/* ACL verbs */
static uschar *verbs[] = {
- US"accept",
- US"defer",
- US"deny",
- US"discard",
- US"drop",
- US"require",
- US"warn" };
+ [ACL_ACCEPT] = US"accept",
+ [ACL_DEFER] = US"defer",
+ [ACL_DENY] = US"deny",
+ [ACL_DISCARD] = US"discard",
+ [ACL_DROP] = US"drop",
+ [ACL_REQUIRE] = US"require",
+ [ACL_WARN] = US"warn"
+};
/* For each verb, the conditions for which "message" or "log_message" are used
are held as a bitmap. This is to avoid expanding the strings unnecessarily. For
the code. */
static int msgcond[] = {
- (1<<OK) | (1<<FAIL) | (1<<FAIL_DROP), /* accept */
- (1<<OK), /* defer */
- (1<<OK), /* deny */
- (1<<OK) | (1<<FAIL) | (1<<FAIL_DROP), /* discard */
- (1<<OK), /* drop */
- (1<<FAIL) | (1<<FAIL_DROP), /* require */
- (1<<OK) /* warn */
+ [ACL_ACCEPT] = (1<<OK) | (1<<FAIL) | (1<<FAIL_DROP),
+ [ACL_DEFER] = (1<<OK),
+ [ACL_DENY] = (1<<OK),
+ [ACL_DISCARD] = (1<<OK) | (1<<FAIL) | (1<<FAIL_DROP),
+ [ACL_DROP] = (1<<OK),
+ [ACL_REQUIRE] = (1<<FAIL) | (1<<FAIL_DROP),
+ [ACL_WARN] = (1<<OK)
};
/* ACL condition and modifier codes - keep in step with the table that
} condition_def;
static condition_def conditions[] = {
- { US"acl", FALSE, FALSE, 0 },
+ [ACLC_ACL] = { US"acl", FALSE, FALSE, 0 },
- { US"add_header", TRUE, TRUE,
- (unsigned int)
- ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|
- (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
+ [ACLC_ADD_HEADER] = { US"add_header", TRUE, TRUE,
+ (unsigned int)
+
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|
+
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
#ifndef DISABLE_PRDR
- (1<<ACL_WHERE_PRDR)|
#endif
- (1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)|
- (1<<ACL_WHERE_DKIM)|
- (1<<ACL_WHERE_NOTSMTP_START)),
+
(1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)|
+
(1<<ACL_WHERE_NOTSMTP_START)),
},
- { US"authenticated", FALSE, FALSE,
- (1<<ACL_WHERE_NOTSMTP)|
- (1<<ACL_WHERE_NOTSMTP_START)|
- (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO),
+ [ACLC_AUTHENTICATED] = { US"authenticated", FALSE, FALSE,
+
(1<<ACL_WHERE_NOTSMTP)|
+
(1<<ACL_WHERE_NOTSMTP_START)|
+
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO),
},
#ifdef EXPERIMENTAL_BRIGHTMAIL
- { US"bmi_optin", TRUE, TRUE,
- (1<<ACL_WHERE_AUTH)|
- (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
- (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_MIME)|
+ [ACLC_BMI_OPTIN] = { US"bmi_optin", TRUE, TRUE,
+
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
+
(1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_MIME)|
# ifndef DISABLE_PRDR
- (1<<ACL_WHERE_PRDR)|
# endif
- (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
- (1<<ACL_WHERE_MAILAUTH)|
- (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_PREDATA)|
- (1<<ACL_WHERE_NOTSMTP_START),
+
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
+
(1<<ACL_WHERE_MAILAUTH)|
+
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
+
(1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_PREDATA)|
+
(1<<ACL_WHERE_NOTSMTP_START),
},
#endif
- { US"condition", TRUE, FALSE, 0 },
- { US"continue", TRUE, TRUE, 0 },
+ [ACLC_CONDITION] = { US"condition", TRUE, FALSE, 0 },
+ [ACLC_CONTINUE] = { US"continue", TRUE, TRUE, 0 },
