From bb1d259c3e1c5111977b589914403de209e3b5d9 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Tue, 10 May 2005 00:00:00 -0500 Subject: [PATCH] postfix-2.3-20050510 --- postfix/HISTORY | 20 +++ postfix/README_FILES/IPV6_README | 6 +- postfix/RELEASE_NOTES | 21 +++ postfix/conf/access | 91 +++++++------ postfix/html/IPV6_README.html | 4 +- postfix/html/access.5.html | 91 +++++++------ postfix/html/postconf.5.html | 18 +++ postfix/html/smtp-sink.1.html | 4 +- postfix/man/man1/smtp-sink.1 | 4 +- postfix/man/man5/access.5 | 20 ++- postfix/man/man5/postconf.5 | 14 ++ postfix/proto/IPV6_README.html | 4 +- postfix/proto/access | 18 ++- postfix/proto/postconf.proto | 18 +++ postfix/src/cleanup/cleanup_envelope.c | 2 +- postfix/src/cleanup/cleanup_extracted.c | 4 - postfix/src/global/mail_version.h | 2 +- postfix/src/smtpd/Makefile.in | 21 ++- postfix/src/smtpd/smtpd.c | 7 +- postfix/src/smtpd/smtpd_acl.ref | 4 +- postfix/src/smtpd/smtpd_check.c | 29 ++--- postfix/src/smtpd/smtpd_check.ref | 80 ++++++------ postfix/src/smtpd/smtpd_check.ref2 | 56 ++++---- postfix/src/smtpd/smtpd_check.ref4 | 4 +- postfix/src/smtpd/smtpd_check_access | 18 +++ postfix/src/smtpd/smtpd_check_dsn.in | 60 +++++++++ postfix/src/smtpd/smtpd_check_dsn.ref | 163 ++++++++++++++++++++++++ postfix/src/smtpd/smtpd_dsn_fix.c | 140 ++++++++++++++++++++ postfix/src/smtpd/smtpd_dsn_fix.h | 35 +++++ postfix/src/smtpd/smtpd_exp.ref | 4 +- postfix/src/smtpd/smtpd_token.c | 1 + postfix/src/smtpstone/smtp-sink.c | 14 +- postfix/src/tls/Makefile.in | 1 + postfix/src/util/Makefile.in | 1 + 34 files changed, 783 insertions(+), 196 deletions(-) create mode 100644 postfix/src/smtpd/smtpd_check_dsn.in create mode 100644 postfix/src/smtpd/smtpd_check_dsn.ref create mode 100644 postfix/src/smtpd/smtpd_dsn_fix.c create mode 100644 postfix/src/smtpd/smtpd_dsn_fix.h diff --git a/postfix/HISTORY b/postfix/HISTORY index 46e7b55c9..729de2949 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -10727,6 +10727,26 @@ Apologies for any names omitted. added support for read timeouts, and added a missing exception handler for the 220 server greeting. File: smtpstone/smtp-sink.c. +20050506 + + Cleanup: with "REJECT 4.X.Y ..." actions in header/body_checks, + change the SMTP server reply code from 550 into 450, instead + of having the SMTP server change the DSN into 5.X.Y. File: + smtpd/smtpd.c. + +20050510 + + Usability: when reporting a sender address problem, transform + a recipient DSN status (e.g., 4.1.1-4.1.6) into the + corresponding sender DSN status, and vice versa; and when + reporting a non-address problem, transform a sender or + recipient DSN status into a generic non-address DSN status + (e.g., 4.0.0). This transformation may be needed when the + same access table or RBL reply template are used for client, + helo, sender, or recipient restrictions; or when the same + error mailer information is used for senders or recipients. + Files: smtpd/smtpd_check.c, smtpd/smtpd_dsn_fix.[hc]. + Open problems: Med: disable header address rewriting after XCLIENT? diff --git a/postfix/README_FILES/IPV6_README b/postfix/README_FILES/IPV6_README index 30b6da631..122e04eea 100644 --- a/postfix/README_FILES/IPV6_README +++ b/postfix/README_FILES/IPV6_README @@ -5,9 +5,9 @@ PPoossttffiixx IIPPvv66 SSuuppppoorrtt IInnttrroodduuccttiioonn Postfix 2.2 introduces support for the IPv6 (IP version 6) protocol. IPv6 -support older Postfix versions was available as an add-on patch. The section -"Compatibility with Postfix <2.2 IPv6 support" below discusses the differences -between these implementations. +support for older Postfix versions was available as an add-on patch. The +section "Compatibility with Postfix <2.2 IPv6 support" below discusses the +differences between these implementations. The main feature of interest is that IPv6 uses 128-bit IP addresses instead of the 32-bit addresses used by IPv4. It can therefore accommodate a much larger diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index c298c1751..bf1897a2f 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -17,6 +17,27 @@ Incompatibility with Postfix 2.1 and earlier If you upgrade from Postfix 2.1 or earlier, read RELEASE_NOTES-2.2 before proceeding. +Major changes with snapshot 20050510 +==================================== + +This release improves usability of DSN (enhanced status codes) in +Postfix access tables, RBL reply templates and in transport maps +that use the error(8) delivery agent. + +- When the SMTP server rejects a sender address, it transforms a + recipient DSN status (e.g., 4.1.1-4.1.6) into the corresponding + sender DSN status, and vice versa. + +- When the SMTP server rejects non-address information (such as the + HELO command parameter or the client hostname/address), it + transforms a sender or recipient DSN status into a generic + non-address DSN status (e.g., 4.0.0). + +These transformations are needed when the same access table or RBL +reply template are used for client, helo, sender, or recipient +restrictions; or when the same error(8) mailer information is used +for both senders and recipients. + Incompatibility with snapshot 20050503 ====================================== diff --git a/postfix/conf/access b/postfix/conf/access index 112b13664..2aa2d4b3a 100644 --- a/postfix/conf/access +++ b/postfix/conf/access @@ -171,24 +171,25 @@ # codes. When no code is specified at the beginning of the # text below, Postfix inserts a default enhanced status code # of "5.7.1" in the case of reject actions, and "4.7.1" in -# the case of defer actions. +# the case of defer actions. See "ENHANCED STATUS CODES" +# below. # # 4NN text # # 5NN text -# Reject the address etc. that matches the pattern, +# Reject the address etc. that matches the pattern, # and respond with the numerical three-digit code and -# text. 4NN means "try again later", while 5NN means +# text. 4NN means "try again later", while 5NN means # "do not try again". # # REJECT optional text... -# Reject the address etc. that matches the pattern. -# Reply with $reject_code optional text... when the -# optional text is specified, otherwise reply with a +# Reject the address etc. that matches the pattern. +# Reply with $reject_code optional text... when the +# optional text is specified, otherwise reply with a # generic error response message. # # DEFER_IF_REJECT optional text... -# Defer the request if some later restriction would +# Defer the request if some later restriction would # result in a REJECT action. Reply with "450 optional # text... when the optional text is specified, other- # wise reply with a generic error response message. @@ -196,10 +197,10 @@ # This feature is available in Postfix 2.1 and later. # # DEFER_IF_PERMIT optional text... -# Defer the request if some later restriction would -# result in a an explicit or implicit PERMIT action. -# Reply with "450 optional text... when the optional -# text is specified, otherwise reply with a generic +# Defer the request if some later restriction would +# result in a an explicit or implicit PERMIT action. +# Reply with "450 optional text... when the optional +# text is specified, otherwise reply with a generic # error response message. # # This feature is available in Postfix 2.1 and later. @@ -210,84 +211,102 @@ # reject_unauth_destination, and so on). # # DISCARD optional text... -# Claim successful delivery and silently discard the -# message. Log the optional text if specified, oth- +# Claim successful delivery and silently discard the +# message. Log the optional text if specified, oth- # erwise log a generic message. # -# Note: this action currently affects all recipients +# Note: this action currently affects all recipients # of the message. # # This feature is available in Postfix 2.0 and later. # -# DUNNO Pretend that the lookup key was not found. This -# prevents Postfix from trying substrings of the -# lookup key (such as a subdomain name, or a network +# DUNNO Pretend that the lookup key was not found. This +# prevents Postfix from trying substrings of the +# lookup key (such as a subdomain name, or a network # address subnetwork). # # This feature is available in Postfix 2.0 and later. # # FILTER transport:destination -# After the message is queued, send the entire mes- +# After the message is queued, send the entire mes- # sage through the specified external content filter. -# The transport:destination syntax is described in -# the transport(5) manual page. More information -# about external content filters is in the Postfix +# The transport:destination syntax is described in +# the transport(5) manual page. More information +# about external content filters is in the Postfix # FILTER_README file. # -# Note: this action overrides the main.cf con- +# Note: this action overrides the main.cf con- # tent_filter setting, and currently affects all # recipients of the message. # # This feature is available in Postfix 2.0 and later. # # HOLD optional text... -# Place the message on the hold queue, where it will -# sit until someone either deletes it or releases it -# for delivery. Log the optional text if specified, +# Place the message on the hold queue, where it will +# sit until someone either deletes it or releases it +# for delivery. Log the optional text if specified, # otherwise log a generic message. # -# Mail that is placed on hold can be examined with -# the postcat(1) command, and can be destroyed or +# Mail that is placed on hold can be examined with +# the postcat(1) command, and can be destroyed or # released with the postsuper(1) command. # -# Note: use "postsuper -r" to release mail that was -# kept on hold for a significant fraction of $maxi- +# Note: use "postsuper -r" to release mail that was +# kept on hold for a significant fraction of $maxi- # mal_queue_lifetime or $bounce_queue_lifetime, or # longer. # -# Note: this