Re: postconf outputs 2 bounce_notice_recipient lines

[Scott Kitterman]

On Wednesday, December 22, 2021 11:00:12 AM EST Wietse Venema wrote:
> Scott Kitterman:
> > > > Any chance of the glibc-2.34 fix being in there too?  We haven't
> > > > switched, so not a rush directly for Debian, but some of our
> > > > downstreams have, so it would be nice to see.
> > > 
> > > What is 'the glibc-2.34 fix'?  closefrom() ?
> 
> Thanks for confirming that this is the closefrom portability fix.
> 
> > > I have been backporting GLIBC workarounds for broken DNSSEC support
> > > 
> > > and they seem to be ignored. Example from Postfix 3.5.1:
> > >Workaround for broken DANE support after an incompatible
> > >change in GLIBC 2.31. THIS AVOIDS THE NEED FOR NEW OPTIONS
> > >IN /etc/resolv.conf. Files: dns/dns.h, dns/dns_lookup.c.
> > > 
> > > I was not impressed with the lack of uptake by distros. That makes
> > > me less motivated to spend time backporting GLIBC workarounds for
> > > trivial problems like closefrom.
> 
> Has this been adopted, or do people on 3.5.* still have to tinker with
> their /etc/resolv.conf files?

Debian hasn't upgraded to 2.34 yet, so I can't say.  I've pinged the Ubuntu 
people that did the patch there for feedback.  Hopefully they or maybe someone 
from Fedora, Gentoo, etc. can tell us.

Scott K

Re: postconf outputs 2 bounce_notice_recipient lines

[Wietse Venema]

Scott Kitterman:
> > > Any chance of the glibc-2.34 fix being in there too?  We haven't
> > > switched, so not a rush directly for Debian, but some of our
> > > downstreams have, so it would be nice to see.
> > 
> > What is 'the glibc-2.34 fix'?  closefrom() ?

Thanks for confirming that this is the closefrom portability fix.

> > I have been backporting GLIBC workarounds for broken DNSSEC support
> > and they seem to be ignored. Example from Postfix 3.5.1:
> > 
> >Workaround for broken DANE support after an incompatible
> >change in GLIBC 2.31. THIS AVOIDS THE NEED FOR NEW OPTIONS
> >IN /etc/resolv.conf. Files: dns/dns.h, dns/dns_lookup.c.
> > 
> > I was not impressed with the lack of uptake by distros. That makes
> > me less motivated to spend time backporting GLIBC workarounds for
> > trivial problems like closefrom.

Has this been adopted, or do people on 3.5.* still have to tinker with
their /etc/resolv.conf files?

Wietse

Re: postconf outputs 2 bounce_notice_recipient lines

[Scott Kitterman]

On Wednesday, December 22, 2021 9:35:20 AM EST Wietse Venema wrote:
> Scott Kitterman:
> > >> I was just reviewing the 3.7 development changelog and didn't see
> > >> 2025
> > >> listed.  Is this fix still planned?
> > >
> > >The fix is in the 3.7 code, but I forgot to update the HISTORY file.
> > >It is also planned for the next stable releases, together with the
> > >fix below.
> > >
> > >These are low-priority fixes, so expect to see these early January.
> > >
> > >   Wietse
> > >
> > >20211216
> > >
> > >   Bugfix (introduced: Postfix 3.0): the proxymap daemon did not
> > >   automatically authorize proxied maps inside pipemap (example:
> > >   pipemap:{proxy:maptype:mapname, ...}) or inside unionmap. Problem
> > >   reported by Mirko Vogt. Files: proxymap/proxymap.c.
> > 
> > Thanks.  Certainly no rush.  I only wanted to make sure it wasn't
> > forgotten.
> > 
> > Any chance of the glibc-2.34 fix being in there too?  We haven't
> > switched, so not a rush directly for Debian, but some of our
> > downstreams have, so it would be nice to see.
> 
> What is 'the glibc-2.34 fix'?  closefrom() ?
> 
> I have been backporting GLIBC workarounds for broken DNSSEC support
> and they seem to be ignored. Example from Postfix 3.5.1:
> 
>Workaround for broken DANE support after an incompatible
>change in GLIBC 2.31. THIS AVOIDS THE NEED FOR NEW OPTIONS
>IN /etc/resolv.conf. Files: dns/dns.h, dns/dns_lookup.c.
> 
> I was not impressed with the lack of uptake by distros. That makes
> me less motivated to spend time backporting GLIBC workarounds for
> trivial problems like closefrom.

