-/* $Cambridge: exim/src/src/acl.c,v 1.38 2005/06/10 18:59:34 fanf2 Exp $ */
+/* $Cambridge: exim/src/src/acl.c,v 1.45 2005/09/06 13:17:36 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
"log_message", "logwrite", and "set" are modifiers that look like conditions
but always return TRUE. They are used for their side effects. */
-static uschar *conditions[] = { US"acl", US"authenticated",
+static uschar *conditions[] = {
+ US"acl",
+ US"authenticated",
#ifdef EXPERIMENTAL_BRIGHTMAIL
US"bmi_optin",
#endif
#endif
US"verify" };
-/* ACL control names */
-static uschar *controls[] = { US"error", US"caseful_local_part",
+/* Return values from decode_control(); keep in step with the table of names
+that follows! */
+
+enum {
+#ifdef EXPERIMENTAL_BRIGHTMAIL
+ CONTROL_BMI_RUN,
+#endif
+#ifdef EXPERIMENTAL_DOMAINKEYS
+ CONTROL_DK_VERIFY,
+#endif
+ CONTROL_ERROR, CONTROL_CASEFUL_LOCAL_PART, CONTROL_CASELOWER_LOCAL_PART,
+ CONTROL_ENFORCE_SYNC, CONTROL_NO_ENFORCE_SYNC, CONTROL_FREEZE,
+ CONTROL_QUEUE_ONLY, CONTROL_SUBMISSION,
+#ifdef WITH_CONTENT_SCAN
+ CONTROL_NO_MBOX_UNSPOOL,
+#endif
+ CONTROL_FAKEDEFER, CONTROL_FAKEREJECT, CONTROL_NO_MULTILINE };
+
+/* ACL control names; keep in step with the table above! */
+
+static uschar *controls[] = {
+ #ifdef EXPERIMENTAL_BRIGHTMAIL
+ US"bmi_run",
+ #endif
+ #ifdef EXPERIMENTAL_DOMAINKEYS
+ US"dk_verify",
+ #endif
+ US"error", US"caseful_local_part",
US"caselower_local_part", US"enforce_sync", US"no_enforce_sync", US"freeze",
- US"queue_only", US"submission", US"no_multiline"};
+ US"queue_only", US"submission",
+ #ifdef WITH_CONTENT_SCAN
+ US"no_mbox_unspool",
+ #endif
+ US"no_multiline"};
/* Flags to indicate for which conditions /modifiers a string expansion is done
at the outer level. In the other cases, expansion already occurs in the
};
-/* Return values from decode_control() */
-
-enum {
-#ifdef EXPERIMENTAL_BRIGHTMAIL
- CONTROL_BMI_RUN,
-#endif
-#ifdef EXPERIMENTAL_DOMAINKEYS
- CONTROL_DK_VERIFY,
-#endif
- CONTROL_ERROR, CONTROL_CASEFUL_LOCAL_PART, CONTROL_CASELOWER_LOCAL_PART,
- CONTROL_ENFORCE_SYNC, CONTROL_NO_ENFORCE_SYNC, CONTROL_FREEZE,
- CONTROL_QUEUE_ONLY, CONTROL_SUBMISSION,
-#ifdef WITH_CONTENT_SCAN
- CONTROL_NO_MBOX_UNSPOOL,
-#endif
- CONTROL_FAKEDEFER, CONTROL_FAKEREJECT, CONTROL_NO_MULTILINE };
-
/* Bit map vector of which controls are not allowed at certain times. For
each control, there's a bitmap of dis-allowed times. For some, it is easier to
specify the negation of a small number of allowed times. */
BOOL defer_ok = FALSE;
BOOL callout_defer_ok = FALSE;
BOOL no_details = FALSE;
+BOOL success_on_redirect = FALSE;
address_item *sender_vaddr = NULL;
uschar *verify_sender_address = NULL;
uschar *pm_mailfrom = NULL;
return FAIL;
}
-/* We can test the result of optional HELO verification */
+/* We can test the result of optional HELO verification that might have
+occurred earlier. If not, we can attempt the verification now. */
if (strcmpic(ss, US"helo") == 0)
{
if (slash != NULL) goto NO_OPTIONS;
- return helo_verified? OK : FAIL;
+ if (helo_verified) return OK;
+ if (helo_verify_failed) return FAIL;
+ if (smtp_verify_helo()) return helo_verified? OK : FAIL;
+ return DEFER;
}
/* Do Client SMTP Authorization checks in a separate function, and turn the
if (strcmpic(ss, US"header_syntax") == 0)
{
if (slash != NULL) goto NO_OPTIONS;
- if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP)
- {
- *log_msgptr = string_sprintf("cannot check header contents in ACL for %s "
- "(only possible in ACL for DATA)", acl_wherenames[where]);
- return ERROR;
- }
+ if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP) goto WRONG_ACL;
rc = verify_check_headers(log_msgptr);
if (rc != OK && smtp_return_error_details && *log_msgptr != NULL)
*user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr);
return rc;
}
+/* Check that no recipient of this message is "blind", that is, every envelope
+recipient must be mentioned in either To: or Cc:. */
+
+if (strcmpic(ss, US"not_blind") == 0)
+ {
+ if (slash != NULL) goto NO_OPTIONS;
+ if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP) goto WRONG_ACL;
+ rc = verify_check_notblind();