/* Certain types of control are always allowed, so we let it through
always and check in the control processing itself. */
- { US"control", TRUE, TRUE, 0 },
+ [ACLC_CONTROL] = { US"control", TRUE, TRUE, 0 },
#ifdef EXPERIMENTAL_DCC
- { US"dcc", TRUE, FALSE,
- (unsigned int)
- ~((1<<ACL_WHERE_DATA)|
+ [ACLC_DCC] = { US"dcc", TRUE, FALSE,
+ (unsigned int)
# ifndef DISABLE_PRDR
- (1<<ACL_WHERE_PRDR)|
# endif
- (1<<ACL_WHERE_NOTSMTP)),
+
(1<<ACL_WHERE_NOTSMTP)),
},
#endif
#ifdef WITH_CONTENT_SCAN
-
{ US"decode", TRUE, FALSE, (unsigned int) ~(1<<ACL_WHERE_MIME) },
+
[ACLC_DECODE] = { US"decode", TRUE, FALSE, (unsigned int) ~(1<<ACL_WHERE_MIME) },
#endif
-
{ US"delay", TRUE, TRUE, (1<<ACL_WHERE_NOTQUIT) },
+
[ACLC_DELAY] = { US"delay", TRUE, TRUE, (1<<ACL_WHERE_NOTQUIT) },
#ifndef DISABLE_DKIM
-
{ US"dkim_signers", TRUE, FALSE, (unsigned int) ~(1<<ACL_WHERE_DKIM) },
-
{ US"dkim_status", TRUE, FALSE, (unsigned int) ~(1<<ACL_WHERE_DKIM) },
+
[ACLC_DKIM_SIGNER] = { US"dkim_signers", TRUE, FALSE, (unsigned int) ~(1<<ACL_WHERE_DKIM) },
+
[ACLC_DKIM_STATUS] = { US"dkim_status", TRUE, FALSE, (unsigned int) ~(1<<ACL_WHERE_DKIM) },
#endif
#ifdef EXPERIMENTAL_DMARC
-
{ US"dmarc_status", TRUE, FALSE, (unsigned int) ~(1<<ACL_WHERE_DATA) },
+
[ACLC_DMARC_STATUS] = { US"dmarc_status", TRUE, FALSE, (unsigned int) ~(1<<ACL_WHERE_DATA) },
#endif
/* Explicit key lookups can be made in non-smtp ACLs so pass
always and check in the verify processing itself. */
- { US"dnslists", TRUE, FALSE, 0 },
+ [ACLC_DNSLISTS] = { US"dnslists", TRUE, FALSE, 0 },
- { US"domains", FALSE, FALSE,
- (unsigned int)
- ~((1<<ACL_WHERE_RCPT)
- |(1<<ACL_WHERE_VRFY)
+ [ACLC_DOMAINS] = { US"domains", FALSE, FALSE,
+ (unsigned int)
#ifndef DISABLE_PRDR
- |(1<<ACL_WHERE_PRDR)
#endif
),
},
- { US"encrypted", FALSE, FALSE,
- (1<<ACL_WHERE_NOTSMTP)|
- (1<<ACL_WHERE_CONNECT)|
- (1<<ACL_WHERE_NOTSMTP_START)|
- (1<<ACL_WHERE_HELO),
+ [ACLC_ENCRYPTED] = { US"encrypted", FALSE, FALSE,
+
(1<<ACL_WHERE_NOTSMTP)|
+
(1<<ACL_WHERE_CONNECT)|
+
(1<<ACL_WHERE_NOTSMTP_START)|
},
- { US"endpass", TRUE, TRUE, 0 },
+ [ACLC_ENDPASS] = { US"endpass", TRUE, TRUE, 0 },
- { US"hosts", FALSE, FALSE,
- (1<<ACL_WHERE_NOTSMTP)|
- (1<<ACL_WHERE_NOTSMTP_START),
+ [ACLC_HOSTS] = { US"hosts", FALSE, FALSE,
+
(1<<ACL_WHERE_NOTSMTP)|
+
(1<<ACL_WHERE_NOTSMTP_START),
},
- { US"local_parts", FALSE, FALSE,
- (unsigned int)
- ~((1<<ACL_WHERE_RCPT)
- |(1<<ACL_WHERE_VRFY)
- #ifndef DISABLE_PRDR
- |(1<<ACL_WHERE_PRDR)
- #endif
+ [ACLC_LOCAL_PARTS] = { US"local_parts", FALSE, FALSE,
+ (unsigned int)
+#ifndef DISABLE_PRDR
+#endif
),
},
- { US"log_message", TRUE, TRUE, 0 },
- { US"log_reject_target", TRUE, TRUE, 0 },
- { US"logwrite", TRUE, TRUE, 0 },
+ [ACLC_LOG_MESSAGE] = { US"log_message", TRUE, TRUE, 0 },
+ [ACLC_LOG_REJECT_TARGET] = { US"log_reject_target", TRUE, TRUE, 0 },
+ [ACLC_LOGWRITE] = { US"logwrite", TRUE, TRUE, 0 },
#ifdef WITH_CONTENT_SCAN
- { US"malware", TRUE, FALSE,
- (unsigned int)
- ~((1<<ACL_WHERE_DATA)|
+ [ACLC_MALWARE] = { US"malware", TRUE, FALSE,
+ (unsigned int)
# ifndef DISABLE_PRDR
- (1<<ACL_WHERE_PRDR)|
# endif
- (1<<ACL_WHERE_NOTSMTP)),
+
(1<<ACL_WHERE_NOTSMTP)),
},
#endif
- { US"message", TRUE, TRUE, 0 },
