From 8e78571a8b7a823a439710720a407820ab662451 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 3 Oct 2019 20:57:40 +0100 Subject: Events: Add smtp:ehlo event --- doc/doc-docbook/spec.xfpt | 4 ++++ doc/doc-txt/NewStuff | 2 ++ src/src/transports/smtp.c | 4 ++++ test/aux-fixed/event-logger-acl | 12 ++++++++++-- test/confs/5710 | 2 ++ test/confs/5720 | 2 ++ test/log/5700 | 12 ++++++++++++ test/log/5702 | 3 +++ test/log/5703 | 3 +++ test/log/5710 | 4 ++++ test/log/5720 | 4 ++++ 11 files changed, 50 insertions(+), 2 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 273348ac8..3afc62989 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -41032,7 +41032,9 @@ Events have names which correspond to the point in process at which they fire. The name is placed in the variable &$event_name$& and the event action expansion must check this, as it will be called for every possible event type. +.new The current list of events is: +.wen .display &`dane:fail after transport `& per connection &`msg:complete after main `& per message @@ -41046,6 +41048,7 @@ The current list of events is: &`tcp:close after transport `& per connection &`tls:cert before both `& per certificate in verification chain &`smtp:connect after transport `& per connection +&`smtp:ehlo after transport `& per connection .endd New event types may be added in future. @@ -41072,6 +41075,7 @@ with the event type: &`msg:host:defer `& error string &`tls:cert `& verification chain depth &`smtp:connect `& smtp banner +&`smtp:ehlo `& smtp ehlo response .endd The :defer events populate one extra variable: &$event_defer_errno$&. diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index aa05e67d5..4caa897e3 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -39,6 +39,8 @@ Version 4.93 13. Dual-certificate stacks on servers now support OCSP stapling, under OpenSSL. +14: An smtp:ehlo transport event, for observability of the remote offered features. + Version 4.92 -------------- diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index d90f7adf1..3df06c202 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -814,6 +814,10 @@ if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2', #ifdef EXPERIMENTAL_DSN_INFO sx->helo_response = string_copy(sx->buffer); #endif +#ifndef DISABLE_EVENT +(void) event_raise(sx->conn_args.tblock->event_action, + US"smtp:ehlo", sx->buffer); +#endif return TRUE; } diff --git a/test/aux-fixed/event-logger-acl b/test/aux-fixed/event-logger-acl index 62cba32d6..980d47f11 100644 --- a/test/aux-fixed/event-logger-acl +++ b/test/aux-fixed/event-logger-acl @@ -4,13 +4,17 @@ ev_tcp: accept condition = ${if eq {$event_name}{tcp:close}} logwrite = . [$sending_ip_address] -> \ [$host_address]:$host_port - accept + accept logwrite = UNEXPECTED $event_name ev_smtp: - accept + warn logwrite = . [$sending_ip_address] -> \ [$host_address]:$host_port + accept condition = ${if eq {$event_name}{smtp:connect}} logwrite = . banner <$event_data> + accept condition = ${if eq {$event_name}{smtp:ehlo}} + logwrite = . ehlo-resp <$event_data> + accept logwrite = UNEXPECTED $event_name ev_msg_fail: accept condition = ${if eq {$event_name}{msg:fail:delivery}} @@ -64,6 +68,9 @@ ev_msg: "err <$event_defer_errno>:<$acl_m_ev_lkup:$acl_m_ev_code> \ errstr <$event_data>" + accept condition = ${if eq {$event_name}{msg:rcpt:host:defer}} + accept logwrite = UNEXPECTED $event_name + logger: warn logwrite = event $event_name accept condition = ${if eq {tcp} {${listextract{1}{$event_name}}}} @@ -72,3 +79,4 @@ logger: acl = ev_smtp accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}} acl = ev_msg + accept logwrite = UNEXPECTED $event_name diff --git a/test/confs/5710 b/test/confs/5710 index e61fadc5e..6ab64f4ec 100644 --- a/test/confs/5710 +++ b/test/confs/5710 @@ -69,6 +69,8 @@ logger: acl = ev_msg $event_name $acl_arg2 accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}} message = ${acl {ev_tls}} + accept condition = ${if eq {smtp:ehlo}{$event_name}} + logwrite = $tls_out_cipher smtp:ehlo $event_data accept # ----- Routers ----- diff --git a/test/confs/5720 b/test/confs/5720 index 2de47bd82..030434973 100644 --- a/test/confs/5720 +++ b/test/confs/5720 @@ -69,6 +69,8 @@ logger: acl = ev_msg $event_name $acl_arg2 accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}} message = ${acl {ev_tls}} + accept condition = ${if eq {smtp:ehlo}{$event_name}} + logwrite = $tls_out_cipher smtp:ehlo $event_data accept # ----- Routers ----- diff --git a/test/log/5700 b/test/log/5700 index 7f810e438..d50c67cd1 100644 --- a/test/log/5700 +++ b/test/log/5700 @@ -5,6 +5,9 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 event smtp:connect 1999-03-02 09:44:33 10HmaY-0005vi-00 . [127.0.0.1] -> [127.0.0.1]:PORT_S 1999-03-02 09:44:33 10HmaY-0005vi-00 . banner <220 ESMTP> +1999-03-02 09:44:33 10HmaY-0005vi-00 event smtp:ehlo +1999-03-02 09:44:33 10HmaY-0005vi-00 . [127.0.0.1] -> [127.0.0.1]:PORT_S +1999-03-02 09:44:33 10HmaY-0005vi-00 . ehlo-resp <250-OK\n250 HELP> 1999-03-02 09:44:33 10HmaY-0005vi-00 event tcp:close 1999-03-02 09:44:33 10HmaY-0005vi-00 . [127.0.0.1] -> [127.0.0.1]:PORT_S 1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" @@ -21,6 +24,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 event smtp:connect 1999-03-02 09:44:33 10HmaX-0005vi-00 . [127.0.0.1] -> [127.0.0.1]:PORT_S 1999-03-02 09:44:33 10HmaX-0005vi-00 . banner <220 ESMTP> +1999-03-02 09:44:33 10HmaX-0005vi-00 event smtp:ehlo +1999-03-02 09:44:33 10HmaX-0005vi-00 . [127.0.0.1] -> [127.0.0.1]:PORT_S +1999-03-02 09:44:33 10HmaX-0005vi-00 . ehlo-resp <250-OK\n250 HELP> 1999-03-02 09:44:33 10HmaX-0005vi-00 event tcp:close 1999-03-02 09:44:33 10HmaX-0005vi-00 . [127.0.0.1] -> [127.0.0.1]:PORT_S 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@expansionfail R=others T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" @@ -57,6 +63,9 @@ 1999-03-02 09:44:33 10HmbA-0005vi-00 event smtp:connect 1999-03-02 09:44:33 10HmbA-0005vi-00 . [127.0.0.1] -> [127.0.0.1]:PORT_S 1999-03-02 09:44:33 10HmbA-0005vi-00 . banner <220 ESMTP> +1999-03-02 09:44:33 10HmbA-0005vi-00 event smtp:ehlo +1999-03-02 09:44:33 10HmbA-0005vi-00 . [127.0.0.1] -> [127.0.0.1]:PORT_S +1999-03-02 09:44:33 10HmbA-0005vi-00 . ehlo-resp <250-OK\n250 HELP> 1999-03-02 09:44:33 