Henrik Larsson:
> I'm using Postfix 3.2.0 from the FreeBSD ports collection
>
> I experienced that access maps matches sub domains, even though
> parent_domain_matches_subdomains is set to an empty value.
>
> What did I miss? I only want the access map to match specific domain,
> not sub domains.
Postfix table map lookup code was overhauled for Postfix 3.2, and
it looks like the lookup strategy ignores parent_domain.._subdomains.
#define LOOKUP_STRATEGY (MA_FIND_FULL | MA_FIND_NOEXT | MA_FIND_DOMAIN \
| MA_FIND_PDMS | MA_FIND_LOCALPART_AT)
...
if ((value = mail_addr_find_strategy(maps, CONST_STR(reply->recipient),
(char **) 0, LOOKUP_STRATEGY)) != 0) {
*found = 1;
This strategy should use MA_FIND_PDMS only when 'access' is included
in parent_domain_matches_subdomains, otherwise it should use
MA_FIND_PDDMDS.
Patch follows. Add the lines with '+', remove lines with '-'.
Wietse
--- ./src/smtpd/smtpd_check.c- 2017-02-05 15:55:35.000000000 -0500
+++ ./src/smtpd/smtpd_check.c 2017-05-31 07:14:03.000000000 -0400
@@ -3174,6 +3174,7 @@
const char *myname = "check_mail_access";
const RESOLVE_REPLY *reply;
const char *value;
+ int lookup_strategy;
int status;
MAPS *maps;
@@ -3213,8 +3214,10 @@
* Look up user+foo@domain if the address has an extension, user@domain
* otherwise.
*/
-#define LOOKUP_STRATEGY (MA_FIND_FULL | MA_FIND_NOEXT | MA_FIND_DOMAIN \
- | MA_FIND_PDMS | MA_FIND_LOCALPART_AT)
+ lookup_strategy = MA_FIND_FULL | MA_FIND_NOEXT | MA_FIND_DOMAIN
+ | MA_FIND_PDMS | MA_FIND_LOCALPART_AT
+ | (access_parent_style == MATCH_FLAG_PARENT ?
+ MA_FIND_PDMS : MA_FIND_PDDMDS);
if ((maps = (MAPS *) htable_find(map_command_table, table)) == 0) {
msg_warn("%s: unexpected dictionary: %s", myname, table);
@@ -3225,7 +3228,7 @@
def_acl));
}
if ((value = mail_addr_find_strategy(maps, CONST_STR(reply->recipient),
- (char **) 0, LOOKUP_STRATEGY)) != 0) {
+ (char **) 0, lookup_strategy)) != 0) {
*found = 1;
status = check_table_result(state, table, value,
CONST_STR(reply->recipient),