+ [ACLC_MESSAGE] = { US"message", TRUE, TRUE, 0 },
#ifdef WITH_CONTENT_SCAN
-
{ US"mime_regex", TRUE, FALSE, (unsigned int) ~(1<<ACL_WHERE_MIME) },
+
[ACLC_MIME_REGEX] = { US"mime_regex", TRUE, FALSE, (unsigned int) ~(1<<ACL_WHERE_MIME) },
#endif
- { US"queue", TRUE, TRUE,
- (1<<ACL_WHERE_NOTSMTP)|
+ [ACLC_QUEUE] = { US"queue", TRUE, TRUE,
+
(1<<ACL_WHERE_NOTSMTP)|
#ifndef DISABLE_PRDR
- (1<<ACL_WHERE_PRDR)|
#endif
- (1<<ACL_WHERE_DATA),
},
- { US"ratelimit", TRUE, FALSE, 0 },
-
{ US"recipients", FALSE, FALSE, (unsigned int) ~(1<<ACL_WHERE_RCPT) },
+ [ACLC_RATELIMIT] = { US"ratelimit", TRUE, FALSE, 0 },
+
[ACLC_RECIPIENTS] = { US"recipients", FALSE, FALSE, (unsigned int) ~(1<<ACL_WHERE_RCPT) },
#ifdef WITH_CONTENT_SCAN
- { US"regex", TRUE, FALSE,
- (unsigned int)
- ~((1<<ACL_WHERE_DATA)|
+ [ACLC_REGEX] = { US"regex", TRUE, FALSE,
+ (unsigned int)
# ifndef DISABLE_PRDR
- (1<<ACL_WHERE_PRDR)|
# endif
- (1<<ACL_WHERE_NOTSMTP)|
- (1<<ACL_WHERE_MIME)),
+
(1<<ACL_WHERE_NOTSMTP)|
},
#endif
- { US"remove_header", TRUE, TRUE,
- (unsigned int)
- ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|
- (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
+ [ACLC_REMOVE_HEADER] = { US"remove_header", TRUE, TRUE,
+ (unsigned int)
+
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|
+
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
#ifndef DISABLE_PRDR
- (1<<ACL_WHERE_PRDR)|
#endif
- (1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)|
- (1<<ACL_WHERE_NOTSMTP_START)),
+
(1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)|
+
(1<<ACL_WHERE_NOTSMTP_START)),
},
- { US"sender_domains", FALSE, FALSE,
- (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)|
- (1<<ACL_WHERE_HELO)|
- (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
- (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
- (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY),
+ [ACLC_SENDER_DOMAINS] = { US"sender_domains", FALSE, FALSE,
+
(1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)|
+
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
+
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
+
(1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY),
},
- { US"senders", FALSE, FALSE,
- (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)|
- (1<<ACL_WHERE_HELO)|
- (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
- (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
- (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY),
+ [ACLC_SENDERS] = { US"senders", FALSE, FALSE,
+
(1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)|
+
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
+
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
+
(1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY),
},
- { US"set", TRUE, TRUE, 0 },
+ [ACLC_SET] = { US"set", TRUE, TRUE, 0 },
#ifdef WITH_CONTENT_SCAN
- { US"spam", TRUE, FALSE,
- (unsigned int)
- ~((1<<ACL_WHERE_DATA)|
+ [ACLC_SPAM] = { US"spam", TRUE, FALSE,
+ (unsigned int) ~((1<<ACL_WHERE_DATA)|
# ifndef DISABLE_PRDR
- (1<<ACL_WHERE_PRDR)|
# endif
- (1<<ACL_WHERE_NOTSMTP)),
+
(1<<ACL_WHERE_NOTSMTP)),
},
#endif
#ifdef EXPERIMENTAL_SPF
- { US"spf", TRUE, FALSE,
- (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)|