action currently affects all recipients +# Note: this action currently affects all recipients # of the message. # # This feature is available in Postfix 2.0 and later. # # PREPEND headername: headervalue -# Prepend the specified message header to the mes- +# Prepend the specified message header to the mes- # sage. When this action is used multiple times, the -# first prepended header appears before the second +# first prepended header appears before the second # etc. prepended header. # -# Note: this action does not support multi-line mes- +# Note: this action does not support multi-line mes- # sage headers. # # This feature is available in Postfix 2.1 and later. # # REDIRECT user@domain -# After the message is queued, send the message to +# After the message is queued, send the message to # the specified address instead of the intended # recipient(s). # -# Note: this action overrides the FILTER action, and +# Note: this action overrides the FILTER action, and # currently affects all recipients of the message. # # This feature is available in Postfix 2.1 and later. # # WARN optional text... # Log a warning with the optional text, together with -# client information and if available, with helo, +# client information and if available, with helo, # sender, recipient and protocol information. # # This feature is available in Postfix 2.1 and later. # +# ENHANCED STATUS CODES +# When an enhanced status code is specified in an access ta- +# ble, it is subject to modification. The following trans- +# formations are needed when the same access table is used +# for client, helo, sender, or recipient access restric- +# tions: +# +# o When rejecting a sender address, the Postfix SMTP +# server will transform a recipient DSN status (e.g., +# 4.1.1-4.1.6) into the corresponding sender DSN sta- +# tus, and vice versa. +# +# o When rejecting non-address information (such as the +# HELO command argument or the client host- +# name/address), the Postfix SMTP server will trans- +# form a sender or recipient DSN status into a +# generic non-address DSN status (e.g., 4.0.0). +# # REGULAR EXPRESSION TABLES # This section describes how the table lookups change when # the table is given in the form of regular expressions. For diff --git a/postfix/html/IPV6_README.html b/postfix/html/IPV6_README.html index fdc41aa5a..536fd638c 100644 --- a/postfix/html/IPV6_README.html +++ b/postfix/html/IPV6_README.html @@ -21,8 +21,8 @@ IPv6 Support

Introduction

Postfix 2.2 introduces support for the IPv6 (IP version 6) -protocol. IPv6 support older Postfix versions was available as an -add-on patch. The section "Compatibility with +protocol. IPv6 support for older Postfix versions was available as +an add-on patch. The section "Compatibility with Postfix <2.2 IPv6 support" below discusses the differences between these implementations.

diff --git a/postfix/html/access.5.html b/postfix/html/access.5.html index 0405bb40d..e81a0ba11 100644 --- a/postfix/html/access.5.html +++ b/postfix/html/access.5.html @@ -177,24 +177,25 @@ ACCESS(5) ACCESS(5) codes. When no code is specified at the beginning of the text below, Postfix inserts a default enhanced status code of "5.7.1" in the case of reject actions, and "4.7.1" in - the case of defer actions. + the case of defer actions. See "ENHANCED STATUS CODES" + below. 4NN text 5NN text - Reject the address etc. that matches the pattern, + Reject the address etc. that matches the pattern, and respond with the numerical three-digit code and - text. 4NN means "try again later", while 5NN means + text. 4NN means "try again later", while 5NN means "do not try again". REJECT optional text... - Reject the address etc. that matches the pattern. - Reply with $reject_code optional text... when the - optional text is specified, otherwise reply with a + Reject the address etc. that matches the pattern. + Reply with $reject_code optional text... when the + optional text is specified, otherwise reply with a generic error response message. DEFER_IF_REJECT optional text... - Defer the request if some later restriction would + Defer the request if some later restriction would result in a REJECT action. Reply with "450 optional text... when the optional text is specified, other- wise reply with a generic error response message. @@ -202,10 +203,10 @@ ACCESS(5) ACCESS(5) This feature is available in Postfix 2.1 and later. DEFER_IF_PERMIT optional text... - Defer the request if some later restriction would - result in a an explicit or implicit PERMIT action. - Reply with "450 optional text... when the optional - text is specified, otherwise reply with a generic + Defer the request if some later restriction would + result in a an explicit or implicit PERMIT action. + Reply with "450 optional text... when the optional + text is specified, otherwise reply with a generic error response message. This feature is available in Postfix 2.1 and later. @@ -216,84 +217,102 @@ ACCESS(5) ACCESS(5) reject_unauth_destination, and so on). DISCARD optional text... - Claim successful delivery and silently discard the - message. Log the optional text if specified, oth- + Claim successful delivery and silently discard the + message. Log the optional text if specified, oth- erwise log a generic message. - Note: this action currently affects all recipients + Note: this action currently affects all recipients of the message. This feature is available in Postfix 2.0 and later. - DUNNO Pretend that the lookup key was not found. This - prevents Postfix from trying substrings of the - lookup key (such as a subdomain name, or a network + DUNNO Pretend that the lookup key was not found. This + prevents Postfix from trying substrings of the + lookup key (such as a subdomain name, or a network address subnetwork). This feature is available in Postfix 2.0 and later. FILTER transport:destination - After the message is queued, send the entire mes- + After the message is queued, send the entire mes- sage through the specified external content filter. - The transport:destination syntax is described in - the transport(5) manual page. More information - about external content filters is in the Postfix + The transport:destination syntax is described in + the transport(5) manual page. More information + about external content filters is in the Postfix FILTER_README file. - Note: this action overrides the main.cf con- + Note: this action overrides the main.cf con- tent_filter setting, and currently affects all recipients of the message. This feature is available in Postfix 2.0 and later. HOLD optional text... - Place the message on the hold queue, where it will - sit until someone either deletes it or releases it - for delivery. Log the optional text if specified, + Place the message on the hold queue, where it will + sit until someone either deletes it or releases it + for delivery. Log the optional text if specified, otherwise log a generic message. - Mail that is placed on hold can be examined with - the postcat(1) command, and can be destroyed or + Mail that is placed on hold can be examined with + the postcat(1) command, and can be destroyed or released with the postsuper(1) command. - Note: use "postsuper -r" to release mail that was - kept on hold for a significant fraction of $maxi- + Note: use "postsuper -r" to release mail that was + kept on hold for a significant fraction of $maxi- mal_queue_lifetime or $bounce_queue_lifetime, or longer. - Note: this action currently affects all recipients + Note: this action currently affects all recipients of the message. This feature is available in Postfix 2.0 and later. PREPEND headername: headervalue - Prepend the specified message header to the mes- + Prepend the specified message header to the mes- sage. When this action is used multiple times, the - first prepended header appears before the second + first prepended header appears before the second etc. prepended header. - Note: this action does not support multi-line mes- + Note: this action does not support multi-line mes- sage headers. This feature is available in Postfix 2.1 and later. REDIRECT user@domain - After the message is queued, send the message to + After the message is queued, send the message to the specified address instead of the intended recipient(s). - Note: this action overrides the FILTER action, and + Note: this action overrides the FILTER action, and currently affects all recipients of the message. This feature is available in Postfix 2.1 and later. WARN optional text... Log a warning with the optional text, together with - client information and if available, with helo, + client information and if available, with helo, sender, recipient and protocol information. This feature is available in Postfix 2.1 and later. +ENHANCED STATUS CODES + When an enhanced status code is specified in an access ta- + ble, it is subject to modification. The following trans- + formations are needed when the same access table is used + for client, helo, sender, or recipient access restric- + tions: + + o When rejecting a sender address, the Postfix SMTP + server will transform a recipient DSN status (e.g., + 4.1.1-4.1.6) into the corresponding sender DSN sta- + tus, and vice versa. + + o When rejecting non-address information (such as the + HELO command argument or the client host- + name/address), the Postfix SMTP server will trans- + form a sender or recipient DSN status into a + generic non-address DSN status (e.g., 4.0.0). + REGULAR EXPRESSION TABLES This section describes how the table lookups change when the table is given in the form of regular expressions. For diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index efdedf980..7926b0626 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -1766,6 +1766,24 @@ name, or an email address whose domain was blacklisted). Instead of $name you can also specify ${name} or $(name).

