diff options
-rw-r--r-- | doc/doc-txt/ChangeLog | 10 | ||||
-rw-r--r-- | doc/doc-txt/NewStuff | 16 | ||||
-rw-r--r-- | src/ACKNOWLEDGMENTS | 3 | ||||
-rw-r--r-- | src/src/acl.c | 56 | ||||
-rw-r--r-- | src/src/exim.c | 17 | ||||
-rw-r--r-- | src/src/globals.c | 5 | ||||
-rw-r--r-- | src/src/globals.h | 3 | ||||
-rw-r--r-- | src/src/macros.h | 3 | ||||
-rw-r--r-- | src/src/readconf.c | 3 | ||||
-rw-r--r-- | test/confs/0535 | 46 | ||||
-rw-r--r-- | test/log/0535 | 6 | ||||
-rw-r--r-- | test/mail/0535.userx | 20 | ||||
-rw-r--r-- | test/scripts/0000-Basic/0535 | 7 |
13 files changed, 163 insertions, 32 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 1ae87c627..348c279a1 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.362 2006/06/28 13:59:12 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.363 2006/06/28 16:00:23 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -20,8 +20,8 @@ SC/03 Collect data on the number of addresses (recipients) as well TF/01 Correct an error in the documentation for the redirect router. Exim does (usually) call initgroups() when daemonizing. -TF/02 Call initgroups() when dropping privilege in exim.c, so that Exim runs with - consistent privilege compared to when running as a daemon. +TF/02 Call initgroups() when dropping privilege in exim.c, so that Exim runs + with consistent privilege compared to when running as a daemon. TF/03 Note in the spec that $authenticated_id is not set for local submissions from trusted users. @@ -52,6 +52,10 @@ PH/04 Applied Magnus Holmgren's patch to fix Bugzilla #98: transport's home PH/05 Applied Alex Kiernan's patch to fix Bugzilla #99: a problem with libradius. +PH/06 Added acl_not_smtp_start, based on Johannes Berg's patch, and set the + bit to forbid control=suppress_local_fixups in the acl_not_smtp ACL, + because it is too late at that time, and has no effect. + Exim version 4.62 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 6fa8b4b83..4f7ca8470 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/NewStuff,v 1.103 2006/06/27 14:34:26 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/NewStuff,v 1.104 2006/06/28 16:00:23 ph10 Exp $ New Features in Exim -------------------- @@ -17,6 +17,20 @@ Version 4.63 it is automatically prepended to the relative path. This action can now be prevented by setting filter_prepend_home false. +2. There is a new acl, set by acl_not_smtp_start, which is run right at the + start of receiving a non-SMTP message, before any of the message has been + read. (This is the analogue of the acl_smtp_predata ACL for SMTP input.) The + result of this ACL is ignored; it cannot be used to reject a message. If + you really need to, you could set a value in an ACL variable here and reject + based on that in the acl_not_smtp ACL. However, this ACL can be used to set + controls, and in particular, it can be used to set control=suppress_local_ + fixups, which cannot be used in the acl_not_smtp ACL because by the time + that ACL is run, it is too late. When the acl_not_smtp_start ACL is run, the + sender and recipients are known, so the "senders" and "sender_domains" + conditions and $sender_address and $recipients variables can be used. + Variables such as $authenticated_ sender are also available. It is possible + to specify added header lines in this ACL. + Version 4.62 ------------ diff --git a/src/ACKNOWLEDGMENTS b/src/ACKNOWLEDGMENTS index 3a8bfbb9f..114cc64c9 100644 --- a/src/ACKNOWLEDGMENTS +++ b/src/ACKNOWLEDGMENTS @@ -1,4 +1,4 @@ -$Cambridge: exim/src/ACKNOWLEDGMENTS,v 1.48 2006/06/28 13:59:13 ph10 Exp $ +$Cambridge: exim/src/ACKNOWLEDGMENTS,v 1.49 2006/06/28 16:00:23 ph10 Exp $ EXIM ACKNOWLEDGEMENTS @@ -72,6 +72,7 @@ Ian Bell Analysis of a bug and an infelicity in clock tick code Patch for ${quote_local_part Peter Benie A number mistakes found by analysing the code Johannes Berg Suggested patch for authentication client $auth<n> support + Suggested patch for acl_not_smtp_start Matt Bernstein LMTP over socket Suggested patch for dnslists '&' feature Mike Bethune Help