ACLC_DKIM_SIGNER,
ACLC_DKIM_STATUS,
#endif
-#ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
ACLC_DMARC_STATUS,
#endif
ACLC_DNSLISTS,
[ACLC_DKIM_SIGNER] = { US"dkim_signers", TRUE, FALSE, (unsigned int) ~ACL_BIT_DKIM },
[ACLC_DKIM_STATUS] = { US"dkim_status", TRUE, FALSE, (unsigned int) ~ACL_BIT_DKIM },
#endif
-#ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
[ACLC_DMARC_STATUS] = { US"dmarc_status", TRUE, FALSE, (unsigned int) ~ACL_BIT_DATA },
#endif
#ifndef DISABLE_DKIM
CONTROL_DKIM_VERIFY,
#endif
-#ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
CONTROL_DMARC_VERIFY,
CONTROL_DMARC_FORENSIC,
#endif
},
#endif
-#ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
[CONTROL_DMARC_VERIFY] =
{ US"dmarc_disable_verify", FALSE,
ACL_BIT_DATA | ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START
{
uschar *endptr;
- if (Ustrncmp(s, "acl_c", 5) != 0 &&
- Ustrncmp(s, "acl_m", 5) != 0)
+ if (Ustrncmp(s, "acl_c", 5) != 0 && Ustrncmp(s, "acl_m", 5) != 0)
{
*error = string_sprintf("invalid variable name after \"set\" in ACL "
- "modifier \"set %s\" (must start \"acl_c\" or \"acl_m\")", s);
+ "modifier \"set %s\" (must start \"acl_c\" or \"acl_m\")", s);
return NULL;
}
if (!isdigit(*endptr) && *endptr != '_')
{
*error = string_sprintf("invalid variable name after \"set\" in ACL "
- "modifier \"set %s\" (digit or underscore must follow acl_c or acl_m)",
- s);
+ "modifier \"set %s\" (digit or underscore must follow acl_c or acl_m)",
+ s);
return NULL;
}
- while (*endptr != 0 && *endptr != '=' && !isspace(*endptr))
+ while (*endptr && *endptr != '=' && !isspace(*endptr))
{
if (!isalnum(*endptr) && *endptr != '_')
- {
- *error = string_sprintf("invalid character \"%c\" in variable name "
- "in ACL modifier \"set %s\"", *endptr, s);
- return NULL;
- }
+ {
+ *error = string_sprintf("invalid character \"%c\" in variable name "
+ "in ACL modifier \"set %s\"", *endptr, s);
+ return NULL;
+ }
endptr++;
}
if (!*hptr)
{
/* The header_line struct itself is not tainted, though it points to
- tainted data. */
- header_line *h = store_get(sizeof(header_line), FALSE);
+ possibly tainted data. */
+ header_line * h = store_get(sizeof(header_line), FALSE);
h->text = hdr;
h->next = NULL;
h->type = newtype;
if (string_is_ip_address(domain, NULL) != 0)
{
if (!dns_csa_use_reverse) return CSA_UNKNOWN;
- dns_build_reverse(domain, target);
- domain = target;
+ domain = dns_build_reverse(domain);
}
/* Find out if we've already done the CSA check for this domain. If we have,
break;
#endif
- #ifndef DISABLE_DKIM
+#ifndef DISABLE_DKIM
case CONTROL_DKIM_VERIFY:
f.dkim_disable_verify = TRUE;
- #ifdef EXPERIMENTAL_DMARC
+# ifdef SUPPORT_DMARC
/* Since DKIM was blocked, skip DMARC too */
f.dmarc_disable_verify = TRUE;
f.dmarc_enable_forensic = FALSE;
- #endif
+# endif
break;
- #endif
+#endif
- #ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
case CONTROL_DMARC_VERIFY:
f.dmarc_disable_verify = TRUE;
break;
case CONTROL_DMARC_FORENSIC:
f.dmarc_enable_forensic = TRUE;
break;
- #endif
+#endif
case CONTROL_DSCP:
if (*p == '/')
break;
#endif
- #ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
case ACLC_DMARC_STATUS:
if (!f.dmarc_has_been_checked)
dmarc_process();
rc = match_isinlist(dmarc_exim_expand_query(DMARC_VERIFY_STATUS),
&arg,0,NULL,NULL,MCL_STRING,TRUE,NULL);
break;
- #endif
+#endif
case ACLC_DNSLISTS:
rc = verify_check_dnsbl(where, &arg, log_msgptr);
#endif
case ACLC_QUEUE:
+ if (is_tainted(arg))
+ {
+ *log_msgptr = string_sprintf("Tainted name '%s' for queue not permitted",
+ arg);
+ return ERROR;
+ }
if (Ustrchr(arg, '/'))
{
*log_msgptr = string_sprintf(
sender_address_cache, -1, 0, CUSS &sender_data);
break;
- /* Connection variables must persist forever */
+ /* Connection variables must persist forever; message variables not */
case ACLC_SET:
{
int old_pool = store_pool;
- if ( cb->u.varname[0] == 'c'
-#ifndef DISABLE_DKIM
- || cb->u.varname[0] == 'd'
-#endif
+ if ( cb->u.varname[0] != 'm'
#ifndef DISABLE_EVENT
|| event_name /* An event is being delivered */
#endif