Re: [exim] DCC ACL patch

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Physicman
Date:  
À: Wolfgang Breyha
CC: exim-users
Sujet: Re: [exim] DCC ACL patch
On Sat, 12 Jan 2008 20:53:55 +0100
Wolfgang Breyha <wbreyha@???> wrote:

> Hi!
>

Hi Wolfgang,

> I've done a patch for exim to integrate DCC/greyd-checking into exim ACLs
> some time ago. Since it works fine here for some time now I'll make it
> available for everybody interested.
>
> With the patch exim is able to query dccifd for greylisting results and the
> X-DCC Header within the DATA ACL.
>

Wow! Great job!
You've done what I've always been too lazy to do, thanks! :)

I'm not too sure how you actually use it as I had some trouble
replacing the local_scan by an ACL.

Therefore, I rewrote a bit your patch (basically removed everything
related to rebuilding the recipients list and I also added return
values for dcc_result which weren't set apparently), so that I can now
have an ACL like this:

  warn    dcc           = *
          add_header    = $dcc_header


  deny    message       = Rejected by DCC
          condition     = ${if eq{$dcc_result}{R}{1}{0}}


I haven't tested it for long yet but so far it seems to be working fine.

Attached is a patch for your patched exim ;)
A full diff against a vanilla 4.69 can be found at

http://www.physicman.net/projects/exim/dcc-exim-acl-4.69.patch

Best regards,

Chris

-- 
 ,''`.  Christopher `Physicman' Bodenstein <cb@???>
 : :' :  Physicman.Net     :   http://www.physicman.net/ 
 `. `'   Debian GNU/Hurd   :   http://www.debian.org/ports/hurd
   `-    The IPv6 Portal   :   http://www.ipv6tf.org/

diff -urN exim-4.69.patched/src/dcc.c exim-4.69/src/dcc.c
--- exim-4.69.patched/src/dcc.c    2008-01-16 12:17:15.363754726 +0100
+++ exim-4.69/src/dcc.c    2008-01-16 11:06:52.000000000 +0100
@@ -64,7 +64,7 @@
   uschar *dcc_reject_message = US"Rejected by DCC";


/* from local_scan */
- int i, j, k, c, retval, sockfd, servlen, resp, rcpt_count, portnr, line;
+ int i, j, k, c, retval, sockfd, servlen, resp, portnr, line;
struct sockaddr_un serv_addr;
struct sockaddr_in serv_addr_in;
struct hostent *ipaddress;
@@ -80,7 +80,6 @@
uschar message_subdir[2];
struct header_line *dcchdr;
struct recipient_item *dcc_rcpt = recipients_list;
- int some;
uschar *dcc_acl_options;
uschar dcc_acl_options_buffer[10];

@@ -197,7 +196,6 @@

/* initialize the other variables */
dcchdr = header_list;
- rcpt_count = 0;
/* we set the default return value to DEFER */
retval = DEFER;

@@ -378,10 +376,8 @@
    ******************************************************************/


   line = 1;    /* we start at the first line of the output */
-  rcpt_count = 0; /* initializing the recipients counter */
   j = 0;       /* will be used as index for the recipients list */
   k = 0;       /* initializing the index of the X-DCC header: xhdr[k] */
-  some = 0;