+

Note: when an enhanced status code is specified in an RBL reply +template, it is subject to modification. The following transformations +are needed when the same RBL reply template is used for client, +helo, sender, or recipient access restrictions.

+ + + diff --git a/postfix/html/smtp-sink.1.html b/postfix/html/smtp-sink.1.html index a664f1572..e773ad591 100644 --- a/postfix/html/smtp-sink.1.html +++ b/postfix/html/smtp-sink.1.html @@ -33,6 +33,8 @@ SMTP-SINK(1) SMTP-SINK(1) -6 Support IPv6 only. This option is not available when Postfix is built without IPv6 support. + -8 Do not announce 8BITMIME support. + -a Do not announce SASL authentication support. -c Display a running counter that is updated whenever @@ -93,8 +95,6 @@ SMTP-SINK(1) SMTP-SINK(1) Wait delay seconds before responding to a DATA com- mand. - -8 Do not announce 8BITMIME support. - [inet:][host]:port Listen on network interface host (default: any interface) TCP port port. Both host and port may be diff --git a/postfix/man/man1/smtp-sink.1 b/postfix/man/man1/smtp-sink.1 index 3aaeb3f38..ddbd2812f 100644 --- a/postfix/man/man1/smtp-sink.1 +++ b/postfix/man/man1/smtp-sink.1 @@ -33,6 +33,8 @@ Postfix is built without IPv6 support. .IP \fB-6\fR Support IPv6 only. This option is not available when Postfix is built without IPv6 support. +.IP \fB-8\fR +Do not announce 8BITMIME support. .IP \fB-a\fR Do not announce SASL authentication support. .IP \fB-c\fR @@ -80,8 +82,6 @@ The time limit is specified in seconds. Show the SMTP conversations. .IP "\fB-w \fIdelay\fR" Wait \fIdelay\fR seconds before responding to a DATA command. -.IP \fB-8\fR -Do not announce 8BITMIME support. .IP [\fBinet:\fR][\fIhost\fR]:\fIport\fR Listen on network interface \fIhost\fR (default: any interface) TCP port \fIport\fR. Both \fIhost\fR and \fIport\fR may be diff --git a/postfix/man/man5/access.5 b/postfix/man/man5/access.5 index 00d336bc7..95de07efe 100644 --- a/postfix/man/man5/access.5 +++ b/postfix/man/man5/access.5 @@ -169,7 +169,7 @@ Postfix version 2.3 and later support enhanced status codes. When no code is specified at the beginning of the \fItext\fR below, Postfix inserts a default enhanced status code of "5.7.1" in the case of reject actions, and "4.7.1" in the case of -defer actions. +defer actions. See "ENHANCED STATUS CODES" below. .IP "\fB4\fINN text\fR" .IP "\fB5\fINN text\fR" Reject the address etc. that matches the pattern, and respond with @@ -265,6 +265,24 @@ Log a warning with the optional text, together with client information and if available, with helo, sender, recipient and protocol information. .sp This feature is available in Postfix 2.1 and later. +.SH "ENHANCED STATUS CODES" +.na +.nf +.ad +.fi +When an enhanced status code is specified in an access +table, it is subject to modification. The following +transformations are needed when the same access table is +used for client, helo, sender, or recipient access restrictions: +.IP \(bu +When rejecting a sender address, the Postfix SMTP server +will transform a recipient DSN status (e.g., 4.1.1-4.1.6) +into the corresponding sender DSN status, and vice versa. +.IP \(bu +When rejecting non-address information (such as the HELO +command argument or the client hostname/address), the Postfix +SMTP server will transform a sender or recipient DSN status +into a generic non-address DSN status (e.g., 4.0.0). .SH "REGULAR EXPRESSION TABLES" .na .nf diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index f1dd46cc6..ea2cd1198 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -958,6 +958,20 @@ Expands to `text' if $name is not empty. Expands to `text' if $name is empty. .PP Instead of $name you can also specify ${name} or $(name). +.PP +Note: when an enhanced status code is specified in an RBL reply +template, it is subject to modification. The following transformations +are needed when the same RBL reply template is used for client, +helo, sender, or recipient access restrictions. +.IP \(bu +When rejecting a sender address, the Postfix SMTP server +will transform a recipient DSN status (e.g., 4.1.1-4.1.6) into the +corresponding sender DSN status, and vice versa. +.IP \(bu +When rejecting non-address information (such as the HELO +command argument or the client hostname/address), the Postfix SMTP +server will transform a sender or recipient DSN status into a generic +non-address DSN status (e.g., 4.0.0). .SH default_recipient_limit (default: 10000) The default per-transport upper limit on the number of in-memory recipients. These limits take priority over the global diff --git a/postfix/proto/IPV6_README.html b/postfix/proto/IPV6_README.html index 7344b4abb..d1fad18cb 100644 --- a/postfix/proto/IPV6_README.html +++ b/postfix/proto/IPV6_README.html @@ -21,8 +21,8 @@ IPv6 Support

Introduction

Postfix 2.2 introduces support for the IPv6 (IP version 6) -protocol. IPv6 support older Postfix versions was available as an -add-on patch. The section "Compatibility with +protocol. IPv6 support for older Postfix versions was available as +an add-on patch. The section "Compatibility with Postfix <2.2 IPv6 support" below discusses the differences between these implementations.

diff --git a/postfix/proto/access b/postfix/proto/access index 783786fdf..11af2a234 100644 --- a/postfix/proto/access +++ b/postfix/proto/access @@ -151,7 +151,7 @@ # When no code is specified at the beginning of the \fItext\fR # below, Postfix inserts a default enhanced status code of "5.7.1" # in the case of reject actions, and "4.7.1" in the case of -# defer actions. +# defer actions. See "ENHANCED STATUS CODES" below. # .IP "\fB4\fINN text\fR" # .IP "\fB5\fINN text\fR" # Reject the address etc. that matches the pattern, and respond with @@ -245,6 +245,22 @@ # and if available, with helo, sender, recipient and protocol information. # .sp # This feature is available in Postfix 2.1 and later. +# ENHANCED STATUS CODES +# .ad +# .fi +# When an enhanced status code is specified in an access +# table, it is subject to modification. The following +# transformations are needed when the same access table is +# used for client, helo, sender, or recipient access restrictions: +# .IP \(bu +# When rejecting a sender address, the Postfix SMTP server +# will transform a recipient DSN status (e.g., 4.1.1-4.1.6) +# into the corresponding sender DSN status, and vice versa. +# .IP \(bu +# When rejecting non-address information (such as the HELO +# command argument or the client hostname/address), the Postfix +# SMTP server will transform a sender or recipient DSN status +# into a generic non-address DSN status (e.g., 4.0.0). # REGULAR EXPRESSION TABLES # .ad # .fi diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 18bddab76..2a1cb2dd6 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -1048,6 +1048,24 @@ name, or an email address whose domain was blacklisted). Instead of $name you can also specify ${name} or $(name).

+

Note: when an enhanced status code is specified in an RBL reply +template, it is subject to modification. The following transformations +are needed when the same RBL reply template is used for client, +helo, sender, or recipient access restrictions.

