For those not on exim-users: I wanted to use
control=suppress_local_fixups on a non-SMTP session. Turns out it isn't
possible currently.
This patch adds a new acl_not_smtp_start that is run at the start of a
non-SMTP session. It's main use will probably be to set
"control = suppress_local_fixups"
based on some conditions. The result of this ACL has no influence at all.
It seems to work fine for me, but all those lists of what isn't allowed
(as opposed to what is) have me confused.
Comments appreciated.
johannes
--- exim4-4.62.orig/src/acl.c 2006-05-14 23:08:02.671475106 +0200
+++ exim4-4.62/src/acl.c 2006-05-14 23:08:07.121475106 +0200
@@ -328,7 +328,7 @@ static unsigned int cond_forbids[] = {
(1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)),
(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_CONNECT)| /* authenticated */
- (1<<ACL_WHERE_HELO),
+ (1<<ACL_WHERE_HELO)|(1<<ACL_WHERE_NOTSMTP_START),
#ifdef EXPERIMENTAL_BRIGHTMAIL
(1<<ACL_WHERE_AUTH)| /* bmi_optin */
@@ -366,7 +366,7 @@ static unsigned int cond_forbids[] = {
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY),
+ (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
(1<<ACL_WHERE_AUTH)| /* dk_policy */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
@@ -374,7 +374,7 @@ static unsigned int cond_forbids[] = {
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY),
+ (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
(1<<ACL_WHERE_AUTH)| /* dk_sender_domains */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
@@ -382,7 +382,7 @@ static unsigned int cond_forbids[] = {
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY),
+ (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
(1<<ACL_WHERE_AUTH)| /* dk_sender_local_parts */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
@@ -390,7 +390,7 @@ static unsigned int cond_forbids[] = {
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY),
+ (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
(1<<ACL_WHERE_AUTH)| /* dk_senders */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
@@ -398,7 +398,7 @@ static unsigned int cond_forbids[] = {
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY),
+ (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
(1<<ACL_WHERE_AUTH)| /* dk_status */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
@@ -406,20 +406,22 @@ static unsigned int cond_forbids[] = {
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY),
+ (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
#endif
- (1<<ACL_WHERE_NOTSMTP), /* dnslists */
+ (1<<ACL_WHERE_NOTSMTP)| /* dnslists */
+ (1<<ACL_WHERE_NOTSMTP_START),
(unsigned int)
~(1<<ACL_WHERE_RCPT), /* domains */
(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_CONNECT)| /* encrypted */
- (1<<ACL_WHERE_HELO),
+ (1<<ACL_WHERE_HELO)|(1<<ACL_WHERE_NOTSMTP_START),
0, /* endpass */
- (1<<ACL_WHERE_NOTSMTP), /* hosts */
+ (1<<ACL_WHERE_NOTSMTP)| /* hosts */
+ (1<<ACL_WHERE_NOTSMTP_START),
(unsigned int)
~(1<<ACL_WHERE_RCPT), /* local_parts */
@@ -430,7 +432,8 @@ static unsigned int cond_forbids[] = {
#ifdef WITH_CONTENT_SCAN
(unsigned int)
- ~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)), /* malware */
+ ~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)| /* malware */
+ (1<<ACL_WHERE_NOTSMTP_START)),
#endif
0, /* message */
@@ -448,20 +451,22 @@ static unsigned int cond_forbids[] = {
#ifdef WITH_CONTENT_SCAN
(unsigned int)
~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)| /* regex */
- (1<<ACL_WHERE_MIME)),
+ (1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP_START)),
#endif
(1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)| /* sender_domains */
(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
- (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY),
+ (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)|
+ (1<<ACL_WHERE_NOTSMTP_START),
(1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)| /* senders */
