JH/32 Move Redis support from Experimental to mainline, enabled for a build
by defining LOOKUP_REDIS. The libhiredis library is required.
+JH/33 Bug 1748: Permit ACL dnslists= condition in non-smtp ACLs if explicit
+ keys are given for lookup.
+
Exim version 4.86
-----------------
~(1<<ACL_WHERE_DATA), /* dmarc_status */
#endif
- (1<<ACL_WHERE_NOTSMTP)| /* dnslists */
- (1<<ACL_WHERE_NOTSMTP_START),
+ /* Explicit key lookups can be made in non-smtp ACLs so pass
+ always and check in the verify processing itself. */
+
+ 0, /* dnslists */
(unsigned int)
~((1<<ACL_WHERE_RCPT) /* domains */
#endif
case ACLC_DNSLISTS:
- rc = verify_check_dnsbl(&arg);
+ rc = verify_check_dnsbl(where, &arg, log_msgptr);
break;
case ACLC_DOMAINS:
extern int verify_address(address_item *, FILE *, int, int, int, int,
uschar *, uschar *, BOOL *);
-extern int verify_check_dnsbl(const uschar **);
+extern int verify_check_dnsbl(int, const uschar **, uschar **);
extern int verify_check_header_address(uschar **, uschar **, int, int, int,
uschar *, uschar *, int, int *);
extern int verify_check_headers(uschar **);
Note: a domain for testing RFCI is example.tld.dsn.rfc-ignorant.org
Arguments:
+ where the acl type
listptr the domain/address/data list
+ log_msgptr log message on error
Returns: OK successful lookup (i.e. the address is on the list), or
lookup deferred after +include_unknown
*/
int
-verify_check_dnsbl(const uschar **listptr)
+verify_check_dnsbl(int where, const uschar ** listptr, uschar ** log_msgptr)
{
int sep = 0;
int defer_return = FAIL;
/* See if there's explicit data to be looked up */
- key = Ustrchr(domain, '/');
- if (key != NULL) *key++ = 0;
+ if ((key = Ustrchr(domain, '/'))) *key++ = 0;
/* See if there's a list of addresses supplied after the domain name. This is
introduced by an = or a & character; if preceded by = we require all matches
and if preceded by ! we invert the result. */
- iplist = Ustrchr(domain, '=');
- if (iplist == NULL)
+ if (!(iplist = Ustrchr(domain, '=')))
{
bitmask = TRUE;
iplist = Ustrchr(domain, '&');
}
- if (iplist != NULL) /* Found either = or & */
+ if (iplist) /* Found either = or & */
{
if (iplist > domain && iplist[-1] == '!') /* Handle preceding ! */
{
}
}
+
/* If there is a comma in the domain, it indicates that a second domain for
looking up TXT records is provided, before the main domain. Otherwise we must
set domain_txt == domain. */
if (key == NULL)
{
+ if (where == ACL_WHERE_NOTSMTP_START || where == ACL_WHERE_NOTSMTP)
+ {
+ *log_msgptr = string_sprintf
+ ("cannot test auto-keyed dnslists condition in %s ACL",
+ acl_wherenames[where]);
+ return ERROR;
+ }
if (sender_host_address == NULL) return FAIL; /* can never match */
if (revadd[0] == 0) invert_address(revadd, sender_host_address);
rc = one_check_dnsbl(domain, domain_txt, sender_host_address, revadd,
--- /dev/null
+# Exim test configuration 0571
+
+LOG_SELECTOR=
+
+exim_path = EXIM_PATH
+host_lookup_order = bydns
+primary_hostname = myhost.test.ex
+spool_directory = DIR/spool
+log_file_path = DIR/spool/log/%slog
+gecos_pattern = ""
+gecos_name = CALLER_NAME
+tls_advertise_hosts =
+
+# ----- Main settings -----
+
+disable_ipv6 = true
+
+addresslist ok_senders = ok@ok.ok
+
+domainlist local_domains = test.ex : *.test.ex
+
+qualify_domain = test.ex
+trusted_users = CALLER
+
+# Use first three components of from_domain to select ACL
+acl_not_smtp = ${if def:sender_address \
+ {acl_${sg{${tr{$sender_address_domain}{.}{_}}}{^(.*)_.*\$}{\$1}}} \
+ {accept control=queue_only}}
+
+# ----- ACLs -----
+
+begin acl
+
+acl_29_29_29:
+ deny dnslists = test.ex/$sender_address_domain
+ accept
+
+acl_29_29_0:
+ deny dnslists = test.ex
+ accept
+
+# ----- Transports -----
+
+begin transports
+
+t1:
+ driver = appendfile
+ file = DIR/test-mail/$local_part
+ user = CALLER
+
+t2:
+ driver = appendfile
+ file = DIR/test-mail/okbatch
+ user = CALLER
+ batch_max = 100
+ envelope_to_add
+
+# ----- Routers -----
+
+begin routers
+
+r0:
+ driver = accept
+ local_parts = ^ok
+ transport = t2
+
+r1:
+ driver = accept
+ local_parts = ^userx : ^cond-
+ transport = t1
+
+r2:
+ driver = redirect
+ local_parts = fail
+ allow_fail
+ data = :fail: here is a fail message
+
+# End
--- /dev/null
+1999-03-02 09:44:33 10HmaX-0005vi-00 F=<ted@29.29.0.com> rejected by non-SMTP ACL: cannot test keyless dnslists condition in non-SMTP ACL
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss
+1999-03-02 09:44:33 10HmaY-0005vi-00 no immediate delivery: queued by ACL
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= bill@29.29.29.com U=CALLER P=local S=sss
--- /dev/null
+1999-03-02 09:44:33 10HmaX-0005vi-00 F=<ted@29.29.0.com> rejected by non-SMTP ACL: cannot test keyless dnslists condition in non-SMTP ACL
+Envelope-from: <ted@29.29.0.com>
+Envelope-to: <ok1@test.ex>
+P Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+ (envelope-from <ted@29.29.0.com>)
+ id 10HmaX-0005vi-00
+ for ok1@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+I Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
+F From: ted@29.29.0.com
+ Date: Tue, 2 Mar 1999 09:44:33 +0000
--- /dev/null
+# ACL - dnslists in non-smtp ACL
+#
+1
+exim -f ted@29.29.0.com -odq ok1@test.ex
+should fail
+.
+****
+#
+exim -f bill@29.29.29.com -odq ok1@test.ex
+should pass
+.
+****
+#
+no_msglog_check
git://git.exim.org / exim.git / commitdiff