Victor Duchovni for Solaris 2.5.1, but we play safe and
enable it unconditionally.
+20041124
+
+ Feature: configurable list of forbidden SMTP commands
+ (default: smtpd_forbidden_commands = CONNECT, GET, POST)
+ after which the Postfix SMTP server disconnects immediately.
+ The SMTP server always disconnects immediately when the
+ client sends a message header instead of an SMTP command.
+ Magnus Baeck. File: smtpd/smtpd.c.
+
Open problems:
+ Med: implement ${name[?:]value} in main.cf or update the
+ postconf(5) manual.
+
Low: reject HELO with any domain name or IP address that
this MTA is the final destination for.
#
# Postfix master process configuration file. For details on the format
-# of the file, see master(5).
+# of the file, see the Postfix master(5) manual page.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
ANVIL(8) ANVIL(8)
<b>NAME</b>
- anvil - Postfix per-client count and rate control
+ anvil - Postfix session count and request rate control
<b>SYNOPSIS</b>
<b>anvil</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
The Postfix <b>anvil</b> server maintains short-term statistics
to defend against clients that hammer a server with either
- too many parallel connections or with too many successive
- requests within a configurable time interval. This server
- is designed to run under control by the Postfix master
- server.
+ too many simultaneous sessions, or with too many succes-
+ sive requests within a configurable time interval. This
+ server is designed to run under control by the Postfix
+ master server.
The <b>anvil</b> server maintains no persistent database. Stan-
dard library utilities do not meet Postfix performance and
Specify one of the following service types:
<b>inet</b> The service listens on a TCP/IP socket and
- is therefore accessible via the network.
+ is accessible via the network.
The service name is specified as <i>host:port</i>,
denoting the host and port on which new con-
service name) or in numeric form (IP address
or port number).
- Examples: a service name of <b>127.0.0.1:smtp</b>
+ Examples: a service named <b>127.0.0.1:smtp</b>
receives mail via the loopback interface
- only; and a service name of <b>10025</b> accepts
- connections on TCP port 10025 via all inter-
+ only; and a service named <b>10025</b> accepts con-
+ nections on TCP port 10025 via all inter-
faces configured with the <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
parameter.
machine, and <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a> discusses
issues related to running daemons chrooted.
- <b>Wakeup time (default: 0)</b>
+ <b>Wake up time (default: 0)</b>
Automatically wake up the named service after the
specified number of seconds. The wake up is imple-
mented by connecting to the service and sending a
- wake up request. A ? at the end of the wake up
+ wake up request. A ? at the end of the wake-up
time field requests that wake up events be sent
only to services that are actually being used.
Specify 0 for no automatic wake up.
<b>CONFIGURATION PARAMETERS</b>
Changes to <b>main.cf</b> are not picked up automatically, as
- <a href="qmgr.8.html">oqmgr(8)</a> processes are persistent. Use the command "<b>post-</b>
- <b>fix reload</b>" after a configuration change.
+ <a href="qmgr.8.html">oqmgr(8)</a> is a persistent process. Use the command "<b>postfix</b>
+ <b>reload</b>" after a configuration change.
The text below provides only a parameter summary. See
<a href="postconf.5.html">postconf(5)</a> for more details including examples.
that was found. The exit status is zero when at
least one of the requested keys was found.
- <b>-r</b> When updating a table, do not warn about duplicate
- entries; silently replace them.
+ <b>-r</b> When updating a table, do not complain about
+ attempts to update existing entries, and make those
+ updates anyway.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
+ tiple <b>-v</b> options make the software increasingly
verbose.
- <b>-w</b> When updating a table, do not warn about duplicate
- entries; silently ignore them.
+ <b>-w</b> When updating a table, do not complain about
+ attempts to update existing entries, and ignore
+ those attempts.
