diff options
author | Philip Hazel <ph10@hermes.cam.ac.uk> | 2006-06-28 16:00:23 +0000 |
---|---|---|
committer | Philip Hazel <ph10@hermes.cam.ac.uk> | 2006-06-28 16:00:23 +0000 |
commit | 45b915963e2e3721fc65c7c3f50f2f65f5c54d1b (patch) | |
tree | 7925d3671d311a16fded661f35e54b19a83e8e2b /src | |
parent | b4a9bda23dd6b1941ac1cf53093e0eacf485b34f (diff) |
Add acl_not_smtp_start ACL (mostly Johannes Berg's patch).
Diffstat (limited to 'src')
-rw-r--r-- | src/ACKNOWLEDGMENTS | 3 | ||||
-rw-r--r-- | src/src/acl.c | 56 | ||||
-rw-r--r-- | src/src/exim.c | 17 | ||||
-rw-r--r-- | src/src/globals.c | 5 | ||||
-rw-r--r-- | src/src/globals.h | 3 | ||||
-rw-r--r-- | src/src/macros.h | 3 | ||||
-rw-r--r-- | src/src/readconf.c | 3 |
7 files changed, 62 insertions, 28 deletions
diff --git a/src/ACKNOWLEDGMENTS b/src/ACKNOWLEDGMENTS index 3a8bfbb9f..114cc64c9 100644 --- a/src/ACKNOWLEDGMENTS +++ b/src/ACKNOWLEDGMENTS @@ -1,4 +1,4 @@ -$Cambridge: exim/src/ACKNOWLEDGMENTS,v 1.48 2006/06/28 13:59:13 ph10 Exp $ +$Cambridge: exim/src/ACKNOWLEDGMENTS,v 1.49 2006/06/28 16:00:23 ph10 Exp $ EXIM ACKNOWLEDGEMENTS @@ -72,6 +72,7 @@ Ian Bell Analysis of a bug and an infelicity in clock tick code Patch for ${quote_local_part Peter Benie A number mistakes found by analysing the code Johannes Berg Suggested patch for authentication client $auth<n> support + Suggested patch for acl_not_smtp_start Matt Bernstein LMTP over socket Suggested patch for dnslists '&' feature Mike Bethune Help with debugging an elusive ALRM signal bug diff --git a/src/src/acl.c b/src/src/acl.c index 02a2e9440..086fa68fd 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/acl.c,v 1.61 2006/06/27 15:07:18 ph10 Exp $ */ +/* $Cambridge: exim/src/src/acl.c,v 1.62 2006/06/28 16:00:23 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -323,12 +323,14 @@ static unsigned int cond_forbids[] = { 0, /* acl */ (unsigned int) - ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* add_header */ + ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* add_header */ (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)| - (1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)), + (1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)| + (1<<ACL_WHERE_NOTSMTP_START)), - (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_CONNECT)| /* authenticated */ - (1<<ACL_WHERE_HELO), + (1<<ACL_WHERE_NOTSMTP)| /* authenticated */ + (1<<ACL_WHERE_NOTSMTP_START)| + (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO), #ifdef EXPERIMENTAL_BRIGHTMAIL (1<<ACL_WHERE_AUTH)| /* bmi_optin */ @@ -337,7 +339,8 @@ static unsigned int cond_forbids[] = { (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| (1<<ACL_WHERE_MAILAUTH)| (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)| - (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_PREDATA), + (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_PREDATA)| + (1<<ACL_WHERE_NOTSMTP_START), #endif 0, /* condition */ @@ -366,7 +369,7 @@ static unsigned int cond_forbids[] = { (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)| (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)| - (1<<ACL_WHERE_VRFY), + (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START), (1<<ACL_WHERE_AUTH)| /* dk_policy */ (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)| @@ -374,7 +377,7 @@ static unsigned int cond_forbids[] = { (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)| (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)| - (1<<ACL_WHERE_VRFY), + (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START), (1<<ACL_WHERE_AUTH)| /* dk_sender_domains */ (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)| @@ -382,7 +385,7 @@ static unsigned int