On Thu, Jun 02, 2011 at 12:55:21PM -0700, Paul B. Henson wrote:
> On Wed, Jun 01, 2011 at 05:45:31PM -0700, Wietse Venema wrote:
>
> > Postfix hasn't changed, as far as I can tell. Perhaps something on
> > your system has changed.
>
> We did update a number of components, and after viewing postfix
> changelogs and source code without anything popping out, we went back to
> a system with the original config and updated only postfix (and db,
> which the packaging system pulled in), and verified the same change in
> behavior before I posted.
>
I see the same issue, on a host with 2.5.6, 2.7.2 and 2.8.3 all installed
in separate install trees, the 2.5.6 sendmail reports file size too large,
while 2.7.2 and 2.8.3 both report the protocol error.
$ for vers in 2.5.6 2.7.2 2.8.3; do echo $vers; (printf "From:
vik...@example.com\nTo: vik...@example.com\nSubject: big email test\n\n"; yes
test | head -c 100000000) | /path/to/postfix/$vers/sbin/sendmail -t; done
2.5.6
postdrop: warning: uid=0: File too large
sendmail: fatal: root(0): message file too big
2.7.2
sendmail: fatal: root(0): internal protocol error
2.8.3
sendmail: fatal: root(0): internal protocol error
The major change in 2.7 is below. The problem is that when sendmail(1)
extracts recipients from the headers, and the message is too large,
postdrop(1) will never see the extracted recipients.
@@ -452,9 +462,31 @@
vstring_free(buf);
/*
+ * As of Postfix 2.7 the pickup daemon discards mail without recipients.
+ * Such mail may enter the maildrop queue when "postsuper -r" is invoked
+ * before the queue manager deletes an already delivered message. Looking
+ * at file ownership is not a good way to make decisions on what mail to
+ * discard. Instead, the pickup server now requires that new submissions
+ * always have at least one recipient record.
+ *
+ * The Postfix sendmail command already rejects mail without recipients.
+ * However, in the future postdrop may receive mail via other programs,
+ * so we add a redundant recipient check here for future proofing.
+ *
+ * The test for the sender address is just for consistency of error
+ * reporting (report at submission time instead of pickup time). Besides
+ * the segment terminator records, there aren't any other mandatory
+ * records in a Postfix submission queue file.
+ */
+ if (from_count == 0 || rcpt_count == 0) {
+ status = CLEANUP_STAT_BAD;
+ mail_stream_cleanup(dst);
+ }
+
+ /*
* Finish the file.
*/
- if ((status = mail_stream_finish(dst, (VSTRING *) 0)) != 0) {
+ else if ((status = mail_stream_finish(dst, (VSTRING *) 0)) != 0) {
msg_warn("uid=%ld: %m", (long) uid);
postdrop_cleanup();
}
--
Viktor.