Arguments:
</p>
+</DD>
+
+<DT><b><a name="smtpd_forbidden_commands">smtpd_forbidden_commands</a>
+(default: CONNECT, GET, POST)</b></DT><DD>
+
+<p>
+List of commands that causes the Postfix SMTP server to immediately
+terminate the session with a 221 code. This can be used to disconnect
+clients that obviously attempt to abuse the system. In addition to the
+commands listed in this parameter, commands that follow the "Label:"
+format of message headers will also cause a disconnect.
+</p>
+
+<p>
+This feature is available in Postfix 2.2 and later.
+</p>
+
+
</DD>
<DT><b><a name="smtpd_hard_error_limit">smtpd_hard_error_limit</a>
that was found. The exit status is zero when at
least one of the requested keys was found.
- <b>-r</b> When updating a table, do not warn about duplicate
- entries; silently replace them.
+ <b>-r</b> When updating a table, do not complain about
+ attempts to update existing entries, and make those
+ updates anyway.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
+ tiple <b>-v</b> options make the software increasingly
verbose.
- <b>-w</b> When updating a table, do not warn about duplicate
- entries; silently ignore them.
+ <b>-w</b> When updating a table, do not complain about
+ attempts to update existing entries, and ignore
+ those attempts.
Arguments:
<b>CONFIGURATION PARAMETERS</b>
Changes to <b>main.cf</b> are not picked up automatically as
- <a href="qmgr.8.html">qmgr(8)</a> processes are persistent. Use the <b>postfix reload</b>
+ <a href="qmgr.8.html">qmgr(8)</a> is a persistent process. Use the <b>postfix reload</b>
command after a configuration change.
The text below provides only a parameter summary. See
cess name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> (CONNECT, GET, POST)</b>
+ List of commands that causes the Postfix SMTP
+ server to immediately terminate the session with a
+ 221 code.
+
<b>SEE ALSO</b>
- <a href="anvil.8.html">anvil(8)</a>, client count and request rate management
+ <a href="anvil.8.html">anvil(8)</a>, connection/rate limiting
<a href="cleanup.8.html">cleanup(8)</a>, message canonicalization
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address resolver
<a href="verify.8.html">verify(8)</a>, address verification service
\fIkey: value\fR output for each key that was found. The exit
status is zero when at least one of the requested keys was found.
.IP \fB-r\fR
-When updating a table, do not warn about duplicate entries; silently
-replace them.
+When updating a table, do not complain about attempts to update
+existing entries, and make those updates anyway.
.IP \fB-v\fR
Enable verbose logging for debugging purposes. Multiple \fB-v\fR
options make the software increasingly verbose.
.IP \fB-w\fR
-When updating a table, do not warn about duplicate entries; silently
-ignore them.
+When updating a table, do not complain about attempts to update
+existing entries, and ignore those attempts.
.PP
Arguments:
.IP \fIfile_type\fR
\fIkey value\fR output for each key that was found. The exit
status is zero when at least one of the requested keys was found.
.IP \fB-r\fR
-When updating a table, do not warn about duplicate entries; silently
-replace them.
+When updating a table, do not complain about attempts to update
+existing entries, and make those updates anyway.
.IP \fB-v\fR
Enable verbose logging for debugging purposes. Multiple \fB-v\fR
options make the software increasingly verbose.
.IP \fB-w\fR
-When updating a table, do not warn about duplicate entries; silently
-ignore them.
+When updating a table, do not complain about attempts to update
+existing entries, and ignore those attempts.
.PP
Arguments:
.IP \fIfile_type\fR
Specify one of the following service types:
.RS
.IP \fBinet\fR
-The service listens on a TCP/IP socket and is therefore
-accessible via the network.
+The service listens on a TCP/IP socket and is accessible
+via the network.
The service name is specified as \fIhost:port\fR, denoting
the host and port on which new connections should be
host or port may be given in symbolic form (host or service
name) or in numeric form (IP address or port number).
.sp
-Examples: a service name of \fB127.0.0.1:smtp\fR receives
-mail via the loopback interface only; and a service name
-of \fB10025\fR accepts connections on TCP port 10025 via
+Examples: a service named \fB127.0.0.1:smtp\fR receives
+mail via the loopback interface only; and a service named
+\fB10025\fR accepts connections on TCP port 10025 via
all interfaces configured with the \fBinet_interfaces\fR
parameter.