cond_forbids[] = { (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)| (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)| - (1<<ACL_WHERE_VRFY), + (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START), (1<<ACL_WHERE_AUTH)| /* dk_sender_local_parts */ (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)| @@ -390,7 +393,7 @@ static unsigned int cond_forbids[] = { (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)| (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)| - (1<<ACL_WHERE_VRFY), + (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START), (1<<ACL_WHERE_AUTH)| /* dk_senders */ (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)| @@ -398,7 +401,7 @@ static unsigned int cond_forbids[] = { (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)| (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)| - (1<<ACL_WHERE_VRFY), + (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START), (1<<ACL_WHERE_AUTH)| /* dk_status */ (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)| @@ -406,20 +409,24 @@ static unsigned int cond_forbids[] = { (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)| (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)| - (1<<ACL_WHERE_VRFY), + (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START), #endif - (1<<ACL_WHERE_NOTSMTP), /* dnslists */ + (1<<ACL_WHERE_NOTSMTP)| /* dnslists */ + (1<<ACL_WHERE_NOTSMTP_START), (unsigned int) ~(1<<ACL_WHERE_RCPT), /* domains */ - (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_CONNECT)| /* encrypted */ + (1<<ACL_WHERE_NOTSMTP)| /* encrypted */ + (1<<ACL_WHERE_CONNECT)| + (1<<ACL_WHERE_NOTSMTP_START)| (1<<ACL_WHERE_HELO), 0, /* endpass */ - (1<<ACL_WHERE_NOTSMTP), /* hosts */ + (1<<ACL_WHERE_NOTSMTP)| /* hosts */ + (1<<ACL_WHERE_NOTSMTP_START), (unsigned int) ~(1<<ACL_WHERE_RCPT), /* local_parts */ @@ -475,7 +482,9 @@ static unsigned int cond_forbids[] = { (1<<ACL_WHERE_HELO)| (1<<ACL_WHERE_MAILAUTH)| (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| - (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY), + (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)| + (1<<ACL_WHERE_NOTSMTP)| + (1<<ACL_WHERE_NOTSMTP_START), #endif /* Certain types of verify are always allowed, so we let it through @@ -498,7 +507,8 @@ static unsigned int control_forbids[] = { #endif #ifdef EXPERIMENTAL_DOMAINKEYS - (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP), /* dk_verify */ + (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)| /* dk_verify */ + (1<<ACL_WHERE_NOTSMTP_START), #endif 0, /* error */ @@ -509,9 +519,11 @@ static unsigned int control_forbids[] = { (unsigned int) ~(1<<ACL_WHERE_RCPT), /* caselower_local_part */ - (1<<ACL_WHERE_NOTSMTP), /* enforce_sync */ + (1<<ACL_WHERE_NOTSMTP)| /* enforce_sync */ + (1<<ACL_WHERE_NOTSMTP_START), - (1<<ACL_WHERE_NOTSMTP), /* no_enforce_sync */ + (1<<ACL_WHERE_NOTSMTP)| /* no_enforce_sync */ + (1<<ACL_WHERE_NOTSMTP_START), (unsigned int) ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* freeze */ @@ -529,7 +541,8 @@ static unsigned int control_forbids[] = { (unsigned int) ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* suppress_local_fixups */ - (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_PREDATA)), + (1<<ACL_WHERE_PREDATA)| + (1<<ACL_WHERE_NOTSMTP_START)), #ifdef WITH_CONTENT_SCAN (unsigned int) @@ -548,7 +561,8 @@ static unsigned int control_forbids[] = { (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)| (1<<ACL_WHERE_MIME)), - (1<<ACL_WHERE_NOTSMTP) /* no_multiline */ + (1<<ACL_WHERE_NOTSMTP)| /* no_multiline */ + (1<<ACL_WHERE_NOTSMTP_START) }; /* Structure listing various control arguments, with their characteristics. */ diff --git a/src/src/exim.c b/src/src/exim.c index 41016ad3e..a40ded77e 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/exim.c,v 1.39 2006/05/22 18:42:34 fanf2 Exp $ */ +/* $Cambridge: exim/src/src/exim.c,v 