- (1<<ACL_WHERE_HELO)|
- (1<<ACL_WHERE_MAILAUTH)|
- (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
- (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)|
- (1<<ACL_WHERE_NOTSMTP)|
- (1<<ACL_WHERE_NOTSMTP_START),
+ [ACLC_SPF] = { US"spf", TRUE, FALSE,
+
(1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)|
+
(1<<ACL_WHERE_MAILAUTH)|
+
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
+
(1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)|
+
(1<<ACL_WHERE_NOTSMTP)|
+
(1<<ACL_WHERE_NOTSMTP_START),
},
- { US"spf_guess", TRUE, FALSE,
- (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)|
- (1<<ACL_WHERE_HELO)|
- (1<<ACL_WHERE_MAILAUTH)|
- (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
- (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)|
- (1<<ACL_WHERE_NOTSMTP)|
- (1<<ACL_WHERE_NOTSMTP_START),
+ [ACLC_SPF_GUESS] = { US"spf_guess", TRUE, FALSE,
+
(1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)|
+
(1<<ACL_WHERE_MAILAUTH)|
+
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
+
(1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)|
+
(1<<ACL_WHERE_NOTSMTP)|
+
(1<<ACL_WHERE_NOTSMTP_START),
},
#endif
- { US"udpsend", TRUE, TRUE, 0 },
+ [ACLC_UDPSEND] = { US"udpsend", TRUE, TRUE, 0 },
/* Certain types of verify are always allowed, so we let it through
always and check in the verify function itself */
- { US"verify", TRUE, FALSE,
- 0
- },
+ [ACLC_VERIFY] = { US"verify", TRUE, FALSE, 0 },
};
} control_def;
static control_def controls_list[] = {
+ /* name has_option forbids */
+[CONTROL_AUTH_UNADVERTISED] =
{ US"allow_auth_unadvertised", FALSE,
- (unsigned)
- ~((1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO))
+ (unsigned)
+
~((1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO))
},
#ifdef EXPERIMENTAL_BRIGHTMAIL
- { US"bmi_run", FALSE, 0 },
+[CONTROL_BMI_RUN] =
+ { US"bmi_run", FALSE, 0 },
#endif
+[CONTROL_CASEFUL_LOCAL_PART] =
{ US"caseful_local_part", FALSE, (unsigned) ~(1<<ACL_WHERE_RCPT) },
+[CONTROL_CASELOWER_LOCAL_PART] =
{ US"caselower_local_part", FALSE, (unsigned) ~(1<<ACL_WHERE_RCPT) },
- { US"cutthrough_delivery", TRUE, 0 },
- { US"debug", TRUE, 0 },
+[CONTROL_CUTTHROUGH_DELIVERY] =
+ { US"cutthrough_delivery", TRUE, 0 },
+[CONTROL_DEBUG] =
+ { US"debug", TRUE, 0 },
#ifndef DISABLE_DKIM
+[CONTROL_DKIM_VERIFY] =
{ US"dkim_disable_verify", FALSE,
- (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)|
+
(1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)|
# ifndef DISABLE_PRDR
- (1<<ACL_WHERE_PRDR)|
# endif
- (1<<ACL_WHERE_NOTSMTP_START)
+
(1<<ACL_WHERE_NOTSMTP_START)
},
#endif
#ifdef EXPERIMENTAL_DMARC
+[CONTROL_DMARC_VERIFY] =
{ US"dmarc_disable_verify", FALSE,
- (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START)
+
(1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START)
},
+[CONTROL_DMARC_FORENSIC] =
{ US"dmarc_enable_forensic", FALSE,
- (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START)
+
(1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START)
},
#endif
+[CONTROL_DSCP] =
{ US"dscp", TRUE,
- (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START)|(1<<ACL_WHERE_NOTQUIT)
+
(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START)|(1<<ACL_WHERE_NOTQUIT)