+ if (rc != OK)
+ {
+ *log_msgptr = string_sprintf("bcc recipient detected");
+ if (smtp_return_error_details)
+ *user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr);
+ }
+ return rc;
+ }
/* The remaining verification tests check recipient and sender addresses,
either from the envelope or from the header. There are a number of
if (strcmpic(ss, US"header_sender") == 0)
{
- if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP)
- {
- *log_msgptr = string_sprintf("cannot check header contents in ACL for %s "
- "(only possible in ACL for DATA)", acl_wherenames[where]);
- return ERROR;
- }
+ if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP) goto WRONG_ACL;
verify_header_sender = TRUE;
}
{
if (strcmpic(ss, US"defer_ok") == 0) defer_ok = TRUE;
else if (strcmpic(ss, US"no_details") == 0) no_details = TRUE;
+ else if (strcmpic(ss, US"success_on_redirect") == 0) success_on_redirect = TRUE;
/* These two old options are left for backwards compatibility */
else
verify_options |= vopt_fake_sender;
+ if (success_on_redirect)
+ verify_options |= vopt_success_on_redirect;
+
/* The recipient, qualify, and expn options are never set in
verify_options. */
{
address_item addr2;
+ if (success_on_redirect)
+ verify_options |= vopt_success_on_redirect;
+
/* We must use a copy of the address for verification, because it might
get rewritten. */
*log_msgptr = string_sprintf("unexpected '/' found in \"%s\" "
"(this verify item has no options)", arg);
return ERROR;
+
+/* Calls in the wrong ACL come here */
+
+WRONG_ACL:
+*log_msgptr = string_sprintf("cannot check header contents in ACL for %s "
+ "(only possible in ACL for DATA)", acl_wherenames[where]);
+return ERROR;
}
HDEBUG(D_acl) debug_printf("ratelimit condition limit=%.0f period=%.0f key=%s\n",
limit, period, key);
-/* If we are dealing with rate limits per connection, per message, or per byte,
-see if we have already computed the rate by looking in the relevant tree. For
+/* See if we have already computed the rate by looking in the relevant tree. For
per-connection rate limiting, store tree nodes and dbdata in the permanent pool
so that they survive across resets. */
anchor = &ratelimiters_conn;
store_pool = POOL_PERM;
}
-if (per_mail || per_byte)
+else if (per_mail || per_byte)
anchor = &ratelimiters_mail;
+else if (per_cmd)
+ anchor = &ratelimiters_cmd;
if (anchor != NULL && (t = tree_search(*anchor, key)) != NULL)
{
return ERROR;
}
acl_text[statbuf.st_size] = 0;
- close(fd);
+ (void)close(fd);
acl_name = string_sprintf("ACL \"%s\"", ss);
HDEBUG(D_acl) debug_printf("read ACL from file %s\n", ss);
Arguments:
where ACL_WHERE_xxxx indicating where called from
- data_string RCPT address, or SMTP command argument, or NULL
+ recipient RCPT address for RCPT check, else NULL
s the input string; NULL is the same as an empty ACL => DENY
user_msgptr where to put a user error (for SMTP response)
log_msgptr where to put a logging message (not for SMTP response)
*/
int
-acl_check(int where, uschar *data_string, uschar *s, uschar **user_msgptr,
+acl_check(int where, uschar *recipient, uschar *s, uschar **user_msgptr,
uschar **log_msgptr)
{
int rc;
address_item adb;
-address_item *addr;
+address_item *addr = NULL;
*user_msgptr = *log_msgptr = NULL;
sender_verified_failed = NULL;
+ratelimiters_cmd = NULL;
if (where == ACL_WHERE_RCPT)
{
adb = address_defaults;
addr = &adb;
- addr->address = data_string;
+ addr->address = recipient;
if (deliver_split_address(addr) == DEFER)
{
*log_msgptr = US"defer in percent_hack_domains check";
deliver_domain = addr->domain;
deliver_localpart = addr->local_part;
}
-else
- {
- addr = NULL;
- smtp_command_argument = data_string;
- }
rc = acl_check_internal(where, addr, s, 0, user_msgptr, log_msgptr);
-smtp_command_argument = deliver_domain =
- deliver_localpart = deliver_address_data = sender_address_data = NULL;
+deliver_domain = deliver_localpart = deliver_address_data =
+ sender_address_data = NULL;
/* A DISCARD response is permitted only for message ACLs, excluding the PREDATA
ACL, which is really in the middle of an SMTP command. */
git://git.exim.org / users / jgh / exim.git / blobdiff