with debugging an elusive ALRM signal bug diff --git a/src/src/acl.c b/src/src/acl.c index 02a2e9440..086fa68fd 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/acl.c,v 1.61 2006/06/27 15:07:18 ph10 Exp $ */ +/* $Cambridge: exim/src/src/acl.c,v 1.62 2006/06/28 16:00:23 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -323,12 +323,14 @@ static unsigned int cond_forbids[] = { 0, /* acl */ (unsigned int) - ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* add_header */ + ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* add_header */ (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)| - (1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)), + (1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)| + (1<<ACL_WHERE_NOTSMTP_START)), - (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_CONNECT)| /* authenticated */ - (1<<ACL_WHERE_HELO), + (1<<ACL_WHERE_NOTSMTP)| /* authenticated */ + (1<<ACL_WHERE_NOTSMTP_START)| + (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO), #ifdef EXPERIMENTAL_BRIGHTMAIL (1<<ACL_WHERE_AUTH)| /* bmi_optin */ @@ -337,7 +339,8 @@ static unsigned int cond_forbids[] = { (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| (1<<ACL_WHERE_MAILAUTH)| (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)| - (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_PREDATA), + (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_PREDATA)| + (1<<ACL_WHERE_NOTSMTP_START), #endif 0, /* condition */ @@ -366,7 +369,7 @@ static unsigned int cond_forbids[] = { (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)| (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)| - (1<<ACL_WHERE_VRFY), + (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START), (1<<ACL_WHERE_AUTH)| /* dk_policy */ (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)| @@ -374,7 +377,7 @@ static unsigned int cond_forbids[] = { (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)| (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)| - (1<<ACL_WHERE_VRFY), + (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START), (1<<ACL_WHERE_AUTH)| /* dk_sender_domains */ (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)| @@ -382,7 +385,7 @@ static unsigned int cond_forbids[] = { (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)| (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)| - (1<<ACL_WHERE_VRFY), + (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START), (1<<ACL_WHERE_AUTH)| /* dk_sender_local_parts */ (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)| @@ -390,7 +393,7 @@ static unsigned int cond_forbids[] = { (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)| (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)| - (1<<ACL_WHERE_VRFY), + (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START), (1<<ACL_WHERE_AUTH)| /* dk_senders */ (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)| @@ -398,7 +401,7 @@ static unsigned int cond_forbids[] = { (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)| (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)| - (1<<ACL_WHERE_VRFY), + (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START), (1<<ACL_WHERE_AUTH)| /* dk_status */ (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)| @@ -406,20 +409,24 @@ static unsigned int cond_forbids[] = { (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)| (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)| - (1<<ACL_WHERE_VRFY), + (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START), #endif - (1<<ACL_WHERE_NOTSMTP), /* dnslists */ + (1<<ACL_WHERE_NOTSMTP)| /* dnslists */ + (1<<ACL_WHERE_NOTSMTP_START), (unsigned int) ~(1<<ACL_WHERE_RCPT), /* domains */ - (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_CONNECT)| /* encrypted */ + (1<<ACL_WHERE_NOTSMTP)| /* encrypted */ + (1<<ACL_WHERE_CONNECT)| + (1<<ACL_WHERE_NOTSMTP_START)| (1<<ACL_WHERE_HELO), 0, /* endpass */ - (1<<ACL_WHERE_NOTSMTP), /* hosts */ + (1<<ACL_WHERE_NOTSMTP)| /* hosts */ + (1<<ACL_WHERE_NOTSMTP_START), (unsigned