Sorry for not being clear.

The one discussed in:

https://marc.info/?t=16275452534=1=2

Based on that, Ubuntu came up with:

https://git.launchpad.net/ubuntu/+source/postfix/tree/debian/patches/
postfix-3.6.2-glibc-234-build-fix.patch

Presumably based on the patch metadata Fedora and Gentoo have something 
similar.  I'd imagine others as well.

Scott K

Re: postconf outputs 2 bounce_notice_recipient lines

[Wietse Venema]

Scott Kitterman:
> >> I was just reviewing the 3.7 development changelog and didn't see 2025 
> >> listed.  Is this fix still planned?
> >
> >The fix is in the 3.7 code, but I forgot to update the HISTORY file.
> >It is also planned for the next stable releases, together with the
> >fix below.
> >
> >These are low-priority fixes, so expect to see these early January.
> >
> > Wietse
> >
> >20211216
> >
> > Bugfix (introduced: Postfix 3.0): the proxymap daemon did not
> > automatically authorize proxied maps inside pipemap (example:
> > pipemap:{proxy:maptype:mapname, ...}) or inside unionmap. Problem
> > reported by Mirko Vogt. Files: proxymap/proxymap.c.
> 
> Thanks.  Certainly no rush.  I only wanted to make sure it wasn't forgotten.
> 
> Any chance of the glibc-2.34 fix being in there too?  We haven't
> switched, so not a rush directly for Debian, but some of our
> downstreams have, so it would be nice to see.

What is 'the glibc-2.34 fix'?  closefrom() ?

I have been backporting GLIBC workarounds for broken DNSSEC support
and they seem to be ignored. Example from Postfix 3.5.1:

   Workaround for broken DANE support after an incompatible
   change in GLIBC 2.31. THIS AVOIDS THE NEED FOR NEW OPTIONS
   IN /etc/resolv.conf. Files: dns/dns.h, dns/dns_lookup.c.

I was not impressed with the lack of uptake by distros. That makes
me less motivated to spend time backporting GLIBC workarounds for
trivial problems like closefrom.

Wietse

Re: postconf outputs 2 bounce_notice_recipient lines

[Scott Kitterman]

On December 22, 2021 2:34:22 AM UTC, Wietse Venema  wrote:
>Scott Kitterman:
>> On Monday, November 15, 2021 9:03:32 AM EST  wrote:
>> > Vincent Lefevre:
>> > > Under Debian, after the postfix upgrade from 3.5.6 to 3.5.13,
>> > > postconf now outputs duplicate bounce_notice_recipient lines:
>> > > 
>> > > zira:~> postconf | grep '^bounce_notice_recipient'
>> > > bounce_notice_recipient = postmaster
>> > > bounce_notice_recipient = postmaster
>> > > 
>> > > Can you reproduce this?
>> > 
>> > Yes. It was introduced with postfix-3.3-patch19, postfix-3.4-patch22,
>> > postfix-3.5-patch12, and postfix-3.6-patch02.
>> > 
>> > 20210708
>> > 
>> > Bugfix (introduced: 1999): the Postfix SMTP server was
>> > sending all session transcripts to the error_notice_recipient,
>> > instead of sending transcripts of bounced mail to the
>> > bounce_notice_recipient. File: smtpd/smtpd_chat.c.
>> > 
>> > The above replaced error_notice_recipient with bounce_notice_recipient,
>> > but did not update the default setting. The fix for the fix is
>> > below.
>> > 
>> >Wietse
>> > 
>> > 2025
>> > 
>> >Bugfix (introduced: 20210708): duplicate bounce_notice_recipient
>> >entries in postconf output. The fix to send SMTP session
>> >transcripts to bounce_notice_recipient was incomplete.
>> >Reported by Vincent Lefevre. File: smtpd/smtpd.c.
>> > 
>> > The same fix applies to postfix-3.3.19, postfix-3.4.22, postfix-3.5.12,
>> > postfix-3.6.2, and later.
>> > 
>> > --- /var/tmp/postfix/src/smtpd/smtpd.c 2021-07-24 18:20:43.0 
>> > -0400
>> > +++ src/smtpd/smtpd.c  2021-11-15 08:42:43.088958256 -0500
>> > @@ -6419,7 +6419,7 @@
>> >VAR_EOD_CHECKS, DEF_EOD_CHECKS, _eod_checks, 0, 0,
>> >VAR_MAPS_RBL_DOMAINS, DEF_MAPS_RBL_DOMAINS, _maps_rbl_domains, 0, 0,
>> >VAR_RBL_REPLY_MAPS, DEF_RBL_REPLY_MAPS, _rbl_reply_maps, 0, 0,
>> > -  VAR_BOUNCE_RCPT, DEF_ERROR_RCPT, _bounce_rcpt, 1, 0,
>> > +  VAR_BOUNCE_RCPT, DEF_BOUNCE_RCPT, _bounce_rcpt, 1, 0,
>> >VAR_ERROR_RCPT, DEF_ERROR_RCPT, _error_rcpt, 1, 0,
>> >VAR_REST_CLASSES, DEF_REST_CLASSES, _rest_classes, 0, 0,
>> >VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, _canonical_maps, 0, 0,
>> 
>> I was just reviewing the 3.7 development changelog and didn't see 2025 
>> listed.  Is this fix still planned?
>
>The fix is in the 3.7 code, but I forgot to update the HISTORY file.
>It is also planned for the next stable releases, together with the
>fix below.
>
>These are low-priority fixes, so expect to see these early January.
>
>   Wietse
>
>20211216
>
>   Bugfix (introduced: Postfix 3.0): the proxymap daemon did not
>   automatically authorize proxied maps inside pipemap (example:
>   pipemap:{proxy:maptype:mapname, ...}) or inside unionmap. Problem
>   reported by Mirko Vogt. Files: proxymap/proxymap.c.