+ + + %PARAM smtpd_expansion_filter see "postconf -d" output

diff --git a/postfix/src/cleanup/cleanup_envelope.c b/postfix/src/cleanup/cleanup_envelope.c index 8396e10aa..df4daa182 100644 --- a/postfix/src/cleanup/cleanup_envelope.c +++ b/postfix/src/cleanup/cleanup_envelope.c @@ -303,8 +303,8 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type, } } nvtable_update(state->attr, attr_name, attr_value); - myfree(sbuf); cleanup_out(state, type, buf, len); + myfree(sbuf); return; } else { cleanup_out(state, type, buf, len); diff --git a/postfix/src/cleanup/cleanup_extracted.c b/postfix/src/cleanup/cleanup_extracted.c index 097abcef5..1c9f4b082 100644 --- a/postfix/src/cleanup/cleanup_extracted.c +++ b/postfix/src/cleanup/cleanup_extracted.c @@ -124,10 +124,6 @@ void cleanup_extracted_process(CLEANUP_STATE *state, int type, if ((encoding = nvtable_find(state->attr, MAIL_ATTR_ENCODING)) != 0) cleanup_out_format(state, REC_TYPE_ATTR, "%s=%s", MAIL_ATTR_ENCODING, encoding); - if (state->return_receipt) - cleanup_out_string(state, REC_TYPE_RRTO, state->return_receipt); - if (state->errors_to) - cleanup_out_string(state, REC_TYPE_ERTO, state->errors_to); state->flags |= CLEANUP_FLAG_INRCPT; } diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 99eb52a3f..94daaa2bc 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change the patchlevel and the release date. Snapshots change the * release date only. */ -#define MAIL_RELEASE_DATE "20050504" +#define MAIL_RELEASE_DATE "20050510" #define MAIL_VERSION_NUMBER "2.3" #define VAR_MAIL_VERSION "mail_version" diff --git a/postfix/src/smtpd/Makefile.in b/postfix/src/smtpd/Makefile.in index 4badd37ca..12e3c07f0 100644 --- a/postfix/src/smtpd/Makefile.in +++ b/postfix/src/smtpd/Makefile.in @@ -1,12 +1,12 @@ SHELL = /bin/sh SRCS = smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.c smtpd_state.c \ smtpd_peer.c smtpd_sasl_proto.c smtpd_sasl_glue.c smtpd_proxy.c \ - smtpd_xforward.c + smtpd_xforward.c smtpd_dsn_fix.c OBJS = smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o \ smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o \ - smtpd_xforward.o + smtpd_xforward.o smtpd_dsn_fix.c HDRS = smtpd_token.h smtpd_check.h smtpd_chat.h smtpd_sasl_proto.h \ - smtpd_sasl_glue.h smtpd_proxy.h + smtpd_sasl_glue.h smtpd_proxy.h smtpd_dsn_fix.h TESTSRC = smtpd_token_test.c DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE) CFLAGS = $(DEBUG) $(OPT) $(DEFS) @@ -33,7 +33,7 @@ update: ../../libexec/$(PROG) ../../libexec/$(PROG): $(PROG) cp $(PROG) ../../libexec -SMTPD_CHECK_OBJ = smtpd_state.o smtpd_peer.o smtpd_xforward.o +SMTPD_CHECK_OBJ = smtpd_state.o smtpd_peer.o smtpd_xforward.o smtpd_dsn_fix.o smtpd_token: smtpd_token.c $(LIBS) $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIBS) $(SYSLIBS) @@ -62,7 +62,7 @@ clean: tidy: clean tests: smtpd_check_test smtpd_check_test2 smtpd_acl_test smtpd_exp_test \ - smtpd_token_test smtpd_check_test4 + smtpd_token_test smtpd_check_test4 smtpd_check_dsn smtpd_check_test: smtpd_check smtpd_check.in smtpd_check.ref smtpd_check_access ../postmap/postmap hash:smtpd_check_access @@ -94,6 +94,12 @@ smtpd_exp_test: smtpd_check smtpd_exp.in smtpd_exp.ref diff smtpd_exp.ref smtpd_exp.tmp rm -f smtpd_exp.tmp smtpd_check_access.* +smtpd_check_dsn_test: smtpd_check smtpd_check_dsn.in smtpd_check_dsn.ref smtpd_check_access + ../postmap/postmap hash:smtpd_check_access + ./smtpd_check smtpd_check.tmp 2>&1 + diff smtpd_check_dsn.ref smtpd_check.tmp + rm -f smtpd_check.tmp smtpd_check_access.* + smtpd_token_test: smtpd_token smtpd_token.in smtpd_token.ref ./smtpd_token smtpd_token.tmp 2>&1 diff smtpd_token.ref smtpd_token.tmp @@ -255,7 +261,12 @@ smtpd_check.o: ../../include/vstring.h smtpd_check.o: smtpd.h smtpd_check.o: smtpd_check.c smtpd_check.o: smtpd_check.h +smtpd_check.o: smtpd_dsn_fix.h smtpd_check.o: smtpd_sasl_glue.h +smtpd_dsn_fix.o: ../../include/msg.h +smtpd_dsn_fix.o: ../../include/sys_defs.h +smtpd_dsn_fix.o: smtpd_dsn_fix.c +smtpd_dsn_fix.o: smtpd_dsn_fix.h smtpd_peer.o: ../../include/argv.h smtpd_peer.o: ../../include/attr.h smtpd_peer.o: ../../include/inet_proto.h diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 8fcef56d0..93e073425 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -1882,6 +1882,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv) int out_error; char **cpp; CLEANUP_STAT_DETAIL *detail; + int smtp_code; #ifdef USE_TLS VSTRING *peer_CN; @@ -2172,7 +2173,11 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv) if (state->proxy_buffer) { smtpd_chat_reply(state, "%s", STR(state->proxy_buffer)); } else if (why && LEN(why) > 0) { - smtpd_chat_reply(state, "%d %s", detail->smtp, STR(why)); + /* Allow address-specific DSN status in header/body_checks. */ + smtp_code = (STR(why)[0] == '5' ? (detail->smtp % 100) + 500 : + STR(why)[0] == '4' ? (detail->smtp % 100) + 400 : + detail->smtp); + smtpd_chat_reply(state, "%d %s", smtp_code, STR(why)); } else { smtpd_chat_reply(state, "%d %s Error: %s", detail->smtp, detail->dsn, detail->text); diff --git a/postfix/src/smtpd/smtpd_acl.ref b/postfix/src/smtpd/smtpd_acl.ref index 06c40f461..110e7a57b 100644 --- a/postfix/src/smtpd/smtpd_acl.ref +++ b/postfix/src/smtpd/smtpd_acl.ref @@ -183,5 +183,5 @@ OK >>> # check_sender_access specific >>> # >>> mail <> -./smtpd_check: : reject: MAIL from bar.duno.com[44.33.44.33]: 550 5.0.0 <>: Sender address rejected: Go away postmaster; from=<> proto=SMTP helo= -550 5.0.0 <>: Sender address rejected: Go away postmaster +./smtpd_check: : reject: MAIL from bar.duno.com[44.33.44.33]: 550 5.7.1 <>: Sender address rejected: Go away postmaster; from=<> proto=SMTP helo= +550 5.7.1 <>: Sender address rejected: Go away postmaster diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 424bbe4ee..db487abb8 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -233,6 +233,7 @@ #include "smtpd.h" #include "smtpd_sasl_glue.h" #include "smtpd_check.h" +#include "smtpd_dsn_fix.h" #define RESTRICTION_SEPARATORS ", \t\r\n" @@ -335,18 +336,6 @@ static int check_sender_rcpt_maps(SMTPD_STATE *, const char *); static int check_recipient_rcpt_maps(SMTPD_STATE *, const char *); static int check_rcpt_maps(SMTPD_STATE *, const char *, const char *); - /* - * Reject context. - */ -#define SMTPD_NAME_CLIENT "Client host" -#define SMTPD_NAME_CCERT "Client certificate" -#define SMTPD_NAME_HELO "Helo command" -#define SMTPD_NAME_SENDER "Sender address" -#define SMTPD_NAME_RECIPIENT "Recipient address" -#define SMTPD_NAME_ETRN "Etrn command" -#define SMTPD_NAME_DATA "Data command" -#define SMTPD_NAME_EOD "End-of-data" - /* * YASLM. */ @@ -1873,7 +1862,8 @@ static int check_table_result(SMTPD_STATE *state, const char *table, if (STREQUAL(value, "REJECT", cmd_len)) { dsn_split(&dp, "5.7.1", cmd_text); return (smtpd_check_reject(state, MAIL_ERROR_POLICY, - var_access_map_code, DSN_CODE(dp.dsn), + var_access_map_code, + smtpd_dsn_fix(DSN_CODE(dp.dsn), reply_class), "<%s>: %s rejected: %s", reply_name, reply_class, *dp.text ? dp.text : "Access denied")); @@ -1982,7 +1972,7 @@ static int check_table_result(SMTPD_STATE *state, const char *table, if (STREQUAL(value, DEFER_IF_PERMIT, cmd_len)) { dsn_split(&dp, "4.7.1", cmd_text); DEFER_IF_PERMIT3(state, MAIL_ERROR_POLICY, - 450, DSN_CODE(dp.dsn), + 450, smtpd_dsn_fix(DSN_CODE(dp.dsn), reply_class), "<%s>: %s rejected: %s", reply_name, reply_class, *dp.text ? dp.text : "Service unavailable"); @@ -1996,7 +1986,7 @@ static int check_table_result(SMTPD_STATE *state, const char *table, if (STREQUAL(value, DEFER_IF_REJECT, cmd_len)) { dsn_split(&dp, "4.7.1", cmd_text); DEFER_IF_REJECT3(state, MAIL_ERROR_POLICY, - 450, DSN_CODE(dp.dsn), + 450, smtpd_dsn_fix(DSN_CODE(dp.dsn), reply_class), "<%s>: %s rejected: %s", reply_name, reply_class, *dp.text ? dp.text : "Service unavailable"); @@ -2045,7 +2035,8 @@ static int check_table_result(SMTPD_STATE *state, const char *table, def_dsn[0] = value[0]; dsn_split(&dp, def_dsn, cmd_text); return (smtpd_check_reject(state, MAIL_ERROR_POLICY, - code, DSN_CODE(dp.dsn), + code, + smtpd_dsn_fix(DSN_CODE(dp.dsn), reply_class), "<%s>: %s rejected: %s", reply_name, reply_class, *dp.text ? dp.text : "Access denied")); @@ -2893,7 +2884,8 @@ static int rbl_reject_reply(SMTPD_STATE *state, SMTPD_RBL_STATE *rbl, code = atoi(STR(why)); dsn_split(&dp, "4.7.1", STR(why) + 4); result = smtpd_check_reject(state, MAIL_ERROR_POLICY, - code, DSN_CODE(dp.dsn), + code, + smtpd_dsn_fix(DSN_CODE(dp.dsn), reply_class), "%s", *dp.text ? dp.text : "Service unavailable"); } @@ -4148,7 +4140,7 @@ static int check_rcpt_maps(SMTPD_STATE *state, const char *recipient, return (smtpd_check_reject(state, MAIL_ERROR_BOUNCE, (reply->flags & RESOLVE_CLASS_ALIAS) ? var_virt_alias_code : 550, - DSN_CODE(dp.dsn), + smtpd_dsn_fix(DSN_CODE(dp.dsn), reply_class), "<%s>: %s rejected: %s", recipient, reply_class, dp.text)); @@ -4735,6 +4727,7 @@ VSTRING *rewrite_clnt_internal(const char *context, const char *addr, if (*addr && strchr(addr, '@') == 0) msg_fatal("%s: address rewriting is disabled", addr); vstring_strcpy(result, addr); + return (result); } /* resolve_clnt_query - stub */ diff --git a/postfix/src/smtpd/smtpd_check.ref b/postfix/src/smtpd/smtpd_check.ref index 4ee694abd..073468b23 100644 --- a/postfix/src/smtpd/smtpd_check.ref +++ b/postfix/src/smtpd/smtpd_check.ref @@ -22,18 +22,18 @@ OK >>> client unknown 168.100.189.13 OK >>> client random.bad.domain 123.123.123.123 -./smtpd_check: : reject: CONNECT from random.bad.domain[123.123.123.123]: 554 5.0.0 : Client host rejected: match bad.domain; proto=SMTP -554 5.0.0 : Client host rejected: match bad.domain +./smtpd_check: : reject: CONNECT from random.bad.domain[123.123.123.123]: 554 5.7.1 : Client host rejected: match bad.domain; proto=SMTP +554 5.7.1 : Client host rejected: match bad.domain >>> client friend.bad.domain 123.123.123.123 OK >>> client bad.domain 123.123.123.123 -./smtpd_check: : reject: CONNECT from bad.domain[123.123.123.123]: 554 5.0.0 : Client host rejected: match bad.domain; proto=SMTP -554 5.0.0 : Client host rejected: match bad.domain +./smtpd_check: : reject: CONNECT from bad.domain[123.123.123.123]: 554 5.7.1 : Client host rejected: match bad.domain; proto=SMTP +554 5.7.1 : Client host rejected: match bad.domain >>> client wzv.win.tue.nl 131.155.210.17 OK >>> client aa.win.tue.nl 131.155.210.18 -./smtpd_check: : reject: CONNECT from aa.win.tue.nl[131.155.210.18]: 554 5.0.0 : Client host rejected: match 131.155.210; proto=SMTP -554 5.0.0 : Client host rejected: match 131.155.210 +./smtpd_check: : reject: CONNECT from aa.win.tue.nl[131.155.210.18]: 554 5.7.1 : Client host rejected: match 131.155.210; proto=SMTP +554 5.7.1 : Client host rejected: match 131.155.210 >>> client_restrictions permit_mynetworks OK >>> # @@ -60,8 +60,8 @@ OK >>> helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,hash:./smtpd_check_access OK >>> helo random.bad.domain -./smtpd_check: : reject: HELO from foo[123.123.123.123]: 554 5.0.0 : Helo command rejected: match bad.domain; proto=SMTP helo= -554 5.0.0 : Helo command rejected: match bad.domain +./smtpd_check: : reject: HELO from foo[123.123.123.123]: 554 5.7.1 : Helo command rejected: match bad.domain; proto=SMTP helo= +554 5.7.1 : Helo command rejected: match bad.domain >>> helo friend.bad.domain OK >>> helo_restrictions reject_invalid_hostname,reject_unknown_hostname @@ -112,25 +112,25 @@ OK >>> sender_restrictions hash:./smtpd_check_access OK >>> mail bad-sender@any.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match bad-sender@; from= proto=SMTP helo=<123.123.123.123> -554 5.0.0 : Sender address rejected: match bad-sender@ +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad-sender@; from= proto=SMTP helo=<123.123.123.123> +554 5.7.1 : Sender address rejected: match bad-sender@ >>> mail bad-sender@good.domain OK >>> mail reject@this.address -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match reject@this.address; from= proto=SMTP helo=<123.123.123.123> -554 5.0.0 : Sender address rejected: match reject@this.address +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match reject@this.address; from= proto=SMTP helo=<123.123.123.123> +554 5.7.1 : Sender address rejected: match reject@this.address >>> mail Reject@this.address -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match reject@this.address; from= proto=SMTP helo=<123.123.123.123> -554 5.0.0 : Sender address rejected: match reject@this.address +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match reject@this.address; from= proto=SMTP helo=<123.123.123.123> +554 5.7.1 : Sender address rejected: match reject@this.address >>> mail foo@bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match bad.domain; from= proto=SMTP helo=<123.123.123.123> -554 5.0.0 : Sender address rejected: match bad.domain +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad.domain; from= proto=SMTP helo=<123.123.123.123> +554 5.7.1 : Sender address rejected: match bad.domain >>> mail foo@Bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match bad.domain; from= proto=SMTP helo=<123.123.123.123> -554 5.0.0 : Sender address rejected: match bad.domain +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad.domain; from= proto=SMTP helo=<123.123.123.123> +554 5.7.1 : Sender address rejected: match bad.domain >>> mail foo@random.bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match bad.domain; from= proto=SMTP helo=<123.123.123.123> -554 5.0.0 : Sender address rejected: match bad.domain +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad.domain; from= proto=SMTP helo=<123.123.123.123> +554 5.7.1 : Sender address rejected: match bad.domain >>> mail foo@friend.bad.domain OK >>> # @@ -173,19 +173,19 @@ OK >>> recipient_restrictions hash:./smtpd_check_access OK >>> mail bad-sender@any.