[exim-cvs] cvs commit: exim/exim-src/src EDITME acl.c global…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Tom Kistner
Dátum:  
Címzett: exim-cvs
Tárgy: [exim-cvs] cvs commit: exim/exim-src/src EDITME acl.c globals.c macros.h
tom 2004/11/25 15:33:55 GMT

  Modified files:        (Branch: EXISCAN)
    exim-src/src         EDITME acl.c globals.c macros.h 
  Log:
  Exiscan inclusion - ACL hooks


  Revision  Changes    Path
  1.4.2.1   +7 -0      exim/exim-src/src/EDITME
  1.5.2.1   +208 -9    exim/exim-src/src/acl.c
  1.6.2.1   +6 -0      exim/exim-src/src/globals.c
  1.2.2.1   +7 -2      exim/exim-src/src/macros.h


  Index: EDITME
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/EDITME,v
  retrieving revision 1.4
  retrieving revision 1.4.2.1
  diff -u -r1.4 -r1.4.2.1
  --- EDITME    5 Nov 2004 12:33:59 -0000    1.4
  +++ EDITME    25 Nov 2004 15:33:54 -0000    1.4.2.1
  @@ -1,4 +1,4 @@
  -# $Cambridge: exim/exim-src/src/EDITME,v 1.4 2004/11/05 12:33:59 ph10 Exp $
  +# $Cambridge: exim/exim-src/src/EDITME,v 1.4.2.1 2004/11/25 15:33:54 tom Exp $


   ##################################################
   #          The Exim mail transport agent         #
  @@ -314,7 +314,14 @@


EXIM_MONITOR=eximon.bin

+#------------------------------------------------------------------------------
+# Compiling Exim with content scanning support: If you want to compile Exim
+# with support for message body content scanning, set WITH_CONTENT_SCAN to
+# the value "yes". This will give you malware and spam scanning in the DATA ACL,
+# and the MIME ACL. Please read the documentation to learn more about these
+# features.

+#WITH_CONTENT_SCAN=yes

   ###############################################################################
   #                 THESE ARE THINGS YOU MIGHT WANT TO SPECIFY                  #


  Index: acl.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/acl.c,v
  retrieving revision 1.5
  retrieving revision 1.5.2.1
  diff -u -r1.5 -r1.5.2.1
  --- acl.c    4 Nov 2004 12:19:48 -0000    1.5
  +++ acl.c    25 Nov 2004 15:33:55 -0000    1.5.2.1
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/acl.c,v 1.5 2004/11/04 12:19:48 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/acl.c,v 1.5.2.1 2004/11/25 15:33:55 tom Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -34,19 +34,55 @@
   /* ACL condition and modifier codes - keep in step with the table that
   follows. */


  -enum { ACLC_ACL, ACLC_AUTHENTICATED, ACLC_CONDITION, ACLC_CONTROL, ACLC_DELAY,
  -  ACLC_DNSLISTS, ACLC_DOMAINS, ACLC_ENCRYPTED, ACLC_ENDPASS, ACLC_HOSTS,
  -  ACLC_LOCAL_PARTS, ACLC_LOG_MESSAGE, ACLC_LOGWRITE, ACLC_MESSAGE,
  -  ACLC_RECIPIENTS, ACLC_SENDER_DOMAINS, ACLC_SENDERS, ACLC_SET, ACLC_VERIFY };
  +enum { ACLC_ACL, ACLC_AUTHENTICATED, ACLC_CONDITION, ACLC_CONTROL,
  +#ifdef WITH_CONTENT_SCAN
  +       ACLC_DECODE,
  +#endif
  +       ACLC_DELAY, ACLC_DNSLISTS, ACLC_DOMAINS, ACLC_ENCRYPTED, ACLC_ENDPASS,
  +       ACLC_HOSTS, ACLC_LOCAL_PARTS, ACLC_LOG_MESSAGE, ACLC_LOGWRITE,
  +#ifdef WITH_CONTENT_SCAN
  +       ACLC_MALWARE,
  +#endif
  +       ACLC_MESSAGE,
  +#ifdef WITH_CONTENT_SCAN
  +       ACLC_MIME_REGEX,
  +#endif
  +       ACLC_RECIPIENTS,
  +#ifdef WITH_CONTENT_SCAN
  +       ACLC_REGEX
  +#endif
  +       ACLC_SENDER_DOMAINS, ACLC_SENDERS, ACLC_SET,
  +#ifdef WITH_CONTENT_SCAN
  +       ACLC_SPAM,       
  +#endif
  +       ACLC_VERIFY };