int) ~(1<<ACL_WHERE_RCPT), /* local_parts */ @@ -475,7 +482,9 @@ static unsigned int cond_forbids[] = { (1<<ACL_WHERE_HELO)| (1<<ACL_WHERE_MAILAUTH)| (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)| - (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY), + (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)| + (1<<ACL_WHERE_NOTSMTP)| + (1<<ACL_WHERE_NOTSMTP_START), #endif /* Certain types of verify are always allowed, so we let it through @@ -498,7 +507,8 @@ static unsigned int control_forbids[] = { #endif #ifdef EXPERIMENTAL_DOMAINKEYS - (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP), /* dk_verify */ + (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)| /* dk_verify */ + (1<<ACL_WHERE_NOTSMTP_START), #endif 0, /* error */ @@ -509,9 +519,11 @@ static unsigned int control_forbids[] = { (unsigned int) ~(1<<ACL_WHERE_RCPT), /* caselower_local_part */ - (1<<ACL_WHERE_NOTSMTP), /* enforce_sync */ + (1<<ACL_WHERE_NOTSMTP)| /* enforce_sync */ + (1<<ACL_WHERE_NOTSMTP_START), - (1<<ACL_WHERE_NOTSMTP), /* no_enforce_sync */ + (1<<ACL_WHERE_NOTSMTP)| /* no_enforce_sync */ + (1<<ACL_WHERE_NOTSMTP_START), (unsigned int) ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* freeze */ @@ -529,7 +541,8 @@ static unsigned int control_forbids[] = { (unsigned int) ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* suppress_local_fixups */ - (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_PREDATA)), + (1<<ACL_WHERE_PREDATA)| + (1<<ACL_WHERE_NOTSMTP_START)), #ifdef WITH_CONTENT_SCAN (unsigned int) @@ -548,7 +561,8 @@ static unsigned int control_forbids[] = { (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)| (1<<ACL_WHERE_MIME)), - (1<<ACL_WHERE_NOTSMTP) /* no_multiline */ + (1<<ACL_WHERE_NOTSMTP)| /* no_multiline */ + (1<<ACL_WHERE_NOTSMTP_START) }; /* Structure listing various control arguments, with their characteristics. */ diff --git a/src/src/exim.c b/src/src/exim.c index 41016ad3e..a40ded77e 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/exim.c,v 1.39 2006/05/22 18:42:34 fanf2 Exp $ */ +/* $Cambridge: exim/src/src/exim.c,v 1.40 2006/06/28 16:00:24 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -4422,7 +4422,7 @@ if (smtp_input) } } -/* Otherwise, set up the input size limit here */ +/* Otherwise, set up the input size limit here. */ else { @@ -4638,6 +4638,19 @@ while (more) } } + /* Run the acl_not_smtp_start ACL if required. The result of the ACL is + ignored; rejecting here would just add complication, and it can just as + well be done later. Allow $recipients to be visible in the ACL. */ + + if (acl_not_smtp_start != NULL) + { + uschar *user_msg, *log_msg; + enable_dollar_recipients = TRUE; + (void)acl_check(ACL_WHERE_NOTSMTP_START, NULL, acl_not_smtp_start, + &user_msg, &log_msg); + enable_dollar_recipients = FALSE; + } + /* Read the data for the message. If filter_test is not FTEST_NONE, this will just read the headers for the message, and not write anything onto the spool. */ diff --git a/src/src/globals.c b/src/src/globals.c index b9f5667e2..4455f384e 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/globals.c,v 1.53 2006/03/06 16:05:12 ph10 Exp $ */ +/* $Cambridge: exim/src/src/globals.c,v 1.54 2006/06/28 16:00:24 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -168,6 +168,7 @@ uschar *acl_not_smtp = NULL; #ifdef WITH_CONTENT_SCAN uschar *acl_not_smtp_mime = NULL; #endif +uschar *acl_not_smtp_start = NULL; uschar *acl_smtp_auth = NULL; uschar *acl_smtp_connect = NULL; uschar *acl_smtp_data = NULL; @@ -204,6 +205,7 @@ uschar *acl_wherenames[] = { US"RCPT", US"EXPN", US"EHLO or HELO", US"MAILAUTH", + US"non-SMTP-start", US"QUIT", US"STARTTLS", US"VRFY" @@ -221,6 +223,7 @@ int acl_wherecodes[] = { 550, /* RCPT */ 550, /* EXPN */ 550, /* HELO/EHLO */ 0, /* MAILAUTH; not relevant */ + 0, /* not SMTP; not relevant */ 0, /* QUIT; not relevant */ 550, /* STARTTLS */ 252 /* VRFY */ diff --git a/src/src/globals.h b/src/src/globals.h index 555d68ea8..53272ceef 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/globals.h,v 