},
+[CONTROL_ENFORCE_SYNC] =
{ US"enforce_sync", FALSE,
- (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START)
+
(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START)
},
/* Pseudo-value for decode errors */
+[CONTROL_ERROR] =
{ US"error", FALSE, 0 },
+[CONTROL_FAKEDEFER] =
{ US"fakedefer", TRUE,
- (unsigned)
- ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|
- (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
+ (unsigned)
+
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|
+
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
#ifndef DISABLE_PRDR
- (1<<ACL_WHERE_PRDR)|
#endif
- (1<<ACL_WHERE_MIME))
},
+[CONTROL_FAKEREJECT] =
{ US"fakereject", TRUE,
- (unsigned)
- ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|
- (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
+ (unsigned)
+
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|
+
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
#ifndef DISABLE_PRDR
- (1<<ACL_WHERE_PRDR)|
#endif
- (1<<ACL_WHERE_MIME))
},
+[CONTROL_FREEZE] =
{ US"freeze", TRUE,
- (unsigned)
- ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|
- (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
- // (1<<ACL_WHERE_PRDR)| /* Not allow one user to freeze for all */
- (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_MIME))
+ (unsigned)
+
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|
+
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
+
// (1<<ACL_WHERE_PRDR)| /* Not allow one user to freeze for all */
+
(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_MIME))
},
+[CONTROL_NO_CALLOUT_FLUSH] =
{ US"no_callout_flush", FALSE,
- (1<<ACL_WHERE_NOTSMTP)| (1<<ACL_WHERE_NOTSMTP_START)
+
(1<<ACL_WHERE_NOTSMTP)| (1<<ACL_WHERE_NOTSMTP_START)
},
+[CONTROL_NO_DELAY_FLUSH] =
{ US"no_delay_flush", FALSE,
- (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START)
+
(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START)
},
+[CONTROL_NO_ENFORCE_SYNC] =
{ US"no_enforce_sync", FALSE,
- (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START)
+
(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START)
},
#ifdef WITH_CONTENT_SCAN
+[CONTROL_NO_MBOX_UNSPOOL] =
{ US"no_mbox_unspool", FALSE,
- (unsigned)
- ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|
- (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
- // (1<<ACL_WHERE_PRDR)| /* Not allow one user to freeze for all */
- (1<<ACL_WHERE_MIME))
+ (unsigned)
+
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|
+
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
+
// (1<<ACL_WHERE_PRDR)| /* Not allow one user to freeze for all */
},
#endif
+[CONTROL_NO_MULTILINE] =
{ US"no_multiline_responses", FALSE,
- (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START)
+
(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START)
},
+[CONTROL_NO_PIPELINING] =
{ US"no_pipelining", FALSE,
- (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START)
+
(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_NOTSMTP_START)
},
+[CONTROL_QUEUE_ONLY] =
{ US"queue_only", FALSE,
- (unsigned)
- ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|
- (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