/* ACL conditions/modifiers: "delay", "control", "endpass", "message",
"log_message", "logwrite", and "set" are modifiers that look like conditions
but always return TRUE. They are used for their side effects. */

   static uschar *conditions[] = { US"acl", US"authenticated", US"condition",
  -  US"control", US"delay", US"dnslists", US"domains", US"encrypted",
  +  US"control", 
  +#ifdef WITH_CONTENT_SCAN
  +  US"decode",
  +#endif
  +  US"delay", US"dnslists", US"domains", US"encrypted",
     US"endpass", US"hosts", US"local_parts", US"log_message", US"logwrite",
  -  US"message", US"recipients", US"sender_domains", US"senders", US"set",
  +#ifdef WITH_CONTENT_SCAN
  +  US"malware",
  +#endif
  +  US"message",
  +#ifdef WITH_CONTENT_SCAN
  +  US"mime_regex",
  +#endif
  +  US"recipients",
  +#ifdef WITH_CONTENT_SCAN
  +  US"regex",
  +#endif
  +  US"sender_domains", US"senders", US"set",
  +#ifdef WITH_CONTENT_SCAN
  +  US"spam",
  +#endif
     US"verify" };


   /* ACL control names */
  @@ -64,6 +100,9 @@
     FALSE,   /* authenticated */
     TRUE,    /* condition */
     TRUE,    /* control */
  +#ifdef WITH_CONTENT_SCAN
  +  TRUE,    /* decode */
  +#endif
     TRUE,    /* delay */
     TRUE,    /* dnslists */
     FALSE,   /* domains */
  @@ -73,11 +112,23 @@
     FALSE,   /* local_parts */
     TRUE,    /* log_message */
     TRUE,    /* logwrite */
  +#ifdef WITH_CONTENT_SCAN
  +  TRUE,    /* malware */
  +#endif
     TRUE,    /* message */
  +#ifdef WITH_CONTENT_SCAN
  +  TRUE,    /* mime_regex */
  +#endif
     FALSE,   /* recipients */
  +#ifdef WITH_CONTENT_SCAN
  +  TRUE,    /* regex */
  +#endif
     FALSE,   /* sender_domains */
     FALSE,   /* senders */
     TRUE,    /* set */
  +#ifdef WITH_CONTENT_SCAN
  +  TRUE,    /* spam */
  +#endif
     TRUE     /* verify */
   };


  @@ -88,6 +139,9 @@
     FALSE,   /* authenticated */
     FALSE,   /* condition */
     TRUE,    /* control */
  +#ifdef WITH_CONTENT_SCAN
  +  FALSE,   /* decode */
  +#endif
     TRUE,    /* delay */
     FALSE,   /* dnslists */
     FALSE,   /* domains */
  @@ -96,12 +150,24 @@
     FALSE,   /* hosts */
     FALSE,   /* local_parts */
     TRUE,    /* log_message */
  -  TRUE,    /* log_write */
  +  TRUE,    /* logwrite */
  +#ifdef WITH_CONTENT_SCAN
  +  FALSE,   /* malware */
  +#endif
     TRUE,    /* message */
  +#ifdef WITH_CONTENT_SCAN
  +  FALSE,   /* mime_regex */
  +#endif
     FALSE,   /* recipients */
  +#ifdef WITH_CONTENT_SCAN
  +  FALSE,   /* regex */
  +#endif
     FALSE,   /* sender_domains */
     FALSE,   /* senders */
     TRUE,    /* set */
  +#ifdef WITH_CONTENT_SCAN
  +  FALSE,   /* spam */
  +#endif
     FALSE    /* verify */
   };


  @@ -118,6 +184,17 @@
     always and check in the control processing itself */


     0,                                               /* control */
  +
  +#ifdef WITH_CONTENT_SCAN
  +  (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_AUTH)|      /* decode */
  +    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
  +    (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_PREDATA)|
  +    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
  +    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
  +    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
  +    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_RCPT),
  +#endif
  +
     0,                                               /* delay */
     (1<<ACL_WHERE_NOTSMTP),                          /* dnslists */


@@ -144,8 +221,29 @@

     0,                                               /* log_message */
     0,                                               /* logwrite */
  +  
  +#ifdef WITH_CONTENT_SCAN
  +  (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_AUTH)|      /* malware */
  +    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
  +    (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
  +    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
  +    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
  +    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
  +    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_MIME),
  +#endif
  +
     0,                                               /* message */


