From 3cc3f7625d68c169d47dadbefa74233e5fe7ed55 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 2 Oct 2016 14:03:09 +0100 Subject: [PATCH] Logging: connection_reject log selector should apply also to the connect acl --- doc/doc-txt/ChangeLog | 4 ++++ src/src/log.c | 10 +++++----- src/src/smtp_in.c | 33 +++++++++++++++------------------ test/README | 2 +- test/confs/0021 | 2 ++ test/confs/0314 | 5 ++++- test/log/0314 | 5 +++++ test/rejectlog/0021 | 1 + test/rejectlog/0314 | 4 ++++ test/scripts/0000-Basic/0021 | 2 ++ test/scripts/0000-Basic/0314 | 16 ++++++++++++++-- test/stderr/0002 | 4 ++-- test/stderr/0314 | 12 ------------ test/stderr/3201 | 4 ++-- test/stdout/0021 | 1 + test/stdout/0314 | 25 ++++++++++++------------- 16 files changed, 74 insertions(+), 56 deletions(-) create mode 100644 test/log/0314 create mode 100644 test/rejectlog/0314 delete mode 100644 test/stderr/0314 diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index d6d805a43..52e04926f 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -108,6 +108,10 @@ JH/28 Enable {spool,log} filesystem space and inode checks as default. Main config options check_{log,spool}_{inodes,space} are now 100 inodes, 10MB unless set otherwise in the configuration. +JH/29 Fix the connection_reject log selector to apply to the connect ACL. + Previously it only applied to the main-section connection policy + options. + Exim version 4.87 ----------------- diff --git a/src/src/log.c b/src/src/log.c index f9b0722d8..fbf1042e7 100644 --- a/src/src/log.c +++ b/src/src/log.c @@ -971,14 +971,14 @@ been opened, but we don't want to keep on writing to it for too long after it has been renamed. Therefore, do a stat() and see if the inode has changed, and if so, re-open. */ -if ((flags & LOG_MAIN) != 0 && - (selector == 0 || (selector & log_selector[0]) != 0)) +if ( flags & LOG_MAIN + && (!selector || selector & log_selector[0])) { - if ((logging_mode & LOG_MODE_SYSLOG) != 0 && - (syslog_duplication || (flags & (LOG_REJECT|LOG_PANIC)) == 0)) + if ( logging_mode & LOG_MODE_SYSLOG + && (syslog_duplication || !(flags & (LOG_REJECT|LOG_PANIC)))) write_syslog(LOG_INFO, log_buffer); - if ((logging_mode & LOG_MODE_FILE) != 0) + if (logging_mode & LOG_MODE_FILE) { struct stat statbuf; diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 9484105d6..f534d1ca7 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -2473,7 +2473,6 @@ if (smtp_batched_input) return TRUE; proxy_session = FALSE; proxy_session_failed = FALSE; if (check_proxy_protocol_host()) - { if (setup_proxy_protocol_host() == FALSE) { proxy_session_failed = TRUE; @@ -2486,20 +2485,18 @@ if (check_proxy_protocol_host()) (void)host_name_lookup(); host_build_sender_fullhost(); } - } #endif /* Run the ACL if it exists */ user_msg = NULL; -if (acl_smtp_connect != NULL) +if (acl_smtp_connect) { int rc; - rc = acl_check(ACL_WHERE_CONNECT, NULL, acl_smtp_connect, &user_msg, - &log_msg); - if (rc != OK) + if ((rc = acl_check(ACL_WHERE_CONNECT, NULL, acl_smtp_connect, &user_msg, + &log_msg)) != OK) { - (void)smtp_handle_acl_fail(ACL_WHERE_CONNECT, rc, user_msg, log_msg); + (void) smtp_handle_acl_fail(ACL_WHERE_CONNECT, rc, user_msg, log_msg); return FALSE; } } @@ -2865,16 +2862,16 @@ uschar *lognl; uschar *sender_info = US""; uschar *what = #ifdef WITH_CONTENT_SCAN - (where == ACL_WHERE_MIME)? US"during MIME ACL checks" : + where == ACL_WHERE_MIME ? US"during MIME ACL checks" : #endif - (where == ACL_WHERE_PREDATA)? US"DATA" : - (where == ACL_WHERE_DATA)? US"after DATA" : + where == ACL_WHERE_PREDATA ? US"DATA" : + where == ACL_WHERE_DATA ? US"after DATA" : #ifndef DISABLE_PRDR - (where == ACL_WHERE_PRDR)? US"after DATA PRDR" : + where == ACL_WHERE_PRDR ? US"after DATA PRDR" : #endif - (smtp_cmd_data == NULL)? - string_sprintf("%s in \"connect\" ACL", acl_wherenames[where]) : - string_sprintf("%s %s", acl_wherenames[where], smtp_cmd_data); + smtp_cmd_data ? + string_sprintf("%s %s", acl_wherenames[where], smtp_cmd_data) : + string_sprintf("%s in \"connect\" ACL", acl_wherenames[where]); if (drop) rc = FAIL; @@ -2951,9 +2948,8 @@ if (sender_verified_failed != NULL && /* Sort out text for logging */ -log_msg = (log_msg == NULL)? US"" : string_sprintf(": %s", log_msg); -lognl = Ustrchr(log_msg, '\n'); -if (lognl != NULL) *lognl = 0; +log_msg = log_msg ? string_sprintf(": %s", log_msg) : US""; +if ((lognl = Ustrchr(log_msg, '\n'))) *lognl = 0; /* Send permanent failure response to the command, but the code used isn't always a 5xx one - see comments at the start of this function. If the original @@ -2999,7 +2995,8 @@ if (log_reject_target != 0) #else uschar * tls = US""; #endif - log_write(0, log_reject_target, "%s%s%s %s%srejected %s%s", + log_write(where == ACL_WHERE_CONNECT ? L_connection_reject : 0, + log_reject_target, "%s%s%s %s%srejected %s%s", LOGGING(dnssec) && sender_host_dnssec ? US" DS" : US"", host_and_ident(TRUE), tls, diff --git a/test/README b/test/README index 8df1678b6..f72efc699 100644 --- a/test/README +++ b/test/README @@ -1020,7 +1020,7 @@ Lines in client scripts are of two kinds: Here is a simple example: client 127.0.0.1 PORT_D - ??? 250 + ??? 220 EHLO xxx ??? 250- ??? 250 diff --git a/test/confs/0021 b/test/confs/0021 index 6205eae63..ae5a309b9 100644 --- a/test/confs/0021 +++ b/test/confs/0021 @@ -2,6 +2,7 @@ SERVER= BR= +LOG_SELECTOR= .include DIR/aux-var/std_conf_prefix @@ -21,6 +22,7 @@ acl_smtp_mail = mail acl_smtp_rcpt = rcpt BR +log_selector = LOG_SELECTOR qualify_domain = test.ex trusted_users = CALLER diff --git a/test/confs/0314 b/test/confs/0314 index 2ad32dba6..9dd0295a5 100644 --- a/test/confs/0314 +++ b/test/confs/0314 @@ -1,10 +1,13 @@ # Exim test configuration 0314 +LOG_SELECTOR= + .include DIR/aux-var/std_conf_prefix # ----- Main settings ----- -host_reject_connection = V4NET.0.0.1 +log_selector = LOG_SELECTOR +host_reject_connection = 127.0.0.1 # End diff --git a/test/log/0314 b/test/log/0314 new file mode 100644 index 000000000..90d3e94e4 --- /dev/null +++ b/test/log/0314 @@ -0,0 +1,5 @@ + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 refused connection from [127.0.0.1] (host_reject_connection) +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 diff --git a/test/rejectlog/0021 b/test/rejectlog/0021 index edfe63fe9..0f59e2c5d 100644 --- a/test/rejectlog/0021 +++ b/test/rejectlog/0021 @@ -29,6 +29,7 @@ I Message-Id: F From: ok@test4 Date: Tue, 2 Mar 1999 09:44:33 +0000 1999-03-02 09:44:33 H=[10.9.8.7] U=CALLER rejected connection in "connect" ACL +1999-03-02 09:44:33 H=[10.9.8.7] U=CALLER rejected connection in "connect" ACL 1999-03-02 09:44:33 H=[10.9.8.8] U=CALLER rejected MAIL 1999-03-02 09:44:33 mail accepted "mail from:" "" 1999-03-02 09:44:33 H=[10.9.8.9] U=CALLER rejected connection in "connect" ACL: forcibly dropped diff --git a/test/rejectlog/0314 b/test/rejectlog/0314 new file mode 100644 index 000000000..c18fe0b52 --- /dev/null +++ b/test/rejectlog/0314 @@ -0,0 +1,4 @@ + +******** SERVER ******** +1999-03-02 09:44:33 refused connection from [127.0.0.1] (host_reject_connection) +1999-03-02 09:44:33 refused connection from [127.0.0.1] (host_reject_connection) diff --git a/test/scripts/0000-Basic/0021 b/test/scripts/0000-Basic/0021 index 8fbf94837..16c5c3b80 100644 --- a/test/scripts/0000-Basic/0021 +++ b/test/scripts/0000-Basic/0021 @@ -24,6 +24,8 @@ Test message 5. **** exim -bs -oMa 10.9.8.7 **** +exim -DLOG_SELECTOR=-connection_reject -bs -oMa 10.9.8.7 +**** exim -d-all+acl+lists -bs -oMa 10.9.8.8 mail from: mail from: diff --git a/test/scripts/0000-Basic/0314 b/test/scripts/0000-Basic/0314 index 6fec248d8..dd3d39906 100644 --- a/test/scripts/0000-Basic/0314 +++ b/test/scripts/0000-Basic/0314 @@ -1,5 +1,17 @@ # host_reject_connection -exim -bh V4NET.0.0.1 +need_ipv4 +exim -DSERVER=server -bd -oX PORT_D **** -exim -bh V4NET.0.0.2 +client 127.0.0.1 PORT_D +??? 