[exim-cvs] cvs commit: exim/exim-doc/doc-misc WishList exim…

Pàgina inicial
Delete this message
Reply to this message
Autor: Philip Hazel
Data:  
A: exim-cvs
Assumpte: [exim-cvs] cvs commit: exim/exim-doc/doc-misc WishList exim/exim-doc/doc-txt ChangeLog exim/exim-src/src acl.c exim/exim-test-orig/AutoTest/confs 459 exim/exim-test-orig/AutoTest/log 325 exim/exim-
ph10 2005/03/15 15:36:42 GMT

  Modified files:
    exim-doc/doc-misc    WishList 
    exim-doc/doc-txt     ChangeLog 
    exim-src/src         acl.c 
    exim-test-orig/AutoTest/confs 459 
    exim-test-orig/AutoTest/log 325 
    exim-test-orig/AutoTest/rejectlog 325 
    exim-test-orig/AutoTest/scripts 459 
    exim-test-orig/AutoTest/stderr 459 
    exim-test-orig/AutoTest/stdout 459 
  Log:
  1. Diagnose an error if options are given for those "verify=" things that
  don't have options.
  2. Added a WishList item for "verify=reverse_host_lookup/defer_ok".


  Revision  Changes    Path
  1.25      +4 -1      exim/exim-doc/doc-misc/WishList
  1.92      +7 -0      exim/exim-doc/doc-txt/ChangeLog
  1.25      +51 -24    exim/exim-src/src/acl.c
  1.2       +3 -1      exim/exim-test-orig/AutoTest/confs/459
  1.2       +1 -1      exim/exim-test-orig/AutoTest/log/325
  1.2       +1 -1      exim/exim-test-orig/AutoTest/rejectlog/325
  1.2       +14 -2     exim/exim-test-orig/AutoTest/scripts/459
  1.2       +72 -0     exim/exim-test-orig/AutoTest/stderr/459
  1.2       +24 -0     exim/exim-test-orig/AutoTest/stdout/459


  Index: WishList
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-misc/WishList,v
  retrieving revision 1.24
  retrieving revision 1.25
  diff -u -r1.24 -r1.25
  --- WishList    7 Mar 2005 09:36:43 -0000    1.24
  +++ WishList    15 Mar 2005 15:36:41 -0000    1.25
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-misc/WishList,v 1.24 2005/03/07 09:36:43 ph10 Exp $
  +$Cambridge: exim/exim-doc/doc-misc/WishList,v 1.25 2005/03/15 15:36:41 ph10 Exp $


EXIM 4 WISH LIST
----------------
@@ -1884,5 +1884,8 @@

... and possibly "accept" or "deny" it.
------------------------------------------------------------------------------
---- HWM 321 ------------------------------------------------------------------
+
+(322) 15-Mar-05 M Add a /defer_ok option to verify=reverse_host_lookup
+------------------------------------------------------------------------------
+--- HWM 322 ------------------------------------------------------------------
---------------------------- End of WishList ---------------------------------

  Index: ChangeLog
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
  retrieving revision 1.91
  retrieving revision 1.92
  diff -u -r1.91 -r1.92
  --- ChangeLog    15 Mar 2005 14:09:12 -0000    1.91
  +++ ChangeLog    15 Mar 2005 15:36:41 -0000    1.92
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.91 2005/03/15 14:09:12 ph10 Exp $
  +$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.92 2005/03/15 15:36:41 ph10 Exp $


Change log file for Exim from version 4.21
-------------------------------------------
@@ -42,6 +42,13 @@

   PH/05. Renamed the macro SOCKLEN_T as EXIM_SOCKLEN_T because AIX uses SOCKLEN_T
          in its include files, and this causes problems building Exim.
  +
  +PH/06. A number of "verify =" ACL conditions have no options (e.g. verify =
  +       header_syntax) but Exim was just ignoring anything given after a slash.
  +       In particular, this caused confusion with an attempt to use "verify =
  +       reverse_host_lookup/defer_ok". An error is now given when options are
  +       supplied for verify items that do not have them. (Maybe reverse_host_
  +       lookup should have a defer_ok option, but that's a different point.)



