philfry/postfix-lmtp-cyrus.patch

## postfix-lmtp-cyrus.patch
send dummy authentication user together with MAIL FROM
in order to announce the delivery user to cyrus imapd when
connecting to it using lmtp.

--- postfix-3.2.0/html/lmtp.8.html.lmtp_dummy_user
+++ postfix-3.2.0/html/lmtp.8.html
@@ -867,6 +867,12 @@ SMTP(8)
        <b><a href="postconf.5.html#smtp_tcp_port">smtp_tcp_port</a> (smtp)</b>
               The default TCP port that the Postfix SMTP client connects to.

+       Available only in this version:
+
+       <b><a href="postconf.5.html#lmtp_dummy_mail_auth_user">lmtp_dummy_mail_auth_user</a> (empty)</b>
+                 send dummy authentication user together with MAIL FROM in order to announce the delivery user to
+                         cyrus imapd when connecting to it using lmtp.
+
 <b>SEE ALSO</b>
        <a href="generic.5.html">generic(5)</a>, output address rewriting
        <a href="header_checks.5.html">header_checks(5)</a>, message header content inspection
--- postfix-3.2.0/html/smtp.8.html.lmtp_dummy_user
+++ postfix-3.2.0/html/smtp.8.html
@@ -867,6 +867,12 @@ SMTP(8)
        <b><a href="postconf.5.html#smtp_tcp_port">smtp_tcp_port</a> (smtp)</b>
               The default TCP port that the Postfix SMTP client connects to.

+       Available only in this version:
+
+       <b><a href="postconf.5.html#lmtp_dummy_mail_auth_user">lmtp_dummy_mail_auth_user</a> (empty)</b>
+                 send dummy authentication user together with MAIL FROM in order to announce the delivery user to
+                         cyrus imapd when connecting to it using lmtp.
+
 <b>SEE ALSO</b>
        <a href="generic.5.html">generic(5)</a>, output address rewriting
        <a href="header_checks.5.html">header_checks(5)</a>, message header content inspection
--- postfix-3.2.0/mantools/postlink.lmtp_dummy_user
+++ postfix-3.2.0/mantools/postlink
@@ -227,6 +227,7 @@ while (<>) {
     s;\blmtp_reply_filter\b;<a href="postconf.5.html#lmtp_reply_filter">$&</a>;g;
     s;\blmtp_sasl_password_maps\b;<a href="postconf.5.html#lmtp_sasl_password_maps">$&</a>;g;
     s;\blmtp_send_dummy_mail_auth\b;<a href="postconf.5.html#lmtp_send_dummy_mail_auth">$&</a>;g;
+    s;\blmtp_dummy_mail_auth_user\b;<a href="postconf.5.html#lmtp_dummy_mail_auth_user">$&</a>;g;
     s;\blmtp_sender_dependent_authentication\b;<a href="postconf.5.html#lmtp_sender_dependent_authentication">$&</a>;g;
     s;\blmtp_bind_address\b;<a href="postconf.5.html#lmtp_bind_address">$&</a>;g;
     s;\blmtp_bind_address6\b;<a href="postconf.5.html#lmtp_bind_address6">$&</a>;g;
--- postfix-3.2.0/proto/postconf.proto.lmtp_dummy_user
+++ postfix-3.2.0/proto/postconf.proto
@@ -15552,6 +15552,14 @@ configuration parameter.  See there for

 <p> This feature is available in Postfix 2.9 and later.  </p>

+%PARAM lmtp_dummy_mail_auth_user
+
+<p> Send dummy authentication user together with MAIL FROM in order
+to announce the delivery user to cyrus imapd when connecting to it
+using lmtp. </p>
+
+<p> This feature is only available in this release. </p>
+
 %PARAM address_verify_sender_ttl 0s

 <p> The time between changes in the time-dependent portion of address
--- postfix-3.2.0/src/global/mail_params.h.lmtp_dummy_user
+++ postfix-3.2.0/src/global/mail_params.h
@@ -1775,6 +1775,10 @@ extern char *var_lmtp_sasl_path;
 #define DEF_LMTP_DUMMY_MAIL_AUTH       0
 extern bool var_lmtp_dummy_mail_auth;

