[exim-dev] [RFC, PATCH] add acl_not_smtp_start ACL (was: [ex…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Johannes Berg
Datum:  
To: exim-dev
Alte Treads: Re: [exim] control=suppress_local_fixups?
Betreff: [exim-dev] [RFC, PATCH] add acl_not_smtp_start ACL (was: [exim]control=suppress_local_fixups?)
For those not on exim-users: I wanted to use
control=suppress_local_fixups on a non-SMTP session. Turns out it isn't
possible currently.

This patch adds a new acl_not_smtp_start that is run at the start of a
non-SMTP session. It's main use will probably be to set
"control = suppress_local_fixups"
based on some conditions. The result of this ACL has no influence at all.

It seems to work fine for me, but all those lists of what isn't allowed
(as opposed to what is) have me confused.

Comments appreciated.

johannes

--- exim4-4.62.orig/src/acl.c    2006-05-14 23:08:02.671475106 +0200
+++ exim4-4.62/src/acl.c    2006-05-14 23:08:07.121475106 +0200
@@ -328,7 +328,7 @@ static unsigned int cond_forbids[] = {
     (1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)),


   (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_CONNECT)|   /* authenticated */
-    (1<<ACL_WHERE_HELO),
+    (1<<ACL_WHERE_HELO)|(1<<ACL_WHERE_NOTSMTP_START),


   #ifdef EXPERIMENTAL_BRIGHTMAIL
   (1<<ACL_WHERE_AUTH)|                             /* bmi_optin */
@@ -366,7 +366,7 @@ static unsigned int cond_forbids[] = {
     (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
     (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
     (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
-    (1<<ACL_WHERE_VRFY),
+    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),


   (1<<ACL_WHERE_AUTH)|                             /* dk_policy */
     (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
@@ -374,7 +374,7 @@ static unsigned int cond_forbids[] = {
     (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
     (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
     (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
-    (1<<ACL_WHERE_VRFY),
+    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),


   (1<<ACL_WHERE_AUTH)|                             /* dk_sender_domains */
     (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
@@ -382,7 +382,7 @@ static unsigned int cond_forbids[] = {
     (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
     (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
     (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
-    (1<<ACL_WHERE_VRFY),
+    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),


   (1<<ACL_WHERE_AUTH)|                             /* dk_sender_local_parts */
     (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
@@ -390,7 +390,7 @@ static unsigned int cond_forbids[] = {
     (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
     (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
     (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
-    (1<<ACL_WHERE_VRFY),
+    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),


   (1<<ACL_WHERE_AUTH)|                             /* dk_senders */
     (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
@@ -398,7 +398,7 @@ static unsigned int cond_forbids[] = {
     (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
     (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
     (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
-    (1<<ACL_WHERE_VRFY),
+    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),


   (1<<ACL_WHERE_AUTH)|                             /* dk_status */
     (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
@@ -406,20 +406,22 @@ static unsigned int cond_forbids[] = {
     (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
     (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
     (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
-    (1<<ACL_WHERE_VRFY),
+    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
   #endif


-  (1<<ACL_WHERE_NOTSMTP),                          /* dnslists */
+  (1<<ACL_WHERE_NOTSMTP)|                          /* dnslists */
+    (1<<ACL_WHERE_NOTSMTP_START),


   (unsigned int)
   ~(1<<ACL_WHERE_RCPT),                            /* domains */


   (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_CONNECT)|   /* encrypted */
-    (1<<ACL_WHERE_HELO),
+    (1<<ACL_WHERE_HELO)|(1<<ACL_WHERE_NOTSMTP_START),


   0,                                               /* endpass */


-  (1<<ACL_WHERE_NOTSMTP),                          /* hosts */
+  (1<<ACL_WHERE_NOTSMTP)|                          /* hosts */
+    (1<<ACL_WHERE_NOTSMTP_START),


   (unsigned int)
   ~(1<<ACL_WHERE_RCPT),                            /* local_parts */
@@ -430,7 +432,8 @@ static unsigned int cond_forbids[] = {


   #ifdef WITH_CONTENT_SCAN
   (unsigned int)
-  ~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)),   /* malware */
+  ~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)|    /* malware */
+    (1<<ACL_WHERE_NOTSMTP_START)),
   #endif


   0,                                               /* message */
@@ -448,20 +451,22 @@ static unsigned int cond_forbids[] = {
   #ifdef WITH_CONTENT_SCAN
   (unsigned int)
   ~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)|    /* regex */
-    (1<<ACL_WHERE_MIME)),
+    (1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP_START)),
   #endif


   (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)|      /* sender_domains */
     (1<<ACL_WHERE_HELO)|
     (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
     (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
-    (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY),
+    (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)|
+    (1<<ACL_WHERE_NOTSMTP_START),


   (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)|      /* senders */
     (1<<ACL_WHERE_HELO)|
     (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
     (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
-    (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY),
+    (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)|
+    (1<<ACL_WHERE_NOTSMTP_START),