A note about Exim versions 4.44 and 4.50

  Index: acl.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/acl.c,v
  retrieving revision 1.24
  retrieving revision 1.25
  diff -u -r1.24 -r1.25
  --- acl.c    15 Mar 2005 11:37:21 -0000    1.24
  +++ acl.c    15 Mar 2005 15:36:41 -0000    1.25
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/acl.c,v 1.24 2005/03/15 11:37:21 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/acl.c,v 1.25 2005/03/15 15:36:41 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -1028,6 +1028,13 @@
   uschar *verify_sender_address = NULL;
   uschar *pm_mailfrom = NULL;
   uschar *se_mailfrom = NULL;
  +
  +/* Some of the verify items have slash-separated options; some do not. Diagnose
  +an error if options are given for items that don't expect them. This code has
  +now got very message. Refactoring to use a table would be a good idea one day.
  +*/
  +
  +uschar *slash = Ustrchr(arg, '/');
   uschar *list = arg;
   uschar *ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size);


@@ -1037,6 +1044,7 @@

   if (strcmpic(ss, US"reverse_host_lookup") == 0)
     {
  +  if (slash != NULL) goto NO_OPTIONS;
     if (sender_host_address == NULL) return OK;
     return acl_verify_reverse(user_msgptr, log_msgptr);
     }
  @@ -1047,6 +1055,7 @@


   if (strcmpic(ss, US"certificate") == 0)
     {
  +  if (slash != NULL) goto NO_OPTIONS;
     if (tls_certificate_verified) return OK;
     *user_msgptr = US"no verified certificate";
     return FAIL;
  @@ -1054,42 +1063,51 @@


/* We can test the result of optional HELO verification */

-if (strcmpic(ss, US"helo") == 0) return helo_verified? OK : FAIL;
+if (strcmpic(ss, US"helo") == 0)
+ {
+ if (slash != NULL) goto NO_OPTIONS;
+ return helo_verified? OK : FAIL;
+ }

-/* Handle header verification options - permitted only after DATA or a non-SMTP
-message. */
+/* Check that all relevant header lines have the correct syntax. If there is
+a syntax error, we return details of the error to the sender if configured to
+send out full details. (But a "message" setting on the ACL can override, as
+always). */

  -if (strncmpic(ss, US"header_", 7) == 0)
  +if (strcmpic(ss, US"header_syntax") == 0)
     {
  +  if (slash != NULL) goto NO_OPTIONS;
     if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP)
       {
       *log_msgptr = string_sprintf("cannot check header contents in ACL for %s "
         "(only possible in ACL for DATA)", acl_wherenames[where]);
       return ERROR;
       }
  +  rc = verify_check_headers(log_msgptr);
  +  if (rc != OK && smtp_return_error_details && *log_msgptr != NULL)
  +    *user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr);
  +  return rc;
  +  }


  -  /* Check that all relevant header lines have the correct syntax. If there is
  -  a syntax error, we return details of the error to the sender if configured to
  -  send out full details. (But a "message" setting on the ACL can override, as
  -  always). */
  -
  -  if (strcmpic(ss+7, US"syntax") == 0)
  -    {
  -    int rc = verify_check_headers(log_msgptr);
  -    if (rc != OK && smtp_return_error_details && *log_msgptr != NULL)
  -      *user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr);
  -    return rc;
  -    }


- /* Check that there is at least one verifiable sender address in the relevant
- header lines. This can be followed by callout and defer options, just like
- sender and recipient. */
+/* The remaining verification tests check recipient and sender addresses,
+either from the envelope or from the header. There are a number of
+slash-separated options that are common to all of them. */

- else if (strcmpic(ss+7, US"sender") == 0) verify_header_sender = TRUE;

- /* Unknown verify argument starting with "header_" */
+/* Check that there is at least one verifiable sender address in the relevant
+header lines. This can be followed by callout and defer options, just like
+sender and recipient. */

  -  else goto BAD_VERIFY;
  +if (strcmpic(ss, US"header_sender") == 0)
  +  {
  +  if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP)
  +    {
  +    *log_msgptr = string_sprintf("cannot check header contents in ACL for %s "
  +      "(only possible in ACL for DATA)", acl_wherenames[where]);
  +    return ERROR;
  +    }
  +  verify_header_sender = TRUE;
     }