+#define VAR_LMTP_DUMMY_MAIL_AUTH_USER "lmtp_dummy_mail_auth_user"
+#define DEF_LMTP_DUMMY_MAIL_AUTH_USER ""
+extern char *var_lmtp_dummy_mail_auth_user;
+
  /*
   * SASL-based relay etc. control.
   */
--- postfix-3.2.0/src/smtp/lmtp_params.c.lmtp_dummy_user
+++ postfix-3.2.0/src/smtp/lmtp_params.c
@@ -61,6 +61,7 @@
        VAR_LMTP_DNS_RES_OPT, DEF_LMTP_DNS_RES_OPT, &var_smtp_dns_res_opt, 0, 0,
        VAR_LMTP_DSN_FILTER, DEF_LMTP_DSN_FILTER, &var_smtp_dsn_filter, 0, 0,
        VAR_LMTP_DNS_RE_FILTER, DEF_LMTP_DNS_RE_FILTER, &var_smtp_dns_re_filter, 0, 0,
+       VAR_LMTP_DUMMY_MAIL_AUTH_USER, DEF_LMTP_DUMMY_MAIL_AUTH_USER, &var_lmtp_dummy_mail_auth_user, 0, 0,
        0,
     };
     static const CONFIG_TIME_TABLE lmtp_time_table[] = {
--- postfix-3.2.0/src/smtp/smtp.c.lmtp_dummy_user
+++ postfix-3.2.0/src/smtp/smtp.c
@@ -263,6 +263,12 @@
 /*     deliveries.
 /* .IP "\fBsmtp_dns_reply_filter (empty)\fR"
 /*     Optional filter for Postfix SMTP client DNS lookup results.
+/*     .PP
+/*     Available only in this release:
+/* .IP "\fBlmtp_dummy_mail_auth_user (empty)\fR"
+/*  send dummy authentication user together with MAIL FROM in order to
+/*  announce the delivery user to cyrus imapd when connecting to it using
+/*  lmtp.
 /* MIME PROCESSING CONTROLS
 /* .ad
 /* .fi
@@ -932,6 +938,7 @@ char   *var_smtp_dns_res_opt;
 char   *var_smtp_dns_support;
 bool    var_smtp_rec_deadline;
 bool    var_smtp_dummy_mail_auth;
+char   *var_lmtp_dummy_mail_auth_user;
 char   *var_smtp_dsn_filter;
 char   *var_smtp_dns_re_filter;

--- postfix-3.2.0/src/smtp/smtp_params.c.lmtp_dummy_user
+++ postfix-3.2.0/src/smtp/smtp_params.c
@@ -62,6 +62,7 @@
        VAR_SMTP_DNS_RES_OPT, DEF_SMTP_DNS_RES_OPT, &var_smtp_dns_res_opt, 0, 0,
        VAR_SMTP_DSN_FILTER, DEF_SMTP_DSN_FILTER, &var_smtp_dsn_filter, 0, 0,
        VAR_SMTP_DNS_RE_FILTER, DEF_SMTP_DNS_RE_FILTER, &var_smtp_dns_re_filter, 0, 0,
+       VAR_LMTP_DUMMY_MAIL_AUTH_USER, DEF_LMTP_DUMMY_MAIL_AUTH_USER, &var_lmtp_dummy_mail_auth_user, 0, 0,
        0,
     };
     static const CONFIG_TIME_TABLE smtp_time_table[] = {
--- postfix-3.2.0/src/smtp/smtp_proto.c.lmtp_dummy_user
+++ postfix-3.2.0/src/smtp/smtp_proto.c
@@ -1506,6 +1506,15 @@ static int smtp_loop(SMTP_STATE *state,
                vstring_strcat(next_command, " AUTH=<>");
 #endif

+               /*
+                * send dummy authentication user together with MAIL FROM
+                * in order to announce the delivery user to cyrus imapd when
+                * connecting to it using lmtp.
+                */
+               if (!smtp_mode && (*var_lmtp_dummy_mail_auth_user != 0))
+               vstring_sprintf_append(next_command, " AUTH=%s",
+                       var_lmtp_dummy_mail_auth_user);
+
            /*
             * CVE-2009-3555 (TLS renegotiation). Try to detect a mail
             * hijacking attack that prepends malicious EHLO/MAIL/RCPT/DATA
	send dummy authentication user together with MAIL FROM
	in order to announce the delivery user to cyrus imapd when
	connecting to it using lmtp.

