-/* $Cambridge: exim/src/src/acl.c,v 1.41 2005/06/27 14:29:43 ph10 Exp $ */
+/* $Cambridge: exim/src/src/acl.c,v 1.62 2006/06/28 16:00:23 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2005 */
+/* Copyright (c) University of Cambridge 1995 - 2006 */
/* See the file NOTICE for conditions of use and distribution. */
/* Code for handling Access Control Lists (ACLs) */
static int msgcond[] = { FAIL, OK, OK, FAIL, OK, FAIL, OK };
/* ACL condition and modifier codes - keep in step with the table that
-follows. */
+follows, and the cond_expand_at_top and uschar cond_modifiers tables lower
+down. */
-enum { ACLC_ACL, ACLC_AUTHENTICATED,
+enum { ACLC_ACL,
+ ACLC_ADD_HEADER,
+ ACLC_AUTHENTICATED,
#ifdef EXPERIMENTAL_BRIGHTMAIL
ACLC_BMI_OPTIN,
#endif
-ACLC_CONDITION, ACLC_CONTROL,
+ ACLC_CONDITION,
+ ACLC_CONTROL,
#ifdef WITH_CONTENT_SCAN
ACLC_DECODE,
#endif
ACLC_DK_SENDERS,
ACLC_DK_STATUS,
#endif
- ACLC_DNSLISTS, ACLC_DOMAINS, ACLC_ENCRYPTED, ACLC_ENDPASS,
- ACLC_HOSTS, ACLC_LOCAL_PARTS, ACLC_LOG_MESSAGE, ACLC_LOGWRITE,
+ ACLC_DNSLISTS,
+ ACLC_DOMAINS,
+ ACLC_ENCRYPTED,
+ ACLC_ENDPASS,
+ ACLC_HOSTS,
+ ACLC_LOCAL_PARTS,
+ ACLC_LOG_MESSAGE,
+ ACLC_LOGWRITE,
#ifdef WITH_CONTENT_SCAN
ACLC_MALWARE,
#endif
#ifdef WITH_CONTENT_SCAN
ACLC_REGEX,
#endif
- ACLC_SENDER_DOMAINS, ACLC_SENDERS, ACLC_SET,
+ ACLC_SENDER_DOMAINS,
+ ACLC_SENDERS,
+ ACLC_SET,
#ifdef WITH_CONTENT_SCAN
ACLC_SPAM,
#endif
static uschar *conditions[] = {
US"acl",
+ US"add_header",
US"authenticated",
#ifdef EXPERIMENTAL_BRIGHTMAIL
US"bmi_optin",
that follows! */
enum {
-#ifdef EXPERIMENTAL_BRIGHTMAIL
+ CONTROL_AUTH_UNADVERTISED,
+ #ifdef EXPERIMENTAL_BRIGHTMAIL
CONTROL_BMI_RUN,
-#endif
-#ifdef EXPERIMENTAL_DOMAINKEYS
+ #endif
+ #ifdef EXPERIMENTAL_DOMAINKEYS
CONTROL_DK_VERIFY,
-#endif
- CONTROL_ERROR, CONTROL_CASEFUL_LOCAL_PART, CONTROL_CASELOWER_LOCAL_PART,
- CONTROL_ENFORCE_SYNC, CONTROL_NO_ENFORCE_SYNC, CONTROL_FREEZE,
- CONTROL_QUEUE_ONLY, CONTROL_SUBMISSION,
-#ifdef WITH_CONTENT_SCAN
+ #endif
+ CONTROL_ERROR,
+ CONTROL_CASEFUL_LOCAL_PART,
+ CONTROL_CASELOWER_LOCAL_PART,
+ CONTROL_ENFORCE_SYNC,
+ CONTROL_NO_ENFORCE_SYNC,
+ CONTROL_FREEZE,
+ CONTROL_QUEUE_ONLY,
+ CONTROL_SUBMISSION,
+ CONTROL_SUPPRESS_LOCAL_FIXUPS,
+ #ifdef WITH_CONTENT_SCAN
CONTROL_NO_MBOX_UNSPOOL,
-#endif
- CONTROL_FAKEDEFER, CONTROL_FAKEREJECT, CONTROL_NO_MULTILINE };
+ #endif
+ CONTROL_FAKEDEFER,
+ CONTROL_FAKEREJECT,
+ CONTROL_NO_MULTILINE
+};
-/* ACL control names; keep in step with the table above! */
+/* ACL control names; keep in step with the table above! This list is used for
+turning ids into names. The actual list of recognized names is in the variable
+control_def controls_list[] below. The fact that there are two lists is a mess
+and should be tidied up. */
static uschar *controls[] = {
+ US"allow_auth_unadvertised",
#ifdef EXPERIMENTAL_BRIGHTMAIL
US"bmi_run",
#endif
#ifdef EXPERIMENTAL_DOMAINKEYS
US"dk_verify",
#endif
- US"error", US"caseful_local_part",
- US"caselower_local_part", US"enforce_sync", US"no_enforce_sync", US"freeze",
- US"queue_only", US"submission",
+ US"error",
+ US"caseful_local_part",
+ US"caselower_local_part",
+ US"enforce_sync",
+ US"no_enforce_sync",
+ US"freeze",
+ US"queue_only",
+ US"submission",
+ US"suppress_local_fixups",
#ifdef WITH_CONTENT_SCAN
US"no_mbox_unspool",
#endif
- US"no_multiline"};
+ US"no_multiline"
+};
/* Flags to indicate for which conditions /modifiers a string expansion is done
at the outer level. In the other cases, expansion already occurs in the
static uschar cond_expand_at_top[] = {
TRUE, /* acl */
+ TRUE, /* add_header */
FALSE, /* authenticated */
#ifdef EXPERIMENTAL_BRIGHTMAIL
TRUE, /* bmi_optin */
static uschar cond_modifiers[] = {
FALSE, /* acl */
+ TRUE, /* add_header */
FALSE, /* authenticated */
#ifdef EXPERIMENTAL_BRIGHTMAIL
TRUE, /* bmi_optin */
static unsigned int cond_forbids[] = {
0, /* acl */
- (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_CONNECT)| /* authenticated */