554 **** +client HOSTIPV4 PORT_D +??? 220 +**** +killdaemon +exim -DSERVER=server -DLOG_SELECTOR=-connection_reject -bd -oX PORT_D +**** +client 127.0.0.1 PORT_D +??? 554 +**** +killdaemon diff --git a/test/stderr/0002 b/test/stderr/0002 index 317b4bd0a..e7c70cfbf 100644 --- a/test/stderr/0002 +++ b/test/stderr/0002 @@ -227,7 +227,7 @@ host in "< deny: condition test succeeded in ACL "connect1" end of ACL "connect1": DENY SMTP>> 550 Administrative prohibition -LOG: MAIN REJECT +LOG: connection_reject MAIN REJECT H=ten-1.test.ex [V4NET.0.0.1] rejected connection in "connect" ACL search_tidyup called >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> @@ -271,7 +271,7 @@ host in "net-lsearch;TESTSUITE/aux-fixed/0002.lsearch"? no (end of list) deny: condition test failed in ACL "connect2" end of ACL "connect2": implicit DENY SMTP>> 550 Administrative prohibition -LOG: MAIN REJECT +LOG: connection_reject MAIN REJECT H=[V4NET.0.0.2] rejected connection in "connect" ACL search_tidyup called >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> diff --git a/test/stderr/0314 b/test/stderr/0314 deleted file mode 100644 index e14297ea5..000000000 --- a/test/stderr/0314 +++ /dev/null @@ -1,12 +0,0 @@ ->>> host in hosts_connection_nolog? no (option unset) ->>> host in host_lookup? no (option unset) ->>> host in host_reject_connection? yes (matched "V4NET.0.0.1") -LOG: refused connection from [V4NET.0.0.1] (host_reject_connection) ->>> host in hosts_connection_nolog? no (option unset) ->>> host in host_lookup? no (option unset) ->>> host in host_reject_connection? no (end of list) ->>> host in sender_unqualified_hosts? no (option unset) ->>> host in recipient_unqualified_hosts? no (option unset) ->>> host in helo_verify_hosts? no (option unset) ->>> host in helo_try_verify_hosts? no (option unset) ->>> host in helo_accept_junk_hosts? no (option unset) diff --git a/test/stderr/3201 b/test/stderr/3201 index 096248f45..10fa6f937 100644 --- a/test/stderr/3201 +++ b/test/stderr/3201 @@ -36,7 +36,7 @@ host in "testdb;fail"? no (end of list) deny: condition test failed in ACL "connect1" end of ACL "connect1": implicit DENY SMTP>> 550 Administrative prohibition -LOG: MAIN REJECT +LOG: connection_reject MAIN REJECT H=[10.0.0.1] rejected connection in "connect" ACL search_tidyup called >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> @@ -78,7 +78,7 @@ host in "net-testdb;fail"? no (end of list) deny: condition test failed in ACL "connect2" end of ACL "connect2": implicit DENY SMTP>> 550 Administrative prohibition -LOG: MAIN REJECT +LOG: connection_reject MAIN REJECT H=[10.0.0.2] rejected connection in "connect" ACL search_tidyup called >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> diff --git a/test/stdout/0021 b/test/stdout/0021 index 5fff92b0a..a48644f83 100644 --- a/test/stdout/0021 +++ b/test/stdout/0021 @@ -1,4 +1,5 @@ 550 Administrative prohibition +550 Administrative prohibition 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 550 Administrative prohibition 250 OK diff --git a/test/stdout/0314 b/test/stdout/0314 index b6b0ef461..f486d8f65 100644 --- a/test/stdout/0314 +++ b/test/stdout/0314 @@ -1,13 +1,12 @@ - -**** SMTP testing session as if from host V4NET.0.0.1 -**** but without any ident (RFC 1413) callback. -**** This is not for real! - -554 SMTP service not available - -**** SMTP testing session as if from host V4NET.0.0.2 -**** but without any ident (RFC 1413) callback. -**** This is not for real! - -220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 -421 the.local.host.name lost input connection +Connecting to 127.0.0.1 port 1225 ... connected +??? 554 +<<< 554 SMTP service not available +End of script +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +??? 220 +<<< 220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +End of script +Connecting to 127.0.0.1 port 1225 ... connected +??? 554 +<<< 554 SMTP service not available +End of script -- 2.30.2