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match bad-sender@; from= proto=SMTP helo=<123.123.123.123> -554 5.0.0 : Sender address rejected: match bad-sender@ +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad-sender@; from= proto=SMTP helo=<123.123.123.123> +554 5.7.1 : Sender address rejected: match bad-sender@ >>> mail bad-sender@good.domain OK >>> mail reject@this.address -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match reject@this.address; from= proto=SMTP helo=<123.123.123.123> -554 5.0.0 : Sender address rejected: match reject@this.address +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match reject@this.address; from= proto=SMTP helo=<123.123.123.123> +554 5.7.1 : Sender address rejected: match reject@this.address >>> mail foo@bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match bad.domain; from= proto=SMTP helo=<123.123.123.123> -554 5.0.0 : Sender address rejected: match bad.domain +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad.domain; from= proto=SMTP helo=<123.123.123.123> +554 5.7.1 : Sender address rejected: match bad.domain >>> mail foo@random.bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match bad.domain; from= proto=SMTP helo=<123.123.123.123> -554 5.0.0 : Sender address rejected: match bad.domain +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad.domain; from= proto=SMTP helo=<123.123.123.123> +554 5.7.1 : Sender address rejected: match bad.domain >>> mail foo@friend.bad.domain OK >>> # @@ -220,11 +220,11 @@ OK >>> recipient_restrictions check_helo_access,hash:./smtpd_check_access,check_relay_domains OK >>> helo bad.domain -./smtpd_check: : reject: HELO from foo[131.155.210.17]: 554 5.0.0 : Helo command rejected: match bad.domain; from= proto=SMTP helo= -554 5.0.0 : Helo command rejected: match bad.domain +./smtpd_check: : reject: HELO from foo[131.155.210.17]: 554 5.7.1 : Helo command rejected: match bad.domain; from= proto=SMTP helo= +554 5.7.1 : Helo command rejected: match bad.domain >>> rcpt foo@porcupine.org -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: 554 5.0.0 : Helo command rejected: match bad.domain; from= to= proto=SMTP helo= -554 5.0.0 : Helo command rejected: match bad.domain +./smtpd_check: : reject: RCPT from foo[131.155.210.17]: 554 5.7.1 : Helo command rejected: match bad.domain; from= to= proto=SMTP helo= +554 5.7.1 : Helo command rejected: match bad.domain >>> helo 131.155.210.17 OK >>> rcpt foo@porcupine.org @@ -232,11 +232,11 @@ OK >>> recipient_restrictions check_sender_access,hash:./smtpd_check_access,check_relay_domains OK >>> mail foo@bad.domain -./smtpd_check: : reject: MAIL from foo[131.155.210.17]: 554 5.0.0 : Sender address rejected: match bad.domain; from= proto=SMTP helo=<131.155.210.17> -554 5.0.0 : Sender address rejected: match bad.domain +./smtpd_check: : reject: MAIL from foo[131.155.210.17]: 554 5.7.1 : Sender address rejected: match bad.domain; from= proto=SMTP helo=<131.155.210.17> +554 5.7.1 : Sender address rejected: match bad.domain >>> rcpt foo@porcupine.org -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: 554 5.0.0 : Sender address rejected: match bad.domain; from= to= proto=SMTP helo=<131.155.210.17> -554 5.0.0 : Sender address rejected: match bad.domain +./smtpd_check: : reject: RCPT from foo[131.155.210.17]: 554 5.7.1 : Sender address rejected: match bad.domain; from= to= proto=SMTP helo=<131.155.210.17> +554 5.7.1 : Sender address rejected: match bad.domain >>> mail foo@friend.bad.domain OK >>> rcpt foo@porcupine.org @@ -266,15 +266,15 @@ OK >>> mail foo@good.domain OK >>> rcpt foo@porcupine.org -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: 554 5.0.0 : Helo command rejected: match bad.domain; from= to= proto=SMTP helo= -554 5.0.0 : Helo command rejected: match bad.domain +./smtpd_check: : reject: RCPT from foo[131.155.210.17]: 554 5.7.1 : Helo command rejected: match bad.domain; from= to= proto=SMTP helo= +554 5.7.1 : Helo command rejected: match bad.domain >>> helo good.domain OK >>> mail foo@bad.domain OK >>> rcpt foo@porcupine.org -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: 554 5.0.0 : Sender address rejected: match bad.domain; from= to= proto=SMTP helo= -554 5.0.0 : Sender address rejected: match bad.domain +./smtpd_check: : reject: RCPT from foo[131.155.210.17]: 554 5.7.1 : Sender address rejected: match bad.domain; from= to= proto=SMTP helo= +554 5.7.1 : Sender address rejected: match bad.domain >>> # >>> # FQDN restrictions >>> # diff --git a/postfix/src/smtpd/smtpd_check.ref2 b/postfix/src/smtpd/smtpd_check.ref2 index 71c6274ed..df0c2174a 100644 --- a/postfix/src/smtpd/smtpd_check.ref2 +++ b/postfix/src/smtpd/smtpd_check.ref2 @@ -22,18 +22,18 @@ OK >>> client unknown 168.100.189.13 OK >>> client random.bad.domain 123.123.123.123 -./smtpd_check: : reject: CONNECT from random.bad.domain[123.123.123.123]: 554 5.0.0 : Client host rejected: match bad.domain; proto=SMTP -554 5.0.0 : Client host rejected: match bad.domain +./smtpd_check: : reject: CONNECT from random.bad.domain[123.123.123.123]: 554 5.7.1 : Client host rejected: match bad.domain; proto=SMTP +554 5.7.1 : Client host rejected: match bad.domain >>> client friend.bad.domain 123.123.123.123 OK >>> client bad.domain 123.123.123.123 -./smtpd_check: : reject: CONNECT from bad.domain[123.123.123.123]: 554 5.0.0 : Client host rejected: match bad.domain; proto=SMTP -554 5.0.0 : Client host rejected: match bad.domain +./smtpd_check: : reject: CONNECT from bad.domain[123.123.123.123]: 554 5.7.1 : Client host rejected: match bad.domain; proto=SMTP +554 5.7.1 : Client host rejected: match bad.domain >>> client wzv.win.tue.nl 131.155.210.17 OK >>> client aa.win.tue.nl 131.155.210.18 -./smtpd_check: : reject: CONNECT from aa.win.tue.nl[131.155.210.18]: 554 5.0.0 : Client host rejected: match 131.155.210; proto=SMTP -554 5.0.0 : Client host rejected: match 131.155.210 +./smtpd_check: : reject: CONNECT from aa.win.tue.nl[131.155.210.18]: 554 5.7.1 : Client host rejected: match 131.155.210; proto=SMTP +554 5.7.1 : Client host rejected: match 131.155.210 >>> client_restrictions permit_mynetworks OK >>> # @@ -60,8 +60,8 @@ OK >>> helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,check_helo_access,hash:./smtpd_check_access OK >>> helo random.bad.domain -./smtpd_check: : reject: HELO from foo[123.123.123.123]: 554 5.0.0 : Helo command rejected: match bad.domain; proto=SMTP helo= -554 5.0.0 : Helo command rejected: match bad.domain +./smtpd_check: : reject: HELO from foo[123.123.123.123]: 554 5.7.1 : Helo command rejected: match bad.domain; proto=SMTP helo= +554 5.7.1 : Helo command rejected: match bad.domain >>> helo friend.bad.domain OK >>> # @@ -92,25 +92,25 @@ OK >>> sender_restrictions check_sender_access,hash:./smtpd_check_access OK >>> mail bad-sender@any.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match bad-sender@; from= proto=SMTP helo= -554 5.0.0 : Sender address rejected: match bad-sender@ +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad-sender@; from= proto=SMTP helo= +554 5.7.1 : Sender address rejected: match bad-sender@ >>> mail bad-sender@good.domain OK >>> mail reject@this.address -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match reject@this.address; from= proto=SMTP helo= -554 5.0.0 : Sender address rejected: match reject@this.address +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match reject@this.address; from= proto=SMTP helo= +554 5.7.1 : Sender address rejected: match reject@this.address >>> mail Reject@this.address -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match reject@this.address; from= proto=SMTP helo= -554 5.0.0 : Sender address rejected: match reject@this.address +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match reject@this.address; from= proto=SMTP helo= +554 5.7.1 : Sender address rejected: match reject@this.address >>> mail foo@bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match bad.domain; from= proto=SMTP helo= -554 5.0.0 : Sender address rejected: match bad.domain +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad.domain; from= proto=SMTP helo= +554 5.7.1 : Sender address rejected: match bad.domain >>> mail foo@Bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match bad.domain; from= proto=SMTP helo= -554 5.0.0 : Sender address rejected: match bad.domain +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad.domain; from= proto=SMTP helo= +554 5.7.1 : Sender address rejected: match bad.domain >>> mail foo@random.bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match bad.domain; from= proto=SMTP helo= -554 5.0.0 : Sender address rejected: match bad.domain +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad.domain; from= proto=SMTP helo= +554 5.7.1 : Sender address rejected: match bad.domain >>> mail foo@friend.bad.domain OK >>> # @@ -153,19 +153,19 @@ OK >>> recipient_restrictions check_recipient_access,hash:./smtpd_check_access OK >>> mail bad-sender@any.