1.40 2006/06/28 16:00:24 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -4422,7 +4422,7 @@ if (smtp_input) } } -/* Otherwise, set up the input size limit here */ +/* Otherwise, set up the input size limit here. */ else { @@ -4638,6 +4638,19 @@ while (more) } } + /* Run the acl_not_smtp_start ACL if required. The result of the ACL is + ignored; rejecting here would just add complication, and it can just as + well be done later. Allow $recipients to be visible in the ACL. */ + + if (acl_not_smtp_start != NULL) + { + uschar *user_msg, *log_msg; + enable_dollar_recipients = TRUE; + (void)acl_check(ACL_WHERE_NOTSMTP_START, NULL, acl_not_smtp_start, + &user_msg, &log_msg); + enable_dollar_recipients = FALSE; + } + /* Read the data for the message. If filter_test is not FTEST_NONE, this will just read the headers for the message, and not write anything onto the spool. */ diff --git a/src/src/globals.c b/src/src/globals.c index b9f5667e2..4455f384e 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/globals.c,v 1.53 2006/03/06 16:05:12 ph10 Exp $ */ +/* $Cambridge: exim/src/src/globals.c,v 1.54 2006/06/28 16:00:24 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -168,6 +168,7 @@ uschar *acl_not_smtp = NULL; #ifdef WITH_CONTENT_SCAN uschar *acl_not_smtp_mime = NULL; #endif +uschar *acl_not_smtp_start = NULL; uschar *acl_smtp_auth = NULL; uschar *acl_smtp_connect = NULL; uschar *acl_smtp_data = NULL; @@ -204,6 +205,7 @@ uschar *acl_wherenames[] = { US"RCPT", US"EXPN", US"EHLO or HELO", US"MAILAUTH", + US"non-SMTP-start", US"QUIT", US"STARTTLS", US"VRFY" @@ -221,6 +223,7 @@ int acl_wherecodes[] = { 550, /* RCPT */ 550, /* EXPN */ 550, /* HELO/EHLO */ 0, /* MAILAUTH; not relevant */ + 0, /* not SMTP; not relevant */ 0, /* QUIT; not relevant */ 550, /* STARTTLS */ 252 /* VRFY */ diff --git a/src/src/globals.h b/src/src/globals.h index 555d68ea8..53272ceef 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/globals.h,v 1.37 2006/03/06 16:05:12 ph10 Exp $ */ +/* $Cambridge: exim/src/src/globals.h,v 1.38 2006/06/28 16:00:24 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -110,6 +110,7 @@ extern uschar *acl_not_smtp; /* ACL run for non-SMTP messages */ #ifdef WITH_CONTENT_SCAN extern uschar *acl_not_smtp_mime; /* For MIME parts of ditto */ #endif +extern uschar *acl_not_smtp_start; /* ACL run at the beginning of a non-SMTP session */ extern uschar *acl_smtp_auth; /* ACL run for AUTH */ extern uschar *acl_smtp_connect; /* ACL run on SMTP connection */ extern uschar *acl_smtp_data; /* ACL run after DATA received */ diff --git a/src/src/macros.h b/src/src/macros.h index 17337089d..59c05e697 100644 --- a/src/src/macros.h +++ b/src/src/macros.h @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/macros.h,v 1.25 2006/06/27 14:34:26 ph10 Exp $ */ +/* $Cambridge: exim/src/src/macros.h,v 1.26 2006/06/28 16:00:24 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -778,6 +778,7 @@ enum { ACL_WHERE_RCPT, /* Some controls are for RCPT only */ ACL_WHERE_EXPN, ACL_WHERE_HELO, ACL_WHERE_MAILAUTH, + ACL_WHERE_NOTSMTP_START, ACL_WHERE_QUIT, ACL_WHERE_STARTTLS, ACL_WHERE_VRFY diff --git a/src/src/readconf.c b/src/src/readconf.c index d1911a7b6..75d444ef1 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/readconf.c,v 1.22 2006/03/09 15:10:16 ph10 Exp $ */ +/* $Cambridge: exim/src/src/readconf.c,v 1.23 2006/06/28 16:00:24 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -138,6 +138,7 @@ static optionlist optionlist_config[] = { #ifdef WITH_CONTENT_SCAN { "acl_not_smtp_mime", opt_stringptr, &acl_not_smtp_mime }, #endif + { "acl_not_smtp_start", opt_stringptr, &acl_not_smtp_start }, { "acl_smtp_auth", opt_stringptr, &acl_smtp_auth }, { "acl_smtp_connect", opt_stringptr, &acl_smtp_connect }, { "acl_smtp_data", opt_stringptr, &acl_smtp_data }, |