.IP \fBunix\fR
chroot environment for your type of machine, and
BASIC_CONFIGURATION_README discusses issues related to
running daemons chrooted.
-.IP "\fBWakeup time (default: 0)\fR"
+.IP "\fBWake up time (default: 0)\fR"
Automatically wake up the named service after the specified
number of seconds. The wake up is implemented by connecting
to the service and sending a wake up request. A ? at the
-end of the wake up time field requests that wake up events
+end of the wake-up time field requests that wake up events
be sent only to services that are actually being used.
Specify 0 for no automatic wake up.
.sp
Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
-.domain names (the initial dot causes the domain to match any name
+\&.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "type:table" patterns. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
-.domain names (the initial dot causes the domain to match any name
+\&.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "type:table" patterns. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
-.domain names (the initial dot causes the domain to match any name
+\&.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "type:table" patterns. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
-.domain names (the initial dot causes the domain to match any name
+\&.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "type:table" patterns. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
This parameter is not subjected to $parameter expansion.
.PP
This feature is available in Postfix 2.0 and later.
+.SH smtpd_forbidden_commands (default: CONNECT, GET, POST)
+List of commands that causes the Postfix SMTP server to immediately
+terminate the session with a 221 code. This can be used to disconnect
+clients that obviously attempt to abuse the system. In addition to the
+commands listed in this parameter, commands that follow the "Label:"
+format of message headers will also cause a disconnect.
+.PP
+This feature is available in Postfix 2.2 and later.
.SH smtpd_hard_error_limit (default: 20)
The maximal number of errors a remote SMTP client is allowed to
make without delivering mail. The Postfix SMTP server disconnects
.SH NAME
anvil
\-
-Postfix per-client count and rate control
+Postfix session count and request rate control
.SH "SYNOPSIS"
.na
.nf
.fi
The Postfix \fBanvil\fR server maintains short-term statistics
to defend against clients that hammer a server with either too
-many parallel connections or with too many successive requests
+many simultaneous sessions, or with too many successive requests
within a configurable time interval.
This server is designed to run under control by the Postfix
master server.
.ad
.fi
Changes to \fBmain.cf\fR are not picked up automatically, as oqmgr(8)
-processes are persistent. Use the command "\fBpostfix reload\fR" after
+is a persistent process. Use the command "\fBpostfix reload\fR" after
a configuration change.
The text below provides only a parameter summary. See
.ad
.fi
Changes to \fBmain.cf\fR are not picked up automatically as qmgr(8)
-processes are persistent. Use the \fBpostfix reload\fR command after
+is a persistent process. Use the \fBpostfix reload\fR command after
a configuration change.
The text below provides only a parameter summary. See
.IP "\fBsyslog_name (postfix)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
+.PP
+Available in Postfix version 2.2 and later:
+.IP "\fBsmtpd_forbidden_commands (CONNECT, GET, POST)\fR"
+List of commands that causes the Postfix SMTP server to immediately
+terminate the session with a 221 code.
.SH "SEE ALSO"
.na
.nf
-anvil(8), client count and request rate management
+anvil(8), connection/rate limiting
cleanup(8), message canonicalization
trivial-rewrite(8), address resolver
verify(8), address verification service
$block .= $_;
} while(($_ = <>) && /\S/);
+ $block =~ s/\n\./\n\\\&./g;
if ($block =~ /<H2>/) {
$block =~ s/<H2><a[^>]+>([^<]+)<\/a><\/H2>/\n.SH \1\n/g;
$block =~ tr/a-z/A-Z/;
s;\bsmtpd_error_sleep_time\b;<a href="postconf.5.html#smtpd_error_sleep_time">$&</a>;g;
s;\bsmtpd_etrn_restrictions\b;<a href="postconf.5.html#smtpd_etrn_restrictions">$&</a>;g;
s;\bsmtpd_expansion_filter\b;<a href="postconf.5.html#smtpd_expansion_filter">$&</a>;g;
+ s;\bsmtpd_forbidden_commands\b;<a href="postconf.5.html#smtpd_forbidden_commands">$&</a>;g;
s;\bsmtpd_hard_error_limit\b;<a href="postconf.5.html#smtpd_hard_error_limit">$&</a>;g;
s;\bsmtpd_helo_required\b;<a href="postconf.5.html#smtpd_helo_required">$&</a>;g;
s;\bsmtpd_helo_restrictions\b;<a href="postconf.5.html#smtpd_helo_restrictions">$&</a>;g;
# Specify one of the following service types:
# .RS
# .IP \fBinet\fR
-# The service listens on a TCP/IP socket and is therefore
-# accessible via the network.
