* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2016 */
+/* Copyright (c) University of Cambridge 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
/* Code for handling Access Control Lists (ACLs) */
#ifdef WITH_CONTENT_SCAN
ACLC_SPAM,
#endif
-#ifdef EXPERIMENTAL_SPF
+#ifdef SUPPORT_SPF
ACLC_SPF,
ACLC_SPF_GUESS,
#endif
(1<<ACL_WHERE_NOTSMTP)),
},
#endif
-#ifdef EXPERIMENTAL_SPF
+#ifdef SUPPORT_SPF
[ACLC_SPF] = { US"spf", TRUE, FALSE,
(1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)|
(1<<ACL_WHERE_HELO)|
compatibility. */
if (c == ACLC_SET)
+#ifndef DISABLE_DKIM
+ if ( Ustrncmp(s, "dkim_verify_status", 18) == 0
+ || Ustrncmp(s, "dkim_verify_reason", 18) == 0)
+ {
+ uschar * endptr = s+18;
+
+ if (isalnum(*endptr))
+ {
+ *error = string_sprintf("invalid variable name after \"set\" in ACL "
+ "modifier \"set %s\" "
+ "(only \"dkim_verify_status\" or \"dkim_verify_reason\" permitted)",
+ s);
+ return NULL;
+ }
+ cond->u.varname = string_copyn(s, 18);
+ s = endptr;
+ while (isspace(*s)) s++;
+ }
+ else
+#endif
{
uschar *endptr;
return csa_return_code[rc];
case VERIFY_HDR_SYNTAX:
- /* Check that all relevant header lines have the correct syntax. If there is
+ /* Check that all relevant header lines have the correct 5322-syntax. If there is
a syntax error, we return details of the error to the sender if configured to
send out full details. (But a "message" setting on the ACL can override, as
always). */
if (cb->type == ACLC_SET)
{
- debug_printf("acl_%s ", cb->u.varname);
- lhswidth += 5 + Ustrlen(cb->u.varname);
+#ifndef DISABLE_DKIM
+ if ( Ustrcmp(cb->u.varname, "dkim_verify_status") == 0
+ || Ustrcmp(cb->u.varname, "dkim_verify_reason") == 0)
+ {
+ debug_printf("%s ", cb->u.varname);
+ lhswidth += 19;
+ }
+ else
+#endif
+ {
+ debug_printf("acl_%s ", cb->u.varname);
+ lhswidth += 5 + Ustrlen(cb->u.varname);
+ }
}
debug_printf("= %s\n", cb->arg);
#ifndef DISABLE_DKIM
case ACLC_DKIM_SIGNER:
- if (dkim_cur_signer != NULL)
+ if (dkim_cur_signer)
rc = match_isinlist(dkim_cur_signer,
&arg,0,NULL,NULL,MCL_STRING,TRUE,NULL);
else
break;
case ACLC_DKIM_STATUS:
- rc = match_isinlist(dkim_exim_expand_query(DKIM_VERIFY_STATUS),
+ rc = match_isinlist(dkim_verify_status,
&arg,0,NULL,NULL,MCL_STRING,TRUE,NULL);
break;
#endif
#endif
case ACLC_QUEUE:
+ if (Ustrchr(arg, '/'))
+ {
+ *log_msgptr = string_sprintf(
+ "Directory separator not permitted in queue name: '%s'", arg);
+ return ERROR;
+ }
queue_name = string_copy_malloc(arg);
break;
{
int old_pool = store_pool;
if ( cb->u.varname[0] == 'c'
+#ifndef DISABLE_DKIM
+ || cb->u.varname[0] == 'd'
+#endif
#ifndef DISABLE_EVENT
|| event_name /* An event is being delivered */
#endif
)
store_pool = POOL_PERM;
- acl_var_create(cb->u.varname)->data.ptr = string_copy(arg);
+#ifndef DISABLE_DKIM /* Overwriteable dkim result variables */
+ if (Ustrcmp(cb->u.varname, "dkim_verify_status") == 0)
+ dkim_verify_status = string_copy(arg);
+ else if (Ustrcmp(cb->u.varname, "dkim_verify_reason") == 0)
+ dkim_verify_reason = string_copy(arg);
+ else
+#endif
+ acl_var_create(cb->u.varname)->data.ptr = string_copy(arg);
store_pool = old_pool;
}
break;
- #ifdef WITH_CONTENT_SCAN
+#ifdef WITH_CONTENT_SCAN
case ACLC_SPAM:
{
/* Separate the regular expression and any optional parameters. */
const uschar * list = arg;
uschar *ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size);
- /* Run the spam backend. */
+
rc = spam(CUSS &ss);
/* Modify return code based upon the existence of options. */
- while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))
- != NULL) {
+ while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
if (strcmpic(ss, US"defer_ok") == 0 && rc == DEFER)
- {
- /* FAIL so that the message is passed to the next ACL */
- rc = FAIL;
- }
- }
+ rc = FAIL; /* FAIL so that the message is passed to the next ACL */
}
break;
- #endif
+#endif
- #ifdef EXPERIMENTAL_SPF
+#ifdef SUPPORT_SPF
case ACLC_SPF:
rc = spf_process(&arg, sender_address, SPF_PROCESS_NORMAL);
break;
case ACLC_SPF_GUESS:
rc = spf_process(&arg, sender_address, SPF_PROCESS_GUESS);
break;
- #endif
+#endif
case ACLC_UDPSEND:
rc = acl_udpsend(arg, log_msgptr);
}
else ss = s;
-while (isspace(*ss))ss++;
+while (isspace(*ss)) ss++;
/* If we can't find a named ACL, the default is to parse it as an inline one.
(Unless it begins with a slash; non-existent files give rise to an error.) */