From: Wietse Venema Date: Sat, 3 Mar 2012 05:00:00 +0000 (-0500) Subject: postfix-2.10-20120303 X-Git-Tag: v2.10.0-RC1~35 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=15bb9dcf1808e83a224fd99813c4c1498bf33775;p=thirdparty%2Fpostfix.git postfix-2.10-20120303 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 31dd8cfc4..de788f25a 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -17661,3 +17661,10 @@ Apologies for any names omitted. 20120226 Cleanup: documentation in postfix-install. + +20120229 + + Feature: smtpd_log_access_permit_actions to enable logging + of specific permit-like actions in Postfix SMTP server + access lists. Files: mantools/postlink, proto/postconf.proto, + global/mail_params.h, smtpd/smtpd.c, smtpd/smtpd_check.c. diff --git a/postfix/README_FILES/SMTPD_ACCESS_README b/postfix/README_FILES/SMTPD_ACCESS_README index f2c1c4579..99981b516 100644 --- a/postfix/README_FILES/SMTPD_ACCESS_README +++ b/postfix/README_FILES/SMTPD_ACCESS_README @@ -262,8 +262,9 @@ warn_if_reject the restriction that you want to test without actually rejecting mail. XCLIENT - With this Postfix 2.1 feature, authorized SMTP clients can impersonate - other systems, so that you can do realistic SMTP access rule tests. - Examples of how to impersonate other systems for access rule testing are - given at the end of the XCLIENT_README document. + With this feature, an authorized SMTP client can impersonate other systems + and perform realistic SMTP access rule tests. Examples of how to + impersonate other systems for access rule testing are given at the end of + the XCLIENT_README document. + This feature is available in Postfix 2.1. diff --git a/postfix/WISHLIST b/postfix/WISHLIST index f9f68c94a..b9b1ba46a 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -6,6 +6,16 @@ Wish list: Things to do after the stable release: + smtpd: find out what the interactions would be between + warn_if_permit, and explicit or implicit defer_if_reject + and defer_if_permit actions. If this can't be stated in + simple terms, then it won't be implemented. + + postscreen: in the dummy SMTP engine, log the protocol state + at time of violation (like smtpd, set state->where initially + to CONNECT, then update it with the name of the last "known" + command, or set it to "unimplemented"). + The discussion of postscreen cache configuration is in the wrong place (how whitelisting works). Move it to the section about configuring postscreen. diff --git a/postfix/html/SMTPD_ACCESS_README.html b/postfix/html/SMTPD_ACCESS_README.html index 9476da6d7..eb13ca551 100644 --- a/postfix/html/SMTPD_ACCESS_README.html +++ b/postfix/html/SMTPD_ACCESS_README.html @@ -355,11 +355,23 @@ rejecting a command, Postfix logs what it would reject. Specify restriction that you want to test without actually rejecting mail.

-
XCLIENT

With this Postfix 2.1 feature, authorized -SMTP clients can impersonate other systems, so that you can do -realistic SMTP access rule tests. Examples of how to impersonate -other systems for access rule testing are given at the end of the -XCLIENT_README document.

+ + +
XCLIENT

With this feature, an authorized SMTP +client can impersonate other systems and perform realistic SMTP +access rule tests. Examples of how to impersonate other systems +for access rule testing are given at the end of the XCLIENT_README +document.
This feature is available in Postfix 2.1.

+
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 81fb9221a..5440eb3f7 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -13034,6 +13034,41 @@ overload to just 1. With Postfix 2.5 and earlier, the SMTP server always allows up to 100 junk commands by default.

+ + +
smtpd_log_access_permit_actions +(default: empty)
+ +

Enable logging of the named "permit" actions in SMTP server +access lists. This does not affect conditional actions such as +"defer_if_permit".

+ +

Specify a list of "permit" action names, "/file/name" or +"type:table" patterns, separated by commas and/or whitespace. The +list is matched left to right, and the search stops on the first +match. A "/file/name" pattern is replaced by its contents; a +"type:table" lookup table is matched when a name matches a lookup +key (the lookup result is ignored). Continue long lines by starting +the next line with whitespace. Specify "!pattern" to exclude a name +from the list.

+ +

Examples:

+ +
+/etc/postfix/main.cf:
+    # Log all "permit" actions.
+    smtpd_log_access_permit_actions = static:all
+
+ +
+/etc/postfix/main.cf:
+    # Log "permit_dnswl_client" only.
+    smtpd_log_access_permit_actions = permit_dnswl_client
+
+ +

This feature is available in Postfix 2.10 and later.