Thanks.  Certainly no rush.  I only wanted to make sure it wasn't forgotten.

Any chance of the glibc-2.34 fix being in there too?  We haven't switched, so 
not a rush directly for Debian, but some of our downstreams have, so it would 
be nice to see.

Scott K

Re: postconf outputs 2 bounce_notice_recipient lines

[Wietse Venema]

Scott Kitterman:
> On Monday, November 15, 2021 9:03:32 AM EST  wrote:
> > Vincent Lefevre:
> > > Under Debian, after the postfix upgrade from 3.5.6 to 3.5.13,
> > > postconf now outputs duplicate bounce_notice_recipient lines:
> > > 
> > > zira:~> postconf | grep '^bounce_notice_recipient'
> > > bounce_notice_recipient = postmaster
> > > bounce_notice_recipient = postmaster
> > > 
> > > Can you reproduce this?
> > 
> > Yes. It was introduced with postfix-3.3-patch19, postfix-3.4-patch22,
> > postfix-3.5-patch12, and postfix-3.6-patch02.
> > 
> > 20210708
> > 
> > Bugfix (introduced: 1999): the Postfix SMTP server was
> > sending all session transcripts to the error_notice_recipient,
> > instead of sending transcripts of bounced mail to the
> > bounce_notice_recipient. File: smtpd/smtpd_chat.c.
> > 
> > The above replaced error_notice_recipient with bounce_notice_recipient,
> > but did not update the default setting. The fix for the fix is
> > below.
> > 
> > Wietse
> > 
> > 2025
> > 
> > Bugfix (introduced: 20210708): duplicate bounce_notice_recipient
> > entries in postconf output. The fix to send SMTP session
> > transcripts to bounce_notice_recipient was incomplete.
> > Reported by Vincent Lefevre. File: smtpd/smtpd.c.
> > 
> > The same fix applies to postfix-3.3.19, postfix-3.4.22, postfix-3.5.12,
> > postfix-3.6.2, and later.
> > 
> > --- /var/tmp/postfix/src/smtpd/smtpd.c  2021-07-24 18:20:43.0 
> > -0400
> > +++ src/smtpd/smtpd.c   2021-11-15 08:42:43.088958256 -0500
> > @@ -6419,7 +6419,7 @@
> > VAR_EOD_CHECKS, DEF_EOD_CHECKS, _eod_checks, 0, 0,
> > VAR_MAPS_RBL_DOMAINS, DEF_MAPS_RBL_DOMAINS, _maps_rbl_domains, 0, 0,
> > VAR_RBL_REPLY_MAPS, DEF_RBL_REPLY_MAPS, _rbl_reply_maps, 0, 0,
> > -   VAR_BOUNCE_RCPT, DEF_ERROR_RCPT, _bounce_rcpt, 1, 0,
> > +   VAR_BOUNCE_RCPT, DEF_BOUNCE_RCPT, _bounce_rcpt, 1, 0,
> > VAR_ERROR_RCPT, DEF_ERROR_RCPT, _error_rcpt, 1, 0,
> > VAR_REST_CLASSES, DEF_REST_CLASSES, _rest_classes, 0, 0,
> > VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, _canonical_maps, 0, 0,
> 
> I was just reviewing the 3.7 development changelog and didn't see 2025 
> listed.  Is this fix still planned?