	--- postfix-3.2.0/html/lmtp.8.html.lmtp_dummy_user
	+++ postfix-3.2.0/html/lmtp.8.html
	@@ -867,6 +867,12 @@ SMTP(8)
	<b><a href="postconf.5.html#smtp_tcp_port">smtp_tcp_port</a> (smtp)</b>
	The default TCP port that the Postfix SMTP client connects to.

	+ Available only in this version:
	+
	+ <b><a href="postconf.5.html#lmtp_dummy_mail_auth_user">lmtp_dummy_mail_auth_user</a> (empty)</b>
	+ send dummy authentication user together with MAIL FROM in order to announce the delivery user to
	+ cyrus imapd when connecting to it using lmtp.
	+
	<b>SEE ALSO</b>
	<a href="generic.5.html">generic(5)</a>, output address rewriting
	<a href="header_checks.5.html">header_checks(5)</a>, message header content inspection
	--- postfix-3.2.0/html/smtp.8.html.lmtp_dummy_user
	+++ postfix-3.2.0/html/smtp.8.html
	@@ -867,6 +867,12 @@ SMTP(8)
	<b><a href="postconf.5.html#smtp_tcp_port">smtp_tcp_port</a> (smtp)</b>
	The default TCP port that the Postfix SMTP client connects to.

	+ Available only in this version:
	+
	+ <b><a href="postconf.5.html#lmtp_dummy_mail_auth_user">lmtp_dummy_mail_auth_user</a> (empty)</b>
	+ send dummy authentication user together with MAIL FROM in order to announce the delivery user to
	+ cyrus imapd when connecting to it using lmtp.
	+
	<b>SEE ALSO</b>
	<a href="generic.5.html">generic(5)</a>, output address rewriting
	<a href="header_checks.5.html">header_checks(5)</a>, message header content inspection
	--- postfix-3.2.0/mantools/postlink.lmtp_dummy_user
	+++ postfix-3.2.0/mantools/postlink
	@@ -227,6 +227,7 @@ while (<>) {
	s;\blmtp_reply_filter\b;<a href="postconf.5.html#lmtp_reply_filter">$&</a>;g;
	s;\blmtp_sasl_password_maps\b;<a href="postconf.5.html#lmtp_sasl_password_maps">$&</a>;g;
	s;\blmtp_send_dummy_mail_auth\b;<a href="postconf.5.html#lmtp_send_dummy_mail_auth">$&</a>;g;
	+ s;\blmtp_dummy_mail_auth_user\b;<a href="postconf.5.html#lmtp_dummy_mail_auth_user">$&</a>;g;
	s;\blmtp_sender_dependent_authentication\b;<a href="postconf.5.html#lmtp_sender_dependent_authentication">$&</a>;g;
	s;\blmtp_bind_address\b;<a href="postconf.5.html#lmtp_bind_address">$&</a>;g;
	s;\blmtp_bind_address6\b;<a href="postconf.5.html#lmtp_bind_address6">$&</a>;g;
	--- postfix-3.2.0/proto/postconf.proto.lmtp_dummy_user
	+++ postfix-3.2.0/proto/postconf.proto
	@@ -15552,6 +15552,14 @@ configuration parameter. See there for

	<p> This feature is available in Postfix 2.9 and later. </p>

	+%PARAM lmtp_dummy_mail_auth_user
	+
	+<p> Send dummy authentication user together with MAIL FROM in order
	+to announce the delivery user to cyrus imapd when connecting to it
	+using lmtp. </p>
	+
	+<p> This feature is only available in this release. </p>
	+
	%PARAM address_verify_sender_ttl 0s

	<p> The time between changes in the time-dependent portion of address
	--- postfix-3.2.0/src/global/mail_params.h.lmtp_dummy_user
	+++ postfix-3.2.0/src/global/mail_params.h
	@@ -1775,6 +1775,10 @@ extern char *var_lmtp_sasl_path;
	#define DEF_LMTP_DUMMY_MAIL_AUTH 0
	extern bool var_lmtp_dummy_mail_auth;