+ +
smtpd_milters diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 51d526662..0165c2d1e 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -673,19 +673,25 @@ SMTPD(8) SMTPD(8) What remote SMTP clients are allowed to use the XCLIENT feature. + Available in Postfix version 2.10 and later: + + smtpd_log_access_permit_actions (empty) + Enable logging of the named "permit" actions in + SMTP server access lists. + KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS - As of Postfix version 2.0, the SMTP server rejects mail - for unknown recipients. This prevents the mail queue from - clogging up with undeliverable MAILER-DAEMON messages. - Additional information on this topic is in the + As of Postfix version 2.0, the SMTP server rejects mail + for unknown recipients. This prevents the mail queue from + clogging up with undeliverable MAILER-DAEMON messages. + Additional information on this topic is in the LOCAL_RECIPIENT_README and ADDRESS_CLASS_README documents. show_user_unknown_table_name (yes) - Display the name of the recipient table in the + Display the name of the recipient table in the "User unknown" responses. canonical_maps (empty) - Optional address mapping lookup tables for message + Optional address mapping lookup tables for message headers and envelopes. recipient_canonical_maps (empty) @@ -696,7 +702,7 @@ SMTPD(8) SMTPD(8) mydestination ($myhostname, localhost.$mydomain, local- host) - The list of domains that are delivered via the + The list of domains that are delivered via the $local_transport mail delivery transport. inet_interfaces (all) @@ -705,73 +711,73 @@ SMTPD(8) SMTPD(8) proxy_interfaces (empty) The network interface addresses that this mail sys- - tem receives mail on by way of a proxy or network + tem receives mail on by way of a proxy or network address translation unit. inet_protocols (all) - The Internet protocols Postfix will attempt to use + The Internet protocols Postfix will attempt to use when making or accepting connections. local_recipient_maps (proxy:unix:passwd.byname $alias_maps) - Lookup tables with all names or addresses of local - recipients: a recipient address is local when its - domain matches $mydestination, $inet_interfaces or + Lookup tables with all names or addresses of local + recipients: a recipient address is local when its + domain matches $mydestination, $inet_interfaces or $proxy_interfaces. unknown_local_recipient_reject_code (550) - The numerical Postfix SMTP server response code - when a recipient address is local, and - $local_recipient_maps specifies a list of lookup + The numerical Postfix SMTP server response code + when a recipient address is local, and + $local_recipient_maps specifies a list of lookup tables that does not match the recipient. - Parameters concerning known/unknown recipients of relay + Parameters concerning known/unknown recipients of relay destinations: relay_domains ($mydestination) - What destination domains (and subdomains thereof) + What destination domains (and subdomains thereof) this system will relay mail to. relay_recipient_maps (empty) - Optional lookup tables with all valid addresses in + Optional lookup tables with all valid addresses in the domains that match $relay_domains. unknown_relay_recipient_reject_code (550) The numerical Postfix SMTP server reply code when a - recipient address matches $relay_domains, and - relay_recipient_maps specifies a list of lookup + recipient address matches $relay_domains, and + relay_recipient_maps specifies a list of lookup tables that does not match the recipient address. - Parameters concerning known/unknown recipients in virtual + Parameters concerning known/unknown recipients in virtual alias domains: virtual_alias_domains ($virtual_alias_maps) Postfix is final destination for the specified list - of virtual alias domains, that is, domains for - which all addresses are aliased to addresses in + of virtual alias domains, that is, domains for + which all addresses are aliased to addresses in other local or remote domains. virtual_alias_maps ($virtual_maps) - Optional lookup tables that alias specific mail - addresses or domains to other local or remote + Optional lookup tables that alias specific mail + addresses or domains to other local or remote address. unknown_virtual_alias_reject_code (550) The Postfix SMTP server reply code when a recipient - address matches $virtual_alias_domains, and $vir- - tual_alias_maps specifies a list of lookup tables + address matches $virtual_alias_domains, and $vir- + tual_alias_maps specifies a list of lookup tables that does not match the recipient address. - Parameters concerning known/unknown recipients in virtual + Parameters concerning known/unknown recipients in virtual mailbox domains: virtual_mailbox_domains ($virtual_mailbox_maps) Postfix is final destination for the specified list - of domains; mail is delivered via the $vir- + of domains; mail is delivered via the $vir- tual_transport mail delivery transport. virtual_mailbox_maps (empty) - Optional lookup tables with all valid addresses in + Optional lookup tables with all valid addresses in the domains that match $virtual_mailbox_domains. unknown_virtual_mailbox_reject_code (550) @@ -781,70 +787,70 @@ SMTPD(8) SMTPD(8) that does not match the recipient address. RESOURCE AND RATE CONTROLS - The following parameters limit resource usage by the SMTP + The following parameters limit resource usage by the SMTP server and/or control client request rates. line_length_limit (2048) - Upon input, long lines are chopped up into pieces - of at most this length; upon delivery, long lines + Upon input, long lines are chopped up into pieces + of at most this length; upon delivery, long lines are reconstructed. queue_minfree (0) - The minimal amount of free space in bytes in the + The minimal amount of free space in bytes in the queue file system that is needed to receive mail. message_size_limit (10240000) - The maximal size in bytes of a message, including + The maximal size in bytes of a message, including envelope information. smtpd_recipient_limit (1000) - The maximal number of recipients that the Postfix + The maximal number of recipients that the Postfix SMTP server accepts per message delivery request. smtpd_timeout (normal: 300s, overload: 10s) - The time limit for sending a Postfix SMTP server - response and for receiving a remote SMTP client + The time limit for sending a Postfix SMTP server + response and for receiving a remote SMTP client request. smtpd_history_flush_threshold (100) - The maximal number of lines in the Postfix SMTP - server command history before it is flushed upon + The maximal number of lines in the Postfix SMTP + server command history before it is flushed upon receipt of EHLO, RSET, or end of DATA. Available in Postfix version 2.3 and later: smtpd_peername_lookup (yes) Attempt to look up the remote SMTP client hostname, - and verify that the name matches the client IP + and verify that the name matches the client IP address. The per SMTP client connection count and request rate lim- its are implemented in co-operation with the anvil(8) ser- - vice, and are available in Postfix version 2.2 and later. + vice, and are available in Postfix version 2.2 and later. smtpd_client_connection_count_limit (50) - How many simultaneous connections any client is + How many simultaneous connections any client is