- (1<<ACL_WHERE_HELO),
+ (unsigned int)
+ ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* add_header */
+ (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
+ (1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)|
+ (1<<ACL_WHERE_NOTSMTP_START)),
-#ifdef EXPERIMENTAL_BRIGHTMAIL
+ (1<<ACL_WHERE_NOTSMTP)| /* authenticated */
+ (1<<ACL_WHERE_NOTSMTP_START)|
+ (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO),
+
+ #ifdef EXPERIMENTAL_BRIGHTMAIL
(1<<ACL_WHERE_AUTH)| /* bmi_optin */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_MIME)|
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
(1<<ACL_WHERE_MAILAUTH)|
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_PREDATA),
-#endif
+ (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_PREDATA)|
+ (1<<ACL_WHERE_NOTSMTP_START),
+ #endif
0, /* condition */
0, /* control */
-#ifdef WITH_CONTENT_SCAN
+ #ifdef WITH_CONTENT_SCAN
(unsigned int)
~(1<<ACL_WHERE_MIME), /* decode */
-#endif
+ #endif
0, /* delay */
-#ifdef WITH_OLD_DEMIME
+ #ifdef WITH_OLD_DEMIME
(unsigned int)
~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)), /* demime */
-#endif
+ #endif
-#ifdef EXPERIMENTAL_DOMAINKEYS
+ #ifdef EXPERIMENTAL_DOMAINKEYS
(1<<ACL_WHERE_AUTH)| /* dk_domain_source */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY),
+ (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
(1<<ACL_WHERE_AUTH)| /* dk_policy */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY),
+ (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
(1<<ACL_WHERE_AUTH)| /* dk_sender_domains */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY),
+ (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
(1<<ACL_WHERE_AUTH)| /* dk_sender_local_parts */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY),
+ (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
(1<<ACL_WHERE_AUTH)| /* dk_senders */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY),
+ (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
(1<<ACL_WHERE_AUTH)| /* dk_status */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY),
-#endif
+ (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
+ #endif
- (1<<ACL_WHERE_NOTSMTP), /* dnslists */
+ (1<<ACL_WHERE_NOTSMTP)| /* dnslists */
+ (1<<ACL_WHERE_NOTSMTP_START),
(unsigned int)
~(1<<ACL_WHERE_RCPT), /* domains */
- (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_CONNECT)| /* encrypted */
+ (1<<ACL_WHERE_NOTSMTP)| /* encrypted */
+ (1<<ACL_WHERE_CONNECT)|
+ (1<<ACL_WHERE_NOTSMTP_START)|
(1<<ACL_WHERE_HELO),
0, /* endpass */
- (1<<ACL_WHERE_NOTSMTP), /* hosts */
+ (1<<ACL_WHERE_NOTSMTP)| /* hosts */
+ (1<<ACL_WHERE_NOTSMTP_START),
(unsigned int)
~(1<<ACL_WHERE_RCPT), /* local_parts */
0, /* logwrite */
-#ifdef WITH_CONTENT_SCAN
+ #ifdef WITH_CONTENT_SCAN
(unsigned int)
~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)), /* malware */
-#endif
+ #endif
0, /* message */
-#ifdef WITH_CONTENT_SCAN
+ #ifdef WITH_CONTENT_SCAN
(unsigned int)
~(1<<ACL_WHERE_MIME), /* mime_regex */
-#endif
+ #endif
0, /* ratelimit */
(unsigned int)
~(1<<ACL_WHERE_RCPT), /* recipients */
-#ifdef WITH_CONTENT_SCAN
+ #ifdef WITH_CONTENT_SCAN
(unsigned int)
~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)| /* regex */
(1<<ACL_WHERE_MIME)),
-#endif
+ #endif
(1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)| /* sender_domains */
(1<<ACL_WHERE_HELO)|
0, /* set */
-#ifdef WITH_CONTENT_SCAN
+ #ifdef WITH_CONTENT_SCAN
(unsigned int)
~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)), /* spam */
-#endif
+ #endif
-#ifdef EXPERIMENTAL_SPF
+ #ifdef EXPERIMENTAL_SPF
(1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)| /* spf */
(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_MAILAUTH)|
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
- (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY),
-#endif
+ (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)|
+ (1<<ACL_WHERE_NOTSMTP)|
