Add log selector sender_verify_fail.

11 files changed, 104 insertions, 18 deletions

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 4e844d6d0..ce179b7d5 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.298 2006/02/14 14:26:14 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.299 2006/02/14 14:55:37 ph10 Exp $
 
 Change log file for Exim from version 4.21
 -------------------------------------------
@@ -160,6 +160,8 @@ PH/29 In GnuTLS, a forced expansion failure for tls_privatekey was not being
 
 PH/30 Fix eximon buffer overflow bug (Bugzilla #73).
 
+PH/31 Added sender_verify_fail logging option.
+
 
 Exim version 4.60
 -----------------
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index d4c307cff..fdccff410 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/NewStuff,v 1.84 2006/02/14 14:12:06 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/NewStuff,v 1.85 2006/02/14 14:55:37 ph10 Exp $
 
 New Features in Exim
 --------------------
@@ -49,6 +49,12 @@ PH/05 The "control=freeze" ACL modifier can now be followed by /no_tell. If
 PH/06 In both GnuTLS and OpenSSL, an expansion of tls_privatekey that results
       in an empty string is now treated as unset.
 
+PH/07 There is a new log selector called sender_verify_fail, which is set by
+      default. If it is unset, the separate log line that gives details of a
+      sender verification failure is not written. Log lines for the rejection
+      of SMTP commands (e.g. RCPT) contain just "sender verify failed", so some
+      detail is lost.
+
 
 Version 4.60
 ------------
diff --git a/src/src/globals.c b/src/src/globals.c
index 11470fbe4..4031fa2d3 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/globals.c,v 1.48 2006/02/13 12:02:59 ph10 Exp $ */
+/* $Cambridge: exim/src/src/globals.c,v 1.49 2006/02/14 14:55:37 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -677,6 +677,7 @@ bit_table log_options[]        = {
   { US"retry_defer",                  L_retry_defer },
   { US"return_path_on_delivery",      LX_return_path_on_delivery },
   { US"sender_on_delivery",           LX_sender_on_delivery },
+  { US"sender_verify_fail",           LX_sender_verify_fail },
   { US"size_reject",                  L_size_reject },
   { US"skip_delivery",                L_skip_delivery },
   { US"smtp_confirmation",            LX_smtp_confirmation },
diff --git a/src/src/macros.h b/src/src/macros.h
index 1deab7ad8..497589023 100644
--- a/src/src/macros.h
+++ b/src/src/macros.h
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/macros.h,v 1.22 2006/02/07 11:19:00 ph10 Exp $ */
+/* $Cambridge: exim/src/src/macros.h,v 1.23 2006/02/14 14:55:37 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -381,12 +381,13 @@ set all the bits in a multi-word selector. */
 #define LX_rejected_header             0x80001000
 #define LX_return_path_on_delivery     0x80002000
 #define LX_sender_on_delivery          0x80004000
-#define LX_smtp_confirmation           0x80008000
-#define LX_subject                     0x80010000
-#define LX_tls_certificate_verified    0x80020000
-#define LX_tls_cipher                  0x80040000
-#define LX_tls_peerdn                  0x80080000
-#define LX_unknown_in_list             0x80100000
+#define LX_sender_verify_fail          0x80008000
+#define LX_smtp_confirmation           0x80010000
+#define LX_subject                     0x80020000
+#define LX_tls_certificate_verified    0x80040000
+#define LX_tls_cipher                  0x80080000
+#define LX_tls_peerdn                  0x80100000
+#define LX_unknown_in_list             0x80200000
 
 #define L_default     (L_connection_reject        | \
                        L_delay_delivery           | \
@@ -401,6 +402,7 @@ set all the bits in a multi-word selector. */
 
 #define LX_default   ((LX_acl_warn_skipped        | \
                        LX_rejected_header         | \
+                       LX_sender_verify_fail      | \
                        LX_tls_cipher) & 0x7fffffff)
 
 /* Private error numbers for delivery failures, set negative so as not
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index a6a14fe2f..4ed335c02 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/smtp_in.c,v 1.32 2006/02/13 16:23:57 ph10 Exp $ */
+/* $Cambridge: exim/src/src/smtp_in.c,v 1.33 2006/02/14 14:55:37 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -1845,19 +1845,21 @@ if (where == ACL_WHERE_RCPT || where == ACL_WHERE_DATA || where == ACL_WHERE_MIM
 
 /* If there's been a sender verification failure with a specific message, and
 we have not sent a response about it yet, do so now, as a preliminary line for
-failures, but not defers. However, log it in both cases. */
+failures, but not defers. However, always log it for defer, and log it for fail
+unless the sender_verify_fail log selector has been turned off. */
 
 if (sender_verified_failed != NULL &&
     !testflag(sender_verified_failed, af_sverify_told))
   {
   setflag(sender_verified_failed, af_sverify_told);
 
-  log_write(0, LOG_MAIN|LOG_REJECT, "%s sender verify %s for <%s>%s",
-    host_and_ident(TRUE),
-    ((sender_verified_failed->special_action & 255) == DEFER)? "defer" : "fail",
-    sender_verified_failed->address,
-    (sender_verified_failed->message == NULL)? US"" :
-    string_sprintf(": %s", sender_verified_failed->message));
+  if (rc != FAIL || (log_extra_selector & LX_sender_verify_fail) != 0)
+    log_write(0, LOG_MAIN|LOG_REJECT, "%s sender verify %s for <%s>%s",
+      host_and_ident(TRUE),
+      ((sender_verified_failed->special_action & 255) == DEFER)? "defer":"fail",
+      sender_verified_failed->address,
+      (sender_verified_failed->message == NULL)? US"" :
+      string_sprintf(": %s", sender_verified_failed->message));
 
   if (rc == FAIL && sender_verified_failed->user_message != NULL)
     smtp_respond(code, FALSE, string_sprintf(
diff --git a/test/confs/0462 b/test/confs/0462
index 31560b90f..7ff47e6b5 100644
--- a/test/confs/0462
+++ b/test/confs/0462
@@ -1,5 +1,7 @@
 # Exim test configuration 0462
 
