ph10 2006/09/25 11:14:21 BST
Modified files:
exim-doc/doc-txt ChangeLog NewStuff
exim-src/src acl.c globals.c globals.h receive.c
smtp_in.c
Added files:
exim-test/confs 0539
exim-test/log 0539
exim-test/paniclog 0539
exim-test/rejectlog 0539
exim-test/scripts/0000-Basic 0539
exim-test/stderr 0539
exim-test/stdout 0539
Log:
Add log_reject_target as an ACL modifier.
Revision Changes Path
1.397 +4 -0 exim/exim-doc/doc-txt/ChangeLog
1.111 +13 -0 exim/exim-doc/doc-txt/NewStuff
1.66 +44 -5 exim/exim-src/src/acl.c
1.59 +2 -1 exim/exim-src/src/globals.c
1.41 +2 -1 exim/exim-src/src/globals.h
1.29 +7 -2 exim/exim-src/src/receive.c
1.44 +8 -5 exim/exim-src/src/smtp_in.c
1.1 +59 -0 exim/exim-test/confs/0539 (new)
1.1 +5 -0 exim/exim-test/log/0539 (new)
1.1 +2 -0 exim/exim-test/paniclog/0539 (new)
1.1 +14 -0 exim/exim-test/rejectlog/0539 (new)
1.1 +20 -0 exim/exim-test/scripts/0000-Basic/0539 (new)
1.1 +3 -0 exim/exim-test/stderr/0539 (new)
1.1 +15 -0 exim/exim-test/stdout/0539 (new)
Index: ChangeLog
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
retrieving revision 1.396
retrieving revision 1.397
diff -u -r1.396 -r1.397
--- ChangeLog 22 Sep 2006 08:41:59 -0000 1.396
+++ ChangeLog 25 Sep 2006 10:14:20 -0000 1.397
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.396 2006/09/22 08:41:59 ph10 Exp $
+$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.397 2006/09/25 10:14:20 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -51,6 +51,10 @@
JJ/02 exipick 20060919.0, --show-vars args can now be regular expressions,
miscellaneous code fixes
+
+PH/10 Added the log_reject_target ACL modifier to specify where to log
+ rejections.
+
Exim version 4.63
Index: NewStuff
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/NewStuff,v
retrieving revision 1.110
retrieving revision 1.111
diff -u -r1.110 -r1.111
--- NewStuff 19 Sep 2006 14:31:06 -0000 1.110
+++ NewStuff 25 Sep 2006 10:14:20 -0000 1.111
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/NewStuff,v 1.110 2006/09/19 14:31:06 ph10 Exp $
+$Cambridge: exim/exim-doc/doc-txt/NewStuff,v 1.111 2006/09/25 10:14:20 ph10 Exp $
New Features in Exim
--------------------
@@ -36,6 +36,19 @@
and can be read by the new release. If only the original numeric names are
used, spool files written by the new release can be read by earlier
releases.
+
+2. There is a new ACL modifier called log_reject_target. It makes it possible
+ to specify which logs are used for messages about ACL rejections. Its
+ argument is a list of words which can be "main", "reject", or "panic". The
+ default is "main:reject". The list may be empty, in which case a rejection
+ is not logged at all. For example, this ACL fragment writes no logging
+ information when access is denied:
+
+ deny <some conditions>
+ log_reject_target =
+
+ The modifier can be used in SMTP and non-SMTP ACLs. It applies to both
+ permanent and temporary rejections.