+ (1<<ACL_WHERE_NOTSMTP_START),
+ #endif
/* Certain types of verify are always allowed, so we let it through
always and check in the verify function itself */
specify the negation of a small number of allowed times. */
static unsigned int control_forbids[] = {
-#ifdef EXPERIMENTAL_BRIGHTMAIL
+ (unsigned int)
+ ~((1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)), /* allow_auth_unadvertised */
+
+ #ifdef EXPERIMENTAL_BRIGHTMAIL
0, /* bmi_run */
-#endif
-#ifdef EXPERIMENTAL_DOMAINKEYS
- (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP), /* dk_verify */
-#endif
+ #endif
+
+ #ifdef EXPERIMENTAL_DOMAINKEYS
+ (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)| /* dk_verify */
+ (1<<ACL_WHERE_NOTSMTP_START),
+ #endif
0, /* error */
(unsigned int)
~(1<<ACL_WHERE_RCPT), /* caselower_local_part */
- (1<<ACL_WHERE_NOTSMTP), /* enforce_sync */
+ (1<<ACL_WHERE_NOTSMTP)| /* enforce_sync */
+ (1<<ACL_WHERE_NOTSMTP_START),
- (1<<ACL_WHERE_NOTSMTP), /* no_enforce_sync */
+ (1<<ACL_WHERE_NOTSMTP)| /* no_enforce_sync */
+ (1<<ACL_WHERE_NOTSMTP_START),
(unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* freeze */
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* submission */
(1<<ACL_WHERE_PREDATA)),
-#ifdef WITH_CONTENT_SCAN
+ (unsigned int)
+ ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* suppress_local_fixups */
+ (1<<ACL_WHERE_PREDATA)|
+ (1<<ACL_WHERE_NOTSMTP_START)),
+
+ #ifdef WITH_CONTENT_SCAN
(unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* no_mbox_unspool */
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
(1<<ACL_WHERE_MIME)),
-#endif
+ #endif
(unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* fakedefer */
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
(1<<ACL_WHERE_MIME)),
- (1<<ACL_WHERE_NOTSMTP) /* no_multiline */
+ (1<<ACL_WHERE_NOTSMTP)| /* no_multiline */
+ (1<<ACL_WHERE_NOTSMTP_START)
};
/* Structure listing various control arguments, with their characteristics. */
} control_def;
static control_def controls_list[] = {
+ { US"allow_auth_unadvertised", CONTROL_AUTH_UNADVERTISED, FALSE },
#ifdef EXPERIMENTAL_BRIGHTMAIL
- { US"bmi_run", CONTROL_BMI_RUN, FALSE},
+ { US"bmi_run", CONTROL_BMI_RUN, FALSE },
#endif
#ifdef EXPERIMENTAL_DOMAINKEYS
- { US"dk_verify", CONTROL_DK_VERIFY, FALSE},
-#endif
- { US"caseful_local_part", CONTROL_CASEFUL_LOCAL_PART, FALSE},
- { US"caselower_local_part", CONTROL_CASELOWER_LOCAL_PART, FALSE},
- { US"enforce_sync", CONTROL_ENFORCE_SYNC, FALSE},
- { US"freeze", CONTROL_FREEZE, FALSE},
- { US"no_enforce_sync", CONTROL_NO_ENFORCE_SYNC, FALSE},
- { US"no_multiline_responses", CONTROL_NO_MULTILINE, FALSE},
- { US"queue_only", CONTROL_QUEUE_ONLY, FALSE},
+ { US"dk_verify", CONTROL_DK_VERIFY, FALSE },
+#endif
+ { US"caseful_local_part", CONTROL_CASEFUL_LOCAL_PART, FALSE },
+ { US"caselower_local_part", CONTROL_CASELOWER_LOCAL_PART, FALSE },
+ { US"enforce_sync", CONTROL_ENFORCE_SYNC, FALSE },
+ { US"freeze", CONTROL_FREEZE, TRUE },
+ { US"no_enforce_sync", CONTROL_NO_ENFORCE_SYNC, FALSE },
+ { US"no_multiline_responses", CONTROL_NO_MULTILINE, FALSE },
+ { US"queue_only", CONTROL_QUEUE_ONLY, FALSE },
#ifdef WITH_CONTENT_SCAN
- { US"no_mbox_unspool", CONTROL_NO_MBOX_UNSPOOL, FALSE},
+ { US"no_mbox_unspool", CONTROL_NO_MBOX_UNSPOOL, FALSE },
#endif
- { US"fakedefer", CONTROL_FAKEDEFER, TRUE},
- { US"fakereject", CONTROL_FAKEREJECT, TRUE},
- { US"submission", CONTROL_SUBMISSION, TRUE}
+ { US"fakedefer", CONTROL_FAKEDEFER, TRUE },
+ { US"fakereject", CONTROL_FAKEREJECT, TRUE },
+ { US"submission", CONTROL_SUBMISSION, TRUE },
+ { US"suppress_local_fixups", CONTROL_SUPPRESS_LOCAL_FIXUPS, FALSE }
};
/* Support data structures for Client SMTP Authorization. acl_verify_csa()
can be started by a name, or by a macro definition. */
s = readconf_readname(name, sizeof(name), s);
- if (*s == ':' || isupper(name[0] && *s == '=')) return yield;
+ if (*s == ':' || (isupper(name[0]) && *s == '=')) return yield;