allowed to make to this service. smtpd_client_connection_rate_limit (0) The maximal number of connection attempts any - client is allowed to make to this service per time + client is allowed to make to this service per time unit. smtpd_client_message_rate_limit (0) - The maximal number of message delivery requests - that any client is allowed to make to this service + The maximal number of message delivery requests + that any client is allowed to make to this service per time unit, regardless of whether or not Postfix actually accepts those messages. smtpd_client_recipient_rate_limit (0) - The maximal number of recipient addresses that any - client is allowed to send to this service per time + The maximal number of recipient addresses that any + client is allowed to send to this service per time unit, regardless of whether or not Postfix actually accepts those recipients. smtpd_client_event_limit_exceptions ($mynetworks) - Clients that are excluded from + Clients that are excluded from smtpd_client_*_count/rate_limit restrictions. Available in Postfix version 2.3 and later: @@ -858,59 +864,59 @@ SMTPD(8) SMTPD(8) smtpd_per_record_deadline (normal: no, overload: yes) Change the behavior of the smtpd_timeout time - limit, from a time limit per read or write system + limit, from a time limit per read or write system call, to a time limit to send or receive a complete - record (an SMTP command line, SMTP response line, - SMTP message content line, or TLS protocol mes- + record (an SMTP command line, SMTP response line, + SMTP message content line, or TLS protocol mes- sage). TARPIT CONTROLS - When a remote SMTP client makes errors, the Postfix SMTP - server can insert delays before responding. This can help - to slow down run-away software. The behavior is con- - trolled by an error counter that counts the number of - errors within an SMTP session that a client makes without + When a remote SMTP client makes errors, the Postfix SMTP + server can insert delays before responding. This can help + to slow down run-away software. The behavior is con- + trolled by an error counter that counts the number of + errors within an SMTP session that a client makes without delivering mail. smtpd_error_sleep_time (1s) With Postfix version 2.1 and later: the SMTP server - response delay after a client has made more than - $smtpd_soft_error_limit errors, and fewer than - $smtpd_hard_error_limit errors, without delivering + response delay after a client has made more than + $smtpd_soft_error_limit errors, and fewer than + $smtpd_hard_error_limit errors, without delivering mail. smtpd_soft_error_limit (10) - The number of errors a remote SMTP client is - allowed to make without delivering mail before the + The number of errors a remote SMTP client is + allowed to make without delivering mail before the Postfix SMTP server slows down all its responses. smtpd_hard_error_limit (normal: 20, overload: 1) - The maximal number of errors a remote SMTP client + The maximal number of errors a remote SMTP client is allowed to make without delivering mail. smtpd_junk_command_limit (normal: 100, overload: 1) - The number of junk commands (NOOP, VRFY, ETRN or + The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote SMTP client can send before the - Postfix SMTP server starts to increment the error + Postfix SMTP server starts to increment the error counter with each junk command. Available in Postfix version 2.1 and later: smtpd_recipient_overshoot_limit (1000) - The number of recipients that a remote SMTP client - can send in excess of the limit specified with + The number of recipients that a remote SMTP client + can send in excess of the limit specified with $smtpd_recipient_limit, before the Postfix SMTP - server increments the per-session error count for + server increments the per-session error count for each excess recipient. ACCESS POLICY DELEGATION CONTROLS - As of version 2.1, Postfix can be configured to delegate - access policy decisions to an external server that runs - outside Postfix. See the file SMTPD_POLICY_README for + As of version 2.1, Postfix can be configured to delegate + access policy decisions to an external server that runs + outside Postfix. See the file SMTPD_POLICY_README for more information. smtpd_policy_service_max_idle (300s) - The time after which an idle SMTPD policy service + The time after which an idle SMTPD policy service connection is closed. smtpd_policy_service_max_ttl (1000s) @@ -918,22 +924,22 @@ SMTPD(8) SMTPD(8) connection is closed. smtpd_policy_service_timeout (100s) - The time limit for connecting to, writing to or + The time limit for connecting to, writing to or receiving from a delegated SMTPD policy server. ACCESS CONTROLS - The SMTPD_ACCESS_README document gives an introduction to + The SMTPD_ACCESS_README document gives an introduction to all the SMTP server access control features. smtpd_delay_reject (yes) - Wait until the RCPT TO command before evaluating + Wait until the RCPT TO command before evaluating $smtpd_client_restrictions, $smtpd_helo_restric- tions and $smtpd_sender_restrictions, or wait until - the ETRN command before evaluating + the ETRN command before evaluating $smtpd_client_restrictions and $smtpd_helo_restric- tions. - parent_domain_matches_subdomains (see 'postconf -d' out- + parent_domain_matches_subdomains (see 'postconf -d' out- put) What Postfix features match subdomains of "domain.tld" automatically, instead of requiring an @@ -941,129 +947,129 @@ SMTPD(8) SMTPD(8) smtpd_client_restrictions (empty) Optional Postfix SMTP server access restrictions in - the context of a remote SMTP client connection + the context of a remote SMTP client connection request. smtpd_helo_required (no) Require that a remote SMTP client introduces itself - with the HELO or EHLO command before sending the - MAIL command or other commands that require EHLO + with the HELO or EHLO command before sending the + MAIL command or other commands that require EHLO negotiation. smtpd_helo_restrictions (empty) - Optional restrictions that the Postfix SMTP server + Optional restrictions that the Postfix SMTP server applies in the context of the SMTP HELO command. smtpd_sender_restrictions (empty) - Optional restrictions that the Postfix SMTP server + Optional restrictions that the Postfix SMTP server applies in the context of the MAIL FROM command. smtpd_recipient_restrictions (permit_mynetworks, reject_unauth_destination) The access restrictions that the Postfix SMTP - server applies in the context of the RCPT TO com- + server applies in the context of the RCPT TO com- mand. smtpd_etrn_restrictions (empty) - Optional SMTP server access restrictions in the + Optional SMTP server access restrictions in the context of a client ETRN request. allow_untrusted_routing (no) - Forward mail with sender-specified routing - (user[@%!]remote[@%!]site) from untrusted clients + Forward mail with sender-specified routing + (user[@%!]remote[@%!]site) from untrusted clients to destinations matching $relay_domains. smtpd_restriction_classes (empty) - User-defined aliases for groups of access restric- + User-defined aliases for groups of access restric- tions. smtpd_null_access_lookup_key (<>) - The lookup key to be used in SMTP access(5) tables + The lookup key to be used in SMTP access(5) tables instead of the null sender address. permit_mx_backup_networks (empty) Restrict the use of the permit_mx_backup SMTP - access feature to only domains whose primary MX + access feature to only domains whose primary MX hosts match the listed networks. Available in Postfix version 2.0 and later: smtpd_data_restrictions (empty) - Optional access restrictions that the Postfix SMTP + Optional access restrictions that the Postfix SMTP server applies in the context of the SMTP DATA com- mand. smtpd_expansion_filter (see 'postconf -d' output) - What characters are allowed in $name expansions of + What characters are allowed in $name expansions of RBL reply templates. Available in Postfix version 2.1 and later: smtpd_reject_unlisted_sender (no) - Request that the Postfix SMTP server rejects mail - from unknown sender addresses, even when no - explicit reject_unlisted_sender access restriction + Request that the Postfix SMTP server rejects mail + from unknown sender addresses, even when no + explicit reject_unlisted_sender access restriction is specified. smtpd_reject_unlisted_recipient (yes) - Request that the Postfix SMTP server rejects mail + Request that the Postfix SMTP server rejects mail for unknown recipient addresses, even when no - explicit reject_unlisted_recipient access restric- + explicit reject_unlisted_recipient access restric- tion is specified. Available in Postfix version 2.2 and later: smtpd_end_of_data_restrictions (empty) - Optional access restrictions that the Postfix SMTP - server applies in the context of the SMTP END-OF- + Optional access restrictions that the Postfix SMTP + server applies in the context of the SMTP END-OF- DATA command. SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS - Postfix version 2.1 introduces sender and recipient - address verification. This feature is implemented by - sending probe email messages that are not actually deliv- - ered. This feature is requested via the reject_unveri- - fied_sender and reject_unverified_recipient access - restrictions. The status of verification probes is main- + Postfix version 2.1 introduces sender and recipient + address verification. This feature is implemented by + sending probe email messages that are not actually deliv- + ered. This feature is requested via the reject_unveri- + fied_sender and reject_unverified_recipient access + restrictions. The status of verification probes is main- tained by the verify(8) server. See the file ADDRESS_VER- - IFICATION_README for information about how to configure + IFICATION_README for information about how to configure and operate the Postfix sender/recipient address verifica- tion service. address_verify_poll_count (normal: 3, overload: 1) - How many times to query the verify(8) service for - the completion of an address verification request + How many times to query the verify(8) service for + the completion of an address verification request in progress. address_verify_poll_delay (3s) - The delay between queries for the completion of an + The delay between queries for the completion of an address verification request in progress. address_verify_sender ($double_bounce_sender) - The sender address to use in address verification + The sender address to use in address verification probes; prior to Postfix 2.5 the default was "post- master". unverified_sender_reject_code (450) - The numerical Postfix SMTP server response code - when a recipient address is rejected by the + The numerical Postfix SMTP server response code + when a recipient address is rejected by the reject_unverified_sender restriction. unverified_recipient_reject_code (450) - The numerical Postfix SMTP server response when a + The numerical Postfix SMTP server response when a recipient address is rejected by the reject_unveri- fied_recipient restriction. Available in Postfix version 2.6 and later: unverified_sender_defer_code (450) - The numerical Postfix SMTP server response code - when a sender address probe fails due to a tempo- + The numerical Postfix SMTP server response code + when a sender address probe fails due to a tempo- rary error condition. unverified_recipient_defer_code (450) - The numerical Postfix SMTP server response when a - recipient address probe fails due to a temporary + The numerical Postfix SMTP server response when a + recipient address probe fails due to a temporary error condition. unverified_sender_reject_reason (empty) @@ -1077,7 +1083,7 @@ SMTPD(8) SMTPD(8) unverified_sender_tempfail_action ($reject_temp- fail_action) The Postfix SMTP server's action when reject_unver- - ified_sender fails due to a temporary error condi- + ified_sender fails due to a temporary error condi- tion. unverified_recipient_tempfail_action ($reject_temp- @@ -1094,7 +1100,7 @@ SMTPD(8) SMTPD(8) addresses. ACCESS CONTROL RESPONSES - The following parameters control numerical SMTP reply + The following parameters control numerical SMTP reply codes and/or text responses. access_map_reject_code (554) @@ -1102,18 +1108,18 @@ SMTPD(8) SMTPD(8) an access(5) map "reject" action. defer_code (450) - The numerical Postfix SMTP server response code - when a remote SMTP client request is rejected by + The numerical Postfix SMTP server response code + when a remote SMTP client request is rejected by the "defer" restriction. invalid_hostname_reject_code (501) - The numerical Postfix SMTP server response code - when the client HELO or EHLO command parameter is - rejected by the reject_invalid_helo_hostname + The numerical Postfix SMTP server response code + when the client HELO or EHLO command parameter is + rejected by the reject_invalid_helo_hostname restriction. maps_rbl_reject_code (554) - The numerical Postfix SMTP server response code + The numerical Postfix SMTP server response code when a remote SMTP client request is blocked by the reject_rbl_client, reject_rhsbl_client, reject_rhsbl_reverse_client, reject_rhsbl_sender or @@ -1121,53 +1127,53 @@ SMTPD(8) SMTPD(8) non_fqdn_reject_code (504) The numerical Postfix SMTP server reply code when a - client request is rejected by the + client request is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender or reject_non_fqdn_recipient restriction. plaintext_reject_code (450) - The numerical Postfix SMTP server response code - when a request is rejected by the reject_plain- + The numerical Postfix SMTP server response code + when a request is rejected by the reject_plain- text_session restriction. reject_code (554) - The numerical Postfix SMTP server response code - when a remote SMTP client request is rejected by + The numerical Postfix SMTP server response code + when a remote SMTP client request is rejected by the "reject" restriction. relay_domains_reject_code (554) - The numerical Postfix SMTP server response code - when a client request is rejected by the + The numerical Postfix SMTP server response code + when a client request is rejected by the reject_unauth_destination recipient restriction. unknown_address_reject_code (450) - The numerical Postfix SMTP server response code - when a sender or recipient address is rejected by + The numerical Postfix SMTP server response code + when a sender or recipient address is rejected by the reject_unknown_sender_domain or reject_unknown_recipient_domain restriction. unknown_client_reject_code (450) - The numerical Postfix SMTP server response code - when a client without valid address <=> name map- + The numerical Postfix SMTP server