also sprach LaMont Jones <[email protected]> [2008.09.17.1901 +0200]: > I'll dig into it a bit more, but I don't think that part of things is > touched at all.
This is still present in 2.5.5-1.1 and I think I finally found the root. Here's the background: http://www.nabble.com/permit_mx_backup_networks-and-IPv6-td19287497.html I spent a bit of time with the code and found in smtpd_check.c:509, in function smtpd_check_parse: if ((flags & SMTPD_CHECK_PARSE_POLICY) && last && strcasecmp(last, CHECK_POLICY_SERVICE) == 0) policy_client_register(name); else if ((flags & SMTPD_CHECK_PARSE_MAPS) && strchr(name, ':') && dict_handle(name) == 0) { dict_register(name, dict_open(name, O_RDONLY, DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX)); This seems to be the cause. At this point, name=="[2001:6f8:128a::1]/128" and flags==-1 (ALL), but the if() didn't match, so the elsif gets a chance, and strchr() gets a run to find the ':' in the IPv6 address, dict_handle() apparently returns 0, and dict_open is told to open the "[2001" dictionary handler. I cannot really figure out why the function gets called, but I am sure that this is the source of the problem. It seems that #define MATCH_DICTIONARY(pattern) \ ((pattern)[0] != '[' && strchr((pattern), ':') != 0) from match_list.c ought to be used here as well. The fact that you, Wietse, don't see this must then be related to build flags. For us, this is our build command: gcc -Wmissing-prototypes -Wformat -DDEBIAN -DMAX_DYNAMIC_MAPS -DHAS_PCRE -DHAS_LDAP -DMYORIGIN_FROM_FILE -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DHAS_CDB -DHAS_MYSQL -I/usr/include/mysql -DHAS_PGSQL -I/usr/include/postgresql -DHAS_SSL -I/usr/include/openssl -DUSE_SASL_AUTH -I/usr/include/sasl -DUSE_CYRUS_SASL -DUSE_TLS -O2 -I. -I../../include -DLINUX2 -c smtpd_check.c I cannot figure out how this could affect things though. -- .''`. martin f. krafft <[email protected]> Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduck http://vcs-pkg.org `- Debian - when you have better things to do than fixing systems
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