/* If a verb is unrecognized, it may be another condition or modifier that
continues the previous verb. */
{
if (this == NULL)
{
- *error = string_sprintf("unknown ACL verb in \"%s\"", saveline);
+ *error = string_sprintf("unknown ACL verb \"%s\" in \"%s\"", name,
+ saveline);
return NULL;
}
}
if (c == ACLC_SET)
{
- if (Ustrncmp(s, "acl_", 4) != 0 || (s[4] != 'c' && s[4] != 'm') ||
- !isdigit(s[5]) || (!isspace(s[6]) && s[6] != '='))
+ int offset, max, n;
+ uschar *endptr;
+
+ if (Ustrncmp(s, "acl_", 4) != 0) goto BAD_ACL_VAR;
+ if (s[4] == 'c')
+ {
+ offset = 0;
+ max = ACL_CVARS;
+ }
+ else if (s[4] == 'm')
+ {
+ offset = ACL_CVARS;
+ max = ACL_MVARS;
+ }
+ else goto BAD_ACL_VAR;
+
+ n = Ustrtoul(s + 5, &endptr, 10);
+ if ((*endptr != 0 && *endptr != '=' && !isspace(*endptr)) || n >= max)
{
- *error = string_sprintf("unrecognized name after \"set\" in ACL "
- "modifier \"set %s\"", s);
+ BAD_ACL_VAR:
+ *error = string_sprintf("syntax error or unrecognized name after "
+ "\"set\" in ACL modifier \"set %s\"", s);
return NULL;
}
- cond->u.varnumber = s[5] - '0';
- if (s[4] == 'm') cond->u.varnumber += ACL_C_MAX;
- s += 6;
+ cond->u.varnumber = n + offset;
+ s = endptr;
while (isspace(*s)) s++;
}
+/*************************************************
+* Set up added header line(s) *
+*************************************************/
+
+/* This function is called by the add_header modifier, and also from acl_warn()
+to implement the now-deprecated way of adding header lines using "message" on a
+"warn" verb. The argument is treated as a sequence of header lines which are
+added to a chain, provided there isn't an identical one already there.
+
+Argument: string of header lines
+Returns: nothing
+*/
+
+static void
+setup_header(uschar *hstring)
+{
+uschar *p, *q;
+int hlen = Ustrlen(hstring);
+
+/* An empty string does nothing; otherwise add a final newline if necessary. */
+
+if (hlen <= 0) return;
+if (hstring[hlen-1] != '\n') hstring = string_sprintf("%s\n", hstring);
+
+/* Loop for multiple header lines, taking care about continuations */
+
+for (p = q = hstring; *p != 0; )
+ {
+ uschar *s;
+ int newtype = htype_add_bot;
+ header_line **hptr = &acl_added_headers;
+
+ /* Find next header line within the string */
+
+ for (;;)
+ {
+ q = Ustrchr(q, '\n');
+ if (*(++q) != ' ' && *q != '\t') break;
+ }
+
+ /* If the line starts with a colon, interpret the instruction for where to
+ add it. This temporarily sets up a new type. */
+
+ if (*p == ':')
+ {
+ if (strncmpic(p, US":after_received:", 16) == 0)
+ {
+ newtype = htype_add_rec;
+ p += 16;
+ }
+ else if (strncmpic(p, US":at_start_rfc:", 14) == 0)
+ {
+ newtype = htype_add_rfc;
+ p += 14;
+ }
+ else if (strncmpic(p, US":at_start:", 10) == 0)
+ {
+ newtype = htype_add_top;
+ p += 10;
+ }
+ else if (strncmpic(p, US":at_end:", 8) == 0)
+ {
+ newtype = htype_add_bot;
+ p += 8;
+ }
+ while (*p == ' ' || *p == '\t') p++;
+ }
+
+ /* See if this line starts with a header name, and if not, add X-ACL-Warn:
+ to the front of it. */
+
+ for (s = p; s < q - 1; s++)
+ {
+ if (*s == ':' || !isgraph(*s)) break;
+ }
+
+ s = string_sprintf("%s%.*s", (*s == ':')? "" : "X-ACL-Warn: ", q - p, p);
+ hlen = Ustrlen(s);
+
+ /* See if this line has already been added */
+
+ while (*hptr != NULL)
+ {
+ if (Ustrncmp((*hptr)->text, s, hlen) == 0) break;
+ hptr = &((*hptr)->next);
+ }
+
+ /* Add if not previously present */
+
+ if (*hptr == NULL)
+ {
+ header_line *h = store_get(sizeof(header_line));
+ h->text = s;
+ h->next = NULL;
+ h->type = newtype;
+ h->slen = hlen;
+ *hptr = h;
+ hptr = &(h->next);
+ }
+
+ /* Advance for next header line within the string */
+
+ p = q;
+ }
+}
+
+
+
+
/*************************************************
* Handle warnings *
*************************************************/
the message's headers, and/or writes information to the log. In each case, this
only happens once (per message for headers, per connection for log).