	+#define VAR_LMTP_DUMMY_MAIL_AUTH_USER "lmtp_dummy_mail_auth_user"
	+#define DEF_LMTP_DUMMY_MAIL_AUTH_USER ""
	+extern char *var_lmtp_dummy_mail_auth_user;
	+
	/*
	* SASL-based relay etc. control.
	*/
	--- postfix-3.2.0/src/smtp/lmtp_params.c.lmtp_dummy_user
	+++ postfix-3.2.0/src/smtp/lmtp_params.c
	@@ -61,6 +61,7 @@
	VAR_LMTP_DNS_RES_OPT, DEF_LMTP_DNS_RES_OPT, &var_smtp_dns_res_opt, 0, 0,
	VAR_LMTP_DSN_FILTER, DEF_LMTP_DSN_FILTER, &var_smtp_dsn_filter, 0, 0,
	VAR_LMTP_DNS_RE_FILTER, DEF_LMTP_DNS_RE_FILTER, &var_smtp_dns_re_filter, 0, 0,
	+ VAR_LMTP_DUMMY_MAIL_AUTH_USER, DEF_LMTP_DUMMY_MAIL_AUTH_USER, &var_lmtp_dummy_mail_auth_user, 0, 0,
	0,
	};
	static const CONFIG_TIME_TABLE lmtp_time_table[] = {
	--- postfix-3.2.0/src/smtp/smtp.c.lmtp_dummy_user
	+++ postfix-3.2.0/src/smtp/smtp.c
	@@ -263,6 +263,12 @@
	/* deliveries.
	/* .IP "\fBsmtp_dns_reply_filter (empty)\fR"
	/* Optional filter for Postfix SMTP client DNS lookup results.
	+/* .PP
	+/* Available only in this release:
	+/* .IP "\fBlmtp_dummy_mail_auth_user (empty)\fR"
	+/* send dummy authentication user together with MAIL FROM in order to
	+/* announce the delivery user to cyrus imapd when connecting to it using
	+/* lmtp.
	/* MIME PROCESSING CONTROLS
	/* .ad
	/* .fi
	@@ -932,6 +938,7 @@ char *var_smtp_dns_res_opt;
	char *var_smtp_dns_support;
	bool var_smtp_rec_deadline;
	bool var_smtp_dummy_mail_auth;
	+char *var_lmtp_dummy_mail_auth_user;
	char *var_smtp_dsn_filter;
	char *var_smtp_dns_re_filter;

	--- postfix-3.2.0/src/smtp/smtp_params.c.lmtp_dummy_user
	+++ postfix-3.2.0/src/smtp/smtp_params.c
	@@ -62,6 +62,7 @@
	VAR_SMTP_DNS_RES_OPT, DEF_SMTP_DNS_RES_OPT, &var_smtp_dns_res_opt, 0, 0,
	VAR_SMTP_DSN_FILTER, DEF_SMTP_DSN_FILTER, &var_smtp_dsn_filter, 0, 0,
	VAR_SMTP_DNS_RE_FILTER, DEF_SMTP_DNS_RE_FILTER, &var_smtp_dns_re_filter, 0, 0,
	+ VAR_LMTP_DUMMY_MAIL_AUTH_USER, DEF_LMTP_DUMMY_MAIL_AUTH_USER, &var_lmtp_dummy_mail_auth_user, 0, 0,
	0,
	};
	static const CONFIG_TIME_TABLE smtp_time_table[] = {
	--- postfix-3.2.0/src/smtp/smtp_proto.c.lmtp_dummy_user
	+++ postfix-3.2.0/src/smtp/smtp_proto.c
	@@ -1506,6 +1506,15 @@ static int smtp_loop(SMTP_STATE *state,
	vstring_strcat(next_command, " AUTH=<>");
	#endif

	+ /*
	+ * send dummy authentication user together with MAIL FROM
	+ * in order to announce the delivery user to cyrus imapd when
	+ * connecting to it using lmtp.
	+ */
	+ if (!smtp_mode && (*var_lmtp_dummy_mail_auth_user != 0))
	+ vstring_sprintf_append(next_command, " AUTH=%s",
	+ var_lmtp_dummy_mail_auth_user);
	+
	/*
	* CVE-2009-3555 (TLS renegotiation). Try to detect a mail
	* hijacking attack that prepends malicious EHLO/MAIL/RCPT/DATA