(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
- (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY),
+ (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)|
+ (1<<ACL_WHERE_NOTSMTP_START),
0, /* set */
@@ -475,7 +480,8 @@ static unsigned int cond_forbids[] = {
(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_MAILAUTH)|
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
- (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY),
+ (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)|
+ (1<<ACL_WHERE_NOTSMTP_START),
#endif
/* Certain types of verify are always allowed, so we let it through
@@ -498,7 +504,8 @@ static unsigned int control_forbids[] =
#endif
#ifdef EXPERIMENTAL_DOMAINKEYS
- (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP), /* dk_verify */
+ (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)| /* dk_verify */
+ (1<<ACL_WHERE_NOTSMTP_START),
#endif
0, /* error */
@@ -509,9 +516,11 @@ static unsigned int control_forbids[] =
(unsigned int)
~(1<<ACL_WHERE_RCPT), /* caselower_local_part */
- (1<<ACL_WHERE_NOTSMTP), /* enforce_sync */
+ (1<<ACL_WHERE_NOTSMTP)| /* enforce_sync */
+ (1<<ACL_WHERE_NOTSMTP_START),
- (1<<ACL_WHERE_NOTSMTP), /* no_enforce_sync */
+ (1<<ACL_WHERE_NOTSMTP)| /* no_enforce_sync */
+ (1<<ACL_WHERE_NOTSMTP_START),
(unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* freeze */
@@ -529,7 +538,8 @@ static unsigned int control_forbids[] =
(unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* suppress_local_fixups */
- (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_PREDATA)),
+ (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_PREDATA)|
+ (1<<ACL_WHERE_NOTSMTP_START)),
#ifdef WITH_CONTENT_SCAN
(unsigned int)
@@ -548,7 +558,8 @@ static unsigned int control_forbids[] =
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
(1<<ACL_WHERE_MIME)),
- (1<<ACL_WHERE_NOTSMTP) /* no_multiline */
+ (1<<ACL_WHERE_NOTSMTP)| /* no_multiline */
+ (1<<ACL_WHERE_NOTSMTP_START)
};
/* Structure listing various control arguments, with their characteristics. */
--- exim4-4.62.orig/src/exim.c 2006-05-14 23:08:02.121475106 +0200
+++ exim4-4.62/src/exim.c 2006-05-14 23:08:07.131475106 +0200
@@ -4420,10 +4420,20 @@ if (smtp_input)
}
}
-/* Otherwise, set up the input size limit here */
+/* Otherwise, first run the acl_not_smtp_start and
+ * then set up the input size limit here */
else
{
+ if (acl_not_smtp_start != NULL)
+ {
+ uschar *user_msg, *log_msg;
+ /* there's no point in allowing this ACL to reject anything,
+ * can just as well be done later and then doesn't cause any
+ * problems like programs wondering why exim died for them */
+ acl_check(ACL_WHERE_NOTSMTP_START, NULL, acl_not_smtp_start, &user_msg, &log_msg);
+ }
+
thismessage_size_limit = expand_string_integer(message_size_limit);
if (thismessage_size_limit < 0)
{
--- exim4-4.62.orig/src/globals.c 2006-05-14 23:08:01.911475106 +0200
+++ exim4-4.62/src/globals.c 2006-05-14 23:08:07.141475106 +0200
@@ -165,6 +165,7 @@ int address_expansions_count = sizeof(ad
header_line *acl_added_headers = NULL;
tree_node *acl_anchor = NULL;
uschar *acl_not_smtp = NULL;
+uschar *acl_not_smtp_start = NULL;
#ifdef WITH_CONTENT_SCAN
uschar *acl_not_smtp_mime = NULL;
#endif
@@ -206,7 +207,8 @@ uschar *acl_wherenames[] = { US"RC
US"MAILAUTH",
US"QUIT",
US"STARTTLS",
- US"VRFY"
+ US"VRFY",
+ US"non-SMTP-start"
};
int acl_wherecodes[] = { 550, /* RCPT */
@@ -223,7 +225,8 @@ int acl_wherecodes[] = { 550,
0, /* MAILAUTH; not relevant */
0, /* QUIT; not relevant */
550, /* STARTTLS */
- 252 /* VRFY */
+ 252, /* VRFY */
+ 0, /* not SMTP; not relevant */
};
BOOL active_local_from_check = FALSE;
--- exim4-4.62.orig/src/globals.h 2006-05-14 23:08:00.181475106 +0200
+++ exim4-4.62/src/globals.h 2006-05-14 23:08:07.141475106 +0200
@@ -107,6 +107,7 @@ extern BOOL accept_8bitmime; /
extern header_line *acl_added_headers; /* Headers added by an ACL */