+** NOTE: The header adding action using the "message" setting is historic, and
+its use is now deprecated. The new add_header modifier should be used instead.
+
Arguments:
where ACL_WHERE_xxxx indicating which ACL this is
user_message message for adding to headers
static void
acl_warn(int where, uschar *user_message, uschar *log_message)
{
-int hlen;
-
if (log_message != NULL && log_message != user_message)
{
uschar *text;
return;
}
-/* Treat the user message as a sequence of one or more header lines. */
-
-hlen = Ustrlen(user_message);
-if (hlen > 0)
- {
- uschar *text, *p, *q;
-
- /* Add a final newline if not present */
-
- text = ((user_message)[hlen-1] == '\n')? user_message :
- string_sprintf("%s\n", user_message);
+/* The code for setting up header lines is now abstracted into a separate
+function so that it can be used for the add_header modifier as well. */
- /* Loop for multiple header lines, taking care about continuations */
-
- for (p = q = text; *p != 0; )
- {
- uschar *s;
- int newtype = htype_add_bot;
- header_line **hptr = &acl_warn_headers;
-
- /* Find next header line within the string */
-
- for (;;)
- {
- q = Ustrchr(q, '\n');
- if (*(++q) != ' ' && *q != '\t') break;
- }
-
- /* If the line starts with a colon, interpret the instruction for where to
- add it. This temporarily sets up a new type. */
-
- if (*p == ':')
- {
- if (strncmpic(p, US":after_received:", 16) == 0)
- {
- newtype = htype_add_rec;
- p += 16;
- }
- else if (strncmpic(p, US":at_start_rfc:", 14) == 0)
- {
- newtype = htype_add_rfc;
- p += 14;
- }
- else if (strncmpic(p, US":at_start:", 10) == 0)
- {
- newtype = htype_add_top;
- p += 10;
- }
- else if (strncmpic(p, US":at_end:", 8) == 0)
- {
- newtype = htype_add_bot;
- p += 8;
- }
- while (*p == ' ' || *p == '\t') p++;
- }
-
- /* See if this line starts with a header name, and if not, add X-ACL-Warn:
- to the front of it. */
-
- for (s = p; s < q - 1; s++)
- {
- if (*s == ':' || !isgraph(*s)) break;
- }
-
- s = string_sprintf("%s%.*s", (*s == ':')? "" : "X-ACL-Warn: ", q - p, p);
- hlen = Ustrlen(s);
-
- /* See if this line has already been added */
-
- while (*hptr != NULL)
- {
- if (Ustrncmp((*hptr)->text, s, hlen) == 0) break;
- hptr = &((*hptr)->next);
- }
-
- /* Add if not previously present */
-
- if (*hptr == NULL)
- {
- header_line *h = store_get(sizeof(header_line));
- h->text = s;
- h->next = NULL;
- h->type = newtype;
- h->slen = hlen;
- *hptr = h;
- hptr = &(h->next);
- }
-
- /* Advance for next header line within the string */
-
- p = q;
- }
- }
+setup_header(user_message);
}
address literals, but it's probably the most friendly thing to do. This is an
extension to CSA, so we allow it to be turned off for proper conformance. */
-if (string_is_ip_address(domain, NULL))
+if (string_is_ip_address(domain, NULL) != 0)
{
if (!dns_csa_use_reverse) return CSA_UNKNOWN;
dns_build_reverse(domain, target);
BOOL defer_ok = FALSE;
BOOL callout_defer_ok = FALSE;
BOOL no_details = FALSE;
+BOOL success_on_redirect = FALSE;
address_item *sender_vaddr = NULL;
uschar *verify_sender_address = NULL;
uschar *pm_mailfrom = NULL;
return FAIL;
}
-/* We can test the result of optional HELO verification */
+/* We can test the result of optional HELO verification that might have
+occurred earlier. If not, we can attempt the verification now. */
if (strcmpic(ss, US"helo") == 0)
{
if (slash != NULL) goto NO_OPTIONS;
+ if (!helo_verified && !helo_verify_failed) smtp_verify_helo();
return helo_verified? OK : FAIL;
}
if (strcmpic(ss, US"header_syntax") == 0)
{
if (slash != NULL) goto NO_OPTIONS;
- if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP)
- {
- *log_msgptr = string_sprintf("cannot check header contents in ACL for %s "