+# The service listens on a TCP/IP socket and is accessible
+# via the network.
#
# The service name is specified as \fIhost:port\fR, denoting
# the host and port on which new connections should be
# host or port may be given in symbolic form (host or service
# name) or in numeric form (IP address or port number).
# .sp
-# Examples: a service name of \fB127.0.0.1:smtp\fR receives
-# mail via the loopback interface only; and a service name
-# of \fB10025\fR accepts connections on TCP port 10025 via
+# Examples: a service named \fB127.0.0.1:smtp\fR receives
+# mail via the loopback interface only; and a service named
+# \fB10025\fR accepts connections on TCP port 10025 via
# all interfaces configured with the \fBinet_interfaces\fR
# parameter.
# .IP \fBunix\fR
# chroot environment for your type of machine, and
# BASIC_CONFIGURATION_README discusses issues related to
# running daemons chrooted.
-# .IP "\fBWakeup time (default: 0)\fR"
+# .IP "\fBWake up time (default: 0)\fR"
# Automatically wake up the named service after the specified
# number of seconds. The wake up is implemented by connecting
# to the service and sending a wake up request. A ? at the
-# end of the wake up time field requests that wake up events
+# end of the wake-up time field requests that wake up events
# be sent only to services that are actually being used.
# Specify 0 for no automatic wake up.
# .sp
This feature is available in Postfix 2.0 and later.
</p>
+%PARAM smtpd_forbidden_commands CONNECT, GET, POST
+
+<p>
+List of commands that causes the Postfix SMTP server to immediately
+terminate the session with a 221 code. This can be used to disconnect
+clients that obviously attempt to abuse the system. In addition to the
+commands listed in this parameter, commands that follow the "Label:"
+format of message headers will also cause a disconnect.
+</p>
+
+<p>
+This feature is available in Postfix 2.2 and later.
+</p>
+
%PARAM smtpd_helo_required no
<p>
/* NAME
/* anvil 8
/* SUMMARY
-/* Postfix per-client count and rate control
+/* Postfix session count and request rate control
/* SYNOPSIS
/* \fBanvil\fR [generic Postfix daemon options]
/* DESCRIPTION
/* The Postfix \fBanvil\fR server maintains short-term statistics
/* to defend against clients that hammer a server with either too
-/* many parallel connections or with too many successive requests
+/* many simultaneous sessions, or with too many successive requests
/* within a configurable time interval.
/* This server is designed to run under control by the Postfix
/* master server.
/* (either the communication with the server is broken or the
/* server experienced a problem).
/* SEE ALSO
-/* anvil(8) Postfix client rate control service
+/* anvil(8), connection/rate limiting
/* LICENSE
/* .ad
/* .fi
if (vstream_ferror(dst) == 0) {
if (var_fault_inj_code == 1)
type = 0;
- if (type != REC_TYPE_XTRA)
+ if (type != REC_TYPE_XTRA) {
+ /* XXX Where is the queue ID? */
+ msg_warn("bad record type: %d in message content", type);
corrupt_error = mark_corrupt(src);
+ }
if (prev_type != REC_TYPE_NORM)
vstream_fputs(eol, dst);
if (flags & MAIL_COPY_BLANK)
#define DEF_SMTPD_NOOP_CMDS ""
extern char *var_smtpd_noop_cmds;
+#define VAR_SMTPD_FORBID_CMDS "smtpd_forbidden_commands"
+#define DEF_SMTPD_FORBID_CMDS "CONNECT GET POST"
+extern char *var_smtpd_forbid_cmds;
+
/*
* SASL authentication support, SMTP server side.