extern tree_node *acl_anchor; /* Tree of named ACLs */
extern uschar *acl_not_smtp; /* ACL run for non-SMTP messages */
+extern uschar *acl_not_smtp_start; /* ACL run at the beginning of a non-SMTP session */
#ifdef WITH_CONTENT_SCAN
extern uschar *acl_not_smtp_mime; /* For MIME parts of ditto */
#endif
--- exim4-4.62.orig/src/macros.h 2006-05-14 23:08:00.101475106 +0200
+++ exim4-4.62/src/macros.h 2006-05-14 23:08:07.141475106 +0200
@@ -777,6 +777,7 @@ enum { ACL_WHERE_RCPT, /* Some con
ACL_WHERE_EXPN,
ACL_WHERE_HELO,
ACL_WHERE_MAILAUTH,
+ ACL_WHERE_NOTSMTP_START,
ACL_WHERE_QUIT,
ACL_WHERE_STARTTLS,
ACL_WHERE_VRFY
--- exim4-4.62.orig/src/readconf.c 2006-05-14 23:08:01.401475106 +0200
+++ exim4-4.62/src/readconf.c 2006-05-14 23:08:07.151475106 +0200
@@ -135,6 +135,7 @@ static optionlist optionlist_config[] =
{ "*set_system_filter_user", opt_bool|opt_hidden, &system_filter_uid_set },
{ "accept_8bitmime", opt_bool, &accept_8bitmime },
{ "acl_not_smtp", opt_stringptr, &acl_not_smtp },
+ { "acl_not_smtp_start", opt_stringptr, &acl_not_smtp_start },
#ifdef WITH_CONTENT_SCAN
{ "acl_not_smtp_mime", opt_stringptr, &acl_not_smtp_mime },
#endif
--- exim4-4.62.orig/doc/spec.txt 2006-05-14 23:18:09.691475106 +0200
+++ exim4-4.62/doc/spec.txt 2006-05-14 23:16:44.000000000 +0200
@@ -719,6 +719,20 @@ are using a Debian distribution of Exim,
Debian-specific mailing list pkg-exim4-users@???.
+The following paragraph has been added by the Debian exim 4 maintainers:
+Please do not use the upstream mailing lists for Debian-specific
+questions. Do only post to the upstream mailing lists if you are sure
+that the issue you want to discuss are not Debian-specific. There is a
+dedicated mailing list called
+
+ pkg-exim4-users@???
+
+for discussion and questions about the Debian exim 4 packages.
+
+You can subscribe to this list, change your existing subscriptions, and view
+or search the archives via the Web interface on
+
http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-devel
+
1.4 Exim training
-----------------
@@ -10814,6 +10828,7 @@ smtp_reserve_hosts these a
acl_not_smtp ACL for non-SMTP messages
acl_not_smtp_mime ACL for non-SMTP MIME parts
+acl_not_smtp_start ACL for the start of a non-SMTP session
acl_smtp_auth ACL for AUTH
acl_smtp_connect ACL for connection
acl_smtp_data ACL for DATA
@@ -11059,6 +11074,14 @@ This option defines the ACL that is run
messages. It operates in exactly the same way as acl_smtp_mime operates for
SMTP messages.
++---------------------------------------------------------+
+|acl_not_smtp_start|Use: main|Type: string*|Default: unset|
++---------------------------------------------------------+
+
+This option defines the ACL that is run at the start of a non-SMTP
+session. Its result has no influence, but it can be used for example
+to set "control = suppress_local_fixups".
+
+----------------------------------------------------+
|acl_smtp_auth|Use: main|Type: string*|Default: unset|
+----------------------------------------------------+
@@ -22302,6 +22325,8 @@ In order to cause an ACL to be used, you
options in the main part of the configuration. These options are:
acl_not_smtp ACL for non-SMTP messages
+ acl_not_smtp_mime ACL for content-scanning MIME parts on non-SMTP sessions
+ acl_not_smtp_start ACL for the start of a non-SMTP session
acl_smtp_auth ACL for AUTH
acl_smtp_connect ACL for start of SMTP connection
acl_smtp_data ACL after DATA is complete
@@ -22493,6 +22518,9 @@ For acl_not_smtp, acl_smtp_auth, acl_smt
acl_smtp_quit, and acl_smtp_starttls, the action when the ACL is not defined is
"accept".
+For acl_not_smtp_start, the default is "deny" but since the result of this
+ACL has no influence, this is not relevant.
+
For the others (acl_smtp_etrn, acl_smtp_expn, acl_smtp_rcpt, and acl_smtp_vrfy
), the action when the ACL is not defined is "deny". This means that
acl_smtp_rcpt must be defined in order to receive any messages over an SMTP