ph10 2005/09/06 14:17:36 BST
Modified files:
exim-doc/doc-txt NewStuff
exim-src ACKNOWLEDGMENTS
exim-src/src acl.c functions.h verify.c
Log:
Support for verify=not_blind.
Revision Changes Path
1.66 +12 -0 exim/exim-doc/doc-txt/NewStuff
1.33 +2 -1 exim/exim-src/ACKNOWLEDGMENTS
1.45 +25 -12 exim/exim-src/src/acl.c
1.20 +1 -0 exim/exim-src/src/functions.h
1.26 +83 -0 exim/exim-src/src/verify.c
Index: NewStuff
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/NewStuff,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -r1.65 -r1.66
--- NewStuff 23 Aug 2005 08:50:07 -0000 1.65
+++ NewStuff 6 Sep 2005 13:17:36 -0000 1.66
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/NewStuff,v 1.65 2005/08/23 08:50:07 ph10 Exp $
+$Cambridge: exim/exim-doc/doc-txt/NewStuff,v 1.66 2005/09/06 13:17:36 ph10 Exp $
New Features in Exim
--------------------
@@ -107,6 +107,18 @@
for RCPT commands, for example.
PH/08 The ${eval expansion now supports % as a "remainder" operator.
+
+PH/09 There is a new ACL condition "verify = not_blind". It checks that there
+ are no blind (bcc) recipients in the message. Every envelope recipient
+ must appear either in a To: header line or in a Cc: header line for this
+ condition to be true. Local parts are checked case-sensitively; domains
+ are checked case-insensitively. If Resent-To: or Resent-Cc: header lines
+ exist, they are also checked. This condition can be used only in a DATA
+ or non-SMTP ACL.
+
+ There are, of course, many legitimate messages that make use of blind
+ (bcc) recipients. This check should not be used on its own for blocking
+ messages.
Exim version 4.52
Index: ACKNOWLEDGMENTS
===================================================================
RCS file: /home/cvs/exim/exim-src/ACKNOWLEDGMENTS,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- ACKNOWLEDGMENTS 23 Aug 2005 08:46:33 -0000 1.32
+++ ACKNOWLEDGMENTS 6 Sep 2005 13:17:36 -0000 1.33
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-src/ACKNOWLEDGMENTS,v 1.32 2005/08/23 08:46:33 ph10 Exp $
+$Cambridge: exim/exim-src/ACKNOWLEDGMENTS,v 1.33 2005/09/06 13:17:36 ph10 Exp $
EXIM ACKNOWLEDGEMENTS
@@ -20,7 +20,7 @@
Philip Hazel
Lists created: 20 November 2002
-Last updated: 23 August 2005
+Last updated: 06 September 2005
THE OLD LIST
@@ -96,6 +96,7 @@
Michael Deutschmann Suggested patch for treating bind() failure like connect()
Patch for $sender_data and $recipient_data
Suggested patch for null address match lookup bug
+ Suggested patch for verify = not_blind
Oliver Eikemeier Patch to skip Received: if expansion is empty
Patch for "eqi"
Nico Erfurth Fix for bug in ${readfile}
Index: acl.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/acl.c,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- acl.c 22 Aug 2005 14:01:37 -0000 1.44
+++ acl.c 6 Sep 2005 13:17:36 -0000 1.45
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/acl.c,v 1.44 2005/08/22 14:01:37 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/acl.c,v 1.45 2005/09/06 13:17:36 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -1409,18 +1409,29 @@
if (strcmpic(ss, US"header_syntax") == 0)
{
if (slash != NULL) goto NO_OPTIONS;
- if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP)
- {
- *log_msgptr = string_sprintf("cannot check header contents in ACL for %s "
- "(only possible in ACL for DATA)", acl_wherenames[where]);
- return ERROR;
- }
+ if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP) goto WRONG_ACL;
rc = verify_check_headers(log_msgptr);
if (rc != OK && smtp_return_error_details && *log_msgptr != NULL)
*user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr);
return rc;
}
+/* Check that no recipient of this message is "blind", that is, every envelope
+recipient must be mentioned in either To: or Cc:. */
+
+if (strcmpic(ss, US"not_blind") == 0)
+ {
+ if (slash != NULL) goto NO_OPTIONS;
+ if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP) goto WRONG_ACL;
+ rc = verify_check_notblind();
+ if (rc != OK)
+ {
+ *log_msgptr = string_sprintf("bcc recipient detected");
+ if (smtp_return_error_details)
+ *user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr);
+ }
+ return rc;
+ }
/* The remaining verification tests check recipient and sender addresses,
either from the envelope or from the header. There are a number of
@@ -1433,12 +1444,7 @@
if (strcmpic(ss, US"header_sender") == 0)
{
- if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP)
