-/* $Cambridge: exim/src/src/acl.c,v 1.6 2004/12/16 15:11:47 tom Exp $ */
+/* $Cambridge: exim/src/src/acl.c,v 1.18 2005/01/27 10:26:14 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2004 */
+/* Copyright (c) University of Cambridge 1995 - 2005 */
/* See the file NOTICE for conditions of use and distribution. */
/* Code for handling Access Control Lists (ACLs) */
static unsigned int cond_forbids[] = {
0, /* acl */
+
(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_CONNECT)| /* authenticated */
(1<<ACL_WHERE_HELO),
#ifdef EXPERIMENTAL_BRIGHTMAIL
- (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_AUTH)| /* bmi_optin */
+ (1<<ACL_WHERE_AUTH)| /* bmi_optin */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_MIME)|
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
0, /* control */
#ifdef WITH_CONTENT_SCAN
- (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_AUTH)| /* decode */
+ (1<<ACL_WHERE_AUTH)| /* decode */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_PREDATA)|
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
0, /* delay */
-#ifdef WITH_CONTENT_SCAN
- (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_AUTH)| /* demime */
+#ifdef WITH_OLD_DEMIME
+ (1<<ACL_WHERE_AUTH)| /* demime */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_CONNECT)| /* encrypted */
(1<<ACL_WHERE_HELO),
+
0, /* endpass */
+
(1<<ACL_WHERE_NOTSMTP), /* hosts */
(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_AUTH)| /* local_parts */
(1<<ACL_WHERE_VRFY),
0, /* log_message */
+
0, /* logwrite */
#ifdef WITH_CONTENT_SCAN
- (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_AUTH)| /* malware */
+ (1<<ACL_WHERE_AUTH)| /* malware */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
0, /* message */
#ifdef WITH_CONTENT_SCAN
- (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_AUTH)| /* mime_regex */
+ (1<<ACL_WHERE_AUTH)| /* mime_regex */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_PREDATA)|
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
(1<<ACL_WHERE_VRFY),
#ifdef WITH_CONTENT_SCAN
- (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_AUTH)| /* regex */
+ (1<<ACL_WHERE_AUTH)| /* regex */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
0, /* set */
#ifdef WITH_CONTENT_SCAN
- (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_AUTH)| /* spam */
+ (1<<ACL_WHERE_AUTH)| /* spam */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
CONTROL_ENFORCE_SYNC, CONTROL_NO_ENFORCE_SYNC, CONTROL_FREEZE,
CONTROL_QUEUE_ONLY, CONTROL_SUBMISSION,
#ifdef WITH_CONTENT_SCAN
- CONTROL_NO_MBOX_UNSPOOL, CONTROL_FAKEREJECT,
+ CONTROL_NO_MBOX_UNSPOOL,
#endif
- CONTROL_NO_MULTILINE };
+ CONTROL_FAKEREJECT, CONTROL_NO_MULTILINE };
/* Bit map vector of which controls are not allowed at certain times. For
each control, there's a bitmap of dis-allowed times. For some, it is easier to
#ifdef EXPERIMENTAL_BRIGHTMAIL
0, /* bmi_run */
#endif
+
0, /* error */
+
+ (unsigned int)
~(1<<ACL_WHERE_RCPT), /* caseful_local_part */
+
+ (unsigned int)
~(1<<ACL_WHERE_RCPT), /* caselower_local_part */
+
(1<<ACL_WHERE_NOTSMTP), /* enforce_sync */
+
(1<<ACL_WHERE_NOTSMTP), /* no_enforce_sync */
+ (unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* freeze */
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
(1<<ACL_WHERE_NOTSMTP)),
+ (unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* queue_only */
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
(1<<ACL_WHERE_NOTSMTP)),
+ (unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* submission */
(1<<ACL_WHERE_PREDATA)),
#ifdef WITH_CONTENT_SCAN
- (1<<ACL_WHERE_NOTSMTP), /* no_mbox_unspool */
- (1<<ACL_WHERE_NOTSMTP), /* fakereject */
+ (unsigned int)
+ ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* no_mbox_unspool */
+ (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)),
#endif
+ (unsigned int)
+ ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* fakereject */
+ (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)),
+
(1<<ACL_WHERE_NOTSMTP) /* no_multiline */
};
{ US"queue_only", CONTROL_QUEUE_ONLY, FALSE},
#ifdef WITH_CONTENT_SCAN
{ US"no_mbox_unspool", CONTROL_NO_MBOX_UNSPOOL, FALSE},
- { US"fakereject", CONTROL_FAKEREJECT, TRUE},
#endif
+ { US"fakereject", CONTROL_FAKEREJECT, TRUE},
{ US"submission", CONTROL_SUBMISSION, TRUE}
};
if (verify_header_sender)
{
+ int verrno;
rc = verify_check_header_address(user_msgptr, log_msgptr, callout,
- callout_overall, callout_connect, se_mailfrom, pm_mailfrom, verify_options);
- if (smtp_return_error_details)
- {
- if (*user_msgptr == NULL && *log_msgptr != NULL)
- *user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr);
- if (rc == DEFER) acl_temp_details = TRUE;
- }
+ callout_overall, callout_connect, se_mailfrom, pm_mailfrom, verify_options,
+ &verrno);
+ if (rc != OK)
+ {
+ *basic_errno = verrno;
+ if (smtp_return_error_details)
+ {
+ if (*user_msgptr == NULL && *log_msgptr != NULL)
+ *user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr);
+ if (rc == DEFER) acl_temp_details = TRUE;
+ }
+ }
}
/* Handle a sender address. The default is to verify *the* sender address, but
rc = verify_address(&addr2, NULL, verify_options|vopt_is_recipient, callout,
callout_overall, callout_connect, se_mailfrom, pm_mailfrom, NULL);
HDEBUG(D_acl) debug_printf("----------- end verify ------------\n");
+
*log_msgptr = addr2.message;
- *user_msgptr = addr2.user_message;
+ *user_msgptr = (addr2.user_message != NULL)?
+ addr2.user_message : addr2.message;
*basic_errno = addr2.basic_errno;
/* Make $address_data visible */
no_multiline_responses = TRUE;
break;
-#ifdef WITH_CONTENT_SCAN
case CONTROL_FAKEREJECT:
fake_reject = TRUE;
if (*p == '/')
else
{
/* Explicitly reset to default string */
- fake_reject_text = US"Your message has been rejected but is being kept for evaluation.\nIf it was a legit message, it may still be delivered to the target recipient(s).";
+ fake_reject_text = US"Your message has been rejected but is being kept for evaluation.\nIf it was a legitimate message, it may still be delivered to the target recipient(s).";
}
break;
-#endif
case CONTROL_FREEZE:
deliver_freeze = TRUE;
HDEBUG(D_acl)
debug_printf("delay skipped in -bh checking mode\n");
}
- else sleep(delay);
+ else
+ {
+ while (delay > 0) delay = sleep(delay);
+ }
}
}
break;