  +#ifdef WITH_CONTENT_SCAN
  +  (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_AUTH)|      /* mime_regex */
  +    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
  +    (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_PREDATA)|
  +    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
  +    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
  +    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
  +    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_RCPT),
  +#endif
  +
     (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_AUTH)|      /* recipients */
       (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
       (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_PREDATA)|
  @@ -154,6 +252,16 @@
       (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
       (1<<ACL_WHERE_VRFY),


  +#ifdef WITH_CONTENT_SCAN
  +  (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_AUTH)|      /* regex */
  +    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
  +    (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
  +    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
  +    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
  +    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
  +    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_MIME),
  +#endif
  +
     (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)|      /* sender_domains */
       (1<<ACL_WHERE_HELO)|
       (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
  @@ -168,6 +276,16 @@


     0,                                               /* set */


  +#ifdef WITH_CONTENT_SCAN
  +  (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_AUTH)|      /* spam */
  +    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
  +    (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
  +    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
  +    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
  +    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
  +    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_MIME),
  +#endif
  +
     /* Certain types of verify are always allowed, so we let it through
     always and check in the verify function itself */


@@ -179,7 +297,11 @@

   enum { CONTROL_ERROR, CONTROL_CASEFUL_LOCAL_PART, CONTROL_CASELOWER_LOCAL_PART,
     CONTROL_ENFORCE_SYNC, CONTROL_NO_ENFORCE_SYNC, CONTROL_FREEZE,
  -  CONTROL_QUEUE_ONLY, CONTROL_SUBMISSION, CONTROL_NO_MULTILINE };
  +  CONTROL_QUEUE_ONLY, CONTROL_SUBMISSION,
  +#ifdef WITH_CONTENT_SCAN
  +  CONTROL_NO_MBOX_UNSPOOL, CONTROL_FAKEREJECT,
  +#endif
  +  CONTROL_NO_MULTILINE };


/* Bit map vector of which controls are not allowed at certain times. For
each control, there's a bitmap of dis-allowed times. For some, it is easier to
@@ -202,7 +324,12 @@

     ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|       /* submission */
       (1<<ACL_WHERE_PREDATA)),                       
  -     
  +
  +#ifdef WITH_CONTENT_SCAN
  +  (1<<ACL_WHERE_NOTSMTP),                          /* no_mbox_unspool */
  +  (1<<ACL_WHERE_NOTSMTP),                          /* fakereject */
  +#endif
  +
     (1<<ACL_WHERE_NOTSMTP)                           /* no_multiline */
   };


  @@ -222,6 +349,10 @@
     { US"no_enforce_sync",        CONTROL_NO_ENFORCE_SYNC, FALSE},
     { US"no_multiline_responses", CONTROL_NO_MULTILINE, FALSE},
     { US"queue_only",             CONTROL_QUEUE_ONLY, FALSE},
  +#ifdef WITH_CONTENT_SCAN
  +  { US"no_mbox_unspool",        CONTROL_NO_MBOX_UNSPOOL, FALSE},
  +  { US"fakereject",             CONTROL_FAKEREJECT, TRUE},
  +#endif
     { US"submission",             CONTROL_SUBMISSION, TRUE}
     };


  @@ -1405,10 +1536,22 @@
         smtp_enforce_sync = FALSE;
         break;


  +#ifdef WITH_CONTENT_SCAN
  +      case CONTROL_NO_MBOX_UNSPOOL:
  +      no_mbox_unspool = TRUE;
  +      break;
  +#endif
  +
         case CONTROL_NO_MULTILINE:
         no_multiline_responses = TRUE;
         break;


  +#ifdef WITH_CONTENT_SCAN
  +      case CONTROL_FAKEREJECT:
  +      fake_reject = TRUE;
  +      break;
  +#endif
  +
         case CONTROL_FREEZE:
         deliver_freeze = TRUE;
         deliver_frozen_at = time(NULL);
  @@ -1446,6 +1589,12 @@
         }
       break;


  +#ifdef WITH_CONTENT_SCAN
  +    case ACLC_DECODE:
  +    rc = mime_decode(&arg);
  +    break;
  +#endif
  +
       case ACLC_DELAY:
         {
         int delay = readconf_readtime(arg, 0, FALSE);
  @@ -1548,12 +1697,42 @@
         log_write(0, logbits, "%s", string_printing(s));
         }
       break;
  +    
  +#ifdef WITH_CONTENT_SCAN
  +    case ACLC_MALWARE:
  +      {
  +      /* Seperate the regular expression and any optional parameters. */
  +      uschar *ss = string_nextinlist(&arg, &sep, big_buffer, big_buffer_size);
  +      /* Run the malware backend. */
  +      rc = malware(&ss);
  +      /* Modify return code based upon the existance of options. */
  +      while ((ss = string_nextinlist(&arg, &sep, big_buffer, big_buffer_size))
  +            != NULL) {
  +        if (strcmpic(ss, US"defer_ok") == 0 && rc == DEFER)
  +          {
  +          /* FAIL so that the message is passed to the next ACL */
  +          rc = FAIL;
  +          }
  +        }
  +      }
  +    break;
  +
  +    case ACLC_MIME_REGEX:
  +      rc = mime_regex(&arg);
  +    break;
  +#endif


