summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/doc-docbook/spec.xfpt14
-rw-r--r--src/src/receive.c26
2 files changed, 30 insertions, 10 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 0ed811ab5..88308ba23 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -27292,7 +27292,9 @@ It is usable in the RCPT ACL and valid only for single-recipient mails forwarded
from one SMTP connection to another. If a recipient-verify callout connection is
requested in the same ACL it is held open and used for the data, otherwise one is made
after the ACL completes.
-Note that routers are used in verify mode.
+
+Note that routers are used in verify mode. Note also that headers cannot be
+modified by any of the post-data ACLs (DATA, MIME and DKIM).
Should the ultimate destination system positively accept or reject the mail,
a corresponding indication is given to the source system and nothing is queued.
@@ -27547,12 +27549,15 @@ warn dnslists = sbl.spamhaus.org : \
add_header = X-blacklisted-at: $dnslist_domain
.endd
The &%add_header%& modifier is permitted in the MAIL, RCPT, PREDATA, DATA,
-MIME, and non-SMTP ACLs (in other words, those that are concerned with
+MIME, DKIM, and non-SMTP ACLs (in other words, those that are concerned with
receiving a message). The message must ultimately be accepted for
&%add_header%& to have any significant effect. You can use &%add_header%& with
any ACL verb, including &%deny%& (though this is potentially useful only in a
RCPT ACL).
+Headers will not be added to the message if the modifier is used in
+DATA, MIME or DKIM ACLs for messages delivered by cutthrough routing.
+
Leading and trailing newlines are removed from
the data for the &%add_header%& modifier; if it then
contains one or more newlines that
@@ -27646,12 +27651,15 @@ warn message = Remove internal headers
remove_header = x-route-mail1 : x-route-mail2
.endd
The &%remove_header%& modifier is permitted in the MAIL, RCPT, PREDATA, DATA,
-MIME, and non-SMTP ACLs (in other words, those that are concerned with
+MIME, DKIM, and non-SMTP ACLs (in other words, those that are concerned with
receiving a message). The message must ultimately be accepted for
&%remove_header%& to have any significant effect. You can use &%remove_header%&
with any ACL verb, including &%deny%&, though this is really not useful for
any verb that doesn't result in a delivered message.
+Headers will not be removed to the message if the modifier is used in
+DATA, MIME or DKIM ACLs for messages delivered by cutthrough routing.
+
More than one header can be removed at the same time by using a colon separated
list of header names. The header matching is case insensitive. Wildcards are
not permitted, nor is list expansion performed, so you cannot use hostlists to
diff --git a/src/src/receive.c b/src/src/receive.c
index 0295b7e54..15eb1291d 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -984,11 +984,23 @@ Returns: nothing
*/
static void
-add_acl_headers(uschar *acl_name)
+add_acl_headers(int where, uschar *acl_name)
{
header_line *h, *next;
header_line *last_received = NULL;
+switch(where)
+ {
+ case ACL_WHERE_DKIM:
+ case ACL_WHERE_MIME:
+ case ACL_WHERE_DATA: if (cutthrough_fd >= 0 && (acl_removed_headers || acl_added_headers))
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC, "Header modification in data ACLs"
+ "will not take effect on cutthrough deliveries");
+ return;
+ }
+ }
+
if (acl_removed_headers != NULL)
{
DEBUG(D_receive|D_acl) debug_printf(">>Headers removed by %s ACL:\n", acl_name);
@@ -1264,7 +1276,7 @@ if (rc == OK)
}
END_MIME_ACL:
-add_acl_headers(US"MIME");
+add_acl_headers(ACL_WHERE_MIME, US"MIME");
if (rc == DISCARD)
{
recipients_count = 0;
@@ -2826,7 +2838,7 @@ if (cutthrough_fd >= 0)
goto TIDYUP; /* Skip to end of function */
}
received_header_gen();
- add_acl_headers(US"MAIL or RCPT");
+ add_acl_headers(ACL_WHERE_RCPT, US"MAIL or RCPT");
(void) cutthrough_headers_send();
}
@@ -3118,7 +3130,7 @@ if (received_header->text == NULL) /* Non-cutthrough case */
/* If an ACL from any RCPT commands set up any warning headers to add, do so
now, before running the DATA ACL. */
- add_acl_headers(US"MAIL or RCPT");
+ add_acl_headers(ACL_WHERE_RCPT, US"MAIL or RCPT");
}
else
message_body_size = (fstat(data_fd, &statbuf) == 0)?
@@ -3231,7 +3243,7 @@ else
break;
}
}
- add_acl_headers(US"DKIM");
+ add_acl_headers(ACL_WHERE_DKIM, US"DKIM");
if (rc == DISCARD)
{
recipients_count = 0;
@@ -3341,7 +3353,7 @@ else
if (acl_smtp_data != NULL && recipients_count > 0)
{
rc = acl_check(ACL_WHERE_DATA, NULL, acl_smtp_data, &user_msg, &log_msg);
- add_acl_headers(US"DATA");
+ add_acl_headers(ACL_WHERE_DATA, US"DATA");
if (rc == DISCARD)
{
recipients_count = 0;
@@ -3424,7 +3436,7 @@ else
/* Does not return */
}
}
- add_acl_headers(US"non-SMTP");
+ add_acl_headers(ACL_WHERE_NOTSMTP, US"non-SMTP");
}
}