   /* Otherwise, first item in verify argument must be "sender" or "recipient".
  @@ -1127,7 +1145,8 @@
       }
     }


-/* Remaining items are optional */
+/* Remaining items are optional; they apply to sender and recipient
+verification, including "header sender" verification. */

   while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))
         != NULL)
  @@ -1501,8 +1520,16 @@


   BAD_VERIFY:
   *log_msgptr = string_sprintf("expected \"sender[=address]\", \"recipient\", "
  -  "\"header_syntax\" or \"header_sender\" at start of ACL condition "
  +  "\"helo\", \"header_syntax\", \"header_sender\" or "
  +  "\"reverse_host_lookup\" at start of ACL condition "
     "\"verify %s\"", arg);
  +return ERROR;
  +
  +/* Options supplied when not allowed come here */
  +
  +NO_OPTIONS:
  +*log_msgptr = string_sprintf("unexpected '/' found in \"%s\" "
  +  "(this verify item has no options)", arg);
   return ERROR;
   }



  Index: 459
  ===================================================================
  RCS file: /home/cvs/exim/exim-test-orig/AutoTest/confs/459,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- 459    8 Oct 2004 14:49:16 -0000    1.1
  +++ 459    15 Mar 2005 15:36:42 -0000    1.2
  @@ -1,5 +1,7 @@
   # Exim test configuration 459


+OPT=
+
# Macros are set externally in order to get the path
# of the Exim that is being tested, and the directory
# in which the test data lives.
@@ -17,6 +19,6 @@
begin ACL

connect:
- require verify = reverse_host_lookup
+ require verify = OPT

# End of Exim 4 configuration

  Index: 325
  ===================================================================
  RCS file: /home/cvs/exim/exim-test-orig/AutoTest/log/325,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- 325    8 Oct 2004 14:49:31 -0000    1.1
  +++ 325    15 Mar 2005 15:36:42 -0000    1.2
  @@ -3,7 +3,7 @@
   1999-03-02 09:44:33 U=ph10 F=<x@y> rejected RCPT <postmaster@???>: Sender verify failed
   1999-03-02 09:44:33 U=ph10 F=<ph10@???> rejected RCPT <ph10@???>: deny for ph10
   1999-03-02 09:44:33 U=ph10 F=<> temporarily rejected RCPT <"deny verify = header_syntax"@???>: cannot check header contents in ACL for RCPT (only possible in ACL for DATA)
  -1999-03-02 09:44:33 U=ph10 F=<> temporarily rejected RCPT <"deny verify = junk"@???>: expected "sender[=address]", "recipient", "header_syntax" or "header_sender" at start of ACL condition "verify junk"
  +1999-03-02 09:44:33 U=ph10 F=<> temporarily rejected RCPT <"deny verify = junk"@???>: expected "sender[=address]", "recipient", "helo", "header_syntax", "header_sender" or "reverse_host_lookup" at start of ACL condition "verify junk"
   1999-03-02 09:44:33 U=ph10 F=<> temporarily rejected RCPT <"deny vorify = junk"@???>: unknown ACL condition/modifier in "deny vorify = junk"
   1999-03-02 09:44:33 U=ph10 F=<> temporarily rejected RCPT <"dony verify = junk"@???>: unknown ACL verb in "dony verify = junk"
   1999-03-02 09:44:33 U=ph10 F=<> temporarily rejected RCPT <"deny !message = abcd"@???>: ACL error: negation is not allowed with "message"