*/
* Patches change the patchlevel and the release date. Snapshots change the
* release date only.
*/
-#define MAIL_RELEASE_DATE "20041119"
+#define MAIL_RELEASE_DATE "20041207"
#define MAIL_VERSION_NUMBER "2.2"
#define VAR_MAIL_VERSION "mail_version"
/* va_list ap;
/* DESCRIPTION
/* verify_clnt_query() requests information about the given address.
-/* The result value is one of the valud status values (see
+/* The result value is one of the valid status values (see
/* status description below).
/* In all cases the \fBwhy\fR argument provides additional
/* information.
smtp_fputs("", 0, session->stream);
if (vstream_ferror(state->src))
msg_fatal("queue file read error");
- if (rec_type != REC_TYPE_XTRA)
+ if (rec_type != REC_TYPE_XTRA) {
+ msg_warn("%s: bad record type: %d in message content",
+ request->queue_id, rec_type);
RETURN(mark_corrupt(state->src));
+ }
}
/*
break;
status = (REC_PUT_BUF(info->cleanup, rec_type, buffer) != rec_type);
}
- if (status == 0 && rec_type != REC_TYPE_XTRA)
+ if (status == 0 && rec_type != REC_TYPE_XTRA) {
+ msg_warn("%s: bad record type: %d in message content",
+ info->queue_id, rec_type);
status |= mark_corrupt(attr.fp);
+ }
/*
* Send the end-of-data marker only when there were no errors.
/* .ad
/* .fi
/* Changes to \fBmain.cf\fR are not picked up automatically, as qmgr(8)
-/* processes are persistent. Use the command "\fBpostfix reload\fR" after
+/* is a persistent process. Use the command "\fBpostfix reload\fR" after
/* a configuration change.
/*
/* The text below provides only a parameter summary. See
/* \fIkey: value\fR output for each key that was found. The exit
/* status is zero when at least one of the requested keys was found.
/* .IP \fB-r\fR
-/* When updating a table, do not warn about duplicate entries; silently
-/* replace them.
+/* When updating a table, do not complain about attempts to update
+/* existing entries, and make those updates anyway.
/* .IP \fB-v\fR
/* Enable verbose logging for debugging purposes. Multiple \fB-v\fR
/* options make the software increasingly verbose.
/* .IP \fB-w\fR
-/* When updating a table, do not warn about duplicate entries; silently
-/* ignore them.
+/* When updating a table, do not complain about attempts to update
+/* existing entries, and ignore those attempts.
/* .PP
/* Arguments:
/* .IP \fIfile_type\fR
/* \fIkey value\fR output for each key that was found. The exit
/* status is zero when at least one of the requested keys was found.
/* .IP \fB-r\fR
-/* When updating a table, do not warn about duplicate entries; silently
-/* replace them.
+/* When updating a table, do not complain about attempts to update
+/* existing entries, and make those updates anyway.
/* .IP \fB-v\fR
/* Enable verbose logging for debugging purposes. Multiple \fB-v\fR
/* options make the software increasingly verbose.
/* .IP \fB-w\fR
-/* When updating a table, do not warn about duplicate entries; silently
-/* ignore them.
+/* When updating a table, do not complain about attempts to update
+/* existing entries, and ignore those attempts.
/* .PP
/* Arguments:
/* .IP \fIfile_type\fR
/* .ad
/* .fi
/* Changes to \fBmain.cf\fR are not picked up automatically as qmgr(8)
-/* processes are persistent. Use the \fBpostfix reload\fR command after
+/* is a persistent process. Use the \fBpostfix reload\fR command after
/* a configuration change.
