From c8e2fc1e846d1c9bee207d162182fb770b9ae1bd Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Tue, 6 Nov 2012 22:31:54 +0000 Subject: [PATCH] Add optional authenticated_sender info to A= elements of log lines; bug 1314. New log_selector, smtp_mailauth, to enable. --- doc/doc-docbook/spec.xfpt | 8 +++++++- doc/doc-txt/ChangeLog | 3 +++ doc/doc-txt/NewStuff | 2 ++ src/src/deliver.c | 14 ++++++++++++++ src/src/expand.c | 2 -- src/src/globals.c | 3 +++ src/src/globals.h | 5 +++-- src/src/macros.h | 1 + src/src/receive.c | 9 +++++++-- src/src/transports/smtp.c | 3 +++ test/confs/0537 | 1 + test/confs/3401 | 1 + test/log/0537 | 2 +- test/log/3401 | 6 +++--- 14 files changed, 49 insertions(+), 11 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index fc125b0c5..6b63062be 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -33767,7 +33767,7 @@ at the end of its processing. A summary of the field identifiers that are used in log lines is shown in the following table: .display -&`A `& authenticator name (and optional id) +&`A `& authenticator name (and optional id and sender) &`C `& SMTP confirmation on delivery &` `& command list for &"no mail in SMTP session"& &`CV `& certificate verification status @@ -33884,6 +33884,7 @@ selection marked by asterisks: &`*smtp_confirmation `& SMTP confirmation on => lines &` smtp_connection `& SMTP connections &` smtp_incomplete_transaction`& incomplete SMTP transactions +&` smtp_mailauth `& AUTH argument to MAIL commands &` smtp_no_mail `& session with no MAIL commands &` smtp_protocol_error `& SMTP protocol errors &` smtp_syntax_error `& SMTP syntax errors @@ -34152,6 +34153,11 @@ the last 20 are listed, preceded by &"..."&. However, with the default setting of 10 for &%smtp_accep_max_nonmail%&, the connection will in any case have been aborted before 20 non-mail commands are processed. .next +&%smtp_mailauth%&: A third subfield with the authenticated sender, +colon-separated, is appended to the A= item for a message arrival or delivery +log line, if an AUTH argument to the SMTP MAIL command (see &<>&) +was accepted or used. +.next .cindex "log" "SMTP protocol error" .cindex "SMTP" "logging protocol error" &%smtp_protocol_error%&: A log line is written for every SMTP protocol error diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 53eb02e89..9e47e2c61 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -86,6 +86,9 @@ PP/11 SECURITY: protect DKIM DNS decoding from remote exploit. JH/11 Add A= logging on delivery lines, and a client_set_id option on authenticators. +JH/12 Add optional authenticated_sender logging to A= and a log_selector + for control. + Exim version 4.80.1 ------------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index be854d9d8..974ebebed 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -120,6 +120,8 @@ Version 4.82 15. New 8bitmime status logging option for received messages. Log field "M8S". +16. New authenticated_sender logging option, adding to log field "A". + Version 4.80 ------------ diff --git a/src/src/deliver.c b/src/src/deliver.c index c01e4e61b..af39448c5 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -778,7 +778,11 @@ else { s = string_append(s, &size, &ptr, 2, US" A=", client_authenticator); if (client_authenticated_id) + { s = string_append(s, &size, &ptr, 2, US":", client_authenticated_id); + if (log_extra_selector & LX_smtp_mailauth && client_authenticated_sender) + s = string_append(s, &size, &ptr, 2, US":", client_authenticated_sender); + } } if ((log_extra_selector & LX_smtp_confirmation) != 0 && @@ -2930,6 +2934,9 @@ while (!done) case '2': client_authenticated_id = (*ptr)? string_copy(ptr) : NULL; break; + case '3': + client_authenticated_sender = (*ptr)? string_copy(ptr) : NULL; + break; } while (*ptr++); break; @@ -4016,6 +4023,13 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++) while(*ptr++); (void)write(fd, big_buffer, ptr - big_buffer); } + if (client_authenticated_sender) + { + ptr = big_buffer; + sprintf(CS big_buffer, "C3%.64s", client_authenticated_sender); + while(*ptr++); + (void)write(fd, big_buffer, ptr - big_buffer); + } /* Retry information: for most success cases this will be null. */ diff --git a/src/src/expand.c b/src/src/expand.c index a3d56eae6..786d4279c 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -426,8 +426,6 @@ static var_entry var_table[] = { { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit }, { "caller_gid", vtype_gid, &real_gid }, { "caller_uid", vtype_uid, &real_uid }, - { "client_authenticator", vtype_stringptr, &client_authenticator }, - { "client_authenticated_id", vtype_stringptr, &client_authenticated_id }, { "compile_date", vtype_stringptr, &version_date }, { "compile_number", vtype_stringptr, &version_cnumber }, { "csa_status", vtype_stringptr, &csa_status }, diff --git a/src/src/globals.c b/src/src/globals.c index 8df1119fb..9645504f5 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -368,6 +368,7 @@ auth_instance auth_defaults = { NULL, /* client_condition */ NULL, /* public_name */ NULL, /* set_id */ + NULL, /* set_client_id */ NULL, /* server_mail_auth_condition */ NULL, /* server_debug_string */ NULL, /* server_condition */ @@ -430,6 +431,7 @@ int check_spool_inodes = 0; int check_spool_space = 0; uschar *client_authenticator = NULL; uschar *client_authenticated_id = NULL; +uschar *client_authenticated_sender = NULL; int clmacro_count = 0; uschar *clmacros[MAX_CLMACROS]; BOOL config_changed = FALSE; @@ -776,6 +778,7 @@ bit_table log_options[] = { { US"smtp_confirmation", LX_smtp_confirmation }, { US"smtp_connection", L_smtp_connection }, { US"smtp_incomplete_transaction", L_smtp_incomplete_transaction }, + { US"smtp_mailauth", LX_smtp_mailauth }, { US"smtp_no_mail", LX_smtp_no_mail }, { US"smtp_protocol_error", L_smtp_protocol_error }, { US"smtp_syntax_error", L_smtp_syntax_error }, diff --git a/src/src/globals.h b/src/src/globals.h index b3025db5a..325a9161d 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -238,8 +238,9 @@ extern int check_log_space; /* Minimum for message acceptance */ extern BOOL check_rfc2047_length; /* Check RFC 2047 encoded string length */ extern int check_spool_inodes; /* Minimum for message acceptance */ extern int check_spool_space; /* Minimum for message acceptance */ -extern uschar *client_authenticator; /* Authenticator name used for smtp delivery */ -extern uschar *client_authenticated_id; /* (not yet used) */ +extern uschar *client_authenticator; /* Authenticator name used for smtp delivery */ +extern uschar *client_authenticated_id; /* "login" name used for SMTP AUTH */ +extern uschar *client_authenticated_sender; /* AUTH option to SMTP MAIL FROM (not yet used) */ extern int clmacro_count; /* Number of command line macros */ extern uschar *clmacros[]; /* Copy of them, for re-exec */ extern int connection_max_messages;/* Max down one SMTP connection */ diff --git a/src/src/macros.h b/src/src/macros.h index c9d990ada..f19d6fdbf 100644 --- a/src/src/macros.h +++ b/src/src/macros.h @@ -410,6 +410,7 @@ set all the bits in a multi-word selector. */ #define LX_tls_sni 0x80800000 #define LX_unknown_in_list 0x81000000 #define LX_8bitmime 0x82000000 +#define LX_smtp_mailauth 0x84000000 #define L_default (L_connection_reject | \ L_delay_delivery | \ diff --git a/src/src/receive.c b/src/src/receive.c index d8b2b79a2..2d594e46e 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -3602,7 +3602,11 @@ if (sender_host_authenticated != NULL) { s = string_append(s, &size, &sptr, 2, US" A=", sender_host_authenticated); if (authenticated_id != NULL) + { s = string_append(s, &size, &sptr, 2, US":", authenticated_id); + if (log_extra_selector & LX_smtp_mailauth && authenticated_sender != NULL) + s = string_append(s, &size, &sptr, 2, US":", authenticated_sender); + } } sprintf(CS big_buffer, "%d", msg_size); @@ -3612,10 +3616,11 @@ s = string_append(s, &size, &sptr, 2, US" S=", big_buffer); 0 ... no BODY= used 7 ... 