+SELECTOR=
+
 exim_path = EXIM_PATH
 host_lookup_order = bydns
 primary_hostname = myhost.test.ex
@@ -15,6 +17,7 @@ domainlist local_domains = test.ex
 
 acl_smtp_rcpt = $local_part
 smtp_return_error_details
+log_selector = SELECTOR
 
 # ----- ACL -----
 
diff --git a/test/log/0462 b/test/log/0462
index 3a5954e9a..ec4952f98 100644
--- a/test/log/0462
+++ b/test/log/0462
@@ -2,3 +2,4 @@
 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<Ok@localhost> rejected RCPT <checkpm@test.ex>: Sender verify failed
 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for <NOTok@elsewhere>: response to "RCPT TO:<NOTok@elsewhere>" from 127.0.0.1 [127.0.0.1] was: 550 NO
 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F=<NOTok@elsewhere> rejected RCPT <nocheckpm@test.ex>: Sender verify failed
+1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F=<NOTok2@elsewhere> rejected RCPT <nocheckpm@test.ex>: Sender verify failed
diff --git a/test/rejectlog/0462 b/test/rejectlog/0462
index 3a5954e9a..ec4952f98 100644
--- a/test/rejectlog/0462
+++ b/test/rejectlog/0462
@@ -2,3 +2,4 @@
 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<Ok@localhost> rejected RCPT <checkpm@test.ex>: Sender verify failed
 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for <NOTok@elsewhere>: response to "RCPT TO:<NOTok@elsewhere>" from 127.0.0.1 [127.0.0.1] was: 550 NO
 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F=<NOTok@elsewhere> rejected RCPT <nocheckpm@test.ex>: Sender verify failed
+1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F=<NOTok2@elsewhere> rejected RCPT <nocheckpm@test.ex>: Sender verify failed
diff --git a/test/scripts/0000-Basic/0462 b/test/scripts/0000-Basic/0462
index a6f3622ba..d12ced725 100644
--- a/test/scripts/0000-Basic/0462
+++ b/test/scripts/0000-Basic/0462
@@ -41,3 +41,20 @@ MAIL FROM:<NOTok@elsewhere>
 RCPT TO:<nocheckpm@test.ex>
 QUIT
 ****
+# Same again, but with sender_verify_fail logging turned off
+server PORT_S
+220 Server ready
+HELO
+250 OK
+MAIL FROM
+250 OK
+RCPT TO
+550 NO
+QUIT
+250 OK
+****
+sudo exim -DSELECTOR=-sender_verify_fail -d-all+verify -v -bs -oMa V4NET.0.0.2
+MAIL FROM:<NOTok2@elsewhere>
+RCPT TO:<nocheckpm@test.ex>
+QUIT
+****
diff --git a/test/stderr/0462 b/test/stderr/0462
index 876aacc79..238959945 100644
--- a/test/stderr/0462
+++ b/test/stderr/0462
@@ -79,3 +79,34 @@ LOG: MAIN REJECT
 LOG: smtp_connection MAIN
   SMTP connection from root closed by QUIT
 >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+  SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying NOTok2@elsewhere
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering NOTok2@elsewhere
+Attempting full verification using callout
+callout cache: found domain record
+callout cache: no address record found
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+  SMTP<< 220 Server ready
+  SMTP>> HELO myhost.test.ex
+  SMTP<< 250 OK
+  SMTP>> MAIL FROM:<>
+  SMTP<< 250 OK
+  SMTP>> RCPT TO:<NOTok2@elsewhere>
+  SMTP<< 550 NO
+  SMTP>> QUIT
+wrote callout cache domain record:
+  result=1 postmaster=0 random=0
+wrote negative callout cache address record
+LOG: MAIN REJECT
+  H=[V4NET.0.0.2] U=root F=<NOTok2@elsewhere> rejected RCPT <nocheckpm@test.ex>: Sender verify failed
+LOG: smtp_connection MAIN
+  SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
diff --git a/test/stdout/0462 b/test/stdout/0462
index f454d0c23..004a788af 100644
--- a/test/stdout/0462
+++ b/test/stdout/0462
@@ -18,6 +18,14 @@
 550-Response: 550 NO

 550 Sender verify failed

 221 myhost.test.ex closing connection

+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000

+250 OK

+550-Verification failed for <NOTok2@elsewhere>

+550-Called:   127.0.0.1

+550-Sent:     RCPT TO:<NOTok2@elsewhere>

+550-Response: 550 NO

+550 Sender verify failed

+221 myhost.test.ex closing connection

 
 ******** SERVER ********
 Listening on port 1224 ... 
@@ -50,3 +58,15 @@ RCPT TO:<NOTok@elsewhere>
 QUIT
 250 OK
 End of script
+Listening on port 1224 ... 
+Connection request from [127.0.0.1]
+220 Server ready
+HELO myhost.test.ex
+250 OK
+MAIL FROM:<>
+250 OK
+RCPT TO:<NOTok2@elsewhere>
+550 NO
+QUIT
+250 OK
+End of script