1.37 2006/03/06 16:05:12 ph10 Exp $ */ +/* $Cambridge: exim/src/src/globals.h,v 1.38 2006/06/28 16:00:24 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -110,6 +110,7 @@ extern uschar *acl_not_smtp; /* ACL run for non-SMTP messages */ #ifdef WITH_CONTENT_SCAN extern uschar *acl_not_smtp_mime; /* For MIME parts of ditto */ #endif +extern uschar *acl_not_smtp_start; /* ACL run at the beginning of a non-SMTP session */ extern uschar *acl_smtp_auth; /* ACL run for AUTH */ extern uschar *acl_smtp_connect; /* ACL run on SMTP connection */ extern uschar *acl_smtp_data; /* ACL run after DATA received */ diff --git a/src/src/macros.h b/src/src/macros.h index 17337089d..59c05e697 100644 --- a/src/src/macros.h +++ b/src/src/macros.h @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/macros.h,v 1.25 2006/06/27 14:34:26 ph10 Exp $ */ +/* $Cambridge: exim/src/src/macros.h,v 1.26 2006/06/28 16:00:24 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -778,6 +778,7 @@ enum { ACL_WHERE_RCPT, /* Some controls are for RCPT only */ ACL_WHERE_EXPN, ACL_WHERE_HELO, ACL_WHERE_MAILAUTH, + ACL_WHERE_NOTSMTP_START, ACL_WHERE_QUIT, ACL_WHERE_STARTTLS, ACL_WHERE_VRFY diff --git a/src/src/readconf.c b/src/src/readconf.c index d1911a7b6..75d444ef1 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/readconf.c,v 1.22 2006/03/09 15:10:16 ph10 Exp $ */ +/* $Cambridge: exim/src/src/readconf.c,v 1.23 2006/06/28 16:00:24 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -138,6 +138,7 @@ static optionlist optionlist_config[] = { #ifdef WITH_CONTENT_SCAN { "acl_not_smtp_mime", opt_stringptr, &acl_not_smtp_mime }, #endif + { "acl_not_smtp_start", opt_stringptr, &acl_not_smtp_start }, { "acl_smtp_auth", opt_stringptr, &acl_smtp_auth }, { "acl_smtp_connect", opt_stringptr, &acl_smtp_connect }, { "acl_smtp_data", opt_stringptr, &acl_smtp_data }, diff --git a/test/confs/0535 b/test/confs/0535 new file mode 100644 index 000000000..6504807f9 --- /dev/null +++ b/test/confs/0535 @@ -0,0 +1,46 @@ +# Exim test configuration 0535 + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + +# ----- Main settings ----- + +acl_not_smtp_start = one +trusted_users = CALLER + + +# ----- ACLs ----- + +begin ACL + +one: + warn senders = ^nofix@ + control = suppress_local_fixups + add_header = X-Added: $recipients + +# ----- Routers ----- + +begin routers + +r1: + driver = accept + transport = t1 + + +# ----- Transports ----- + +begin transports + +t1: + driver = appendfile + user = CALLER + file = DIR/test-mail/$local_part + + +# End diff --git a/test/log/0535 b/test/log/0535 new file mode 100644 index 000000000..e737ee232 --- /dev/null +++ b/test/log/0535 @@ -0,0 +1,6 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx <userx@test.ex> R=r1 T=t1 +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaY-0005vi-00 <= nofix@test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx <userx@test.ex> R=r1 T=t1 +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed diff --git a/test/mail/0535.userx b/test/mail/0535.userx new file mode 100644 index 000000000..4ca2d6156 --- /dev/null +++ b/test/mail/0535.userx @@ -0,0 +1,20 @@ +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from <CALLER@myhost.test.ex>) + id 10HmaX-0005vi-00 + for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Message-Id: <E10HmaX-0005vi-00@myhost.test.ex> +From: CALLER_NAME <CALLER@myhost.test.ex> +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +No headers supplied. + +From nofix@test.ex Tue Mar 02 09:44:33 1999 +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from <nofix@test.ex>) + id 10HmaY-0005vi-00 + for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +X-Added: userx@test.ex + +No headers supplied. + diff --git a/test/scripts/0000-Basic/0535 b/test/scripts/0000-Basic/0535 new file mode 100644 index 000000000..237fa4c9c --- /dev/null +++ b/test/scripts/0000-Basic/0535 @@ -0,0 +1,7 @@ +# acl_not_smtp_start +exim -odi userx@test.ex +No headers supplied. +**** +exim -odi -f nofix@test.ex userx@test.ex +No headers supplied. +**** |