Re: [Exim] Authenticating bounces

Pàgina inicial
Delete this message
Reply to this message
Autor: Marian Eichholz
Data:  
A: exim-users
Assumpte: Re: [Exim] Authenticating bounces
-------- Original Message --------
To: Philip Hazel <ph10@???>

Philip Hazel wrote:

> > > (3) I don't understand what auth_accept_error is supposed to do. Why is
> > > this option needed?
> >
> > It ist intended to disable the whole new behaviour by default for
> > backwards compatibiltity.
>
> But, under my proposal, if you don't set any of the new options, you get
> backwards compatibility. So I don't think you need this switch.


Ok, this implementation follows both your ideas about the authentication option passing interface
and Michael's idea, that there is no actual need to configure these ideas in conjunction with the
mere mounce message generation.

Here comes my patch proposal. I hope, that it is a useful, small, extension.

- 8-< --- begin ---------------------------------------------------------

diff -u --exclude=build* exim-3.22/src/exim.c exim-3.22-ME/src/exim.c
--- exim-3.22/src/exim.c    Wed Jan 31 13:26:29 2001
+++ exim-3.22-ME/src/exim.c    Wed Jan 31 15:56:18 2001
@@ -401,6 +401,11 @@
 struct sockaddr inetd_sock;
 #endif


+#ifdef HAVE_AUTH
+char *set_authenticated_sender = NULL;
+char *set_authenticated_id = NULL;
+#endif
+
/* Possible options for -R and -S */

static char *rsopts[] = { "f", "ff", "r", "rf", "rff" };
@@ -1446,6 +1451,20 @@

       if (strcmp(argrest, "Ma") == 0) sender_host_address = argv[++i];


+#ifdef HAVE_AUTH
+
+      /* -oMas: setting authenticated sender */
+
+      else if (strcmp(argrest, "Mas") == 0) 
+    set_authenticated_sender = argv[++i];
+
+      /* -oMai: setting authenticated id */
+
+      else if (strcmp(argrest, "Mai") == 0) 
+    set_authenticated_id = argv[++i];
+
+#endif
+
       /* -oMi: Set incoming interface address (root or exim only) */


       else if (strcmp(argrest, "Mi") == 0) interface_address = argv[++i];
@@ -2040,22 +2059,49 @@


/* Build the argument list for calling Exim to send an error message. */

+#ifdef HAVE_AUTH
+mailer_argv = store_get((18 + MAX_CLMACROS) * (sizeof(char *)));
+#else
 mailer_argv = store_get((14 + MAX_CLMACROS) * (sizeof(char *)));
+#endif
 mailer_argv[0] = exim_path;
 mailer_argv[1] = "-t";
 mailer_argv[2] = "-oem";
 mailer_argv[3] = "-oi";
 mailer_argv[4] = "-f";
 mailer_argv[5] = "<>";
+i = 6;
+
+#ifdef HAVE_AUTH
+
+/* If the mailer daemon shall be authenticated, it's final
+   authenticated_sender-ID is given here. It is wired to
+   "Mailer-Daemon@qualify_domain_sender".  The authenticated_id is set
+   to the exim user login. The whole thing has to be activated by
+   "authenticate_bounces = yes" */
+
+if (authenticate_bounces != 0)
+  {
+    struct passwd *pw = getpwuid(exim_uid);
+    if (pw && pw->pw_name && pw->pw_name[0])
+      {
+    mailer_argv[i++] = "-oMas";
+    mailer_argv[i++] = string_sprintf("Mailer-Daemon@%s",
+                      qualify_domain_sender);
+    mailer_argv[i++] = "-oMai";
+    mailer_argv[i++] =  string_copy(pw->pw_name);
+      } /* authenticate_bounces */
+  }
+
+#endif


/* Set up the -E option to give the current message id, if any. If debugging is
turned on, arrange to pass the setting when we re-exec exim for error messages,
etc. Also pass on -N if set (-d is always set if -N is.) The argument list has
several 0 entries at the end, all but the last of which can be overwritten. */

-mailer_argv[6] = message_id_option;
+mailer_argv[i++] = message_id_option;

-i = 7;
 if (debug_level > 0)
   {
   mailer_argv[i++] = string_sprintf("-d%d", debug_level);
@@ -2767,6 +2813,21 @@
   authenticated_id = originator_login;
   #endif
   }
+
+/* A locally-supplied bounce mail comes with no sender, but can become
+   authenticated with sender/id supplied at the command line.  Only a
+   trusted user (or anybody w/untrusted_set_sender set) is allowed to
+   to this. */
+
+#ifdef HAVE_AUTH
+ if (trusted_caller || untrusted_set_sender)
+ {
+   if (set_authenticated_sender != NULL)
+     authenticated_sender = set_authenticated_sender;
+   if (set_authenticated_id != NULL )
+     authenticated_id = set_authenticated_id;
+  }
+#endif


 /* Trusted callers are always permitted to specify the sender address.
 Untrusted callers may specify it if untrusted_set_sender is set, or if what is
diff -u --exclude=build* exim-3.22/src/globals.c exim-3.22-ME/src/globals.c
--- exim-3.22/src/globals.c    Fri Jan 19 10:32:08 2001
+++ exim-3.22-ME/src/globals.c    Wed Jan 31 12:13:00 2001
@@ -38,6 +38,7 @@
 #ifdef HAVE_AUTH
 BOOL   auth_always_advertise  = TRUE;
 char  *auth_hosts             = NULL;
+BOOL   authenticate_bounces   = FALSE;
 #ifdef SUPPORT_TLS
 char  *auth_over_tls_hosts    = NULL;
 #endif
diff -u --exclude=build* exim-3.22/src/globals.h exim-3.22-ME/src/globals.h
--- exim-3.22/src/globals.h    Fri Jan 19 10:32:08 2001
+++ exim-3.22-ME/src/globals.h    Wed Jan 31 11:49:51 2001
@@ -24,6 +24,7 @@
 #ifdef HAVE_AUTH
 extern BOOL   auth_always_advertise;  /* If FALSE, advertise only when needed */
 extern char  *auth_hosts;             /* These must authenticate */
+extern BOOL  authenticate_bounces;    /* use -oMai amd -iMas w/error messages */
 #ifdef SUPPORT_TLS
 extern char  *auth_over_tls_hosts;    /* These must use TLS for AUTH */
 #endif
diff -u --exclude=build* exim-3.22/src/readconf.c exim-3.22-ME/src/readconf.c
--- exim-3.22/src/readconf.c    Fri Jan 19 10:32:10 2001
+++ exim-3.22-ME/src/readconf.c    Wed Jan 31 13:18:23 2001
@@ -43,6 +43,7 @@
 #ifdef SUPPORT_TLS
   { "auth_over_tls_hosts",      opt_stringptr,   &auth_over_tls_hosts },
 #endif
+  { "authenticate_bounces",     opt_bool,        &authenticate_bounces },
 #endif
   { "auto_thaw",                opt_time,        &auto_thaw },
   { "bi_command",               opt_stringptr,   &bi_command },



- 8-< --- end ----------------------------------------------------------


Marian Eichholz

--
freenet.de AG          Vorsitzender des Aufsichtsrates: Gerhard Schmid
Deelbögenkamp 4c       Vorstand: Eckhard Spoerr (Vors.), Axel Krieger
22297 Hamburg          Amtsgericht Hamburg, HRB 74048