   0,                                               /* set */


@@ -475,7 +480,8 @@ static unsigned int cond_forbids[] = {
     (1<<ACL_WHERE_HELO)|
     (1<<ACL_WHERE_MAILAUTH)|
     (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
-    (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY),
+    (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)|
+    (1<<ACL_WHERE_NOTSMTP_START),
   #endif


/* Certain types of verify are always allowed, so we let it through
@@ -498,7 +504,8 @@ static unsigned int control_forbids[] =
#endif

   #ifdef EXPERIMENTAL_DOMAINKEYS
-  (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP),      /* dk_verify */
+  (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)|      /* dk_verify */
+  (1<<ACL_WHERE_NOTSMTP_START),
   #endif


   0,                                               /* error */
@@ -509,9 +516,11 @@ static unsigned int control_forbids[] = 
   (unsigned int)
   ~(1<<ACL_WHERE_RCPT),                            /* caselower_local_part */


-  (1<<ACL_WHERE_NOTSMTP),                          /* enforce_sync */
+  (1<<ACL_WHERE_NOTSMTP)|                          /* enforce_sync */
+    (1<<ACL_WHERE_NOTSMTP_START),


-  (1<<ACL_WHERE_NOTSMTP),                          /* no_enforce_sync */
+  (1<<ACL_WHERE_NOTSMTP)|                          /* no_enforce_sync */
+    (1<<ACL_WHERE_NOTSMTP_START),


   (unsigned int)
   ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|       /* freeze */
@@ -529,7 +538,8 @@ static unsigned int control_forbids[] = 


   (unsigned int)
   ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)|       /* suppress_local_fixups */
-    (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_PREDATA)),
+    (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_PREDATA)|
+    (1<<ACL_WHERE_NOTSMTP_START)),


   #ifdef WITH_CONTENT_SCAN
   (unsigned int)
@@ -548,7 +558,8 @@ static unsigned int control_forbids[] = 
     (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
     (1<<ACL_WHERE_MIME)),


-  (1<<ACL_WHERE_NOTSMTP)                           /* no_multiline */
+  (1<<ACL_WHERE_NOTSMTP)|                          /* no_multiline */
+    (1<<ACL_WHERE_NOTSMTP_START)
 };


 /* Structure listing various control arguments, with their characteristics. */
--- exim4-4.62.orig/src/exim.c    2006-05-14 23:08:02.121475106 +0200
+++ exim4-4.62/src/exim.c    2006-05-14 23:08:07.131475106 +0200
@@ -4420,10 +4420,20 @@ if (smtp_input)
     }
   }


-/* Otherwise, set up the input size limit here */
+/* Otherwise, first run the acl_not_smtp_start and
+ * then set up the input size limit here */

 else
   {
+  if (acl_not_smtp_start != NULL)
+    {
+    uschar *user_msg, *log_msg;
+    /* there's no point in allowing this ACL to reject anything,
+     * can just as well be done later and then doesn't cause any
+     * problems like programs wondering why exim died for them */
+    acl_check(ACL_WHERE_NOTSMTP_START, NULL, acl_not_smtp_start, &user_msg, &log_msg);
+    }
+
   thismessage_size_limit = expand_string_integer(message_size_limit);
   if (thismessage_size_limit < 0)
     {
--- exim4-4.62.orig/src/globals.c    2006-05-14 23:08:01.911475106 +0200
+++ exim4-4.62/src/globals.c    2006-05-14 23:08:07.141475106 +0200
@@ -165,6 +165,7 @@ int address_expansions_count = sizeof(ad
 header_line *acl_added_headers = NULL;
 tree_node *acl_anchor          = NULL;
 uschar *acl_not_smtp           = NULL;
+uschar *acl_not_smtp_start     = NULL;
 #ifdef WITH_CONTENT_SCAN
 uschar *acl_not_smtp_mime      = NULL;
 #endif
@@ -206,7 +207,8 @@ uschar *acl_wherenames[]       = { US"RC
                                    US"MAILAUTH",
                                    US"QUIT",
                                    US"STARTTLS",
-                                   US"VRFY"
+                                   US"VRFY",
+                                   US"non-SMTP-start"
                                  };


 int     acl_wherecodes[]       = { 550,     /* RCPT */
@@ -223,7 +225,8 @@ int     acl_wherecodes[]       = { 550, 
                                    0,       /* MAILAUTH; not relevant */
                                    0,       /* QUIT; not relevant */
                                    550,     /* STARTTLS */
-                                   252      /* VRFY */
+                                   252,     /* VRFY */
+                                   0,       /* not SMTP; not relevant */
                                  };