/*
/* The text below provides only a parameter summary. See
- var_smtp_pix_thresh) {
msg_info("%s: enabling PIX <CRLF>.<CRLF> workaround for %s",
request->queue_id, session->namaddr);
- vstream_fflush(session->stream);/* hurts performance */
+ smtp_flush(session->stream); /* hurts performance */
sleep(var_smtp_pix_delay); /* not to mention this */
}
if (vstream_ferror(state->src))
msg_fatal("queue file read error");
- if (rec_type != REC_TYPE_XTRA)
+ if (rec_type != REC_TYPE_XTRA) {
+ msg_warn("%s: bad record type: %d in message content",
+ request->queue_id, rec_type);
RETURN(mark_corrupt(state->src));
+ }
}
/*
/* ADDRESS REWRITING CONTROLS
/* .ad
/* .fi
-/* See the ADDRESS_REWRITING_README document for a detailed
+/* See the ADDRESS_REWRITING_README document for a detailed
/* discussion of Postfix address rewriting.
/* .IP "\fBreceive_override_options (empty)\fR"
/* Enable or disable recipient validation, built-in content
/* .IP "\fBsyslog_name (postfix)\fR"
/* The mail system name that is prepended to the process name in syslog
/* records, so that "smtpd" becomes, for example, "postfix/smtpd".
+/* .PP
+/* Available in Postfix version 2.2 and later:
+/* .IP "\fBsmtpd_forbidden_commands (CONNECT, GET, POST)\fR"
+/* List of commands that causes the Postfix SMTP server to immediately
+/* terminate the session with a 221 code.
/* SEE ALSO
-/* anvil(8), client count and request rate management
+/* anvil(8), connection/rate limiting
/* cleanup(8), message canonicalization
/* trivial-rewrite(8), address resolver
/* verify(8), address verification service
#include <lex_822.h>
#include <namadr_list.h>
#include <input_transp.h>
+#include <is_header.h>
#ifdef SNAPSHOT
#include <anvil_clnt.h>
#endif
char *var_xforward_hosts;
bool var_smtpd_rej_unl_from;
bool var_smtpd_rej_unl_rcpt;
+char *var_smtpd_forbid_cmds;
#ifdef SNAPSHOT
int var_smtpd_crate_limit;
} SMTPD_CMD;
#define SMTPD_CMD_FLAG_LIMIT (1<<0) /* limit usage */
-#define SMTPD_CMD_FLAG_FORBID (1<<1) /* RFC 2822 mail header */
static SMTPD_CMD smtpd_cmd_table[] = {
"HELO", helo_cmd, SMTPD_CMD_FLAG_LIMIT,
"QUIT", quit_cmd, 0,
"XCLIENT", xclient_cmd, SMTPD_CMD_FLAG_LIMIT,
"XFORWARD", xforward_cmd, SMTPD_CMD_FLAG_LIMIT,
- "Received:", 0, SMTPD_CMD_FLAG_FORBID,
- "Reply-To:", 0, SMTPD_CMD_FLAG_FORBID,
- "Message-ID:", 0, SMTPD_CMD_FLAG_FORBID,
- "Subject:", 0, SMTPD_CMD_FLAG_FORBID,
- "From:", 0, SMTPD_CMD_FLAG_FORBID,
- "CONNECT", 0, SMTPD_CMD_FLAG_FORBID,
- "User-Agent:", 0, SMTPD_CMD_FLAG_FORBID,
0,
};
static STRING_LIST *smtpd_noop_cmds;
+static STRING_LIST *smtpd_forbid_cmds;
/* smtpd_proto - talk the SMTP protocol */
if (strcasecmp(argv[0].strval, cmdp->name) == 0)
break;
if (cmdp->name == 0) {
+ if (is_header(argv[0].strval)
+ || (*var_smtpd_forbid_cmds
+ && string_list_match(smtpd_forbid_cmds, argv[0].strval))) {
+ msg_warn("%s sent non-SMTP command: %.100s",
+ state->namaddr, vstring_str(state->buffer));
+ smtpd_chat_reply(state, "221 Error: I can break rules, too. Goodbye.");
+ break;
+ }
smtpd_chat_reply(state, "502 Error: command not implemented");
state->error_mask |= MAIL_ERROR_PROTOCOL;
state->error_count++;
continue;
}
- if (cmdp->flags & SMTPD_CMD_FLAG_FORBID) {
- msg_warn("%s sent non-SMTP command: %.100s",
- state->namaddr, vstring_str(state->buffer));
- smtpd_chat_reply(state, "221 Error: I can break rules, too. Goodbye.");
- break;
- }
/* XXX We use the real client for connect access control. */
if (state->access_denied && cmdp->action != quit_cmd) {
smtpd_chat_reply(state, "503 Error: access denied for %s",
* case they specify a filename pattern.