- // (1<<ACL_WHERE_PRDR)| /* Not allow one user to freeze for all */
- (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_MIME))
+ (unsigned)
+
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|
+
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
+
// (1<<ACL_WHERE_PRDR)| /* Not allow one user to freeze for all */
+
(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_MIME))
},
+[CONTROL_SUBMISSION] =
{ US"submission", TRUE,
- (unsigned)
- ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA))
+ (unsigned)
+
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA))
},
+[CONTROL_SUPPRESS_LOCAL_FIXUPS] =
{ US"suppress_local_fixups", FALSE,
(unsigned)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
(1<<ACL_WHERE_NOTSMTP_START))
},
#ifdef SUPPORT_I18N
+[CONTROL_UTF8_DOWNCONVERT] =
{ US"utf8_downconvert", TRUE, 0 }
#endif
};
the aim is to make the usual configuration simple. */
static int csa_return_code[] = {
- OK, OK, OK, OK,
- FAIL, FAIL, FAIL, FAIL
+ [CSA_UNKNOWN] = OK,
+ [CSA_OK] = OK,
+ [CSA_DEFER_SRV] = OK,
+ [CSA_DEFER_ADDR] = OK,
+ [CSA_FAIL_EXPLICIT] = FAIL,
+ [CSA_FAIL_DOMAIN] = FAIL,
+ [CSA_FAIL_NOADDR] = FAIL,
+ [CSA_FAIL_MISMATCH] = FAIL
};
static uschar *csa_status_string[] = {
- US"unknown", US"ok", US"defer", US"defer",
- US"fail", US"fail", US"fail", US"fail"
+ [CSA_UNKNOWN] = US"unknown",
+ [CSA_OK] = US"ok",
+ [CSA_DEFER_SRV] = US"defer",
+ [CSA_DEFER_ADDR] = US"defer",
+ [CSA_FAIL_EXPLICIT] = US"fail",
+ [CSA_FAIL_DOMAIN] = US"fail",
+ [CSA_FAIL_NOADDR] = US"fail",
+ [CSA_FAIL_MISMATCH] = US"fail"
};
static uschar *csa_reason_string[] = {
- US"unknown",
- US"ok",
- US"deferred (SRV lookup failed)",
- US"deferred (target address lookup failed)",
- US"failed (explicit authorization required)",
- US"failed (host name not authorized)",
- US"failed (no authorized addresses)",
- US"failed (client address mismatch)"
+ [CSA_UNKNOWN] = US"unknown",
+ [CSA_OK] = US"ok",
+ [CSA_DEFER_SRV] = US"deferred (SRV lookup failed)",
+ [CSA_DEFER_ADDR] = US"deferred (target address lookup failed)",
+ [CSA_FAIL_EXPLICIT] = US"failed (explicit authorization required)",
+ [CSA_FAIL_DOMAIN] = US"failed (host name not authorized)",
+ [CSA_FAIL_NOADDR] = US"failed (no authorized addresses)",
+ [CSA_FAIL_MISMATCH] = US"failed (client address mismatch)"
};
/* Options for the ratelimit condition. Note that there are two variants of
(((var) == RATE_PER_WHAT) ? ((var) = RATE_##new) : ((var) = RATE_PER_CLASH))
static uschar *ratelimit_option_string[] = {
- US"?", US"!", US"per_addr", US"per_byte", US"per_cmd",
- US"per_conn", US"per_mail", US"per_rcpt", US"per_rcpt"
+ [RATE_PER_WHAT] = US"?",
+ [RATE_PER_CLASH] = US"!",
+ [RATE_PER_ADDR] = US"per_addr",
+ [RATE_PER_BYTE] = US"per_byte",
+ [RATE_PER_CMD] = US"per_cmd",
+ [RATE_PER_CONN] = US"per_conn",
+ [RATE_PER_MAIL] = US"per_mail",
+ [RATE_PER_RCPT] = US"per_rcpt",
+ [RATE_PER_ALLRCPTS] = US"per_rcpt"
};
/* Enable recursion between acl_check_internal() and acl_check_condition() */
uschar *
fn_hdrs_added(void)
{
-uschar * ret = NULL;
-int size = 0;
-int ptr = 0;
+gstring * g = NULL;
header_line * h = acl_added_headers;
uschar * s;
uschar * cp;
if (cp[1] == '\0') break;