10HmbA-0005vi-00 event msg:rcpt:host:defer 1999-03-02 09:44:33 10HmbA-0005vi-00 event msg:rcpt:defer 1999-03-02 09:44:33 10HmbA-0005vi-00 . rcpt deferral ip <127.0.0.1> port <1224> fqdn <127.0.0.1> local_part domain err <12865>: errstr : 450 NOT RIGHT NOW> router transport @@ -78,6 +87,9 @@ 1999-03-02 09:44:33 10HmbB-0005vi-00 event smtp:connect 1999-03-02 09:44:33 10HmbB-0005vi-00 . [127.0.0.1] -> [127.0.0.1]:PORT_S 1999-03-02 09:44:33 10HmbB-0005vi-00 . banner <220 ESMTP> +1999-03-02 09:44:33 10HmbB-0005vi-00 event smtp:ehlo +1999-03-02 09:44:33 10HmbB-0005vi-00 . [127.0.0.1] -> [127.0.0.1]:PORT_S +1999-03-02 09:44:33 10HmbB-0005vi-00 . ehlo-resp <250-OK\n250 HELP> 1999-03-02 09:44:33 10HmbB-0005vi-00 event tcp:close 1999-03-02 09:44:33 10HmbB-0005vi-00 . [127.0.0.1] -> [127.0.0.1]:PORT_S 1999-03-02 09:44:33 10HmbB-0005vi-00 ** userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after RCPT TO:: 550 GO AWAY diff --git a/test/log/5702 b/test/log/5702 index 45f517bf5..5d494eee0 100644 --- a/test/log/5702 +++ b/test/log/5702 @@ -5,6 +5,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 event smtp:connect 1999-03-02 09:44:33 10HmaX-0005vi-00 . [127.0.0.1] -> [127.0.0.1]:PORT_S 1999-03-02 09:44:33 10HmaX-0005vi-00 . banner <220 ESMTP> +1999-03-02 09:44:33 10HmaX-0005vi-00 event smtp:ehlo +1999-03-02 09:44:33 10HmaX-0005vi-00 . [127.0.0.1] -> [127.0.0.1]:PORT_S +1999-03-02 09:44:33 10HmaX-0005vi-00 . ehlo-resp <250-OK\n250 HELP> 1999-03-02 09:44:33 10HmaX-0005vi-00 event tcp:close 1999-03-02 09:44:33 10HmaX-0005vi-00 . [127.0.0.1] -> [127.0.0.1]:PORT_S 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=route_smtp T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" diff --git a/test/log/5703 b/test/log/5703 index 0ce0f133f..ac98fc9d9 100644 --- a/test/log/5703 +++ b/test/log/5703 @@ -5,6 +5,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 event smtp:connect 1999-03-02 09:44:33 10HmaX-0005vi-00 . [127.0.0.1] -> [127.0.0.1]:PORT_S 1999-03-02 09:44:33 10HmaX-0005vi-00 . banner <220 ESMTP> +1999-03-02 09:44:33 10HmaX-0005vi-00 event smtp:ehlo +1999-03-02 09:44:33 10HmaX-0005vi-00 . [127.0.0.1] -> [127.0.0.1]:PORT_S +1999-03-02 09:44:33 10HmaX-0005vi-00 . ehlo-resp <250-OK\n250 HELP> 1999-03-02 09:44:33 10HmaX-0005vi-00 event tcp:close 1999-03-02 09:44:33 10HmaX-0005vi-00 . [127.0.0.1] -> [127.0.0.1]:PORT_S 1999-03-02 09:44:33 10HmaX-0005vi-00 event msg:fail:delivery diff --git a/test/log/5710 b/test/log/5710 index 4c92928b9..72bba14e6 100644 --- a/test/log/5710 +++ b/test/log/5710 @@ -1,6 +1,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf +1999-03-02 09:44:33 10HmaX-0005vi-00 smtp:ehlo 250-myhost.test.ex Hello localhost [127.0.0.1]\n250-SIZE 52428800\n250-8BITMIME\n250-PIPELINING\n250-STARTTLS\n250 HELP 1999-03-02 09:44:33 10HmaX-0005vi-00 tls:cert depth=0 1999-03-02 09:44:33 10HmaX-0005vi-00 msg:host:defer bad 1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented @@ -17,12 +18,15 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 SAN 1999-03-02 09:44:33 10HmaX-0005vi-00 CRU 1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session: (certificate