From: Philip Hazel Date: Mon, 25 Sep 2006 10:14:20 +0000 (+0000) Subject: Add log_reject_target as an ACL modifier. X-Git-Tag: exim-4_64~80 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/6ea85e9a4ac76f292db7bb946d6ada8d3ac93a2d Add log_reject_target as an ACL modifier. --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index eebf9122d..ba67b7315 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.396 2006/09/22 08:41:59 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.397 2006/09/25 10:14:20 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -52,6 +52,10 @@ JJ/01 exipick 20060919.0, allow for arbitrary acl_ variables introduced JJ/02 exipick 20060919.0, --show-vars args can now be regular expressions, miscellaneous code fixes +PH/10 Added the log_reject_target ACL modifier to specify where to log + rejections. + + Exim version 4.63 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 6ee8f6bdc..ae4043cc1 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/NewStuff,v 1.110 2006/09/19 14:31:06 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/NewStuff,v 1.111 2006/09/25 10:14:20 ph10 Exp $ New Features in Exim -------------------- @@ -37,6 +37,19 @@ Version 4.64 used, spool files written by the new release can be read by earlier releases. +2. There is a new ACL modifier called log_reject_target. It makes it possible + to specify which logs are used for messages about ACL rejections. Its + argument is a list of words which can be "main", "reject", or "panic". The + default is "main:reject". The list may be empty, in which case a rejection + is not logged at all. For example, this ACL fragment writes no logging + information when access is denied: + + deny + log_reject_target = + + The modifier can be used in SMTP and non-SMTP ACLs. It applies to both + permanent and temporary rejections. + Version 4.63 ------------ diff --git a/src/src/acl.c b/src/src/acl.c index 5709a11ab..8274e0c73 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/acl.c,v 1.65 2006/09/19 14:31:06 ph10 Exp $ */ +/* $Cambridge: exim/src/src/acl.c,v 1.66 2006/09/25 10:14:20 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -65,6 +65,7 @@ enum { ACLC_ACL, ACLC_HOSTS, ACLC_LOCAL_PARTS, ACLC_LOG_MESSAGE, + ACLC_LOG_REJECT_TARGET, ACLC_LOGWRITE, #ifdef WITH_CONTENT_SCAN ACLC_MALWARE, @@ -90,8 +91,9 @@ enum { ACLC_ACL, ACLC_VERIFY }; /* ACL conditions/modifiers: "delay", "control", "endpass", "message", -"log_message", "logwrite", and "set" are modifiers that look like conditions -but always return TRUE. They are used for their side effects. */ +"log_message", "log_reject_target", "logwrite", and "set" are modifiers that +look like conditions but always return TRUE. They are used for their side +effects. */ static uschar *conditions[] = { US"acl", @@ -117,8 +119,15 @@ static uschar *conditions[] = { US"dk_senders", US"dk_status", #endif - US"dnslists", US"domains", US"encrypted", - US"endpass", US"hosts", US"local_parts", US"log_message", US"logwrite", + US"dnslists", + US"domains", + US"encrypted", + US"endpass", + US"hosts", + US"local_parts", + US"log_message", + US"log_reject_target", + US"logwrite", #ifdef WITH_CONTENT_SCAN US"malware", #endif @@ -232,6 +241,7 @@ static uschar cond_expand_at_top[] = { FALSE, /* hosts */ FALSE, /* local_parts */ TRUE, /* log_message */ + TRUE, /* log_reject_target */ TRUE, /* logwrite */ #ifdef WITH_CONTENT_SCAN TRUE, /* malware */ @@ -290,6 +300,7 @@ static uschar cond_modifiers[] = { FALSE, /* hosts */ FALSE, /* local_parts */ TRUE, /* log_message */ + TRUE, /* log_reject_target */ TRUE, /* logwrite */ #ifdef WITH_CONTENT_SCAN FALSE, /* malware */ @@ -433,6 +444,8 @@ static unsigned int cond_forbids[] = { 0, /* log_message */ + 0, /* log_reject_target */ + 0, /* logwrite */ #ifdef WITH_CONTENT_SCAN @@ -2844,6 +2857,29 @@ for (; cb != NULL; cb = cb->next) &deliver_localpart_data); break; + case ACLC_LOG_REJECT_TARGET: + { + int logbits = 0; + int sep = 0; + uschar *s = arg; + uschar *ss; + while ((ss = string_nextinlist(&s, &sep, big_buffer, big_buffer_size)) + != NULL) + { + if (Ustrcmp(ss, "main") == 0) logbits |= LOG_MAIN; + else if (Ustrcmp(ss, "panic") == 0) logbits |= LOG_PANIC; + else if (Ustrcmp(ss, "reject") == 0) logbits |= LOG_REJECT; + else + { + logbits |= LOG_MAIN|LOG_REJECT; + log_write(0, LOG_MAIN|LOG_PANIC, "unknown log name \"%s\" in " + "\"log_reject_target\" in %s ACL", ss, acl_wherenames[where]); + } + } + log_reject_target = logbits; + } + break; + case ACLC_LOGWRITE: { int logbits = 0; @@ -2870,6 +2906,8 @@ for (; cb != NULL; cb = cb->next) s++; } while (isspace(*s)) s++; + + if (logbits == 0) logbits = LOG_MAIN; log_write(0, logbits, "%s", string_printing(s)); } @@ -2878,7 +2916,7 @@ for (; cb != NULL; cb = cb->next) #ifdef WITH_CONTENT_SCAN case ACLC_MALWARE: { - /* Seperate the regular expression and any optional parameters. */ + /* Separate the regular expression and any optional parameters. */ uschar *ss = string_nextinlist(&arg, &sep, big_buffer, big_buffer_size); /* Run the malware backend. */ rc = malware(&ss); @@ -3513,6 +3551,7 @@ address_item *addr = NULL; *user_msgptr = *log_msgptr = NULL; sender_verified_failed = NULL; ratelimiters_cmd = NULL; +log_reject_target = LOG_MAIN|LOG_REJECT; if (where == ACL_WHERE_RCPT) { diff --git a/src/src/globals.c b/src/src/globals.c index a694053c5..7c3f8e9f1 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/globals.c,v 1.58 2006/09/19 11:28:45 ph10 Exp $ */ +/* $Cambridge: exim/src/src/globals.c,v 1.59 2006/09/25 10:14:20 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -703,11 +703,12 @@ bit_table log_options[] = { }; int log_options_count = sizeof(log_options)/sizeof(bit_table); -unsigned int log_write_selector= L_default; +int log_reject_target = 0; uschar *log_selector_string = NULL; FILE *log_stderr = NULL; BOOL log_testing_mode = FALSE; BOOL log_timezone = FALSE; +unsigned int log_write_selector= L_default; uschar *login_sender_address = NULL; int lookup_open_max = 25; uschar *lookup_value = NULL; diff --git a/src/src/globals.h b/src/src/globals.h index cd5fb4e36..0bafda666 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/globals.h,v 1.40 2006/09/19 11:28:45 ph10 Exp $ */ +/* $Cambridge: exim/src/src/globals.h,v 1.41 2006/09/25 10:14:20 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -404,11 +404,12 @@ extern unsigned int log_extra_selector;/* Bit map of logging options other than extern uschar *log_file_path; /* If unset, use default */ extern bit_table log_options[]; /* Table of options */ extern int log_options_count; /* Size of table */ -extern unsigned int log_write_selector;/* Bit map of logging options for log_write() */ +extern int log_reject_target; /* Target log for ACL rejections */ extern uschar *log_selector_string; /* As supplied in the config */ extern FILE *log_stderr; /* Copy of stderr for log use, or NULL */ extern BOOL log_testing_mode; /* TRUE in various testing modes */ extern BOOL log_timezone; /* TRUE to include the timezone in log lines */ +extern unsigned int log_write_selector;/* Bit map of logging options for log_write() */ extern uschar *login_sender_address; /* The actual sender address */ extern lookup_info lookup_list[]; /* Vector of available lookups */ extern int lookup_list_count; /* Number of entries in the list */ diff --git a/src/src/receive.c b/src/src/receive.c index 3f430f1aa..797444ca1 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/receive.c,v 1.28 2006/07/13 13:53:33 ph10 Exp $ */ +/* $Cambridge: exim/src/src/receive.c,v 1.29 2006/09/25 10:14:20 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -2985,8 +2985,13 @@ else #ifdef WITH_CONTENT_SCAN unspool_mbox(); #endif - log_write(0, LOG_MAIN|LOG_REJECT, "F=<%s> rejected by non-SMTP ACL: %s", - sender_address, log_msg); + /* The ACL can specify where rejections are to be logged, possibly + nowhere. The default is main and reject logs. */ + + if (log_reject_target != 0) + log_write(0, log_reject_target, "F=<%s> rejected by non-SMTP ACL: %s", + sender_address, log_msg); + if (user_msg == NULL) user_msg = US"local configuration problem"; if (smtp_batched_input) { diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 614a3ffe0..36c4c3021 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/smtp_in.c,v 1.43 2006/09/19 11:28:45 ph10 Exp $ */ +/* $Cambridge: exim/src/src/smtp_in.c,v 1.44 2006/09/25 10:14:20 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -2002,12 +2002,15 @@ else US"Temporary local problem - please try later"); } -/* Log the incident. If the connection is not forcibly to be dropped, return 0. -Otherwise, log why it is closing if required and return 2. */ +/* Log the incident to the logs that are specified by