Version 4.63
Index: acl.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/acl.c,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -r1.65 -r1.66
--- acl.c 19 Sep 2006 14:31:06 -0000 1.65
+++ acl.c 25 Sep 2006 10:14:20 -0000 1.66
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/acl.c,v 1.65 2006/09/19 14:31:06 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/acl.c,v 1.66 2006/09/25 10:14:20 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -65,6 +65,7 @@
ACLC_HOSTS,
ACLC_LOCAL_PARTS,
ACLC_LOG_MESSAGE,
+ ACLC_LOG_REJECT_TARGET,
ACLC_LOGWRITE,
#ifdef WITH_CONTENT_SCAN
ACLC_MALWARE,
@@ -90,8 +91,9 @@
ACLC_VERIFY };
/* ACL conditions/modifiers: "delay", "control", "endpass", "message",
-"log_message", "logwrite", and "set" are modifiers that look like conditions
-but always return TRUE. They are used for their side effects. */
+"log_message", "log_reject_target", "logwrite", and "set" are modifiers that
+look like conditions but always return TRUE. They are used for their side
+effects. */
static uschar *conditions[] = {
US"acl",
@@ -117,8 +119,15 @@
US"dk_senders",
US"dk_status",
#endif
- US"dnslists", US"domains", US"encrypted",
- US"endpass", US"hosts", US"local_parts", US"log_message", US"logwrite",
+ US"dnslists",
+ US"domains",
+ US"encrypted",
+ US"endpass",
+ US"hosts",
+ US"local_parts",
+ US"log_message",
+ US"log_reject_target",
+ US"logwrite",
#ifdef WITH_CONTENT_SCAN
US"malware",
#endif
@@ -232,6 +241,7 @@
FALSE, /* hosts */
FALSE, /* local_parts */
TRUE, /* log_message */
+ TRUE, /* log_reject_target */
TRUE, /* logwrite */
#ifdef WITH_CONTENT_SCAN
TRUE, /* malware */
@@ -290,6 +300,7 @@
FALSE, /* hosts */
FALSE, /* local_parts */
TRUE, /* log_message */
+ TRUE, /* log_reject_target */
TRUE, /* logwrite */
#ifdef WITH_CONTENT_SCAN
FALSE, /* malware */
@@ -433,6 +444,8 @@
0, /* log_message */
+ 0, /* log_reject_target */
+
0, /* logwrite */
#ifdef WITH_CONTENT_SCAN
@@ -2844,6 +2857,29 @@
&deliver_localpart_data);
break;
+ case ACLC_LOG_REJECT_TARGET:
+ {
+ int logbits = 0;
+ int sep = 0;
+ uschar *s = arg;
+ uschar *ss;
+ while ((ss = string_nextinlist(&s, &sep, big_buffer, big_buffer_size))
+ != NULL)
+ {
+ if (Ustrcmp(ss, "main") == 0) logbits |= LOG_MAIN;
+ else if (Ustrcmp(ss, "panic") == 0) logbits |= LOG_PANIC;
+ else if (Ustrcmp(ss, "reject") == 0) logbits |= LOG_REJECT;
+ else
+ {
+ logbits |= LOG_MAIN|LOG_REJECT;
+ log_write(0, LOG_MAIN|LOG_PANIC, "unknown log name \"%s\" in "
+ "\"log_reject_target\" in %s ACL", ss, acl_wherenames[where]);
+ }
+ }
+ log_reject_target = logbits;
+ }
+ break;
+
case ACLC_LOGWRITE:
{
int logbits = 0;
@@ -2870,6 +2906,8 @@
s++;
}
while (isspace(*s)) s++;
+
+
if (logbits == 0) logbits = LOG_MAIN;
log_write(0, logbits, "%s", string_printing(s));
}
@@ -2878,7 +2916,7 @@
#ifdef WITH_CONTENT_SCAN
case ACLC_MALWARE:
{
- /* Seperate the regular expression and any optional parameters. */
+ /* Separate the regular expression and any optional parameters. */
uschar *ss = string_nextinlist(&arg, &sep, big_buffer, big_buffer_size);
/* Run the malware backend. */
rc = malware(&ss);
@@ -3513,6 +3551,7 @@
*user_msgptr = *log_msgptr = NULL;
sender_verified_failed = NULL;
ratelimiters_cmd = NULL;
+log_reject_target = LOG_MAIN|LOG_REJECT;
if (where == ACL_WHERE_RCPT)
{
Index: globals.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/globals.c,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -r1.58 -r1.59
--- globals.c 19 Sep 2006 11:28:45 -0000 1.58
+++ globals.c 25 Sep 2006 10:14:20 -0000 1.59
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/globals.c,v 1.58 2006/09/19 11:28:45 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/globals.c,v 1.59 2006/09/25 10:14:20 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -703,11 +703,12 @@
};
int log_options_count = sizeof(log_options)/sizeof(bit_table);
-unsigned int log_write_selector= L_default;
+int log_reject_target = 0;
uschar *log_selector_string = NULL;
FILE *log_stderr = NULL;
BOOL log_testing_mode = FALSE;
BOOL log_timezone = FALSE;
+unsigned int log_write_selector= L_default;
uschar *login_sender_address = NULL;
int lookup_open_max = 25;
uschar *lookup_value = NULL;
Index: globals.h