/* contains embedded newline; needs doubling */
- ret = string_catn(ret, &size, &ptr, s, cp-s+1);
- ret = string_catn(ret, &size, &ptr, US"\n", 1);
+ g = string_catn(g, s, cp-s+1);
+ g = string_catn(g, US"\n", 1);
s = cp+1;
}
/* last bit of header */
- ret = string_catn(ret, &size, &ptr, s, cp-s+1); /* newline-sep list */
+/*XXX could we use add_listele? */
+ g = string_catn(g, s, cp-s+1); /* newline-sep list */
}
while((h = h->next));
-ret[ptr-1] = '\0'; /* overwrite last newline */
-return ret;
+g->s[g->ptr - 1] = '\0'; /* overwrite last newline */
+return g->s;
}
int length = Ustrlen(text) + 1;
log_write(0, LOG_MAIN, "%s", text);
logged = store_malloc(sizeof(string_item) + length);
- logged->text = (uschar *)logged + sizeof(string_item);
+ logged->text = US logged + sizeof(string_item);
memcpy(logged->text, text, length);
logged->next = acl_warn_logged;
acl_warn_logged = logged;
unsigned alt_opt_sep; /* >0 Non-/ option separator (custom parser) */
} verify_type_t;
static verify_type_t verify_type_list[] = {
+ /* name value where no-opt opt-sep */
{ US"reverse_host_lookup", VERIFY_REV_HOST_LKUP, ~0, FALSE, 0 },
{ US"certificate", VERIFY_CERT, ~0, TRUE, 0 },
{ US"helo", VERIFY_HELO, ~0, TRUE, 0 },
enum { CALLOUT_DEFER_OK, CALLOUT_NOCACHE, CALLOUT_RANDOM, CALLOUT_USE_SENDER,
CALLOUT_USE_POSTMASTER, CALLOUT_POSTMASTER, CALLOUT_FULLPOSTMASTER,
CALLOUT_MAILFROM, CALLOUT_POSTMASTER_MAILFROM, CALLOUT_MAXWAIT, CALLOUT_CONNECT,
- CALLOUT_TIME
+ CALLOUT_HOLD, CALLOUT_TIME /* TIME must be last */
};
typedef struct {
uschar * name;
BOOL timeval; /* Has a time value */
} callout_opt_t;
static callout_opt_t callout_opt_list[] = {
+ /* name value flag has-opt has-time */
{ US"defer_ok", CALLOUT_DEFER_OK, 0, FALSE, FALSE },
{ US"no_cache", CALLOUT_NOCACHE, vopt_callout_no_cache, FALSE, FALSE },
{ US"random", CALLOUT_RANDOM, vopt_callout_random, FALSE, FALSE },
{ US"mailfrom", CALLOUT_MAILFROM, 0, TRUE, FALSE },
{ US"maxwait", CALLOUT_MAXWAIT, 0, TRUE, TRUE },
{ US"connect", CALLOUT_CONNECT, 0, TRUE, TRUE },
+ { US"hold", CALLOUT_HOLD, vopt_callout_hold, FALSE, FALSE },
{ NULL, CALLOUT_TIME, 0, FALSE, TRUE }
};
/* Handle name/address consistency verification in a separate function. */
for (vp= verify_type_list;
- (char *)vp < (char *)verify_type_list + sizeof(verify_type_list);
+ CS vp < CS verify_type_list + sizeof(verify_type_list);
vp++
)
if (vp->alt_opt_sep ? strncmpic(ss, vp->name, vp->alt_opt_sep) == 0
: strcmpic (ss, vp->name) == 0)
break;
-if ((char *)vp >= (char *)verify_type_list + sizeof(verify_type_list))
+if (CS vp >= CS verify_type_list + sizeof(verify_type_list))
goto BAD_VERIFY;
if (vp->no_options && slash != NULL)
uschar buffer[256];
while (isspace(*sublist)) sublist++;
- while ((opt = string_nextinlist(&sublist, &optsep, buffer, sizeof(buffer)))
- != NULL)
+ while ((opt = string_nextinlist(&sublist, &optsep, buffer, sizeof(buffer))))
{
callout_opt_t * op;
double period = 1.0F;
}
while (isspace(*opt)) opt++;
}
- if (op->timeval)
+ if (op->timeval && (period = readconf_readtime(opt, 0, FALSE)) < 0)
{
- period = readconf_readtime(opt, 0, FALSE);
- if (period < 0)
- {
- *log_msgptr = string_sprintf("bad time value in ACL condition "
- "\"verify %s\"", arg);