       case ACLC_RECIPIENTS:
       rc = match_address_list(addr->address, TRUE, TRUE, &arg, NULL, -1, 0,
         &recipient_data);
       break;


  +#ifdef WITH_CONTENT_SCAN
  +   case ACLC_REGEX:
  +      rc = regex(&arg);
  +    break;
  +#endif
  +
       case ACLC_SENDER_DOMAINS:
         {
         uschar *sdomain;
  @@ -1579,6 +1758,26 @@
         store_pool = old_pool;
         }
       break;
  +
  +#ifdef WITH_CONTENT_SCAN
  +    case ACLC_SPAM:
  +      {
  +      /* Seperate the regular expression and any optional parameters. */
  +      uschar *ss = string_nextinlist(&arg, &sep, big_buffer, big_buffer_size);
  +      /* Run the spam backend. */
  +      rc = spam(&ss);
  +      /* Modify return code based upon the existance of options. */
  +      while ((ss = string_nextinlist(&arg, &sep, big_buffer, big_buffer_size))
  +            != NULL) {
  +        if (strcmpic(ss, US"defer_ok") == 0 && rc == DEFER)
  +          {
  +          /* FAIL so that the message is passed to the next ACL */
  +          rc = FAIL;
  +          }
  +        }
  +      }
  +    break;
  +#endif


       /* If the verb is WARN, discard any user message from verification, because
       such messages are SMTP responses, not header additions. The latter come


  Index: globals.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/globals.c,v
  retrieving revision 1.6
  retrieving revision 1.6.2.1
  diff -u -r1.6 -r1.6.2.1
  --- globals.c    10 Nov 2004 10:29:56 -0000    1.6
  +++ globals.c    25 Nov 2004 15:33:55 -0000    1.6.2.1
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/globals.c,v 1.6 2004/11/10 10:29:56 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/globals.c,v 1.6.2.1 2004/11/25 15:33:55 tom Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -181,6 +181,9 @@
   uschar *acl_wherenames[]       = { US"RCPT",
                                      US"MAIL",
                                      US"PREDATA",
  +#ifdef WITH_CONTENT_SCAN
  +                                   US"MIME",
  +#endif
                                      US"DATA",
                                      US"non-SMTP",
                                      US"AUTH",
  @@ -197,6 +200,9 @@
   int     acl_wherecodes[]       = { 550,     /* RCPT */
                                      550,     /* MAIL */
                                      550,     /* PREDATA */
  +#ifdef WITH_CONTENT_SCAN
  +                                   550,     /* MIME */
  +#endif                                   
                                      550,     /* DATA */
                                      0,       /* not SMTP; not relevant */
                                      503,     /* AUTH */


  Index: macros.h
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/macros.h,v
  retrieving revision 1.2
  retrieving revision 1.2.2.1
  diff -u -r1.2 -r1.2.2.1
  --- macros.h    4 Nov 2004 10:42:11 -0000    1.2
  +++ macros.h    25 Nov 2004 15:33:55 -0000    1.2.2.1
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/macros.h,v 1.2 2004/11/04 10:42:11 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/macros.h,v 1.2.2.1 2004/11/25 15:33:55 tom Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -737,8 +737,13 @@
   enum { ACL_WHERE_RCPT,       /* Some controls are for RCPT only */
          ACL_WHERE_MAIL,       /* )                                           */
          ACL_WHERE_PREDATA,    /* ) There are several tests for "in message", */
  -       ACL_WHERE_DATA,       /* ) implemented by <= WHERE_NOTSMTP           */
  -       ACL_WHERE_NOTSMTP,    /* )                                           */
  +                             /* ) implemented by <= WHERE_NOTSMTP           */
  +                             /* )                                           */
  +#ifdef WITH_CONTENT_SCAN
  +       ACL_WHERE_MIME,       
  +#endif
  +       ACL_WHERE_DATA,       
  +       ACL_WHERE_NOTSMTP,    


          ACL_WHERE_AUTH,       /* These remaining ones are not currently    */
          ACL_WHERE_CONNECT,    /* required to be in a special order so they */