log_reject_target +(default main, reject). This can be empty to suppress logging of rejections. If +the connection is not forcibly to be dropped, return 0. Otherwise, log why it +is closing if required and return 2. */ -log_write(0, LOG_MAIN|LOG_REJECT, "%s %s%srejected %s%s", - host_and_ident(TRUE), - sender_info, (rc == FAIL)? US"" : US"temporarily ", what, log_msg); +if (log_reject_target != 0) + log_write(0, log_reject_target, "%s %s%srejected %s%s", + host_and_ident(TRUE), + sender_info, (rc == FAIL)? US"" : US"temporarily ", what, log_msg); if (!drop) return 0; diff --git a/test/confs/0539 b/test/confs/0539 new file mode 100644 index 000000000..02b7a2622 --- /dev/null +++ b/test/confs/0539 @@ -0,0 +1,59 @@ +# Exim test configuration 0539 + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + +# ----- Main settings ----- + +acl_not_smtp = not_smtp +acl_smtp_mail = check_mail +acl_smtp_rcpt = check_rcpt +acl_smtp_predata = predata + + +# ----- ACLs ----- + +begin acl + +check_mail: + deny senders = main@test.ex + log_reject_target = main + deny senders = reject@test.ex + log_reject_target = reject + deny senders = both@test.ex + log_reject_target = <, main, reject + deny senders = panic@test.ex + log_reject_target = panic + deny senders = none@test.ex + log_reject_target = + accept + +check_rcpt: + deny local_parts = main + log_reject_target = main + deny local_parts = reject + log_reject_target = reject + deny local_parts = both + log_reject_target = <, main, reject + deny local_parts = panic + log_reject_target = panic + deny local_parts = none + log_reject_target = + accept + +predata: + deny log_reject_target = main + log_message = Not today + +not_smtp: + deny log_reject_target = reject + log_message = Nyet + + +# End diff --git a/test/log/0539 b/test/log/0539 new file mode 100644 index 000000000..b6787e7b7 --- /dev/null +++ b/test/log/0539 @@ -0,0 +1,5 @@ +1999-03-02 09:44:33 U=CALLER rejected MAIL +1999-03-02 09:44:33 U=CALLER rejected MAIL +1999-03-02 09:44:33 U=CALLER F= rejected RCPT +1999-03-02 09:44:33 U=CALLER F= rejected RCPT +1999-03-02 09:44:33 U=CALLER rejected DATA: Not today diff --git a/test/paniclog/0539 b/test/paniclog/0539 new file mode 100644 index 000000000..84edf4d2d --- /dev/null +++ b/test/paniclog/0539 @@ -0,0 +1,2 @@ +1999-03-02 09:44:33 U=CALLER rejected MAIL +1999-03-02 09:44:33 U=CALLER F= rejected RCPT diff --git a/test/rejectlog/0539 b/test/rejectlog/0539 new file mode 100644 index 000000000..74da8e6e1 --- /dev/null +++ b/test/rejectlog/0539 @@ -0,0 +1,14 @@ +1999-03-02 09:44:33 U=CALLER rejected MAIL +1999-03-02 09:44:33 U=CALLER rejected MAIL +1999-03-02 09:44:33 U=CALLER F= rejected RCPT +1999-03-02 09:44:33 U=CALLER F= rejected RCPT +1999-03-02 09:44:33 10HmaX-0005vi-00 F= rejected by non-SMTP ACL: Nyet +Envelope-from: +Envelope-to: +P Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmaX-0005vi-00 + for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +I Message-Id: +F From: CALLER_NAME + Date: Tue, 2 Mar 1999 09:44:33 +0000 diff --git a/test/scripts/0000-Basic/0539 b/test/scripts/0000-Basic/0539 new file mode 100644 index 000000000..193047aa0 --- /dev/null +++ b/test/scripts/0000-Basic/0539 @@ -0,0 +1,20 @@ +# log_reject_target +exim -bs +mail from: +mail from: +mail from: +mail from: +mail from: +mail from: +rcpt to: +rcpt to: +rcpt to: +rcpt to: +rcpt to: +rcpt to: +data +quit +**** +1 +exim -oep userx@test.ex +**** diff --git a/test/stderr/0539 b/test/stderr/0539 new file mode 100644 index 000000000..00e0000bf --- /dev/null +++ b/test/stderr/0539 @@ -0,0 +1,3 @@ +1999-03-02 09:44:33 U=CALLER rejected MAIL +1999-03-02 09:44:33 U=CALLER F= rejected RCPT +exim: message rejected by non-SMTP ACL: local configuration problem diff --git a/test/stdout/0539 b/test/stdout/0539 new file mode 100644 index 000000000..d260b66cc --- /dev/null +++ b/test/stdout/0539 @@ -0,0 +1,15 @@ +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +550 Administrative prohibition +550 Administrative prohibition +550 Administrative prohibition +550 Administrative prohibition +550 Administrative prohibition +250 OK +550 Administrative prohibition +550 Administrative prohibition +550 Administrative prohibition +550 Administrative prohibition +550 Administrative prohibition +250 Accepted +550 Administrative prohibition +221 myhost.test.ex closing connection