From 2ddb4094c1b6861bebe191fa1466f53399e1e6d9 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sun, 13 May 2018 22:02:59 +0100
Subject: [PATCH] Callouts: record succeeding random local-part tests.  Bug 177

---
 doc/doc-docbook/spec.xfpt |  9 +++++++++
 doc/doc-txt/ChangeLog     |  3 +++
 src/src/verify.c          | 20 +++++++++++---------
 test/confs/0376           |  4 ++++
 test/log/0376             |  4 ++++
 test/stderr/0376          |  8 ++++++++
 6 files changed, 39 insertions(+), 9 deletions(-)

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 0d6c23907..44022291c 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -31160,6 +31160,15 @@ connection, HELO, or MAIL).
 The main use of these variables is expected to be to distinguish between
 rejections of MAIL and rejections of RCPT in callouts.
 
+.new
+The above variables may also be set after a &*successful*&
+address verification to:
+
+.ilist
+&%random%&: A random local-part callout succeeded
+.endlist
+.wen
+
 
 
 
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 5ce54a24e..e4d1719ec 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -40,6 +40,9 @@ JH/06 Bug 2275: The MIME ACL unlocked the received message files early, and
       releases a lock) for that case, while creating the temporary .eml format
       file for the MIME ACL.  Also applies to "regex" and "spam" ACL conditions.
 
+JH/07 Bug 177: Make a random-recipient callout success visible in ACL, by setting
+      $sender_verify_failure/$recipient_verify_failure to "random".
+
 
 Exim version 4.91
 -----------------
diff --git a/src/src/verify.c b/src/src/verify.c
index 1eff49f49..95876d1cd 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -196,6 +196,7 @@ else
       case ccache_accept:
 	HDEBUG(D_verify)
 	  debug_printf("callout cache: domain accepts random addresses\n");
+	*failure_ptr = US"random";
 	dbfn_close(dbm_file);
 	return TRUE;     /* Default yield is OK */
 
@@ -802,6 +803,7 @@ tls_retry_connection:
 	    new_domain_record.random_result = ccache_accept;
 	    yield = OK;		/* Only usable verify result we can return */
 	    done = TRUE;
+	    *failure_ptr = US"random";
 	    goto no_conn;
 	  case FAIL:		/* rejected: the preferred result */
 	    new_domain_record.random_result = ccache_reject;
@@ -1657,9 +1659,9 @@ else ko_prefix = cr = US"";
 
 if (parse_find_at(address) == NULL)
   {
-  if ((options & vopt_qualify) == 0)
+  if (!(options & vopt_qualify))
     {
-    if (f != NULL)
+    if (f)
       respond_printf(f, "%sA domain is required for \"%s\"%s\n",
         ko_prefix, address, cr);
     *failure_ptr = US"qualify";
@@ -1677,7 +1679,7 @@ DEBUG(D_verify)
 /* Rewrite and report on it. Clear the domain and local part caches - these
 may have been set by domains and local part tests during an ACL. */
 
-if (global_rewrite_rules != NULL)
+if (global_rewrite_rules)
   {
   uschar *old = address;
   address = rewrite_address(address, options & vopt_is_recipient, FALSE,
@@ -1686,21 +1688,21 @@ if (global_rewrite_rules != NULL)
     {
     for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->localpart_cache[i] = 0;
     for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->domain_cache[i] = 0;
-    if (f != NULL && !expn) fprintf(f, "Address rewritten as: %s\n", address);
+    if (f && !expn) fprintf(f, "Address rewritten as: %s\n", address);
     }
   }
 
 /* If this is the real sender address, we must update sender_address at
 this point, because it may be referred to in the routers. */
 
-if ((options & (vopt_fake_sender|vopt_is_recipient)) == 0)
+if (!(options & (vopt_fake_sender|vopt_is_recipient)))
   sender_address = address;
 
 /* If the address was rewritten to <> no verification can be done, and we have
 to return OK. This rewriting is permitted only for sender addresses; for other
 addresses, such rewriting fails. */
 
-if (address[0] == 0) return OK;
+if (!address[0]) return OK;
 