- "(only possible in ACL for DATA)", acl_wherenames[where]);
- return ERROR;
- }
+ if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP) goto WRONG_ACL;
rc = verify_check_headers(log_msgptr);
if (rc != OK && smtp_return_error_details && *log_msgptr != NULL)
*user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr);
return rc;
}
+/* Check that no recipient of this message is "blind", that is, every envelope
+recipient must be mentioned in either To: or Cc:. */
+
+if (strcmpic(ss, US"not_blind") == 0)
+ {
+ if (slash != NULL) goto NO_OPTIONS;
+ if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP) goto WRONG_ACL;
+ rc = verify_check_notblind();
+ if (rc != OK)
+ {
+ *log_msgptr = string_sprintf("bcc recipient detected");
+ if (smtp_return_error_details)
+ *user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr);
+ }
+ return rc;
+ }
/* The remaining verification tests check recipient and sender addresses,
either from the envelope or from the header. There are a number of
if (strcmpic(ss, US"header_sender") == 0)
{
- if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP)
- {
- *log_msgptr = string_sprintf("cannot check header contents in ACL for %s "
- "(only possible in ACL for DATA)", acl_wherenames[where]);
- return ERROR;
- }
+ if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP) goto WRONG_ACL;
verify_header_sender = TRUE;
}
{
if (strcmpic(ss, US"defer_ok") == 0) defer_ok = TRUE;
else if (strcmpic(ss, US"no_details") == 0) no_details = TRUE;
+ else if (strcmpic(ss, US"success_on_redirect") == 0) success_on_redirect = TRUE;
/* These two old options are left for backwards compatibility */
else
verify_options |= vopt_fake_sender;
+ if (success_on_redirect)
+ verify_options |= vopt_success_on_redirect;
+
/* The recipient, qualify, and expn options are never set in
verify_options. */
{
address_item addr2;
+ if (success_on_redirect)
+ verify_options |= vopt_success_on_redirect;
+
/* We must use a copy of the address for verification, because it might
get rewritten. */
*log_msgptr = string_sprintf("unexpected '/' found in \"%s\" "
"(this verify item has no options)", arg);
return ERROR;
+
+/* Calls in the wrong ACL come here */
+
+WRONG_ACL:
+*log_msgptr = string_sprintf("cannot check header contents in ACL for %s "
+ "(only possible in ACL for DATA)", acl_wherenames[where]);
+return ERROR;
}
Arguments:
arg the option string for ratelimit=
+ where ACL_WHERE_xxxx indicating which ACL this is
log_msgptr for error messages
Returns: OK - Sender's rate is above limit
*/
static int
-acl_ratelimit(uschar *arg, uschar **log_msgptr)
+acl_ratelimit(uschar *arg, int where, uschar **log_msgptr)
{
double limit, period;
uschar *ss, *key;
+ (double)tv.tv_usec / 1000000.0;
double prev_time = (double)dbd->time_stamp
+ (double)dbd->time_usec / 1000000.0;
- double interval = this_time - prev_time;
-
- double i_over_p = interval / period;
- double a = exp(-i_over_p);
/* We must avoid division by zero, and deal gracefully with the clock going
backwards. If we blunder ahead when time is in reverse then the computed
- rate will become bogusly huge. Clamp i/p to a very small number instead. */
+ rate will be bogus. To be safe we clamp interval to a very small number. */
+
+ double interval = this_time - prev_time <= 0.0 ? 1e-9
+ : this_time - prev_time;
- if (i_over_p <= 0.0) i_over_p = 1e-9;
+ double i_over_p = interval / period;
+ double a = exp(-i_over_p);
dbd->time_stamp = tv.tv_sec;
dbd->time_usec = tv.tv_usec;
if (per_byte)
dbd->rate = (message_size < 0 ? 0.0 : (double)message_size)
* (1 - a) / i_over_p + a * dbd->rate;
+ else if (per_cmd && where == ACL_WHERE_NOTSMTP)
+ dbd->rate = (double)recipients_count
+ * (1 - a) / i_over_p + a * dbd->rate;
else