response code + when a client without valid address <=> name map- ping is rejected by the reject_unknown_client_host- name restriction. unknown_hostname_reject_code (450) - The numerical Postfix SMTP server response code - when the hostname specified with the HELO or EHLO - command is rejected by the + The numerical Postfix SMTP server response code + when the hostname specified with the HELO or EHLO + command is rejected by the reject_unknown_helo_hostname restriction. Available in Postfix version 2.0 and later: default_rbl_reply (see 'postconf -d' output) - The default Postfix SMTP server response template - for a request that is rejected by an RBL-based + The default Postfix SMTP server response template + for a request that is rejected by an RBL-based restriction. multi_recipient_bounce_reject_code (550) - The numerical Postfix SMTP server response code + The numerical Postfix SMTP server response code when a remote SMTP client request is blocked by the reject_multi_recipient_bounce restriction. @@ -1178,38 +1184,38 @@ SMTPD(8) SMTPD(8) access_map_defer_code (450) The numerical Postfix SMTP server response code for - an access(5) map "defer" action, including + an access(5) map "defer" action, including "defer_if_permit" or "defer_if_reject". reject_tempfail_action (defer_if_permit) The Postfix SMTP server's action when a reject-type - restriction fails due to a temporary error condi- + restriction fails due to a temporary error condi- tion. unknown_helo_hostname_tempfail_action ($reject_temp- fail_action) - The Postfix SMTP server's action when + The Postfix SMTP server's action when reject_unknown_helo_hostname fails due to an tempo- rary error condition. unknown_address_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when + The Postfix SMTP server's action when reject_unknown_sender_domain or - reject_unknown_recipient_domain fail due to a tem- + reject_unknown_recipient_domain fail due to a tem- porary error condition. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a + How much time a Postfix daemon process may take to + handle a request before it is terminated by a built-in watchdog timer. command_directory (see 'postconf -d' output) - The location of all postfix administrative com- + The location of all postfix administrative com- mands. double_bounce_sender (double-bounce) @@ -1230,13 +1236,13 @@ SMTPD(8) SMTPD(8) and most Postfix daemon processes. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection + The maximum amount of time that an idle Postfix + daemon process waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- + The maximal number of incoming connections that a + Postfix daemon process will service before termi- nating voluntarily. myhostname (see 'postconf -d' output) @@ -1248,19 +1254,19 @@ SMTPD(8) SMTPD(8) myorigin ($myhostname) The domain name that locally-posted mail appears to - come from, and that locally posted mail is deliv- + come from, and that locally posted mail is deliv- ered to. process_id (read-only) - The process ID of a Postfix command or daemon + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- + The location of the Postfix top-level queue direc- tory. recipient_delimiter (empty) @@ -1268,28 +1274,28 @@ SMTPD(8) SMTPD(8) sions (user+foo). smtpd_banner ($myhostname ESMTP $mail_name) - The text that follows the 220 status code in the + The text that follows the 220 status code in the SMTP greeting banner. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" + The mail system name that is prepended to the + process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". Available in Postfix version 2.2 and later: smtpd_forbidden_commands (CONNECT, GET, POST) List of commands that cause the Postfix SMTP server - to immediately terminate the session with a 221 + to immediately terminate the session with a 221 code. Available in Postfix version 2.5 and later: smtpd_client_port_logging (no) - Enable logging of the remote SMTP client port in + Enable logging of the remote SMTP client port in addition to the hostname and IP address. SEE ALSO @@ -1319,7 +1325,7 @@ SMTPD(8) SMTPD(8) XFORWARD_README, Postfix XFORWARD extension LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 23cf48301..afeb6365f 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -8213,6 +8213,43 @@ smtpd_error_sleep_time and smtpd_soft_error_limit configuration parameters. Normally the default limit is 100, but it changes under overload to just 1. With Postfix 2.5 and earlier, the SMTP server always allows up to 100 junk commands by default. +.SH smtpd_log_access_permit_actions (default: empty) +Enable logging of the named "permit" actions in SMTP server +access lists. This does not affect conditional actions such as +"defer_if_permit". +.PP +Specify a list of "permit" action names, "/file/name" or +"type:table" patterns, separated by commas and/or whitespace. The +list is matched left to right, and the search stops on the first +match. A "/file/name" pattern is replaced by its contents; a +"type:table" lookup table is matched when a name matches a lookup +key (the lookup result is ignored). Continue long lines by starting +the next line with whitespace. Specify "!pattern" to exclude a name +from the list. +.PP +Examples: +.PP +.nf +.na +.ft C +/etc/postfix/main.cf: + # Log all "permit" actions. + smtpd_log_access_permit_actions = static:all +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +/etc/postfix/main.cf: + # Log "permit_dnswl_client" only. + smtpd_log_access_permit_actions = permit_dnswl_client +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.10 and later. .SH smtpd_milters (default: empty) A list of Milter (mail filter) applications for new mail that arrives via the Postfix \fBsmtpd\fR(8) server. Specify space or comma as diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index 008c87800..d9f294009 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -552,6 +552,11 @@ the sender. Available in Postfix version 2.1 and later: .IP "\fBsmtpd_authorized_xclient_hosts (empty)\fR" What remote SMTP clients are allowed to use the XCLIENT feature. +.PP +Available in Postfix version 2.10 and later: +.IP "\fBsmtpd_log_access_permit_actions (empty)\fR" +Enable logging of the named "permit" actions in SMTP server +access lists. .SH "KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS" .na .nf diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index 8f3b7f274..7bb31299b 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -483,6 +483,7 @@ while (<>) { s;\bsmtp_skip_5xx_greeting\b;$&;g; s;\bsmtp_skip_quit_response\b;$&;g; s;\bsmtp_xforward_timeout\b;$&;g; + s;\bsmtpd_log_access_permit_actions\b;$&;g; s;\bsmtpd_autho[-]*\n*[ ]*rized_verp_clients\b;$&;g; s;\bsmtpd_autho[-]*\n*[ ]*rized_xclient_hosts\b;$&;g; s;\bsmtpd_autho[-]*\n*[ ]*rized_xforward_hosts\b;$&;g; @@ -824,6 +825,7 @@ while (<>) { s;\breject_plaintext_session\b;$&;g; s;\breject_unauth_pipelining\b;$&;g; s;\bwarn_if_reject\b;$&;g; + s;\bwarn_if_permit\b;$&;g; # Access restrictions - client diff --git a/postfix/proto/SMTPD_ACCESS_README.html b/postfix/proto/SMTPD_ACCESS_README.html index e40a402b7..a3b456176 100644 --- a/postfix/proto/SMTPD_ACCESS_README.html +++ b/postfix/proto/SMTPD_ACCESS_README.html @@ -355,11 +355,23 @@ rejecting a command, Postfix logs what it would reject. Specify restriction that you want to test without actually rejecting mail.