*/
smtpd_noop_cmds = string_list_init(MATCH_FLAG_NONE, var_smtpd_noop_cmds);
+ smtpd_forbid_cmds = string_list_init(MATCH_FLAG_NONE, var_smtpd_forbid_cmds);
verp_clients = namadr_list_init(MATCH_FLAG_NONE, var_verp_clients);
xclient_hosts = namadr_list_init(MATCH_FLAG_NONE, var_xclient_hosts);
xforward_hosts = namadr_list_init(MATCH_FLAG_NONE, var_xforward_hosts);
VAR_PERM_MX_NETWORKS, DEF_PERM_MX_NETWORKS, &var_perm_mx_networks, 0, 0,
VAR_SMTPD_SND_AUTH_MAPS, DEF_SMTPD_SND_AUTH_MAPS, &var_smtpd_snd_auth_maps, 0, 0,
VAR_SMTPD_NOOP_CMDS, DEF_SMTPD_NOOP_CMDS, &var_smtpd_noop_cmds, 0, 0,
+ VAR_SMTPD_FORBID_CMDS, DEF_SMTPD_FORBID_CMDS, &var_smtpd_forbid_cmds, 0, 0,
VAR_SMTPD_NULL_KEY, DEF_SMTPD_NULL_KEY, &var_smtpd_null_key, 0, 0,
VAR_RELAY_RCPT_MAPS, DEF_RELAY_RCPT_MAPS, &var_relay_rcpt_maps, 0, 0,
VAR_VERIFY_SENDER, DEF_VERIFY_SENDER, &var_verify_sender, 0, 0,
/* DICT *dict;
/* const char *key;
/*
-/* char *dict_del(dict, key)
+/* int dict_del(dict, key)
/* DICT *dict;
/* const char *key;
/*
/* dictionary.
/*
/* dict_del() removes a dictionary entry, and returns non-zero
-/* in case of problems.
+/* in case of success.
/*
/* dict_seq() iterates over all members in the named dictionary.
/* func is define DICT_SEQ_FUN_FIRST (select first member) or
* In the case of TODO, we have no information about the address, and the
* address is being probed.
*
- * probed: if non-zero, the time of the last outstanding address probe. If
- * zero, there is no outstanding address probe.
+ * probed: if non-zero, the time the currently outstanding address probe was
+ * sent. If zero, there is no outstanding address probe.
*
- * updated: if non-zero, the time of the last processed address probe. If zero,
- * we have no information about the address, and the address is being
+ * updated: if non-zero, the time the address probe result was received. If
+ * zero, we have no information about the address, and the address is being
* probed.
*
* text: descriptive text from delivery agents etc.
if ((probed_text = split_at(buf, ':')) != 0
&& (updated_text = split_at(probed_text, ':')) != 0
- && (*text = split_at(updated_text, ':')) != 0) {
+ && (*text = split_at(updated_text, ':')) != 0
+ && alldig(buf)
+ && alldig(probed_text)
+ && alldig(updated_text)) {
*probed = atol(probed_text);
*updated = atol(updated_text);
*status = atoi(buf);
projects / thirdparty / postfix.git / commitdiff
