --git a/courier-imap-x/libs/tcpd/tcpd.c b/courier-imap-x/libs/tcpd/tcpd.c index 55f1111ad..fed3e61d4 100644 --- a/courier-imap-x/libs/tcpd/tcpd.c +++ b/courier-imap-x/libs/tcpd/tcpd.c @@ -1,5 +1,5 @@ /* -** Copyright 1998 - 2020 Double Precision, Inc. +** Copyright 1998 - 2024 Double Precision, Inc. ** See COPYING for distribution information. */ @@ -30,6 +30,7 @@ #include #include #include +#include #if HAVE_SYS_STAT_H #include #endif @@ -46,7 +47,6 @@ #include "rfc1035/rfc1035.h" #include "liblock/config.h" #include "liblock/liblock.h" -#include "tcpremoteinfo.h" #include "numlib/numlib.h" #include "argparse.h" @@ -66,7 +66,7 @@ static const char *maxperiparg=0; static const char *maxpercarg=0; static const char *droparg=0; static const char *nodnslookup=0; -static const char *noidentlookup=0; +static const char *haproxy=0; static const char *stderrarg=0; static const char *stderrloggerarg=0; static const char *pidarg=0; @@ -95,7 +95,7 @@ static struct args arginfo[]={ {"maxprocs", &maxprocsarg}, {"warn", &warnarg}, {"nodnslookup", &nodnslookup}, - {"noidentlookup", &noidentlookup}, + {"haproxy", &haproxy}, {"pid", &pidarg}, {"restart", &restartarg}, {"stderr", &stderrarg}, @@ -116,6 +116,16 @@ static struct portinfo { int fd1, fd2; /* BSD may need both IPv4 and IPv6 sockets */ } *fdlist=0; + +/* Local ports for haproxy */ + +static struct haproxyinfo { + struct haproxyinfo *next; + RFC1035_ADDR addr; + int port; + time_t timeout; +} *haproxylist=0; + static int maxfd; static int nprocs, maxperc, maxperip, nwarn; @@ -280,6 +290,92 @@ static struct portinfo *createport(const char *a, const char *s) return (p); } +/* +** Parse the -haproxy parameter. +*/ + +static void parsehaproxy1(char *p) +{ + for ( ; (p=strtok(p, ",")) != 0; p=0) + { + struct haproxyinfo *info; + + char *q; + int timeout=0; + RFC1035_ADDR addr; + int port=0; + + memset(&addr, 0, sizeof(addr)); + while ((q=strrchr(p, '/')) != 0) + { + *q++=0; + + if (strncmp(q, "port=", 5) == 0) + { + char *r; + + q += 5; + + r=strrchr(q, '.'); + + if (r) + { + *r++=0; + + if (rfc1035_aton(q, &addr) < 0) + { + fprintf(stderr, + "Invalid IP address:" + " %s\n", q); + exit(1); + } + } + else + r=q; + + port=atoi(r); + } + } + + if (*p) + timeout=atoi(p); + + if (timeout <= 0) + timeout=15; + + if ((info=malloc(sizeof(struct haproxyinfo))) == 0) + { + perror("malloc"); + exit(1); + } + + memset(info, 0, sizeof(*info)); + + info->next=haproxylist; + + haproxylist=info; + + info->addr=addr; + info->port=port; + info->timeout=timeout; + } +} + +static void parsehaproxy() +{ + char *p; + + if (!haproxy) + return; + + p=strdup(haproxy); + if (!p) + return; + + parsehaproxy1(p); + free(p); +} + static int parseaddr(const char *p) { char *buf=strdup(p); @@ -438,10 +534,17 @@ static int mksocket(const char *ipaddrarg, /* Host/IP address */ { int dummy=1; +#ifdef IP_FREEBIND + if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, + (const char *)&dummy, sizeof(dummy)) < 0) + { + perror("setsockopt(IP_FREEBIND)"); + } +#endif if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (const char *)&dummy, sizeof(dummy)) < 0) { - perror("setsockopt"); + perror("setsockopt(SO_REUSEADDR)"); } } @@ -638,6 +741,8 @@ int lockfd=-1; return (-1); } + parsehaproxy(); + if (mksockets()) { close(lockfd); @@ -871,7 +976,10 @@ int lockfd=-1; return (argn); } -static void run(int, const RFC1035_ADDR *, int, const char *, char **); +static void run(int, const RFC1035_ADDR *, int, + RFC1035_NETADDR *lsin, + socklen_t lsinl, + const char *, char **, int); static void doreap(pid_t p, int wait_stat) { @@ -1177,10 +1285,223 @@ static void denied(int sockfd) _exit(0); } +static int get_haproxy(int sockfd, RFC1035_NETADDR *sin, int *sinl, + RFC1035_NETADDR *lsin, + socklen_t *lsinl, + int *using_haproxy) +{ + char buf[256]; + char *bufptr=buf; + size_t bufl=sizeof(buf)-1; + const char *proxy_str; + const char *family_str; + const char *remoteip_str; + const char *localip_str; + const char *remoteport_str; + const char *localport_str; + struct haproxyinfo *info; + time_t timeout; + int addrport; + + RFC1035_ADDR defaultaddr, socketaddr; + + *using_haproxy=0; + memset(&defaultaddr, 0, sizeof(defaultaddr)); + + if (rfc1035_sockaddrport(lsin, *lsinl, &addrport)) + { + fprintf(stderr, "haproxy: cannot get local port number\n"); + return -1; + } + + if (rfc1035_sockaddrip(lsin, *lsinl, &socketaddr)) + { + fprintf(stderr, "haproxy: cannot get local address\n"); + return -1; + } + + addrport=ntohs(addrport); + for (info=haproxylist; info; info=info->next) + { + if ((info->port == 0 || info->port == addrport) && + (memcmp(&info->addr, &defaultaddr, sizeof(defaultaddr)) == 0 + || + memcmp(&info->addr, &socketaddr, sizeof(socketaddr)) == 0)) + break; + } + if (!info) + return 0; + + time(&timeout); + + timeout += info->timeout; + + while (1) + { + ssize_t i, l; + time_t now; + struct pollfd pfd; + + time(&now); + + if (now >= timeout) + { + fprintf(stderr, "haproxy: timeout\n"); + return -1; + } + + if (bufl == 0) + { + fprintf(stderr, "haproxy: response too long\n"); + return -1; + } + + pfd.fd=sockfd; + pfd.events=POLLIN|POLLHUP; + pfd.revents=0; + + if (poll(&pfd, 1, (timeout-now)*1000) < 0 || + !(pfd.revents & POLLIN)) + { + fprintf(stderr, "haproxy: timeout\n"); + return -1; + } + l=recv(sockfd, bufptr, bufl, MSG_PEEK); + + if (l < 0) + { + perror("recv"); + return -1; + } + + if (l == 0) + { + if (bufptr != buf) + fprintf(stderr, "haproxy: connection closed\n"); + return -1; + } + + for (i=0; inext) check_blocklist(bl, addr); diff --git a/courier-imap-x/libs/tcpd/tcpremoteinfo.c b/courier-imap-x/libs/tcpd/tcpremoteinfo.c deleted file mode 100644 index b91a3e74b..000000000 --- a/courier-imap-x/libs/tcpd/tcpremoteinfo.c +++ /dev/null @@ -1,163 +0,0 @@ -/* -** Copyright 1998 - 2001 Double Precision, Inc. -** See COPYING for distribution information. -*/ - -#if HAVE_CONFIG_H -#include "config.h" -#endif -#include "tcpremoteinfo.h" -#include "soxwrap/sconnect.h" - -#if HAVE_UNISTD_H -#include -#endif -#if HAVE_FCNTL_H -#include -#endif -#include -#include -#include - -#include "soxwrap/soxwrap.h" - - -const char *tcpremoteinfo(const RFC1035_ADDR *laddr, int lport, - const RFC1035_ADDR *raddr, int rport, const char **ostype) -{ -int fd; -time_t current_time, max_time; -fd_set fds; -struct timeval tv; -static char buf[512]; -char *bufptr; -int bufleft, n; -char *p; -char *q; -RFC1035_NETADDR sin; -const struct sockaddr *addr; -int addrlen; - - fd=rfc1035_mksocket(SOCK_STREAM, 0, &n); - if (fd < 0) return (0); - - if (rfc1035_mkaddress(n, &sin, laddr, 0, &addr, &addrlen) < 0) - { - close(fd); - return (0); - } - - if (sox_bind(fd, addr, addrlen) < 0) - { - sox_close(fd); - return (0); - } - - time (¤t_time); - max_time=current_time+30; - - if (rfc1035_mkaddress(n, &sin, raddr, htons(113), &addr, &addrlen) < 0) - { - sox_close(fd); - return (0); - } - - if (s_connect(fd, addr, addrlen, max_time - current_time) < 0) - { - sox_close(fd); - return (0); - } - - sprintf(buf, "%d,%d\r\n", ntohs(rport), ntohs(lport)); - bufptr=buf; - bufleft=strlen(buf); - while (bufleft) - { - time(¤t_time); - if (current_time >= max_time) - { - sox_close(fd); - return (0); - } - - FD_ZERO(&fds); - FD_SET(fd, &fds); - tv.tv_sec=max_time-current_time; - tv.tv_usec=0; - if (sox_select(fd+1, 0, &fds, 0, &tv) != 1 || - !FD_ISSET(fd, &fds)) - { - sox_close(fd); - return (0); - } - n=sox_write(fd, bufptr, bufleft); - if (n <= 0) - { - sox_close(fd); - return (0); - } - bufptr += n; - bufleft -= n; - } - - bufptr=buf; - bufleft=sizeof(buf); - do - { - if (bufleft == 0) - { - sox_close(fd); - return (0); - } - - time(¤t_time); - if (current_time >= max_time) - { - sox_close(fd); - return (0); - } - - FD_ZERO(&fds); - FD_SET(fd, &fds); - tv.tv_sec=max_time-current_time; - tv.tv_usec=0; - if (sox_select(fd+1, &fds, 0, 0, &tv) != 1 || - !FD_ISSET(fd, &fds)) - { - sox_close(fd); - return (0); - } - - n=sox_read(fd, bufptr, bufleft); - if (n <= 0) - { - sox_close(fd); - return (0); - } - bufptr += n; - bufleft -= n; - } while (bufptr[-1] != '\n'); - sox_close(fd); - bufptr[-1]=0; - --bufptr; - if (bufptr > buf && bufptr[-1] == '\r') - bufptr[-1]=0; - - if ((p=strchr(buf, ':')) == 0) - return (0); - - q=++p; - if ((p=strchr(p, ':')) == 0) - return (0); - - *p++=0; - q=strtok(q, " \t"); - if (!q || strcmp(q, "USERID")) return (0); - if (ostype) *ostype=p; - if ((p=strchr(p, ':')) == 0) - return (0); - *p++=0; - while (*p && (*p == ' ' || *p == '\t')) p++; - return (p); -} - diff --git a/courier-imap-x/libs/tcpd/tcpremoteinfo.h b/courier-imap-x/libs/tcpd/tcpremoteinfo.h deleted file mode 100644 index 95ba3d97f..000000000 --- a/courier-imap-x/libs/tcpd/tcpremoteinfo.h +++ /dev/null @@ -1,30 +0,0 @@ -#ifndef tcpremoteinfo_h -#define tcpremoteinfo_h - -/* -** Copyright 1998 - 1999 Double Precision, Inc. -** See COPYING for distribution information. -*/ - -/* -*/ - -#include -#include -#include -#include -#include "rfc1035/rfc1035.h" - -#ifdef __cplusplus -extern "C" { -#endif - -const char *tcpremoteinfo(const RFC1035_ADDR *, int, /* Local */ - const RFC1035_ADDR *, int, /* Remote */ - const char **); - -#ifdef __cplusplus -} ; -#endif - -#endif diff --git a/indimail-access/doc/ChangeLog b/indimail-access/doc/ChangeLog index c577893b1..a632df909 100644 --- a/indimail-access/doc/ChangeLog +++ b/indimail-access/doc/ChangeLog @@ -6,6 +6,9 @@ Release @version@-@release@ Start 10/05/2024 End XX/XX/XXXX - 31/05/2024 02. indimail-access.spec: use $HOME/rpmbuild/SOURCES for source directory 03. indimail-access.spec: use python3-devel for mageia +- 16/07/2024 +04. upgraded courier-imap to 5.2.7 +05. upgraded maildrop to 3.1.7 * Sun Dec 03 2023 12:34:44 +0000 Manvendra Bhangui 1.2-1.2%{?dist} Release 1.2-1.1 Start 28/11/2024 End 03/12/2023