The fix is in the 3.7 code, but I forgot to update the HISTORY file.
It is also planned for the next stable releases, together with the
fix below.

These are low-priority fixes, so expect to see these early January.

Wietse

20211216

Bugfix (introduced: Postfix 3.0): the proxymap daemon did not
automatically authorize proxied maps inside pipemap (example:
pipemap:{proxy:maptype:mapname, ...}) or inside unionmap. Problem
reported by Mirko Vogt. Files: proxymap/proxymap.c.

Re: postconf outputs 2 bounce_notice_recipient lines

[Scott Kitterman]

On Monday, November 15, 2021 9:03:32 AM EST  wrote:
> Vincent Lefevre:
> > Under Debian, after the postfix upgrade from 3.5.6 to 3.5.13,
> > postconf now outputs duplicate bounce_notice_recipient lines:
> > 
> > zira:~> postconf | grep '^bounce_notice_recipient'
> > bounce_notice_recipient = postmaster
> > bounce_notice_recipient = postmaster
> > 
> > Can you reproduce this?
> 
> Yes. It was introduced with postfix-3.3-patch19, postfix-3.4-patch22,
> postfix-3.5-patch12, and postfix-3.6-patch02.
> 
> 20210708
> 
> Bugfix (introduced: 1999): the Postfix SMTP server was
> sending all session transcripts to the error_notice_recipient,
> instead of sending transcripts of bounced mail to the
> bounce_notice_recipient. File: smtpd/smtpd_chat.c.
> 
> The above replaced error_notice_recipient with bounce_notice_recipient,
> but did not update the default setting. The fix for the fix is
> below.
> 
>   Wietse
> 
> 2025
> 
>   Bugfix (introduced: 20210708): duplicate bounce_notice_recipient
>   entries in postconf output. The fix to send SMTP session
>   transcripts to bounce_notice_recipient was incomplete.
>   Reported by Vincent Lefevre. File: smtpd/smtpd.c.
> 
> The same fix applies to postfix-3.3.19, postfix-3.4.22, postfix-3.5.12,
> postfix-3.6.2, and later.
> 
> --- /var/tmp/postfix/src/smtpd/smtpd.c2021-07-24 18:20:43.0 
> -0400
> +++ src/smtpd/smtpd.c 2021-11-15 08:42:43.088958256 -0500
> @@ -6419,7 +6419,7 @@
>   VAR_EOD_CHECKS, DEF_EOD_CHECKS, _eod_checks, 0, 0,
>   VAR_MAPS_RBL_DOMAINS, DEF_MAPS_RBL_DOMAINS, _maps_rbl_domains, 0, 0,
>   VAR_RBL_REPLY_MAPS, DEF_RBL_REPLY_MAPS, _rbl_reply_maps, 0, 0,
> - VAR_BOUNCE_RCPT, DEF_ERROR_RCPT, _bounce_rcpt, 1, 0,
> + VAR_BOUNCE_RCPT, DEF_BOUNCE_RCPT, _bounce_rcpt, 1, 0,
>   VAR_ERROR_RCPT, DEF_ERROR_RCPT, _error_rcpt, 1, 0,
>   VAR_REST_CLASSES, DEF_REST_CLASSES, _rest_classes, 0, 0,
>   VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, _canonical_maps, 0, 0,

I was just reviewing the 3.7 development changelog and didn't see 2025 
listed.  Is this fix still planned?

