Loading ...
Sorry, an error occurred while loading the content.
 

Re: Postfix 2.3.7 available

Expand Messages
  • Robert Schetterer
    ... Hi @ll please corect me if iam wrong just a small understanding question changes 20070112 will not break such rules in body_checks
    Message 1 of 4 , Feb 1, 2007
      Wietse Venema schrieb:
      > Postfix 2.3 patchlevel 07 is available. It fixes minor problems and
      > introduces one incompatibility. Note: the stable release is not
      > changed except for bugfixes and emergencies. New features are field
      > tested as Postfix-2.4-yyyymmdd experimental releases.
      >
      > - postmap support for NIS maps was broken with Postfix 2.3.
      >
      > - Workaround to avoid breaking digital signatures for malformed
      > MIME attachments.
      >
      > - Incorrect handling of ![address] forms in match lists. such as
      > mynetworks, inet_interfaces etc.
      >
      > Available from the mirrors listed at http://www.postfix.org/
      >
      > 9878 Jan 30 20:13 postfix-2.3-patch07.gz
      > 450370 Jan 30 20:11 postfix-2.3.7.HISTORY
      > 36275 Jan 30 20:11 postfix-2.3.7.RELEASE_NOTES
      > 2785739 Jan 30 20:13 postfix-2.3.7.tar.gz
      > 280 Jan 30 20:13 postfix-2.3.7.tar.gz.sig
      >
      > Details are given below the signature.
      >
      > Wietse
      >
      > RELEASE_NOTES file:
      > ===================
      >
      > Incompatible changes with Postfix 2.3.7
      > ---------------------------------------
      >
      > Postfix no longer inserts an empty-line header/body separator into
      > malformed MIME attachments, to avoid breaking digital signatures.
      >
      > This change introduces ambiguity. Postfix still treats the remainder
      > of the attachment as body content; header_checks rules will therefore
      > not detect forbidden MIME types inside a message/rfc822 attachment.
      >
      > With the empty-line header/body separator no longer inserted by
      > Postfix, other software may process the malformed attachment
      > differently, and thus may become exposed to forbidden MIME types.
      >
      >
      > HISTORY file:
      > =============
      >
      > 20070104
      >
      > Bugfix (introduced Postfix 2.3): when creating an alias map
      > on a NIS-enabled system, don't case-fold the YP_MASTER_NAME
      > and YP_LAST_MODIFIED lookup keys. This requires that an
      > application can turn off case folding on the fly. This is
      > a point fix. A complete fix requires updates to other map
      > types and to the proxymap protocol, which is too much change
      > for a stable release. Files: postalias/postalias.c,
      > util/dict_db.c, util/dict_dbm.c, util/dict_cdb.c.
      >
      > 20070112
      >
      > Bugfix (introduced 20011008): after return from a nested
      > access restriction, possible longjump into exited stack
      > frame upon configuration error or table lookup error. Victor
      > Duchovni. Files: smtpd/smtpd_check.c.
      >
      > Workaround: don't insert empty-line header/body separator
      > into malformed MIME attachments, to avoid breaking digital
      > signatures. This change introduces ambiguity. Postfix still
      > treats the remainder of the attachment as body content;
      > header_checks rules will not detect forbidden MIME types
      > inside a message/rfc822 attachment. With the empty-line
      > header/body separator no longer inserted by Postfix, other
      > software may process the malformed attachment differently,
      > and thus may become exposed to forbidden MIME types. This
      > is back-ported from Postfix 2.4. File: global/mime_state.c.
      >
      > 20070118
      >
      > Bugfix: match lists didn't implement ![ipv6address]. Problem
      > reported by Paulo Pacheco. File: util/match_list.c.
      >
      >
      > --
      > Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
      > und ist - aktuelle Virenscanner vorausgesetzt - sauber.
      >

      Hi @ll
      please corect me if iam wrong
      just a small understanding question

      changes 20070112
      "will not" break such rules in body_checks

      /^((Content-(Disposition: attachment;|Type:).*|\ +)| *)(file)?name\ *=\
      *"?.*\.(lnk|asd|ocx|reg|bat|c[ho]m|cmd|exe|dll|.....etc

      should i be aware of other bugs with filters like clamsmtp, spampd etc
      with this change

