From 2ddb4094c1b6861bebe191fa1466f53399e1e6d9 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 13 May 2018 22:02:59 +0100 Subject: [PATCH] Callouts: record succeeding random local-part tests. Bug 177 --- doc/doc-docbook/spec.xfpt | 9 +++++++++ doc/doc-txt/ChangeLog | 3 +++ src/src/verify.c | 20 +++++++++++--------- test/confs/0376 | 4 ++++ test/log/0376 | 4 ++++ test/stderr/0376 | 8 ++++++++ 6 files changed, 39 insertions(+), 9 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 0d6c23907..44022291c 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -31160,6 +31160,15 @@ connection, HELO, or MAIL). The main use of these variables is expected to be to distinguish between rejections of MAIL and rejections of RCPT in callouts. +.new +The above variables may also be set after a &*successful*& +address verification to: + +.ilist +&%random%&: A random local-part callout succeeded +.endlist +.wen + diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 5ce54a24e..e4d1719ec 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -40,6 +40,9 @@ JH/06 Bug 2275: The MIME ACL unlocked the received message files early, and releases a lock) for that case, while creating the temporary .eml format file for the MIME ACL. Also applies to "regex" and "spam" ACL conditions. +JH/07 Bug 177: Make a random-recipient callout success visible in ACL, by setting + $sender_verify_failure/$recipient_verify_failure to "random". + Exim version 4.91 ----------------- diff --git a/src/src/verify.c b/src/src/verify.c index 1eff49f49..95876d1cd 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -196,6 +196,7 @@ else case ccache_accept: HDEBUG(D_verify) debug_printf("callout cache: domain accepts random addresses\n"); + *failure_ptr = US"random"; dbfn_close(dbm_file); return TRUE; /* Default yield is OK */ @@ -802,6 +803,7 @@ tls_retry_connection: new_domain_record.random_result = ccache_accept; yield = OK; /* Only usable verify result we can return */ done = TRUE; + *failure_ptr = US"random"; goto no_conn; case FAIL: /* rejected: the preferred result */ new_domain_record.random_result = ccache_reject; @@ -1657,9 +1659,9 @@ else ko_prefix = cr = US""; if (parse_find_at(address) == NULL) { - if ((options & vopt_qualify) == 0) + if (!(options & vopt_qualify)) { - if (f != NULL) + if (f) respond_printf(f, "%sA domain is required for \"%s\"%s\n", ko_prefix, address, cr); *failure_ptr = US"qualify"; @@ -1677,7 +1679,7 @@ DEBUG(D_verify) /* Rewrite and report on it. Clear the domain and local part caches - these may have been set by domains and local part tests during an ACL. */ -if (global_rewrite_rules != NULL) +if (global_rewrite_rules) { uschar *old = address; address = rewrite_address(address, options & vopt_is_recipient, FALSE, @@ -1686,21 +1688,21 @@ if (global_rewrite_rules != NULL) { for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->localpart_cache[i] = 0; for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->domain_cache[i] = 0; - if (f != NULL && !expn) fprintf(f, "Address rewritten as: %s\n", address); + if (f && !expn) fprintf(f, "Address rewritten as: %s\n", address); } } /* If this is the real sender address, we must update sender_address at this point, because it may be referred to in the routers. */ -if ((options & (vopt_fake_sender|vopt_is_recipient)) == 0) +if (!(options & (vopt_fake_sender|vopt_is_recipient))) sender_address = address; /* If the address was rewritten to <> no verification can be done, and we have to return OK. This rewriting is permitted only for sender addresses; for other addresses, such rewriting fails. */ -if (address[0] == 0) return OK; +if (!address[0]) return OK; /* Flip the legacy TLS-related variables over to the outbound set in case they're used in the context of a transport used by verification. Reset them @@ -1752,7 +1754,7 @@ while (addr_new) if (testflag(addr, af_pfr)) { allok = FALSE; - if (f != NULL) + if (f) { BOOL allow; @@ -1763,8 +1765,8 @@ while (addr_new) } else { - allow = (addr->address[0] == '|')? - testflag(addr, af_allow_pipe) : testflag(addr, af_allow_file); + allow = addr->address[0] == '|' + ? testflag(addr, af_allow_pipe) : testflag(addr, af_allow_file); fprintf(f, "%s -> %s", addr->parent->address, addr->address); } diff --git a/test/confs/0376 b/test/confs/0376 index 6162c2c9d..e3a158f7e 100644 --- a/test/confs/0376 +++ b/test/confs/0376 @@ -36,6 +36,10 @@ check_recipient: !verify = sender/callout=postmaster_mailfrom=pmsend@a.domain deny hosts = V4NET.0.0.9 !verify = sender/callout=fullpostmaster + warn !hosts = V4NET.0.0.10 + condition = ${if def:sender_verify_failure} + logwrite = ($sender_verify_failure) + deny hosts = V4NET.0.0.10 !verify = recipient/callout=postmaster_mailfrom=pmsend@b.domain,\ use_postmaster,random/defer_ok diff --git a/test/log/0376 b/test/log/0376 index fa191bcd5..8c98166da 100644 --- a/test/log/0376 +++ b/test/log/0376 @@ -12,6 +12,10 @@ 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F= rejected RCPT : Sender verify failed 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F= rejected RCPT : Sender verify failed +1999-03-02 09:44:33 (random) +1999-03-02 09:44:33 (random) +1999-03-02 09:44:33 (random) +1999-03-02 09:44:33 (random) 1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after RCPT TO: 1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F= temporarily rejected RCPT : Could not complete sender verify callout 1999-03-02 09:44:33 10HmaX-0005vi-00 <= ok7@otherhost53 H=[V4NET.0.0.7] U=root P=smtp S=sss diff --git a/test/stderr/0376 b/test/stderr/0376 index 0a2c4f63b..1881c80c2 100644 --- a/test/stderr/0376 +++ b/test/stderr/0376 @@ -323,6 +323,8 @@ Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP(close)>> wrote callout cache domain record for otherhost3: result=1 postmaster=0 random=1 +LOG: MAIN + (random) LOG: smtp_connection MAIN SMTP connection from root closed by QUIT >>>>>>>>>>>>>>>> Exim pid=pppp (msg setup toplevel) terminating with rc=0 >>>>>>>>>>>>>>>> @@ -339,6 +341,8 @@ Considering otherok@otherhost3 Attempting full verification using callout callout cache: found domain record for otherhost3 callout cache: domain accepts random addresses +LOG: MAIN + (random) LOG: smtp_connection MAIN SMTP connection from root closed by QUIT >>>>>>>>>>>>>>>> Exim pid=pppp (msg setup toplevel) terminating with rc=0 >>>>>>>>>>>>>>>> @@ -369,6 +373,8 @@ Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP(close)>> wrote callout cache domain record for otherhost4: result=1 postmaster=0 random=1 +LOG: MAIN + (random) LOG: smtp_connection MAIN SMTP connection from root closed by QUIT >>>>>>>>>>>>>>>> Exim pid=pppp (msg setup toplevel) terminating with rc=0 >>>>>>>>>>>>>>>> @@ -385,6 +391,8 @@ Considering ok@otherhost4 Attempting full verification using callout callout cache: found domain record for otherhost4 callout cache: domain accepts random addresses +LOG: MAIN + (random) LOG: smtp_connection MAIN SMTP connection from root closed by QUIT >>>>>>>>>>>>>>>> Exim pid=pppp (msg setup toplevel) terminating with rc=0 >>>>>>>>>>>>>>>> -- 2.30.2