 /* Flip the legacy TLS-related variables over to the outbound set in case
 they're used in the context of a transport used by verification. Reset them
@@ -1752,7 +1754,7 @@ while (addr_new)
   if (testflag(addr, af_pfr))
     {
     allok = FALSE;
-    if (f != NULL)
+    if (f)
       {
       BOOL allow;
 
@@ -1763,8 +1765,8 @@ while (addr_new)
         }
       else
         {
-        allow = (addr->address[0] == '|')?
-          testflag(addr, af_allow_pipe) : testflag(addr, af_allow_file);
+        allow = addr->address[0] == '|'
+          ? testflag(addr, af_allow_pipe) : testflag(addr, af_allow_file);
         fprintf(f, "%s -> %s", addr->parent->address, addr->address);
         }
 
diff --git a/test/confs/0376 b/test/confs/0376
index 6162c2c9d..e3a158f7e 100644
--- a/test/confs/0376
+++ b/test/confs/0376
@@ -36,6 +36,10 @@ check_recipient:
          !verify  = sender/callout=postmaster_mailfrom=pmsend@a.domain
   deny    hosts   = V4NET.0.0.9
          !verify  = sender/callout=fullpostmaster
+  warn   !hosts   = V4NET.0.0.10
+	  condition = ${if def:sender_verify_failure}
+	  logwrite = ($sender_verify_failure)
+
   deny    hosts   = V4NET.0.0.10
          !verify  = recipient/callout=postmaster_mailfrom=pmsend@b.domain,\
                       use_postmaster,random/defer_ok
diff --git a/test/log/0376 b/test/log/0376
index fa191bcd5..8c98166da 100644
--- a/test/log/0376
+++ b/test/log/0376
@@ -12,6 +12,10 @@
 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F=<ok@otherhost> rejected RCPT <z@test.ex>: Sender verify failed
 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for <ok@otherhost>
 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F=<ok@otherhost> rejected RCPT <z@test.ex>: Sender verify failed
+1999-03-02 09:44:33 (random)
+1999-03-02 09:44:33 (random)
+1999-03-02 09:44:33 (random)
+1999-03-02 09:44:33 (random)
 1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify defer for <okok@otherhost51>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost51>
 1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F=<okok@otherhost51> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
 1999-03-02 09:44:33 10HmaX-0005vi-00 <= ok7@otherhost53 H=[V4NET.0.0.7] U=root P=smtp S=sss
diff --git a/test/stderr/0376 b/test/stderr/0376
index 0a2c4f63b..1881c80c2 100644
--- a/test/stderr/0376
+++ b/test/stderr/0376
@@ -323,6 +323,8 @@ Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
   SMTP(close)>>
 wrote callout cache domain record for otherhost3:
   result=1 postmaster=0 random=1
+LOG: MAIN
+  (random)
 LOG: smtp_connection MAIN
   SMTP connection from root closed by QUIT
 >>>>>>>>>>>>>>>> Exim pid=pppp (msg setup toplevel) terminating with rc=0 >>>>>>>>>>>>>>>>
@@ -339,6 +341,8 @@ Considering otherok@otherhost3
 Attempting full verification using callout
 callout cache: found domain record for otherhost3
 callout cache: domain accepts random addresses
+LOG: MAIN
+  (random)
 LOG: smtp_connection MAIN
   SMTP connection from root closed by QUIT
 >>>>>>>>>>>>>>>> Exim pid=pppp (msg setup toplevel) terminating with rc=0 >>>>>>>>>>>>>>>>
@@ -369,6 +373,8 @@ Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
   SMTP(close)>>
 wrote callout cache domain record for otherhost4:
   result=1 postmaster=0 random=1
+LOG: MAIN
+  (random)
 LOG: smtp_connection MAIN
   SMTP connection from root closed by QUIT
 >>>>>>>>>>>>>>>> Exim pid=pppp (msg setup toplevel) terminating with rc=0 >>>>>>>>>>>>>>>>
@@ -385,6 +391,8 @@ Considering ok@otherhost4
 Attempting full verification using callout
 callout cache: found domain record for otherhost4
 callout cache: domain accepts random addresses
+LOG: MAIN
+  (random)
 LOG: smtp_connection MAIN
   SMTP connection from root closed by QUIT
 >>>>>>>>>>>>>>>> Exim pid=pppp (msg setup toplevel) terminating with rc=0 >>>>>>>>>>>>>>>>
-- 
2.30.2