===================================================================
RCS file: /home/cvs/exim/exim-src/src/globals.h,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- globals.h 19 Sep 2006 11:28:45 -0000 1.40
+++ globals.h 25 Sep 2006 10:14:20 -0000 1.41
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/globals.h,v 1.40 2006/09/19 11:28:45 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/globals.h,v 1.41 2006/09/25 10:14:20 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -404,11 +404,12 @@
extern uschar *log_file_path; /* If unset, use default */
extern bit_table log_options[]; /* Table of options */
extern int log_options_count; /* Size of table */
-extern unsigned int log_write_selector;/* Bit map of logging options for log_write() */
+extern int log_reject_target; /* Target log for ACL rejections */
extern uschar *log_selector_string; /* As supplied in the config */
extern FILE *log_stderr; /* Copy of stderr for log use, or NULL */
extern BOOL log_testing_mode; /* TRUE in various testing modes */
extern BOOL log_timezone; /* TRUE to include the timezone in log lines */
+extern unsigned int log_write_selector;/* Bit map of logging options for log_write() */
extern uschar *login_sender_address; /* The actual sender address */
extern lookup_info lookup_list[]; /* Vector of available lookups */
extern int lookup_list_count; /* Number of entries in the list */
Index: receive.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/receive.c,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- receive.c 13 Jul 2006 13:53:33 -0000 1.28
+++ receive.c 25 Sep 2006 10:14:20 -0000 1.29
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/receive.c,v 1.28 2006/07/13 13:53:33 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/receive.c,v 1.29 2006/09/25 10:14:20 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -2985,8 +2985,13 @@
#ifdef WITH_CONTENT_SCAN
unspool_mbox();
#endif
- log_write(0, LOG_MAIN|LOG_REJECT, "F=<%s> rejected by non-SMTP ACL: %s",
- sender_address, log_msg);
+ /* The ACL can specify where rejections are to be logged, possibly
+ nowhere. The default is main and reject logs. */
+
+ if (log_reject_target != 0)
+ log_write(0, log_reject_target, "F=<%s> rejected by non-SMTP ACL: %s",
+ sender_address, log_msg);
+
if (user_msg == NULL) user_msg = US"local configuration problem";
if (smtp_batched_input)
{
Index: smtp_in.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/smtp_in.c,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- smtp_in.c 19 Sep 2006 11:28:45 -0000 1.43
+++ smtp_in.c 25 Sep 2006 10:14:20 -0000 1.44
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/smtp_in.c,v 1.43 2006/09/19 11:28:45 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/smtp_in.c,v 1.44 2006/09/25 10:14:20 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -2002,12 +2002,15 @@
US"Temporary local problem - please try later");
}
-/* Log the incident. If the connection is not forcibly to be dropped, return 0.
-Otherwise, log why it is closing if required and return 2. */
-
-log_write(0, LOG_MAIN|LOG_REJECT, "%s %s%srejected %s%s",
- host_and_ident(TRUE),
- sender_info, (rc == FAIL)? US"" : US"temporarily ", what, log_msg);
+/* Log the incident to the logs that are specified by log_reject_target
+(default main, reject). This can be empty to suppress logging of rejections. If
+the connection is not forcibly to be dropped, return 0. Otherwise, log why it
+is closing if required and return 2. */
+
+if (log_reject_target != 0)
+ log_write(0, log_reject_target, "%s %s%srejected %s%s",
+ host_and_ident(TRUE),
+ sender_info, (rc == FAIL)? US"" : US"temporarily ", what, log_msg);
if (!drop) return 0;
Index: 0539
====================================================================
# Exim test configuration 0539
exim_path = EXIM_PATH
host_lookup_order = bydns
primary_hostname = myhost.test.ex
rfc1413_query_timeout = 0s
spool_directory = DIR/spool
log_file_path = DIR/spool/log/%slog
gecos_pattern = ""
gecos_name = CALLER_NAME
# ----- Main settings -----
acl_not_smtp = not_smtp
acl_smtp_mail = check_mail
acl_smtp_rcpt = check_rcpt
acl_smtp_predata = predata
# ----- ACLs -----
begin acl
check_mail:
deny senders = main@???