- return ERROR;
- }
+ *log_msgptr = string_sprintf("bad time value in ACL condition "
+ "\"verify %s\"", arg);
+ return ERROR;
}
switch(op->value)
/* We aren't using a pre-computed rate, so get a previously recorded rate
from the database, which will be updated and written back if required. */
-dbm = dbfn_open(US"ratelimit", O_RDWR, &dbblock, TRUE);
-if (dbm == NULL)
+if (!(dbm = dbfn_open(US"ratelimit", O_RDWR, &dbblock, TRUE)))
{
store_pool = old_pool;
sender_rate = NULL;
HDEBUG(D_acl)
debug_printf_indent("udpsend [%s]:%d %s\n", h->address, portnum, arg);
+/*XXX this could better use sendto */
r = s = ip_connectedsocket(SOCK_DGRAM, h->address, portnum, portnum,
- 1, NULL, &errstr);
+ 1, NULL, &errstr, NULL);
if (r < 0) goto defer;
len = Ustrlen(arg);
r = send(s, arg, len, 0);
break;
case CONTROL_FAKEREJECT:
- cancel_cutthrough_connection("fakereject");
+ cancel_cutthrough_connection(TRUE, US"fakereject");
case CONTROL_FAKEDEFER:
fake_response = (control_type == CONTROL_FAKEDEFER) ? DEFER : FAIL;
if (*p == '/')
*log_msgptr = string_sprintf("syntax error in \"control=%s\"", arg);
return ERROR;
}
- cancel_cutthrough_connection("item frozen");
+ cancel_cutthrough_connection(TRUE, US"item frozen");
break;
case CONTROL_QUEUE_ONLY:
queue_only_policy = TRUE;
- cancel_cutthrough_connection("queueing forced");
+ cancel_cutthrough_connection(TRUE, US"queueing forced");
break;
case CONTROL_SUBMISSION:
break;
case ACLC_RECIPIENTS:
- rc = match_address_list((const uschar *)addr->address, TRUE, TRUE, &arg, NULL, -1, 0,
+ rc = match_address_list(CUS addr->address, TRUE, TRUE, &arg, NULL, -1, 0,
CUSS &recipient_data);
break;
{
uschar *sdomain;
sdomain = Ustrrchr(sender_address, '@');
- sdomain = (sdomain == NULL)? US"" : sdomain + 1;
+ sdomain = sdomain ? sdomain + 1 : US"";
rc = match_isinlist(sdomain, &arg, 0, &domainlist_anchor,
sender_domain_cache, MCL_DOMAIN, TRUE, NULL);
}
break;
case ACLC_SENDERS:
- rc = match_address_list((const uschar *)sender_address, TRUE, TRUE, &arg,
+ rc = match_address_list(CUS sender_address, TRUE, TRUE, &arg,
sender_address_cache, -1, 0, CUSS &sender_data);
break;
}
else ss = s;
-while (isspace(*ss))ss++;
+while (isspace(*ss)) ss++;
/* If we can't find a named ACL, the default is to parse it as an inline one.
(Unless it begins with a slash; non-existent files give rise to an error.) */
#ifndef DISABLE_PRDR
case ACL_WHERE_PRDR:
#endif
+
if (host_checking_callout) /* -bhc mode */
- cancel_cutthrough_connection("host-checking mode");
+ cancel_cutthrough_connection(TRUE, US"host-checking mode");
else if ( rc == OK
&& cutthrough.delivery
if (rc == OK)
cutthrough_predata();
else
- cancel_cutthrough_connection("predata acl not ok");
+ cancel_cutthrough_connection(TRUE, US"predata acl not ok");
break;
case ACL_WHERE_QUIT:
case ACL_WHERE_NOTQUIT:
- cancel_cutthrough_connection("quit or notquit");
+ /* Drop cutthrough conns, and drop heldopen verify conns if
+ the previous was not DATA */
+ {
+ uschar prev = smtp_connection_had[smtp_ch_index-2];
+ BOOL dropverify = !(prev == SCH_DATA || prev == SCH_BDAT);
+
+ cancel_cutthrough_connection(dropverify, US"quit or conndrop");
break;
+ }
default:
break;
git://git.exim.org / exim.git / blobdiff