      --
      Mit freundlichen Gruessen
      Best Regards

      Robert Schetterer

      https://www.schetterer.org
      Munich/Bavaria/Germany

      --
      Diese Nachricht wurde auf Viren und andere gef�hrliche Inhalte untersucht
      und ist - aktuelle Virenscanner vorausgesetzt - sauber.
    • Wietse Venema
      ... As documented they DID NOT work in a MALFORMED attachment and they STILL DO NOT work in a MALFORMED attachment. Wietse
      Message 2 of 4 , Feb 1, 2007
        Robert Schetterer:
        > > Incompatible changes with Postfix 2.3.7
        > > ---------------------------------------
        > >
        > > Postfix no longer inserts an empty-line header/body separator into
        > > malformed MIME attachments, to avoid breaking digital signatures.
        > >
        > > This change introduces ambiguity. Postfix still treats the remainder
        > > of the attachment as body content; header_checks rules will therefore
        > > not detect forbidden MIME types inside a message/rfc822 attachment.
        > >
        > > With the empty-line header/body separator no longer inserted by
        > > Postfix, other software may process the malformed attachment
        > > differently, and thus may become exposed to forbidden MIME types.
        >
        > Hi @ll
        > please corect me if iam wrong
        > just a small understanding question
        >
        > changes 20070112
        > "will not" break such rules in body_checks
        >
        > /^((Content-(Disposition: attachment;|Type:).*|\ +)| *)(file)?name\ *=\
        > *"?.*\.(lnk|asd|ocx|reg|bat|c[ho]m|cmd|exe|dll|.....etc
        >
        > should i be aware of other bugs with filters like clamsmtp, spampd etc
        > with this change

        As documented they DID NOT work in a MALFORMED attachment and they
        STILL DO NOT work in a MALFORMED attachment.

        Wietse
      • Robert Schetterer
        ... Hi Wietse, ok thx to make this clear -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.schetterer.org Munich/Bavaria/Germany -- Diese
        Message 3 of 4 , Feb 1, 2007
          Wietse Venema schrieb:
          > Robert Schetterer:
          >>> Incompatible changes with Postfix 2.3.7
          >>> ---------------------------------------
          >>>
          >>> Postfix no longer inserts an empty-line header/body separator into
          >>> malformed MIME attachments, to avoid breaking digital signatures.
          >>>
          >>> This change introduces ambiguity. Postfix still treats the remainder
          >>> of the attachment as body content; header_checks rules will therefore
          >>> not detect forbidden MIME types inside a message/rfc822 attachment.
          >>>
          >>> With the empty-line header/body separator no longer inserted by
          >>> Postfix, other software may process the malformed attachment
          >>> differently, and thus may become exposed to forbidden MIME types.
          >> Hi @ll
          >> please corect me if iam wrong
          >> just a small understanding question
          >>
          >> changes 20070112
          >> "will not" break such rules in body_checks
          >>
          >> /^((Content-(Disposition: attachment;|Type:).*|\ +)| *)(file)?name\ *=\
          >> *"?.*\.(lnk|asd|ocx|reg|bat|c[ho]m|cmd|exe|dll|.....etc
          >>
          >> should i be aware of other bugs with filters like clamsmtp, spampd etc
          >> with this change
          >
          > As documented they DID NOT work in a MALFORMED attachment and they
          > STILL DO NOT work in a MALFORMED attachment.
          >
          > Wietse
          >
          > --
          > Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
          > und ist - aktuelle Virenscanner vorausgesetzt - sauber.
          >
          Hi Wietse, ok thx to make this clear

          --
          Mit freundlichen Gruessen
          Best Regards

          Robert Schetterer

          https://www.schetterer.org
          Munich/Bavaria/Germany

          --
          Diese Nachricht wurde auf Viren und andere gef�hrliche Inhalte untersucht
          und ist - aktuelle Virenscanner vorausgesetzt - sauber.
        Your message has been successfully submitted and would be delivered to recipients shortly.