Scott K

Re: postconf outputs 2 bounce_notice_recipient lines

[Vincent Lefevre]

On 2021-11-15 09:03:32 -0500, Wietse Venema wrote:
> 2025
> 
>   Bugfix (introduced: 20210708): duplicate bounce_notice_recipient
>   entries in postconf output. The fix to send SMTP session
>   transcripts to bounce_notice_recipient was incomplete.
>   Reported by Vincent Lefevre. File: smtpd/smtpd.c.
> 
> The same fix applies to postfix-3.3.19, postfix-3.4.22, postfix-3.5.12,
> postfix-3.6.2, and later.
> 
> --- /var/tmp/postfix/src/smtpd/smtpd.c2021-07-24 18:20:43.0 
> -0400
> +++ src/smtpd/smtpd.c 2021-11-15 08:42:43.088958256 -0500
> @@ -6419,7 +6419,7 @@
>   VAR_EOD_CHECKS, DEF_EOD_CHECKS, _eod_checks, 0, 0,
>   VAR_MAPS_RBL_DOMAINS, DEF_MAPS_RBL_DOMAINS, _maps_rbl_domains, 0, 0,
>   VAR_RBL_REPLY_MAPS, DEF_RBL_REPLY_MAPS, _rbl_reply_maps, 0, 0,
> - VAR_BOUNCE_RCPT, DEF_ERROR_RCPT, _bounce_rcpt, 1, 0,
> + VAR_BOUNCE_RCPT, DEF_BOUNCE_RCPT, _bounce_rcpt, 1, 0,
>   VAR_ERROR_RCPT, DEF_ERROR_RCPT, _error_rcpt, 1, 0,
>   VAR_REST_CLASSES, DEF_REST_CLASSES, _rest_classes, 0, 0,
>   VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, _canonical_maps, 0, 0,

Thanks. Tested, and I confirm that this fixes the issue.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: postconf outputs 2 bounce_notice_recipient lines

[Wietse Venema]

Vincent Lefevre:
> Under Debian, after the postfix upgrade from 3.5.6 to 3.5.13,
> postconf now outputs duplicate bounce_notice_recipient lines:
> 
> zira:~> postconf | grep '^bounce_notice_recipient'
> bounce_notice_recipient = postmaster
> bounce_notice_recipient = postmaster
> 
> Can you reproduce this?

Yes. It was introduced with postfix-3.3-patch19, postfix-3.4-patch22,
postfix-3.5-patch12, and postfix-3.6-patch02.

20210708

Bugfix (introduced: 1999): the Postfix SMTP server was
sending all session transcripts to the error_notice_recipient,
instead of sending transcripts of bounced mail to the
bounce_notice_recipient. File: smtpd/smtpd_chat.c.

The above replaced error_notice_recipient with bounce_notice_recipient,
but did not update the default setting. The fix for the fix is
below.

Wietse

2025

Bugfix (introduced: 20210708): duplicate bounce_notice_recipient
entries in postconf output. The fix to send SMTP session
transcripts to bounce_notice_recipient was incomplete.
Reported by Vincent Lefevre. File: smtpd/smtpd.c.

The same fix applies to postfix-3.3.19, postfix-3.4.22, postfix-3.5.12,
postfix-3.6.2, and later.

--- /var/tmp/postfix/src/smtpd/smtpd.c  2021-07-24 18:20:43.0 -0400
+++ src/smtpd/smtpd.c   2021-11-15 08:42:43.088958256 -0500
@@ -6419,7 +6419,7 @@
VAR_EOD_CHECKS, DEF_EOD_CHECKS, _eod_checks, 0, 0,
VAR_MAPS_RBL_DOMAINS, DEF_MAPS_RBL_DOMAINS, _maps_rbl_domains, 0, 0,
VAR_RBL_REPLY_MAPS, DEF_RBL_REPLY_MAPS, _rbl_reply_maps, 0, 0,
-   VAR_BOUNCE_RCPT, DEF_ERROR_RCPT, _bounce_rcpt, 1, 0,
+   VAR_BOUNCE_RCPT, DEF_BOUNCE_RCPT, _bounce_rcpt, 1, 0,
VAR_ERROR_RCPT, DEF_ERROR_RCPT, _error_rcpt, 1, 0,
VAR_REST_CLASSES, DEF_REST_CLASSES, _rest_classes, 0, 0,
VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, _canonical_maps, 0, 0,

postconf outputs 2 bounce_notice_recipient lines

[Vincent Lefevre]

Under Debian, after the postfix upgrade from 3.5.6 to 3.5.13,
postconf now outputs duplicate bounce_notice_recipient lines:

zira:~> postconf | grep '^bounce_notice_recipient'
bounce_notice_recipient = postmaster
bounce_notice_recipient = postmaster

Can you reproduce this?

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)