log_reject_target = main
deny senders = reject@???
log_reject_target = reject
deny senders = both@???
log_reject_target = <, main, reject
deny senders = panic@???
log_reject_target = panic
deny senders = none@???
log_reject_target =
accept
check_rcpt:
deny local_parts = main
log_reject_target = main
deny local_parts = reject
log_reject_target = reject
deny local_parts = both
log_reject_target = <, main, reject
deny local_parts = panic
log_reject_target = panic
deny local_parts = none
log_reject_target =
accept
predata:
deny log_reject_target = main
log_message = Not today
not_smtp:
deny log_reject_target = reject
log_message = Nyet
# End
Index: 0539
====================================================================
1999-03-02 09:44:33 U=CALLER rejected MAIL <main@???>
1999-03-02 09:44:33 U=CALLER rejected MAIL <both@???>
1999-03-02 09:44:33 U=CALLER F=<ok@???> rejected RCPT <main@???>
1999-03-02 09:44:33 U=CALLER F=<ok@???> rejected RCPT <both@???>
1999-03-02 09:44:33 U=CALLER rejected DATA: Not today
Index: 0539
====================================================================
1999-03-02 09:44:33 U=CALLER rejected MAIL <panic@???>
1999-03-02 09:44:33 U=CALLER F=<ok@???> rejected RCPT <panic@???>
Index: 0539
====================================================================
1999-03-02 09:44:33 U=CALLER rejected MAIL <reject@???>
1999-03-02 09:44:33 U=CALLER rejected MAIL <both@???>
1999-03-02 09:44:33 U=CALLER F=<ok@???> rejected RCPT <reject@???>
1999-03-02 09:44:33 U=CALLER F=<ok@???> rejected RCPT <both@???>
1999-03-02 09:44:33 10HmaX-0005vi-00 F=<CALLER@???> rejected by non-SMTP ACL: Nyet
Envelope-from: <CALLER@???>
Envelope-to: <userx@???>
P Received: from CALLER by myhost.test.ex with local (Exim x.yz)
(envelope-from <CALLER@???>)
id 10HmaX-0005vi-00
for userx@???; Tue, 2 Mar 1999 09:44:33 +0000
I Message-Id: <E10HmaX-0005vi-00@???>
F From: CALLER_NAME <CALLER@???>
Date: Tue, 2 Mar 1999 09:44:33 +0000
Index: 0539
====================================================================
# log_reject_target
exim -bs
mail from:<main@???>
mail from:<reject@???>
mail from:<both@???>
mail from:<panic@???>
mail from:<none@???>
mail from:<ok@???>
rcpt to:<main@???>
rcpt to:<reject@???>
rcpt to:<both@???>
rcpt to:<panic@???>
rcpt to:<none@???>
rcpt to:<ok@???>
data
quit
****
1
exim -oep userx@???
****
Index: 0539
====================================================================
1999-03-02 09:44:33 U=CALLER rejected MAIL <panic@???>
1999-03-02 09:44:33 U=CALLER F=<ok@???> rejected RCPT <panic@???>
exim: message rejected by non-SMTP ACL: local configuration problem
Index: 0539
====================================================================
220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
550 Administrative prohibition
550 Administrative prohibition
550 Administrative prohibition
550 Administrative prohibition
550 Administrative prohibition
250 OK
550 Administrative prohibition
550 Administrative prohibition
550 Administrative prohibition
550 Administrative prohibition
550 Administrative prohibition
250 Accepted
550 Administrative prohibition
221 myhost.test.ex closing connection