  Index: 325
  ===================================================================
  RCS file: /home/cvs/exim/exim-test-orig/AutoTest/rejectlog/325,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- 325    8 Oct 2004 14:49:51 -0000    1.1
  +++ 325    15 Mar 2005 15:36:42 -0000    1.2
  @@ -3,7 +3,7 @@
   1999-03-02 09:44:33 U=ph10 F=<x@y> rejected RCPT <postmaster@???>: Sender verify failed
   1999-03-02 09:44:33 U=ph10 F=<ph10@???> rejected RCPT <ph10@???>: deny for ph10
   1999-03-02 09:44:33 U=ph10 F=<> temporarily rejected RCPT <"deny verify = header_syntax"@???>: cannot check header contents in ACL for RCPT (only possible in ACL for DATA)
  -1999-03-02 09:44:33 U=ph10 F=<> temporarily rejected RCPT <"deny verify = junk"@???>: expected "sender[=address]", "recipient", "header_syntax" or "header_sender" at start of ACL condition "verify junk"
  +1999-03-02 09:44:33 U=ph10 F=<> temporarily rejected RCPT <"deny verify = junk"@???>: expected "sender[=address]", "recipient", "helo", "header_syntax", "header_sender" or "reverse_host_lookup" at start of ACL condition "verify junk"
   1999-03-02 09:44:33 U=ph10 F=<> temporarily rejected RCPT <"deny vorify = junk"@???>: unknown ACL condition/modifier in "deny vorify = junk"
   1999-03-02 09:44:33 U=ph10 F=<> temporarily rejected RCPT <"dony verify = junk"@???>: unknown ACL verb in "dony verify = junk"
   1999-03-02 09:44:33 U=ph10 F=<> temporarily rejected RCPT <"deny !message = abcd"@???>: ACL error: negation is not allowed with "message"


  Index: 459
  ===================================================================
  RCS file: /home/cvs/exim/exim-test-orig/AutoTest/scripts/459,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- 459    8 Oct 2004 14:49:53 -0000    1.1
  +++ 459    15 Mar 2005 15:36:42 -0000    1.2
  @@ -1,3 +1,15 @@
  -0 null reverse lookup result
  -exim -bh 10.255.255.255
  +0 null reverse lookup result; errors for verify items with no options
  +exim -DOPT=reverse_host_lookup -bh 10.255.255.255
  +****
  +0 
  +exim -DOPT=reverse_host_lookup/defer_ok -bh 10.255.255.255
  +****
  +0 
  +exim -DOPT=certificate/defer_ok -bh 10.255.255.255
  +****
  +0 
  +exim -DOPT=helo/defer_ok -bh 10.255.255.255
  +****
  +0 
  +exim -DOPT=header_syntax/defer_ok -bh 10.255.255.255
   ****