dbd->rate = (1 - a) / i_over_p + a * dbd->rate;
}
if (cb->type == ACLC_SET)
{
int n = cb->u.varnumber;
- int t = (n < ACL_C_MAX)? 'c' : 'm';
- if (n >= ACL_C_MAX) n -= ACL_C_MAX;
+ int t = (n < ACL_CVARS)? 'c' : 'm';
+ if (n >= ACL_CVARS) n -= ACL_CVARS;
debug_printf("acl_%c%d ", t, n);
lhswidth += 7;
}
switch(cb->type)
{
+ case ACLC_ADD_HEADER:
+ setup_header(arg);
+ break;
+
/* A nested ACL that returns "discard" makes sense only for an "accept" or
"discard" verb. */
TRUE, NULL);
break;
-#ifdef EXPERIMENTAL_BRIGHTMAIL
+ #ifdef EXPERIMENTAL_BRIGHTMAIL
case ACLC_BMI_OPTIN:
{
int old_pool = store_pool;
store_pool = old_pool;
}
break;
-#endif
+ #endif
case ACLC_CONDITION:
if (Ustrspn(arg, "0123456789") == Ustrlen(arg)) /* Digits, or empty */
switch(control_type)
{
-#ifdef EXPERIMENTAL_BRIGHTMAIL
+ case CONTROL_AUTH_UNADVERTISED:
+ allow_auth_unadvertised = TRUE;
+ break;
+
+ #ifdef EXPERIMENTAL_BRIGHTMAIL
case CONTROL_BMI_RUN:
bmi_run = 1;
break;
-#endif
-#ifdef EXPERIMENTAL_DOMAINKEYS
+ #endif
+
+ #ifdef EXPERIMENTAL_DOMAINKEYS
case CONTROL_DK_VERIFY:
dk_do_verify = 1;
break;
-#endif
+ #endif
+
case CONTROL_ERROR:
return ERROR;
smtp_enforce_sync = FALSE;
break;
-#ifdef WITH_CONTENT_SCAN
+ #ifdef WITH_CONTENT_SCAN
case CONTROL_NO_MBOX_UNSPOOL:
no_mbox_unspool = TRUE;
break;
-#endif
+ #endif
case CONTROL_NO_MULTILINE:
no_multiline_responses = TRUE;
case CONTROL_FREEZE:
deliver_freeze = TRUE;
deliver_frozen_at = time(NULL);
+ freeze_tell = freeze_tell_config; /* Reset to configured value */
+ if (Ustrncmp(p, "/no_tell", 8) == 0)
+ {
+ p += 8;
+ freeze_tell = NULL;
+ }
+ if (*p != 0)
+ {
+ *log_msgptr = string_sprintf("syntax error in \"control=%s\"", arg);
+ return ERROR;
+ }
break;
case CONTROL_QUEUE_ONLY:
submission_domain = string_copyn(p+8, pp-p-8);
p = pp;
}
+ /* The name= option must be last, because it swallows the rest of
+ the string. */
else if (Ustrncmp(p, "/name=", 6) == 0)
{
uschar *pp = p + 6;
- while (*pp != 0 && *pp != '/') pp++;
- originator_name = string_copy(parse_fix_phrase(p+6, pp-p-6,
+ while (*pp != 0) pp++;
+ submission_name = string_copy(parse_fix_phrase(p+6, pp-p-6,
big_buffer, big_buffer_size));
p = pp;
}
return ERROR;
}
break;
+
+ case CONTROL_SUPPRESS_LOCAL_FIXUPS:
+ suppress_local_fixups = TRUE;
+ break;
}
break;
-#ifdef WITH_CONTENT_SCAN
+ #ifdef WITH_CONTENT_SCAN
case ACLC_DECODE:
rc = mime_decode(&arg);
break;
-#endif
+ #endif
case ACLC_DELAY:
{
}
break;
-#ifdef WITH_OLD_DEMIME
+ #ifdef WITH_OLD_DEMIME
case ACLC_DEMIME:
rc = demime(&arg);
break;
-#endif
+ #endif
-#ifdef EXPERIMENTAL_DOMAINKEYS
- case ACLC_DK_DOMAIN_SOURCE:
+ #ifdef EXPERIMENTAL_DOMAINKEYS
+ case ACLC_DK_DOMAIN_SOURCE:
if (dk_verify_block == NULL) { rc = FAIL; break; };
/* check header source of domain against given string */
switch (dk_verify_block->address_source) {
rc = match_isinlist(US"none", &arg, 0, NULL,
NULL, MCL_STRING, TRUE, NULL);
break;
- }
- break;
- case ACLC_DK_POLICY:
+ }
+ break;
+
+ case ACLC_DK_POLICY:
if (dk_verify_block == NULL) { rc = FAIL; break; };
/* check policy against given string, default FAIL */
rc = FAIL;
if (dk_verify_block->testing)
rc = match_isinlist(US"testing", &arg, 0, NULL,
NULL, MCL_STRING, TRUE, NULL);
- break;
- case ACLC_DK_SENDER_DOMAINS:
+ break;
+
+ case ACLC_DK_SENDER_DOMAINS:
if (dk_verify_block == NULL) { rc = FAIL; break; };
if (dk_verify_block->domain != NULL)
rc = match_isinlist(dk_verify_block->domain, &arg, 0, &domainlist_anchor,
NULL, MCL_DOMAIN, TRUE, NULL);
else rc = FAIL;
- break;
- case ACLC_DK_SENDER_LOCAL_PARTS:
+ break;
+
+ case ACLC_DK_SENDER_LOCAL_PARTS:
if (dk_verify_block == NULL) { rc = FAIL; break; };
if (dk_verify_block->local_part != NULL)
rc = match_isinlist(dk_verify_block->local_part, &arg, 0, &localpartlist_anchor,