7BIT 8 ... 8BITMIME */ -if (log_extra_selector & LX_8bitmime) { +if (log_extra_selector & LX_8bitmime) + { sprintf(CS big_buffer, "%d", body_8bitmime); s = string_append(s, &size, &sptr, 2, US" M8S=", big_buffer); -} + } /* If an addr-spec in a message-id contains a quoted string, it can contain any characters except " \ and CR and so in particular it can contain NL! diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 0ab173232..b4ef7cf4d 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -1499,7 +1499,10 @@ if ((smtp_authenticated || ob->authenticated_sender_force) && string_format(p, sizeof(buffer) - (p-buffer), " AUTH=%s", auth_xtextencode(local_authenticated_sender, Ustrlen(local_authenticated_sender))); + client_authenticated_sender = string_copy(local_authenticated_sender); } +else + client_authenticated_sender = NULL; /* From here until we send the DATA command, we can make use of PIPELINING if the server host supports it. The code has to be able to check the responses diff --git a/test/confs/0537 b/test/confs/0537 index b8dec5a30..d273af997 100644 --- a/test/confs/0537 +++ b/test/confs/0537 @@ -10,6 +10,7 @@ spool_directory = DIR/spool log_file_path = DIR/spool/log/%slog gecos_pattern = "" gecos_name = CALLER_NAME +log_selector = +smtp_mailauth # ----- Main settings ----- diff --git a/test/confs/3401 b/test/confs/3401 index c4a904a3b..60b1a4624 100644 --- a/test/confs/3401 +++ b/test/confs/3401 @@ -8,6 +8,7 @@ spool_directory = DIR/spool log_file_path = DIR/spool/log/%slog gecos_pattern = "" gecos_name = CALLER_NAME +log_selector = +smtp_mailauth # ----- Main settings ----- diff --git a/test/log/0537 b/test/log/0537 index 28145e6e4..83de0fa10 100644 --- a/test/log/0537 +++ b/test/log/0537 @@ -36,4 +36,4 @@ 1999-03-02 09:44:33 received_protocol=protocol 1999-03-02 09:44:33 sender_host_name=hostname 1999-03-02 09:44:33 sender_ident=ident -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex H=hostname [5.6.7.8] U=ident P=protocol A=authname:authid S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex H=hostname [5.6.7.8] U=ident P=protocol A=authname:authid:authsender S=sss diff --git a/test/log/3401 b/test/log/3401 index d58fbbcda..8532e4ba2 100644 --- a/test/log/3401 +++ b/test/log/3401 @@ -1,5 +1,5 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] A=login:userx C="250 OK" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] A=login:userx:CALLER@myhost.test.ex C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] A=plain C="250 OK" @@ -27,7 +27,7 @@ 1999-03-02 09:44:33 10HmbE-0005vi-00 Frozen (delivery error message) 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbF-0005vi-00 => forcesender@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] A=login:userx C="250 OK" +1999-03-02 09:44:33 10HmbF-0005vi-00 => forcesender@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] A=login:userx:force@x.y.z C="250 OK" 1999-03-02 09:44:33 10HmbF-0005vi-00 Completed 1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbG-0005vi-00 login authenticator cancelled authentication H=127.0.0.1 [127.0.0.1] Invalid base64 string in server response "334 User?" @@ -37,5 +37,5 @@ 1999-03-02 09:44:33 10HmbH-0005vi-00 Frozen (delivery error message) 1999-03-02 09:44:33 10HmbG-0005vi-00 Completed 1999-03-02 09:44:33 10HmbI-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbI-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] A=xlogin:challenge-1 C="250 OK" +1999-03-02 09:44:33 10HmbI-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] A=xlogin:challenge-1:CALLER@myhost.test.ex C="250 OK" 1999-03-02 09:44:33 10HmbI-0005vi-00 Completed -- 2.30.2