  Index: 459
  ===================================================================
  RCS file: /home/cvs/exim/exim-test-orig/AutoTest/stderr/459,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- 459    8 Oct 2004 14:50:08 -0000    1.1
  +++ 459    15 Mar 2005 15:36:42 -0000    1.2
  @@ -16,3 +16,75 @@
   >>> check verify = reverse_host_lookup
   >>> require: condition test failed
   LOG: H=[10.255.255.255] rejected connection in "connect" ACL: host lookup failed (failed to find host name from IP address)
  +>>> host in hosts_connection_nolog? no (option unset)
  +>>> host in host_lookup? yes (matched "*")
  +>>> looking up host name for 10.255.255.255
  +>>> IP address lookup yielded an empty name: treated as non-existent host name
  +>>> IP address lookup using gethostbyaddr()
  +>>> IP address lookup yielded an empty name: treated as non-existent host name
  +LOG: no host name found for IP address 10.255.255.255
  +>>> host in host_reject_connection? no (option unset)
  +>>> host in sender_unqualified_hosts? no (option unset)
  +>>> host in recipient_unqualified_hosts? no (option unset)
  +>>> host in helo_verify_hosts? no (option unset)
  +>>> host in helo_try_verify_hosts? no (option unset)
  +>>> host in helo_accept_junk_hosts? no (option unset)
  +>>> using ACL "connect"
  +>>> processing "require"
  +>>> check verify = reverse_host_lookup/defer_ok
  +>>> require: condition test error
  +LOG: H=[10.255.255.255] temporarily rejected connection in "connect" ACL: unexpected '/' found in "reverse_host_lookup/defer_ok" (this verify item has no options)
  +>>> host in hosts_connection_nolog? no (option unset)
  +>>> host in host_lookup? yes (matched "*")
  +>>> looking up host name for 10.255.255.255
  +>>> IP address lookup yielded an empty name: treated as non-existent host name
  +>>> IP address lookup using gethostbyaddr()
  +>>> IP address lookup yielded an empty name: treated as non-existent host name
  +LOG: no host name found for IP address 10.255.255.255
  +>>> host in host_reject_connection? no (option unset)
  +>>> host in sender_unqualified_hosts? no (option unset)
  +>>> host in recipient_unqualified_hosts? no (option unset)
  +>>> host in helo_verify_hosts? no (option unset)
  +>>> host in helo_try_verify_hosts? no (option unset)
  +>>> host in helo_accept_junk_hosts? no (option unset)
  +>>> using ACL "connect"
  +>>> processing "require"
  +>>> check verify = certificate/defer_ok
  +>>> require: condition test error
  +LOG: H=[10.255.255.255] temporarily rejected connection in "connect" ACL: unexpected '/' found in "certificate/defer_ok" (this verify item has no options)
  +>>> host in hosts_connection_nolog? no (option unset)
  +>>> host in host_lookup? yes (matched "*")
  +>>> looking up host name for 10.255.255.255
  +>>> IP address lookup yielded an empty name: treated as non-existent host name
  +>>> IP address lookup using gethostbyaddr()
  +>>> IP address lookup yielded an empty name: treated as non-existent host name
  +LOG: no host name found for IP address 10.255.255.255
  +>>> host in host_reject_connection? no (option unset)
  +>>> host in sender_unqualified_hosts? no (option unset)
  +>>> host in recipient_unqualified_hosts? no (option unset)
  +>>> host in helo_verify_hosts? no (option unset)
  +>>> host in helo_try_verify_hosts? no (option unset)
  +>>> host in helo_accept_junk_hosts? no (option unset)
  +>>> using ACL "connect"
  +>>> processing "require"
  +>>> check verify = helo/defer_ok
  +>>> require: condition test error
  +LOG: H=[10.255.255.255] temporarily rejected connection in "connect" ACL: unexpected '/' found in "helo/defer_ok" (this verify item has no options)
  +>>> host in hosts_connection_nolog? no (option unset)
  +>>> host in host_lookup? yes (matched "*")
  +>>> looking up host name for 10.255.255.255
  +>>> IP address lookup yielded an empty name: treated as non-existent host name
  +>>> IP address lookup using gethostbyaddr()
  +>>> IP address lookup yielded an empty name: treated as non-existent host name
  +LOG: no host name found for IP address 10.255.255.255
  +>>> host in host_reject_connection? no (option unset)
  +>>> host in sender_unqualified_hosts? no (option unset)
  +>>> host in recipient_unqualified_hosts? no (option unset)
  +>>> host in helo_verify_hosts? no (option unset)
  +>>> host in helo_try_verify_hosts? no (option unset)
  +>>> host in helo_accept_junk_hosts? no (option unset)
  +>>> using ACL "connect"
  +>>> processing "require"
  +>>> check verify = header_syntax/defer_ok
  +>>> require: condition test error
  +LOG: H=[10.255.255.255] temporarily rejected connection in "connect" ACL: unexpected '/' found in "header_syntax/defer_ok" (this verify item has no options)


  Index: 459
  ===================================================================
  RCS file: /home/cvs/exim/exim-test-orig/AutoTest/stdout/459,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- 459    8 Oct 2004 14:50:13 -0000    1.1
  +++ 459    15 Mar 2005 15:36:42 -0000    1.2
  @@ -4,3 +4,27 @@
   **** This is not for real!


550 Administrative prohibition
+
+**** SMTP testing session as if from host 10.255.255.255
+**** but without any ident (RFC 1413) callback.
+**** This is not for real!
+
+451 Temporary local problem - please try later
+
+**** SMTP testing session as if from host 10.255.255.255
+**** but without any ident (RFC 1413) callback.
+**** This is not for real!
+
+451 Temporary local problem - please try later
+
+**** SMTP testing session as if from host 10.255.255.255
+**** but without any ident (RFC 1413) callback.
+**** This is not for real!
+
+451 Temporary local problem - please try later
+
+**** SMTP testing session as if from host 10.255.255.255
+**** but without any ident (RFC 1413) callback.
+**** This is not for real!
+
+451 Temporary local problem - please try later