NULL, MCL_LOCALPART, TRUE, NULL);
else rc = FAIL;
- break;
- case ACLC_DK_SENDERS:
+ break;
+
+ case ACLC_DK_SENDERS:
if (dk_verify_block == NULL) { rc = FAIL; break; };
if (dk_verify_block->address != NULL)
rc = match_address_list(dk_verify_block->address, TRUE, TRUE, &arg, NULL, -1, 0, NULL);
else rc = FAIL;
- break;
- case ACLC_DK_STATUS:
+ break;
+
+ case ACLC_DK_STATUS:
if (dk_verify_block == NULL) { rc = FAIL; break; };
if (dk_verify_block->result > 0) {
switch(dk_verify_block->result) {
rc = match_isinlist(US"bad", &arg, 0, NULL,
NULL, MCL_STRING, TRUE, NULL);
break;
+ }
}
- }
- break;
-#endif
+ break;
+ #endif
case ACLC_DNSLISTS:
rc = verify_check_dnsbl(&arg);
}
break;
-#ifdef WITH_CONTENT_SCAN
+ #ifdef WITH_CONTENT_SCAN
case ACLC_MALWARE:
{
/* Seperate the regular expression and any optional parameters. */
break;
case ACLC_MIME_REGEX:
- rc = mime_regex(&arg);
+ rc = mime_regex(&arg);
break;
-#endif
+ #endif
case ACLC_RATELIMIT:
- rc = acl_ratelimit(arg, log_msgptr);
+ rc = acl_ratelimit(arg, where, log_msgptr);
break;
case ACLC_RECIPIENTS:
&recipient_data);
break;
-#ifdef WITH_CONTENT_SCAN
- case ACLC_REGEX:
- rc = regex(&arg);
+ #ifdef WITH_CONTENT_SCAN
+ case ACLC_REGEX:
+ rc = regex(&arg);
break;
-#endif
+ #endif
case ACLC_SENDER_DOMAINS:
{
case ACLC_SET:
{
int old_pool = store_pool;
- if (cb->u.varnumber < ACL_C_MAX) store_pool = POOL_PERM;
+ if (cb->u.varnumber < ACL_CVARS) store_pool = POOL_PERM;
acl_var[cb->u.varnumber] = string_copy(arg);
store_pool = old_pool;
}
break;
-#ifdef WITH_CONTENT_SCAN
+ #ifdef WITH_CONTENT_SCAN
case ACLC_SPAM:
{
/* Seperate the regular expression and any optional parameters. */
}
}
break;
-#endif
+ #endif
-#ifdef EXPERIMENTAL_SPF
+ #ifdef EXPERIMENTAL_SPF
case ACLC_SPF:
rc = spf_process(&arg, sender_address);
break;
-#endif
+ #endif
/* If the verb is WARN, discard any user message from verification, because
such messages are SMTP responses, not header additions. The latter come
case ACL_WARN:
if (cond == OK)
acl_warn(where, *user_msgptr, *log_msgptr);
- else if (cond == DEFER)
+ else if (cond == DEFER && (log_extra_selector & LX_acl_warn_skipped) != 0)
log_write(0, LOG_MAIN, "%s Warning: ACL \"warn\" statement skipped: "
"condition test deferred%s%s", host_and_ident(TRUE),
(*log_msgptr == NULL)? US"" : US": ",
Arguments:
where ACL_WHERE_xxxx indicating where called from
- data_string RCPT address, or SMTP command argument, or NULL
+ recipient RCPT address for RCPT check, else NULL
s the input string; NULL is the same as an empty ACL => DENY
user_msgptr where to put a user error (for SMTP response)
log_msgptr where to put a logging message (not for SMTP response)
*/
int
-acl_check(int where, uschar *data_string, uschar *s, uschar **user_msgptr,
+acl_check(int where, uschar *recipient, uschar *s, uschar **user_msgptr,
uschar **log_msgptr)
{
int rc;
address_item adb;
-address_item *addr;
+address_item *addr = NULL;
*user_msgptr = *log_msgptr = NULL;
sender_verified_failed = NULL;
{
adb = address_defaults;
addr = &adb;
- addr->address = data_string;
+ addr->address = recipient;
if (deliver_split_address(addr) == DEFER)
{
*log_msgptr = US"defer in percent_hack_domains check";
deliver_domain = addr->domain;
deliver_localpart = addr->local_part;
}
-else
- {
- addr = NULL;
- smtp_command_argument = data_string;
- }
rc = acl_check_internal(where, addr, s, 0, user_msgptr, log_msgptr);
-smtp_command_argument = deliver_domain =
- deliver_localpart = deliver_address_data = sender_address_data = NULL;
+deliver_domain = deliver_localpart = deliver_address_data =
+ sender_address_data = NULL;
/* A DISCARD response is permitted only for message ACLs, excluding the PREDATA
ACL, which is really in the middle of an SMTP command. */