verification failed): certificate invalid: delivering unencrypted to H=127.0.0.1 [127.0.0.1] (not in hosts_require_tls) +1999-03-02 09:44:33 10HmaX-0005vi-00 smtp:ehlo 250-myhost.test.ex Hello localhost [127.0.0.1]\n250-SIZE 52428800\n250-8BITMIME\n250-PIPELINING\n250-STARTTLS\n250 HELP 1999-03-02 09:44:33 10HmaX-0005vi-00 => bad@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 msg:delivery bad 1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented 1999-03-02 09:44:33 10HmaX-0005vi-00 No Peer cert 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaY-0005vi-00 smtp:ehlo 250-myhost.test.ex Hello localhost [127.0.0.1]\n250-SIZE 52428800\n250-8BITMIME\n250-PIPELINING\n250-STARTTLS\n250 HELP 1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth=0 +1999-03-02 09:44:33 10HmaY-0005vi-00 TLS1.x:ke-RSA-AES256-SHAnnn:xxx smtp:ehlo 250-myhost.test.ex Hello localhost [127.0.0.1]\n250-SIZE 52428800\n250-8BITMIME\n250-PIPELINING\n250 HELP 1999-03-02 09:44:33 10HmaY-0005vi-00 => good@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 msg:delivery good 1999-03-02 09:44:33 10HmaY-0005vi-00 Our cert SN: CN=server2.example.com diff --git a/test/log/5720 b/test/log/5720 index 154d09d64..066f7fb35 100644 --- a/test/log/5720 +++ b/test/log/5720 @@ -1,6 +1,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf +1999-03-02 09:44:33 10HmaX-0005vi-00 smtp:ehlo 250-myhost.test.ex Hello localhost [127.0.0.1]\n250-SIZE 52428800\n250-8BITMIME\n250-PIPELINING\n250-STARTTLS\n250 HELP 1999-03-02 09:44:33 10HmaX-0005vi-00 [127.0.0.1] SSL verify error: depth=2 error=self signed certificate in certificate chain cert=/O=example.com/CN=clica CA rsa 1999-03-02 09:44:33 10HmaX-0005vi-00 msg:host:defer bad 1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented @@ -18,14 +19,17 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 (no OCU) 1999-03-02 09:44:33 10HmaX-0005vi-00 (no CRU) 1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session: (SSL_connect): error: <> +1999-03-02 09:44:33 10HmaX-0005vi-00 smtp:ehlo 250-myhost.test.ex Hello localhost [127.0.0.1]\n250-SIZE 52428800\n250-8BITMIME\n250-PIPELINING\n250-STARTTLS\n250 HELP 1999-03-02 09:44:33 10HmaX-0005vi-00 => bad@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 msg:delivery bad 1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented 1999-03-02 09:44:33 10HmaX-0005vi-00 No Peer cert 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaY-0005vi-00 smtp:ehlo 250-myhost.test.ex Hello localhost [127.0.0.1]\n250-SIZE 52428800\n250-8BITMIME\n250-PIPELINING\n250-STARTTLS\n250 HELP 1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth=2 1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth=1 1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth=0 +1999-03-02 09:44:33 10HmaY-0005vi-00 TLS1.x:ke-RSA-AES256-SHAnnn:xxx smtp:ehlo 250-myhost.test.ex Hello localhost [127.0.0.1]\n250-SIZE 52428800\n250-8BITMIME\n250-PIPELINING\n250 HELP 1999-03-02 09:44:33 10HmaY-0005vi-00 => good@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 msg:delivery good 1999-03-02 09:44:33 10HmaY-0005vi-00 Our cert SN: CN=server2.example.com -- cgit v1.2.3