-
XCLIENT

With this Postfix 2.1 feature, authorized -SMTP clients can impersonate other systems, so that you can do -realistic SMTP access rule tests. Examples of how to impersonate -other systems for access rule testing are given at the end of the -XCLIENT_README document.

+ + +
XCLIENT

With this feature, an authorized SMTP +client can impersonate other systems and perform realistic SMTP +access rule tests. Examples of how to impersonate other systems +for access rule testing are given at the end of the XCLIENT_README +document.
This feature is available in Postfix 2.1.

+
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 63804d43c..05d07e2e3 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -5147,6 +5147,15 @@ that contain "reject_warning"). This is useful for testing new restrictions in a "live" environment without risking unnecessary loss of mail. +#
warn_if_permit
+# +#
Change the meaning of the next restriction, so that it logs +#a warning instead of permitting a request (look for logfile records +#that contain "permit_warning"). This is useful for testing new +#restrictions in a "live" environment without risking unexpected +#side effects.
+#This feature is available in Postfix 2.10.
+

@@ -14508,3 +14517,34 @@ secure than the default.

limited to 13 over the lifetime of a daemon process.

This feature is available in Postfix 2.9 and later.

+ +%PARAM smtpd_log_access_permit_actions empty + +

Enable logging of the named "permit" actions in SMTP server +access lists. This does not affect conditional actions such as +"defer_if_permit".

+ +

Specify a list of "permit" action names, "/file/name" or +"type:table" patterns, separated by commas and/or whitespace. The +list is matched left to right, and the search stops on the first +match. A "/file/name" pattern is replaced by its contents; a +"type:table" lookup table is matched when a name matches a lookup +key (the lookup result is ignored). Continue long lines by starting +the next line with whitespace. Specify "!pattern" to exclude a name +from the list.

+ +

Examples:

+ +
+/etc/postfix/main.cf:
+    # Log all "permit" actions.
+    smtpd_log_access_permit_actions = static:all
+
+ +
+/etc/postfix/main.cf:
+    # Log "permit_dnswl_client" only.
+    smtpd_log_access_permit_actions = permit_dnswl_client
+
+ +

This feature is available in Postfix 2.10 and later.

diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 912c012c8..72845e055 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -2154,6 +2154,7 @@ extern int var_map_defer_code; #define CHECK_RECIP_NS_ACL "check_recipient_ns_access" #define WARN_IF_REJECT "warn_if_reject" +#define WARN_IF_PERMIT "warn_if_permit" #define REJECT_RBL "reject_rbl" /* LaMont compatibility */ #define REJECT_RBL_CLIENT "reject_rbl_client" @@ -3612,6 +3613,13 @@ extern bool var_smtpd_rec_deadline; #define DEF_LMTP_REC_DEADLINE 0 extern bool var_smtp_rec_deadline; + /* + * Permit logging. + */ +#define VAR_SMTPD_ACL_PERM_LOG "smtpd_log_access_permit_actions" +#define DEF_SMTPD_ACL_PERM_LOG "" +extern char *var_smtpd_acl_perm_log; + /* * Postfix sendmail command compatibility features. */ diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 00c359944..e47fa4d14 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20120226" +#define MAIL_RELEASE_DATE "20120303" #define MAIL_VERSION_NUMBER "2.10" #ifdef SNAPSHOT diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index aeecbf883..c0f7aa93d 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -514,6 +514,11 @@ /* Available in Postfix version 2.1 and later: /* .IP "\fBsmtpd_authorized_xclient_hosts (empty)\fR" /* What remote SMTP clients are allowed to use the XCLIENT feature. +/* .PP +/* Available in Postfix version 2.10 and later: +/* .IP "\fBsmtpd_log_access_permit_actions (empty)\fR" +/* Enable logging of the named "permit" actions in SMTP server +/* access lists. /* KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS /* .ad /* .fi @@ -1216,6 +1221,7 @@ bool var_smtpd_tls_wrappermode; bool var_smtpd_tls_auth_only; char *var_smtpd_cmd_filter; char *var_smtpd_rej_footer; +char *var_smtpd_acl_perm_log; #ifdef USE_TLS char *var_smtpd_relay_ccerts; @@ -5394,6 +5400,7 @@ int main(int argc, char **argv) #ifdef USE_TLSPROXY VAR_TLSPROXY_SERVICE, DEF_TLSPROXY_SERVICE, &var_tlsproxy_service, 1, 0, #endif + VAR_SMTPD_ACL_PERM_LOG, DEF_SMTPD_ACL_PERM_LOG, &var_smtpd_acl_perm_log, 0, 0, 0, }; static const CONFIG_RAW_TABLE raw_table[] = { diff --git a/postfix/src/smtpd/smtpd.h b/postfix/src/smtpd/smtpd.h index cc4590682..a82c0a612 100644 --- a/postfix/src/smtpd/smtpd.h +++ b/postfix/src/smtpd/smtpd.h @@ -127,6 +127,7 @@ typedef struct { int sender_rcptmap_checked; /* sender validated against maps */ int recipient_rcptmap_checked; /* recipient validated against maps */ int warn_if_reject; /* force reject into warning */ + int warn_if_permit; /* force permit into warning */ SMTPD_DEFER defer_if_reject; /* force reject into deferral */ SMTPD_DEFER defer_if_permit; /* force permit into deferral */ int defer_if_permit_client; /* force permit into warning */ diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 341ae3d42..65a4d46f4 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -350,6 +350,11 @@ static int unk_addr_tf_act; static int unv_rcpt_tf_act; static int unv_from_tf_act; + /* + * Optional permit logging. + */ +static STRING_LIST *smtpd_acl_perm_log; + /* * YASLM. */ @@ -380,6 +385,13 @@ static int unv_from_tf_act; * XXX With warn_if_reject, do raise the defer_if_reject flag when a * permit-style restriction fails. Otherwise, we could reject legitimate * mail. + * + * XXX Figure out the interactions between warn_if_permit and implicit or + * explicit defer_if_permit/reject actions, including the ones that may + * trigger when recursing into a lookup table. + * + * XXX Some DEFER_IF_PERMIT[0-9] macros expect a flag as first argument but are + * given a string argument instead. That is not right. */ static int PRINTFLIKE(5, 6) defer_if(SMTPD_DEFER *, int, int, const char *, const char *,...); static int PRINTFLIKE(5, 6) smtpd_check_reject(SMTPD_STATE *, int, int, const char *, const char *,...); @@ -733,6 +745,12 @@ void smtpd_check_init(void) msg_info("%s = %s", VAR_UNV_RCPT_TF_ACT, tempfail_actions[unv_rcpt_tf_act].name); msg_info("%s = %s", VAR_UNV_FROM_TF_ACT, tempfail_actions[unv_from_tf_act].name); } + + /* + * Optional permit logging. + */ + smtpd_acl_perm_log = string_list_init(MATCH_FLAG_RETURN, + var_smtpd_acl_perm_log); } /* log_whatsup - log as much context as we have */ @@ -757,6 +775,40 @@ static void log_whatsup(SMTPD_STATE *state, const char *whatsup, vstring_free(buf); } +/* smtpd_acl_permit - permit request with optional logging */ + +static int smtpd_acl_permit(SMTPD_STATE *state, const char *action, + const char *reply_class, const char *reply_name, + const char *format,...) +{ + va_list ap; + const char *whatsup; + int retval; + + if (state->warn_if_permit) { + whatsup = "permit_warning"; + retval = SMTPD_CHECK_DUNNO; + } else if (string_list_match(smtpd_acl_perm_log, action) != 0) { + whatsup = "permit"; + retval = SMTPD_CHECK_OK; + } else { + whatsup = 0; + retval = SMTPD_CHECK_OK; + } + if (whatsup != 0) { + vstring_sprintf(error_text, "action=%s for %s=%s", + action, reply_class, reply_name); + if (format) { + vstring_strcat(error_text, " "); + va_start(ap, format); + vstring_vsprintf_append(error_text, format, ap); + va_end(ap); + } + log_whatsup(state, whatsup, STR(error_text)); + } + return (retval); +} + /* smtpd_check_reject - do the boring things that must be done */ static int smtpd_check_reject(SMTPD_STATE *state, int error_class, @@ -993,6 +1045,7 @@ static int permit_inet_interfaces(SMTPD_STATE *state) msg_info("%s: %s %s", myname, state->name, state->addr); if (own_inet_addr((struct sockaddr *) & (state->sockaddr))) + /* Permit logging in generic_checks() only. */ return (SMTPD_CHECK_OK); return (SMTPD_CHECK_DUNNO); } @@ -1007,6 +1060,7 @@ static int permit_mynetworks(SMTPD_STATE *state) msg_info("%s: %s %s", myname, state->name, state->addr); if (namadr_list_match(mynetworks, state->name, state->addr)) + /* Permit logging in generic_checks() only. */ return (SMTPD_CHECK_OK); else if (mynetworks->error == 0) return (SMTPD_CHECK_DUNNO); @@ -1246,6 +1300,7 @@ static int permit_tls_clientcerts(SMTPD_STATE *state, int permit_all_certs) if (TLS_CERT_IS_TRUSTED(state->tls_context) && permit_all_certs) { if (msg_verbose) msg_info("Relaying allowed for all verified client certificates"); + /* Permit logging in generic_checks() only. */ return (SMTPD_CHECK_OK); } @@ -1266,6 +1321,7 @@ static int permit_tls_clientcerts(SMTPD_STATE *state, int permit_all_certs) if (found != 0) { if (msg_verbose) msg_info("Relaying allowed for certified client: %s", found); + /* Permit logging in generic_checks() only. */ return (SMTPD_CHECK_OK); } else if (relay_ccerts->error != 0) { msg_warn("relay_clientcerts: lookup error for fingerprint '%s', " @@ -1969,17 +2025,22 @@ static int check_table_result(SMTPD_STATE *state, const char *table, int cmd_len; static char def_dsn[] = "5.7.1"; DSN_SPLIT dp; + static VSTRING *buf; #ifdef DELAY_ACTION int defer_delay; #endif + if (buf == 0) + buf = vstring_alloc(10); + /* * Parse into command and text. Do not change the input. */ cmd_text = value + strcspn(value, " \t"); cmd_len = cmd_text - value; + vstring_strncpy(buf, value, cmd_len); while (*cmd_text && ISSPACE(*cmd_text)) cmd_text++; @@ -2129,7 +2190,8 @@ static int check_table_result(SMTPD_STATE *state, const char *table, state->saved_flags |= CLEANUP_FLAG_DISCARD; state->discard = 1; #endif - return (SMTPD_CHECK_OK); + return (smtpd_acl_permit(state, STR(buf), reply_class, reply_name, + "from %s", table)); } /* @@ -2242,7 +2304,8 @@ static int check_table_result(SMTPD_STATE *state, const char *table, * mechanism uses this as time stamp. */ if (alldig(value)) - return (SMTPD_CHECK_OK); + return (smtpd_acl_permit(state, STR(buf), reply_class, reply_name, + "from %s", table)); /* * 4xx or 5xx means NO as well. smtpd_check_reject() will validate the @@ -2270,7 +2333,8 @@ static int check_table_result(SMTPD_STATE *state, const char *table, * OK or RELAY means YES. Ignore trailing text. */ if (STREQUAL(value, "OK", cmd_len) || STREQUAL(value, "RELAY", cmd_len)) - return (SMTPD_CHECK_OK); + return (smtpd_acl_permit(state, STR(buf), reply_class, reply_name, + "from %s", table)); /* * Unfortunately, maps must be declared ahead of time so they can be @@ -3632,6 +3696,11 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, state->warn_if_reject = state->recursion; continue; } + if (strcasecmp(name, WARN_IF_PERMIT) == 0) { + if (state->warn_if_permit == 0) + state->warn_if_permit = state->recursion; + continue; + } /* * Spoof the is_map_command() routine, so that we do not have to make @@ -3654,8 +3723,10 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, * Generic restrictions. */ if (strcasecmp(name, PERMIT_ALL) == 0) { - status = SMTPD_CHECK_OK; - if (cpp[1] != 0 && state->warn_if_reject == 0) + status = smtpd_acl_permit(state, name, reply_class, + reply_name, (char *) 0); + if (status == SMTPD_CHECK_OK + && cpp[1] != 0 && state->warn_if_reject == 0) msg_warn("restriction `%s' after `%s' is ignored", cpp[1], PERMIT_ALL); } else if (strcasecmp(name, DEFER_ALL) == 0) { @@ -3714,8 +3785,14 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, status = reject_unknown_reverse_name(state); } else if (strcasecmp(name, PERMIT_INET_INTERFACES) == 0) { status = permit_inet_interfaces(state); + if (status == SMTPD_CHECK_OK) + status = smtpd_acl_permit(state, name, SMTPD_NAME_CLIENT, + state->namaddr, (char *) 0); } else if (strcasecmp(name, PERMIT_MYNETWORKS) == 0) { status = permit_mynetworks(state); + if (status == SMTPD_CHECK_OK) + status = smtpd_acl_permit(state, name, SMTPD_NAME_CLIENT, + state->namaddr, (char *) 0); } else if (is_map_command(state, name, CHECK_CLIENT_ACL, &cpp)) { status = check_namadr_access(state, *cpp, state->name, state->addr, FULL, &found, state->namaddr, @@ -3737,9 +3814,13 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, } else if (strcasecmp(name, PERMIT_DNSWL_CLIENT) == 0) { if (cpp[1] == 0) msg_warn("restriction %s requires domain name argument", name); - else + else { status = permit_dnswl_addr(state, *(cpp += 1), state->addr, SMTPD_NAME_CLIENT); + if (status == SMTPD_CHECK_OK) + status = smtpd_acl_permit(state, name, SMTPD_NAME_CLIENT, + state->namaddr, (char *) 0); + } } else if (strcasecmp(name, REJECT_RHSBL_CLIENT) == 0) { if (cpp[1] == 0) msg_warn("restriction %s requires domain name argument", @@ -3756,9 +3837,13 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, name); else { cpp += 1; - if (strcasecmp(state->name, "unknown") != 0) + if (strcasecmp(state->name, "unknown") != 0) { status = permit_dnswl_domain(state, *cpp, state->name, SMTPD_NAME_CLIENT); + if (status == SMTPD_CHECK_OK) + status = smtpd_acl_permit(state, name, + SMTPD_NAME_CLIENT, state->namaddr, (char *) 0); + } } } else if (strcasecmp(name, REJECT_RHSBL_REVERSE_CLIENT) == 0) { if (cpp[1] == 0) @@ -3837,7 +3922,8 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, if (state->helo_name[strspn(state->helo_name, "0123456789.:")] == 0 && (status = reject_invalid_hostaddr(state, state->helo_name, state->helo_name, SMTPD_NAME_HELO)) == 0) - status = SMTPD_CHECK_OK; + status = smtpd_acl_permit(state, name, SMTPD_NAME_HELO, + state->helo_name, (char *) 0); } } else if (is_map_command(state, name, CHECK_HELO_NS_ACL, &cpp)) { if (state->helo_name) { @@ -3959,12 +4045,20 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, &found, state->recipient, SMTPD_NAME_RECIPIENT, def_acl); } else if (strcasecmp(name, PERMIT_MX_BACKUP) == 0) { - if (state->recipient) + if (state->recipient) { status = permit_mx_backup(state, state->recipient, state->recipient, SMTPD_NAME_RECIPIENT); + if (status == SMTPD_CHECK_OK) + status = smtpd_acl_permit(state, name, SMTPD_NAME_RECIPIENT, + state->recipient, (char *) 0); + } } else if (strcasecmp(name, PERMIT_AUTH_DEST) == 0) { - if (state->recipient) + if (state->recipient) { status = permit_auth_destination(state, state->recipient); + if (status == SMTPD_CHECK_OK) + status = smtpd_acl_permit(state, name, SMTPD_NAME_RECIPIENT, + state->recipient, (char *) 0); + } } else if (strcasecmp(name, REJECT_UNAUTH_DEST) == 0) { if (state->recipient) status = reject_unauth_destination(state, state->recipient); @@ -3972,19 +4066,33 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, if (state->recipient) status = check_relay_domains(state, state->recipient, state->recipient, SMTPD_NAME_RECIPIENT); - if (cpp[1] != 0 && state->warn_if_reject == 0) + if (status == SMTPD_CHECK_OK) + status = smtpd_acl_permit(state, name, SMTPD_NAME_RECIPIENT, + state->recipient, (char *) 0); + if (cpp[1] != 0 && state->warn_if_reject == 0 + && state->warn_if_permit == 0) msg_warn("restriction `%s' after `%s' is ignored", cpp[1], CHECK_RELAY_DOMAINS); } else if (strcasecmp(name, PERMIT_SASL_AUTH) == 0) { #ifdef USE_SASL_AUTH - if (smtpd_sasl_is_active(state)) + if (smtpd_sasl_is_active(state)) { status = permit_sasl_auth(state, SMTPD_CHECK_OK, SMTPD_CHECK_DUNNO); + if (status == SMTPD_CHECK_OK) + status = smtpd_acl_permit(state, name, SMTPD_NAME_CLIENT, + state->namaddr, (char *) 0); + } #endif } else if (strcasecmp(name, PERMIT_TLS_ALL_CLIENTCERTS) == 0) { status = permit_tls_clientcerts(state, 1); + if (status == SMTPD_CHECK_OK) + status = smtpd_acl_permit(state, name, SMTPD_NAME_CLIENT, + state->namaddr, (char *) 0); } else if (strcasecmp(name, PERMIT_TLS_CLIENTCERTS) == 0) { status = permit_tls_clientcerts(state, 0); + if (status == SMTPD_CHECK_OK) + status = smtpd_acl_permit(state, name, SMTPD_NAME_CLIENT, + state->namaddr, (char *) 0); } else if (strcasecmp(name, REJECT_UNKNOWN_RCPTDOM) == 0) { if (state->recipient) status = reject_unknown_address(state, state->recipient, @@ -4072,6 +4180,8 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, } if (state->warn_if_reject >= state->recursion) state->warn_if_reject = 0; + if (state->warn_if_permit >= state->recursion) + state->warn_if_permit = 0; if (status != 0) break; @@ -4197,6 +4307,7 @@ char *smtpd_check_client(SMTPD_STATE *state) #define SMTPD_CHECK_RESET() { \ state->recursion = 0; \ state->warn_if_reject = 0; \ + state->warn_if_permit = 0; \ state->defer_if_reject.active = 0; \ } @@ -4902,6 +5013,7 @@ char *var_unk_name_tf_act; char *var_unk_addr_tf_act; char *var_unv_rcpt_tf_act; char *var_unv_from_tf_act; +char *var_smtpd_acl_perm_log; typedef struct { char *name; @@ -4953,6 +5065,8 @@ static const STRING_TABLE string_table[] = { VAR_UNK_ADDR_TF_ACT, DEF_REJECT_TMPF_ACT, &var_unk_addr_tf_act, VAR_UNV_RCPT_TF_ACT, DEF_REJECT_TMPF_ACT, &var_unv_rcpt_tf_act, VAR_UNV_FROM_TF_ACT, DEF_REJECT_TMPF_ACT, &var_unv_from_tf_act, + /* XXX Can't use ``$name'' type default values above. */ + VAR_SMTPD_ACL_PERM_LOG, DEF_SMTPD_ACL_PERM_LOG, &var_smtpd_acl_perm_log, 0, };