tcpd: remove -noidentlookup, implement -haproxy

courier-imap/configure.ac

@@ -3,7 +3,7 @@ dnl
 dnl Copyright 1998 - 2022 Double Precision, Inc.  See COPYING for
 dnl distribution information.
 
-AC_INIT([courier-imap],[5.2.6.20231229],[[email protected]])
+AC_INIT([courier-imap],[5.2.6.20240610],[[email protected]])
 AC_CONFIG_SRCDIR(libs/imap/imapd.c)
 AC_CONFIG_HEADERS(config.h)
 AM_INIT_AUTOMAKE(foreign)

courier/ChangeLog

@@ -1,3 +1,11 @@
+2024-06-10  Sam Varshavchik  <[email protected]>
+
+	* tcpd: remove -noidentlookup, implement -haproxy
+
+2024-05-31  Sam Varshavchik  <[email protected]>
+
+	* couriertcpd: set the IP_FREEBIND option on all listening sockets.
+
 1.3.8
 
 2024-05-05  Sam Varshavchik  <[email protected]>

courier/configure.ac

@@ -3,7 +3,7 @@ dnl
 dnl Copyright 1998 - 2022 Double Precision, Inc.  See COPYING for
 dnl distribution information.
 
-AC_INIT([courier],[1.3.8],[[email protected]])
+AC_INIT([courier],[1.3.8.20240610],[[email protected]])
 version=$PACKAGE_VERSION
 AC_CONFIG_SRCDIR(courier/courier.c)
 AM_INIT_AUTOMAKE

courier/courier/doc/FAQ.html

@@ -397,8 +397,6 @@ <h3><a name="esmtptimeout" id="esmtptimeout">Why are my e-mails taking so
     <li>If the connecting IP address is resolved to a hostname, the hostname is
     looked up in DNS again, to see if it resolves to the connecting IP
     address.</li>
-    <li>The connecting IP address is queried using the <a target="_blank" href=
-    "http://www.rfc-editor.org/rfc/rfc1413.txt">IDENT protocol</a>.</li>
   </ol>
   <p>The results obtained from these queries will be recorded in the
   <code>Received:</code> header of any message received from the connecting IP
@@ -411,13 +409,7 @@ <h3><a name="esmtptimeout" id="esmtptimeout">Why are my e-mails taking so
   its hostname. A bigger problem is when the local DNS resolver, listed in
   /etc/resolv.conf goes down. This will result in a certain percentage of all
   incoming connections experiencing major delays.</p>
-  <p>A local, or an intermediate firewall may also drop IDENT packets. IDENT is
-  a fairly old protocol whose original purpose is to identify individual users
-  of a shared network server. Some proxies may also use IDENT to identify the
-  original source of a proxied connection. However, since IDENT is an old, and
-  not a very well known protocol, some poorly-written firewalls may not
-  recognize the protocol, and bit-bucket IDENT connection requests. An IDENT
-  request times out after 30 seconds.</p>
+
   <p>When investigating connection delays:</p>
   <ol>
     <li>Check each server listed in <code>/etc/resolv.conf</code>.
@@ -432,11 +424,11 @@ <h3><a name="esmtptimeout" id="esmtptimeout">Why are my e-mails taking so
     the connecting IP address.</li>
   </ol>
   <p>As a last resort, both of these lookups can be turned off. Add the
-  <code>-nodnslookup</code> and <code>-noidentlookup</code> options to
+  <code>-nodnslookup</code> option to
   TCPDOPTS, in the esmtpd configuration file (usually
   <code>/usr/lib/courier/etc/esmtpd</code>). Example:</p>
   <blockquote>
-    <p><code>TCPDOPTS="-nodnslookup -noidentlookup"</code></p>
+    <p><code>TCPDOPTS="-stderrlogger=/usr/sbin/courierlogger -nodnslookup"</code></p>
   </blockquote>
   <p>There'll probably be an existing TCPDOPTS setting in there. Add the
   whitespace-delimited options to anything that's already in there.</p>

courier/courier/module.esmtp/esmtpd.dist.in.git

@@ -421,13 +421,15 @@ MAXPERIP=5
 
 PIDFILE=@piddir@/esmtpd.pid
 
-##NAME: TCPDOPTS:3
+##NAME: TCPDOPTS:4
 #
-# TCPDOPTS can contain other couriertcpd options, such as
-# -nodnslookup and -noidentlookup.
+# Other couriertcpd(1) options.  The following defaults should be fine.
 #
+# See the couriertcpd(1) manual page for a list of other options. Namely:
+# -haproxy enables HAProxy version 1 support, see the manual page for more
+# information.
 
-TCPDOPTS="-stderrlogger=@courierlogger@ -noidentlookup"
+TCPDOPTS="-stderrlogger=@courierlogger@"
 
 ##NAME: ESMTPAUTH:4
 #