- {
- *log_msgptr = string_sprintf("cannot check header contents in ACL for %s "
- "(only possible in ACL for DATA)", acl_wherenames[where]);
- return ERROR;
- }
+ if (where != ACL_WHERE_DATA && where != ACL_WHERE_NOTSMTP) goto WRONG_ACL;
verify_header_sender = TRUE;
}
@@ -1874,6 +1880,13 @@
NO_OPTIONS:
*log_msgptr = string_sprintf("unexpected '/' found in \"%s\" "
"(this verify item has no options)", arg);
+return ERROR;
+
+/* Calls in the wrong ACL come here */
+
+WRONG_ACL:
+*log_msgptr = string_sprintf("cannot check header contents in ACL for %s "
+ "(only possible in ACL for DATA)", acl_wherenames[where]);
return ERROR;
}
Index: functions.h
===================================================================
RCS file: /home/cvs/exim/exim-src/src/functions.h,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- functions.h 9 Aug 2005 13:31:52 -0000 1.19
+++ functions.h 6 Sep 2005 13:17:36 -0000 1.20
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/functions.h,v 1.19 2005/08/09 13:31:52 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/functions.h,v 1.20 2005/09/06 13:17:36 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -337,6 +337,7 @@
uschar *, uschar *, int, int *);
extern int verify_check_headers(uschar **);
extern int verify_check_host(uschar **);
+extern int verify_check_notblind(void);
extern int verify_check_this_host(uschar **, unsigned int *, uschar*,
uschar *, uschar **);
extern address_item *verify_checked_sender(uschar *);
Index: verify.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/verify.c,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- verify.c 22 Aug 2005 10:49:04 -0000 1.25
+++ verify.c 6 Sep 2005 13:17:36 -0000 1.26
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/verify.c,v 1.25 2005/08/22 10:49:04 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/verify.c,v 1.26 2005/09/06 13:17:36 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -1449,6 +1449,89 @@
return OK;
}
+
+
+/*************************************************
+* Check for blind recipients *
+*************************************************/
+
+/* This function checks that every (envelope) recipient is mentioned in either
+the To: or Cc: header lines, thus detecting blind carbon copies.
+
+There are two ways of scanning that could be used: either scan the header lines
+and tick off the recipients, or scan the recipients and check the header lines.
+The original proposed patch did the former, but I have chosen to do the latter,
+because (a) it requires no memory and (b) will use fewer resources when there
+are many addresses in To: and/or Cc: and only one or two envelope recipients.
+
+Arguments: none
+Returns: OK if there are no blind recipients
+ FAIL if there is at least one blind recipient
+*/
+
+int
+verify_check_notblind(void)
+{
+int i;
+for (i = 0; i < recipients_count; i++)
+ {
+ header_line *h;
+ BOOL found = FALSE;
+ uschar *address = recipients_list[i].address;
+
+ for (h = header_list; !found && h != NULL; h = h->next)
+ {
+ uschar *colon, *s;
+
+ if (h->type != htype_to && h->type != htype_cc) continue;
+
+ colon = Ustrchr(h->text, ':');
+ s = colon + 1;
+ while (isspace(*s)) s++;
+
+ parse_allow_group = TRUE; /* Allow group syntax */
+
+ /* Loop for multiple addresses in the header */
+
+ while (*s != 0)
+ {
+ uschar *ss = parse_find_address_end(s, FALSE);
+ uschar *recipient,*errmess;
+ int terminator = *ss;
+ int start, end, domain;
+
+ /* Temporarily terminate the string at this point, and extract the
+ operative address within. */
+
+ *ss = 0;
+ recipient = parse_extract_address(s,&errmess,&start,&end,&domain,FALSE);
+ *ss = terminator;
+
+ /* If we found a valid recipient that has a domain, compare it with the
+ envelope recipient. Local parts are compared case-sensitively, domains
+ case-insensitively. By comparing from the start with length "domain", we
+ include the "@" at the end, which ensures that we are comparing the whole
+ local part of each address. */
+
+ if (recipient != NULL && domain != 0)
+ {
+ found = Ustrncmp(recipient, address, domain) == 0 &&
+ strcmpic(recipient + domain, address + domain) == 0;
+ if (found) break;
+ }
+
+ /* Advance to the next address */
+
+ s = ss + (terminator? 1:0);
+ while (isspace(*s)) s++;
+ } /* Next address */
+ } /* Next header (if found is false) */
+
+ if (!found) return FAIL;
+ } /* Next recipient */
+
+return OK;
+}