 BOOL    active_local_from_check = FALSE;
--- exim4-4.62.orig/src/globals.h    2006-05-14 23:08:00.181475106 +0200
+++ exim4-4.62/src/globals.h    2006-05-14 23:08:07.141475106 +0200
@@ -107,6 +107,7 @@ extern BOOL    accept_8bitmime;        /
 extern header_line *acl_added_headers; /* Headers added by an ACL */
 extern tree_node *acl_anchor;          /* Tree of named ACLs */
 extern uschar *acl_not_smtp;           /* ACL run for non-SMTP messages */
+extern uschar *acl_not_smtp_start;     /* ACL run at the beginning of a non-SMTP session */
 #ifdef WITH_CONTENT_SCAN
 extern uschar *acl_not_smtp_mime;      /* For MIME parts of ditto */
 #endif
--- exim4-4.62.orig/src/macros.h    2006-05-14 23:08:00.101475106 +0200
+++ exim4-4.62/src/macros.h    2006-05-14 23:08:07.141475106 +0200
@@ -777,6 +777,7 @@ enum { ACL_WHERE_RCPT,       /* Some con
        ACL_WHERE_EXPN,
        ACL_WHERE_HELO,
        ACL_WHERE_MAILAUTH,
+       ACL_WHERE_NOTSMTP_START,
        ACL_WHERE_QUIT,
        ACL_WHERE_STARTTLS,
        ACL_WHERE_VRFY
--- exim4-4.62.orig/src/readconf.c    2006-05-14 23:08:01.401475106 +0200
+++ exim4-4.62/src/readconf.c    2006-05-14 23:08:07.151475106 +0200
@@ -135,6 +135,7 @@ static optionlist optionlist_config[] = 
   { "*set_system_filter_user",  opt_bool|opt_hidden, &system_filter_uid_set },
   { "accept_8bitmime",          opt_bool,        &accept_8bitmime },
   { "acl_not_smtp",             opt_stringptr,   &acl_not_smtp },
+  { "acl_not_smtp_start",       opt_stringptr,   &acl_not_smtp_start },
 #ifdef WITH_CONTENT_SCAN
   { "acl_not_smtp_mime",        opt_stringptr,   &acl_not_smtp_mime },
 #endif
--- exim4-4.62.orig/doc/spec.txt    2006-05-14 23:18:09.691475106 +0200
+++ exim4-4.62/doc/spec.txt    2006-05-14 23:16:44.000000000 +0200
@@ -719,6 +719,20 @@ are using a Debian distribution of Exim,
 Debian-specific mailing list pkg-exim4-users@???.



+The following paragraph has been added by the Debian exim 4 maintainers:
+Please do not use the upstream mailing lists for Debian-specific
+questions. Do only post to the upstream mailing lists if you are sure
+that the issue you want to discuss are not Debian-specific. There is a
+dedicated mailing list called
+
+ pkg-exim4-users@???
+
+for discussion and questions about the Debian exim 4 packages.
+
+You can subscribe to this list, change your existing subscriptions, and view
+or search the archives via the Web interface on
+http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-devel
+
1.4 Exim training
-----------------

@@ -10814,6 +10828,7 @@ smtp_reserve_hosts               these a


 acl_not_smtp           ACL for non-SMTP messages
 acl_not_smtp_mime      ACL for non-SMTP MIME parts
+acl_not_smtp_start     ACL for the start of a non-SMTP session
 acl_smtp_auth          ACL for AUTH
 acl_smtp_connect       ACL for connection
 acl_smtp_data          ACL for DATA
@@ -11059,6 +11074,14 @@ This option defines the ACL that is run 
 messages. It operates in exactly the same way as acl_smtp_mime operates for
 SMTP messages.


++---------------------------------------------------------+
+|acl_not_smtp_start|Use: main|Type: string*|Default: unset|
++---------------------------------------------------------+
+
+This option defines the ACL that is run at the start of a non-SMTP
+session. Its result has no influence, but it can be used for example
+to set "control = suppress_local_fixups".
+
+----------------------------------------------------+
|acl_smtp_auth|Use: main|Type: string*|Default: unset|
+----------------------------------------------------+
@@ -22302,6 +22325,8 @@ In order to cause an ACL to be used, you
options in the main part of the configuration. These options are:

  acl_not_smtp      ACL for non-SMTP messages
+ acl_not_smtp_mime ACL for content-scanning MIME parts on non-SMTP sessions
+ acl_not_smtp_start ACL for the start of a non-SMTP session
  acl_smtp_auth     ACL for AUTH
  acl_smtp_connect  ACL for start of SMTP connection
  acl_smtp_data     ACL after DATA is complete
@@ -22493,6 +22518,9 @@ For acl_not_smtp, acl_smtp_auth, acl_smt
 acl_smtp_quit, and acl_smtp_starttls, the action when the ACL is not defined is
 "accept".


+For acl_not_smtp_start, the default is "deny" but since the result of this
+ACL has no influence, this is not relevant.
+
For the others (acl_smtp_etrn, acl_smtp_expn, acl_smtp_rcpt, and acl_smtp_vrfy
), the action when the ACL is not defined is "deny". This means that
acl_smtp_rcpt must be defined in order to receive any messages over an SMTP