   /* Let's read from the socket until there's nothing left to read */
   bzero(recvbuf, sizeof(recvbuf));
@@ -410,11 +406,13 @@
               DEBUG(D_acl)
                 debug_printf("Overall result = A\treturning OK\n");
               Ustrcpy(dcc_return_text, "Mail accepted by DCC");
+              dcc_result = "A";
               retval = OK;
             } 
             else if(recvbuf[i] == 'R') {
               DEBUG(D_acl)
                 debug_printf("Overall result = R\treturning FAIL\n");
+          dcc_result = "R";
               retval = FAIL;
               if(sender_host_name) {
                 log_write(0, LOG_MAIN, "H=%s [%s] F=<%s>: rejected by DCC", sender_host_name, sender_host_address, sender_address);
@@ -428,14 +426,17 @@
               DEBUG(D_acl)
                 debug_printf("Overall result  = S\treturning OK\n");
               Ustrcpy(dcc_return_text, "Not all recipients accepted by DCC");
-              some = 1;
               retval = OK;
+          /* Since we're in an ACL we want a global result
+           * so we accept for all */
+          dcc_result = "A";
             } 
             else if(recvbuf[i] == 'G') {
               DEBUG(D_acl)
                 debug_printf("Overall result  = G\treturning FAIL\n");
               Ustrcpy(dcc_return_text, "Greylisted by DCC");
               retval = DEFER;
+          dcc_result = "G";
             } 
             else if(recvbuf[i] == 'T') {
               DEBUG(D_acl)
@@ -443,6 +444,7 @@
               retval = DEFER;
               log_write(0,LOG_MAIN,"Temporary error with DCC: %s\n", recvbuf);
               Ustrcpy(dcc_return_text, "Temporary error with DCC");
+          dcc_result = "T";
             } 
             else {
               DEBUG(D_acl)
@@ -450,6 +452,7 @@
               retval = DEFER;
               log_write(0,LOG_MAIN,"Unknown DCC response: %s\n", recvbuf);
               Ustrcpy(dcc_return_text, "Unknown DCC response");
+          dcc_result = "T";
             }
           } 
           else {
@@ -462,41 +465,15 @@
         } 
         else if(line == 2) {
           /* On the second line we get a list of
-           * answer for each recipient */
-           /* We only need to copy the list of recipients if we
-            * accept the mail i.e. if retval is LOCAL_SCAN_ACCEPT */
-// I don't care about results "SOME" since we're in the DATA stage. So we've a global result
-          if(some) {
-            if(j > recipients_count - 1) {
-              DEBUG(D_acl)
-                debug_printf("More recipients returned than sent!\nSent %d recipients, got %d in return.\n", recipients_count, j);
-            } 
-            else {
-              if(recvbuf[i] == 'A') {
-                DEBUG(D_acl)
-                  debug_printf("Accepted recipient: %c - %s\n", recvbuf[i], recipients_list[j].address);
-//                Ustrcpy(dcc_rcpt[rcpt_count].address, recipients_list[j].address);
-                rcpt_count++;
-              } 
-              else {
-                DEBUG(D_acl)
-                  debug_printf("Rejected recipient: %c - %s\n", recvbuf[i], recipients_list[j].address);
-              }
-              j++;
-            }
-          } 
-          else {
-            DEBUG(D_acl)
-              debug_printf("result was not SOME, so we take the overall result\n");
-          }  
+           * answer for each recipient. We don't care about
+       * it because we're in an acl and so just take the
+       * global result. */
         } 
         else if(line > 2) {
           /* The third and following lines is the X-DCC header,
            * so we store it in xhdr. */
           /* check if we don't get more than what we can handle */
           if(k < sizeof(xhdr)) { /* xhdr has a length of 120 */
-//            DEBUG(D_acl)
-//              debug_printf("Writing X-DCC header: k = %d recvbuf[%d] = %c\n", k, i, recvbuf[i]);
             xhdr[k] = recvbuf[i];
             k++;
           } 
@@ -523,27 +500,7 @@


   /* Now let's sum up what we've got. */
   DEBUG(D_acl)
-    debug_printf("\n--------------------------\nOverall result = %d\nNumber of recipients accepted: %d\nX-DCC header: %s\nReturn message: %s\n", retval, rcpt_count, xhdr, dcc_return_text);
-
-  /* If some recipients were rejected, then rcpt_count is
-   * less than the original recipients_count.
-   * Then reconstruct the recipients list for those accepted
-   * recipients only. */
-  if((rcpt_count == 0) & (retval == OK)) { /* There should be at least 1 recipient; but who knows... */
-    DEBUG(D_acl)
-      debug_printf("List of accepted recipients is 0!\n");
-    retval = FAIL;
-  } 
-  else {
-/*  if(rcpt_count < recipients_count) {
-    recipients_count=0;
-    for(i=0; i < rcpt_count; i++){
-      DEBUG(D_acl)
-        debug_printf("Adding the new recipient: %s\n", dcc_rcpt[i].address);
-      receive_add_recipient(dcc_rcpt[i].address, -1);
-    } */
-    retval = OK;
-  }
+    debug_printf("\n--------------------------\nOverall result = %d\nX-DCC header: %s\nReturn message: %s\ndcc_result: %s\n", retval, xhdr, dcc_return_text, dcc_result);


   /* We only add the X-DCC header if it starts with X-DCC */
   if(!(Ustrncmp(xhdr, "X-DCC", 5))){
@@ -562,7 +519,7 @@
   dcc_ok = 1;
   /* Now return to exim main process */
   DEBUG(D_acl)
-    debug_printf("Before returning to exim main process:\nreturn_text = %s - retval = %d\n", dcc_return_text, retval);
+    debug_printf("Before returning to exim main process:\nreturn_text = %s - retval = %d\ndcc_result = %s\n", dcc_return_text, retval, dcc_result);


(void)fclose(data_file);
return retval;