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match bad-sender@; from= proto=SMTP helo= -554 5.0.0 : Sender address rejected: match bad-sender@ +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad-sender@; from= proto=SMTP helo= +554 5.7.1 : Sender address rejected: match bad-sender@ >>> mail bad-sender@good.domain OK >>> mail reject@this.address -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match reject@this.address; from= proto=SMTP helo= -554 5.0.0 : Sender address rejected: match reject@this.address +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match reject@this.address; from= proto=SMTP helo= +554 5.7.1 : Sender address rejected: match reject@this.address >>> mail foo@bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match bad.domain; from= proto=SMTP helo= -554 5.0.0 : Sender address rejected: match bad.domain +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad.domain; from= proto=SMTP helo= +554 5.7.1 : Sender address rejected: match bad.domain >>> mail foo@random.bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.0.0 : Sender address rejected: match bad.domain; from= proto=SMTP helo= -554 5.0.0 : Sender address rejected: match bad.domain +./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad.domain; from= proto=SMTP helo= +554 5.7.1 : Sender address rejected: match bad.domain >>> mail foo@friend.bad.domain OK >>> # diff --git a/postfix/src/smtpd/smtpd_check.ref4 b/postfix/src/smtpd/smtpd_check.ref4 index c66eb705a..8e9a6dfa0 100644 --- a/postfix/src/smtpd/smtpd_check.ref4 +++ b/postfix/src/smtpd/smtpd_check.ref4 @@ -14,10 +14,10 @@ OK ./smtpd_check: : reject: MAIL from localhost[127.0.0.1]: 554 5.7.1 : Sender address rejected: text; from= proto=SMTP 554 5.7.1 : Sender address rejected: text >>> mail filter@filter.domain -./smtpd_check: warning: access map hash:./smtpd_check_access entry "filter@filter.domain" has FILTER entry without value +./smtpd_check: warning: access table hash:./smtpd_check_access entry "filter@filter.domain" has FILTER entry without value OK >>> mail filtertext@filter.domain -./smtpd_check: warning: access map hash:./smtpd_check_access entry "filtertext@filter.domain" requires transport:destination +./smtpd_check: warning: access table hash:./smtpd_check_access entry "filtertext@filter.domain" requires transport:destination OK >>> mail filtertexttext@filter.domain ./smtpd_check: : filter: MAIL from localhost[127.0.0.1]: : Sender address triggers FILTER text:text; from= proto=SMTP diff --git a/postfix/src/smtpd/smtpd_check_access b/postfix/src/smtpd/smtpd_check_access index 988a9d0ba..97761bd9b 100644 --- a/postfix/src/smtpd/smtpd_check_access +++ b/postfix/src/smtpd/smtpd_check_access @@ -61,3 +61,21 @@ topica.com reject 10.10.10.10 reject mail server 10.10.10.10 spike.porcupine.org reject name server spike.porcupine.org 241 reject class E subnet +4.1.1_dsn reject 4.1.1 reject +4.1.2_dsn reject 4.1.2 reject +4.1.3_dsn reject 4.1.3 reject +4.1.4_dsn reject 4.1.4 reject +4.1.5_dsn reject 4.1.5 reject +4.1.6_dsn reject 4.1.6 reject +4.1.7_dsn reject 4.1.7 reject +4.1.8_dsn reject 4.1.8 reject +4.4.0_dsn reject 4.4.0 reject +user@4.1.1_dsn reject 4.1.1 reject +user@4.1.2_dsn reject 4.1.2 reject +user@4.1.3_dsn reject 4.1.3 reject +user@4.1.4_dsn reject 4.1.4 reject +user@4.1.5_dsn reject 4.1.5 reject +user@4.1.6_dsn reject 4.1.6 reject +user@4.1.7_dsn reject 4.1.7 reject +user@4.1.8_dsn reject 4.1.8 reject +user@4.4.0_dsn reject 4.4.0 reject diff --git a/postfix/src/smtpd/smtpd_check_dsn.in b/postfix/src/smtpd/smtpd_check_dsn.in new file mode 100644 index 000000000..459bd5d9e --- /dev/null +++ b/postfix/src/smtpd/smtpd_check_dsn.in @@ -0,0 +1,60 @@ +# +# Initialize. +# +#! ../bin/postmap smtpd_check_access +#msg_verbose 1 +smtpd_delay_reject 0 +mynetworks 127.0.0.0/8,168.100.189.0/28 +# +# Test the client restrictions. +# +client_restrictions hash:./smtpd_check_access +client 4.1.1_dsn 1.2.3.4 +client 4.1.2_dsn 1.2.3.4 +client 4.1.3_dsn 1.2.3.4 +client 4.1.4_dsn 1.2.3.4 +client 4.1.5_dsn 1.2.3.4 +client 4.1.6_dsn 1.2.3.4 +client 4.1.7_dsn 1.2.3.4 +client 4.1.8_dsn 1.2.3.4 +client 4.4.0_dsn 1.2.3.4 +client dummy dummy +# +# Test the helo restrictions +# +helo_restrictions hash:./smtpd_check_access +helo 4.1.1_dsn +helo 4.1.2_dsn +helo 4.1.3_dsn +helo 4.1.4_dsn +helo 4.1.5_dsn +helo 4.1.6_dsn +helo 4.1.7_dsn +helo 4.1.8_dsn +helo 4.4.0_dsn +# +# Test the sender restrictions +# +sender_restrictions hash:./smtpd_check_access +mail user@4.1.1_dsn +mail user@4.1.2_dsn +mail user@4.1.3_dsn +mail user@4.1.4_dsn +mail user@4.1.5_dsn +mail user@4.1.6_dsn +mail user@4.1.7_dsn +mail user@4.1.8_dsn +mail user@4.4.0_dsn +# +# Test the recipient restrictions +# +recipient_restrictions hash:./smtpd_check_access +rcpt user@4.1.1_dsn +rcpt user@4.1.2_dsn +rcpt user@4.1.3_dsn +rcpt user@4.1.4_dsn +rcpt user@4.1.5_dsn +rcpt user@4.1.6_dsn +rcpt user@4.1.7_dsn +rcpt user@4.1.8_dsn +rcpt user@4.4.0_dsn diff --git a/postfix/src/smtpd/smtpd_check_dsn.ref b/postfix/src/smtpd/smtpd_check_dsn.ref new file mode 100644 index 000000000..25afca7c0 --- /dev/null +++ b/postfix/src/smtpd/smtpd_check_dsn.ref @@ -0,0 +1,163 @@ +>>> # +>>> # Initialize. +>>> # +>>> #! ../bin/postmap smtpd_check_access +>>> #msg_verbose 1 +>>> smtpd_delay_reject 0 +OK +>>> mynetworks 127.0.0.0/8,168.100.189.0/28 +OK +>>> # +>>> # Test the client restrictions. +>>> # +>>> client_restrictions hash:./smtpd_check_access +OK +>>> client 4.1.1_dsn 1.2.3.4 +./smtpd_check: mapping DSN status 4.1.1 into Client host status 4.0.0 +./smtpd_check: : reject: CONNECT from 4.1.1_dsn[1.2.3.4]: 554 5.0.0 <4.1.1_dsn[1.2.3.4]>: Client host rejected: reject; proto=SMTP +554 5.0.0 <4.1.1_dsn[1.2.3.4]>: Client host rejected: reject +>>> client 4.1.2_dsn 1.2.3.4 +./smtpd_check: mapping DSN status 4.1.2 into Client host status 4.0.0 +./smtpd_check: : reject: CONNECT from 4.1.2_dsn[1.2.3.4]: 554 5.0.0 <4.1.2_dsn[1.2.3.4]>: Client host rejected: reject; proto=SMTP +554 5.0.0 <4.1.2_dsn[1.2.3.4]>: Client host rejected: reject +>>> client 4.1.3_dsn 1.2.3.4 +./smtpd_check: mapping DSN status 4.1.3 into Client host status 4.0.0 +./smtpd_check: : reject: CONNECT from 4.1.3_dsn[1.2.3.4]: 554 5.0.0 <4.1.3_dsn[1.2.3.4]>: Client host rejected: reject; proto=SMTP +554 5.0.0 <4.1.3_dsn[1.2.3.4]>: Client host rejected: reject +>>> client 4.1.4_dsn 1.2.3.4 +./smtpd_check: mapping DSN status 4.1.4 into Client host status 4.0.0 +./smtpd_check: : reject: CONNECT from 4.1.4_dsn[1.2.3.4]: 554 5.0.0 <4.1.4_dsn[1.2.3.4]>: Client host rejected: reject; proto=SMTP +554 5.0.0 <4.1.4_dsn[1.2.3.4]>: Client host rejected: reject +>>> client 4.1.5_dsn 1.2.3.4 +./smtpd_check: mapping DSN status 4.1.5 into Client host status 4.0.0 +./smtpd_check: : reject: CONNECT from 4.1.5_dsn[1.2.3.4]: 554 5.0.0 <4.1.5_dsn[1.2.3.4]>: Client host rejected: reject; proto=SMTP +554 5.0.0 <4.1.5_dsn[1.2.3.4]>: Client host rejected: reject +>>> client 4.1.6_dsn 1.2.3.4 +./smtpd_check: mapping DSN status 4.1.6 into Client host status 4.0.0 +./smtpd_check: : reject: CONNECT from 4.1.6_dsn[1.2.3.4]: 554 5.0.0 <4.1.6_dsn[1.2.3.4]>: Client host rejected: reject; proto=SMTP +554 5.0.0 <4.1.6_dsn[1.2.3.4]>: Client host rejected: reject +>>> client 4.1.7_dsn 1.2.3.4 +./smtpd_check: mapping DSN status 4.1.7 into Client host status 4.0.0 +./smtpd_check: : reject: CONNECT from 4.1.7_dsn[1.2.3.4]: 554 5.0.0 <4.1.7_dsn[1.2.3.4]>: Client host rejected: reject; proto=SMTP +554 5.0.0 <4.1.7_dsn[1.2.3.4]>: Client host rejected: reject +>>> client 4.1.8_dsn 1.2.3.4 +./smtpd_check: mapping DSN status 4.1.8 into Client host status 4.0.0 +./smtpd_check: : reject: CONNECT from 4.1.8_dsn[1.2.3.4]: 554 5.0.0 <4.1.8_dsn[1.2.3.4]>: Client host rejected: reject; proto=SMTP +554 5.0.0 <4.1.8_dsn[1.2.3.4]>: Client host rejected: reject +>>> client 4.4.0_dsn 1.2.3.4 +./smtpd_check: : reject: CONNECT from 4.4.0_dsn[1.2.3.4]: 554 5.4.0 <4.4.0_dsn[1.2.3.4]>: Client host rejected: reject; proto=SMTP +554 5.4.0 <4.4.0_dsn[1.2.3.4]>: Client host rejected: reject +>>> client dummy dummy +OK +>>> # +>>> # Test the helo restrictions +>>> # +>>> helo_restrictions hash:./smtpd_check_access +OK +>>> helo 4.1.1_dsn +./smtpd_check: mapping DSN status 4.1.1 into Helo command status 4.0.0 +./smtpd_check: : reject: HELO from dummy[dummy]: 554 5.0.0 <4.1.1_dsn>: Helo command rejected: reject; proto=SMTP helo=<4.1.1_dsn> +554 5.0.0 <4.1.1_dsn>: Helo command rejected: reject +>>> helo 4.1.2_dsn +./smtpd_check: mapping DSN status 4.1.2 into Helo command status 4.0.0 +./smtpd_check: : reject: HELO from dummy[dummy]: 554 5.0.0 <4.1.2_dsn>: Helo command rejected: reject; proto=SMTP helo=<4.1.2_dsn> +554 5.0.0 <4.1.2_dsn>: Helo command rejected: reject +>>> helo 4.1.3_dsn +./smtpd_check: mapping DSN status 4.1.3 into Helo command status 4.0.0 +./smtpd_check: : reject: HELO from dummy[dummy]: 554 5.0.0 <4.1.3_dsn>: Helo command rejected: reject; proto=SMTP helo=<4.1.3_dsn> +554 5.0.0 <4.1.3_dsn>: Helo command rejected: reject +>>> helo 4.1.4_dsn +./smtpd_check: mapping DSN status 4.1.4 into Helo command status 4.0.0 +./smtpd_check: : reject: HELO from dummy[dummy]: 554 5.0.0 <4.1.4_dsn>: Helo command rejected: reject; proto=SMTP helo=<4.1.4_dsn> +554 5.0.0 <4.1.4_dsn>: Helo command rejected: reject +>>> helo 4.1.5_dsn +./smtpd_check: mapping DSN status 4.1.5 into Helo command status 4.0.0 +./smtpd_check: : reject: HELO from dummy[dummy]: 554 5.0.0 <4.1.5_dsn>: Helo command rejected: reject; proto=SMTP helo=<4.1.5_dsn> +554 5.0.0 <4.1.5_dsn>: Helo command rejected: reject +>>> helo 4.1.6_dsn +./smtpd_check: mapping DSN status 4.1.6 into Helo command status 4.0.0 +./smtpd_check: : reject: HELO from dummy[dummy]: 554 5.0.0 <4.1.6_dsn>: Helo command rejected: reject; proto=SMTP helo=<4.1.6_dsn> +554 5.0.0 <4.1.6_dsn>: Helo command rejected: reject +>>> helo 4.1.7_dsn +./smtpd_check: mapping DSN status 4.1.7 into Helo command status 4.0.0 +./smtpd_check: : reject: HELO from dummy[dummy]: 554 5.0.0 <4.1.7_dsn>: Helo command rejected: reject; proto=SMTP helo=<4.1.7_dsn> +554 5.0.0 <4.1.7_dsn>: Helo command rejected: reject +>>> helo 4.1.8_dsn +./smtpd_check: mapping DSN status 4.1.8 into Helo command status 4.0.0 +./smtpd_check: : reject: HELO from dummy[dummy]: 554 5.0.0 <4.1.8_dsn>: Helo command rejected: reject; proto=SMTP helo=<4.1.8_dsn> +554 5.0.0 <4.1.8_dsn>: Helo command rejected: reject +>>> helo 4.4.0_dsn +./smtpd_check: : reject: HELO from dummy[dummy]: 554 5.4.0 <4.4.0_dsn>: Helo command rejected: reject; proto=SMTP helo=<4.4.0_dsn> +554 5.4.0 <4.4.0_dsn>: Helo command rejected: reject +>>> # +>>> # Test the sender restrictions +>>> # +>>> sender_restrictions hash:./smtpd_check_access +OK +>>> mail user@4.1.1_dsn +./smtpd_check: mapping DSN status 4.1.1 into Sender address status 4.1.0 +./smtpd_check: : reject: MAIL from dummy[dummy]: 554 5.1.0 : Sender address rejected: reject; from= proto=SMTP helo=<4.4.0_dsn> +554 5.1.0 : Sender address rejected: reject +>>> mail user@4.1.2_dsn +./smtpd_check: mapping DSN status 4.1.2 into Sender address status 4.1.8 +./smtpd_check: : reject: MAIL from dummy[dummy]: 554 5.1.8 : Sender address rejected: reject; from= proto=SMTP helo=<4.4.0_dsn> +554 5.1.8 : Sender address rejected: reject +>>> mail user@4.1.3_dsn +./smtpd_check: mapping DSN status 4.1.3 into Sender address status 4.1.7 +./smtpd_check: : reject: MAIL from dummy[dummy]: 554 5.1.7 : Sender address rejected: reject; from= proto=SMTP helo=<4.4.0_dsn> +554 5.1.7 : Sender address rejected: reject +>>> mail user@4.1.4_dsn +./smtpd_check: mapping DSN status 4.1.4 into Sender address status 4.1.0 +./smtpd_check: : reject: MAIL from dummy[dummy]: 554 5.1.0 : Sender address rejected: reject; from= proto=SMTP helo=<4.4.0_dsn> +554 5.1.0 : Sender address rejected: reject +>>> mail user@4.1.5_dsn +./smtpd_check: mapping DSN status 4.1.5 into Sender address status 4.1.0 +./smtpd_check: : reject: MAIL from dummy[dummy]: 554 5.1.0 : Sender address rejected: reject; from= proto=SMTP helo=<4.4.0_dsn> +554 5.1.0 : Sender address rejected: reject +>>> mail user@4.1.6_dsn +./smtpd_check: mapping DSN status 4.1.6 into Sender address status 4.1.0 +./smtpd_check: : reject: MAIL from dummy[dummy]: 554 5.1.0 : Sender address rejected: reject; from= proto=SMTP helo=<4.4.0_dsn> +554 5.1.0 : Sender address rejected: reject +>>> mail user@4.1.7_dsn +./smtpd_check: : reject: MAIL from dummy[dummy]: 554 5.1.7 : Sender address rejected: reject; from= proto=SMTP helo=<4.4.0_dsn> +554 5.1.7 : Sender address rejected: reject +>>> mail user@4.1.8_dsn +./smtpd_check: : reject: MAIL from dummy[dummy]: 554 5.1.8 : Sender address rejected: reject; from= proto=SMTP helo=<4.4.0_dsn> +554 5.1.8 : Sender address rejected: reject +>>> mail user@4.4.0_dsn +./smtpd_check: : reject: MAIL from dummy[dummy]: 554 5.4.0 : Sender address rejected: reject; from= proto=SMTP helo=<4.4.0_dsn> +554 5.4.0 : Sender address rejected: reject +>>> # +>>> # Test the recipient restrictions +>>> # +>>> recipient_restrictions hash:./smtpd_check_access +OK +>>> rcpt user@4.1.1_dsn +./smtpd_check: : reject: RCPT from dummy[dummy]: 554 5.1.1 : Recipient address rejected: reject; from= to= proto=SMTP helo=<4.4.0_dsn> +554 5.1.1 : Recipient address rejected: reject +>>> rcpt user@4.1.2_dsn +./smtpd_check: : reject: RCPT from dummy[dummy]: 554 5.1.2 : Recipient address rejected: reject; from= to= proto=SMTP helo=<4.4.0_dsn> +554 5.1.2 : Recipient address rejected: reject +>>> rcpt user@4.1.3_dsn +./smtpd_check: : reject: RCPT from dummy[dummy]: 554 5.1.3 : Recipient address rejected: reject; from= to= proto=SMTP helo=<4.4.0_dsn> +554 5.1.3 : Recipient address rejected: reject +>>> rcpt user@4.1.4_dsn +./smtpd_check: : reject: RCPT from dummy[dummy]: 554 5.1.4 : Recipient address rejected: reject; from= to= proto=SMTP helo=<4.4.0_dsn> +554 5.1.4 : Recipient address rejected: reject +>>> rcpt user@4.1.5_dsn +./smtpd_check: : reject: RCPT from dummy[dummy]: 554 5.1.5 : Recipient address rejected: reject; from= to= proto=SMTP helo=<4.4.0_dsn> +554 5.1.5 : Recipient address rejected: reject +>>> rcpt user@4.1.6_dsn +./smtpd_check: : reject: RCPT from dummy[dummy]: 554 5.1.6 : Recipient address rejected: reject; from= to= proto=SMTP helo=<4.4.0_dsn> +554 5.1.6 : Recipient address rejected: reject +>>> rcpt user@4.1.7_dsn +./smtpd_check: mapping DSN status 4.1.7 into Recipient address status 4.1.3 +./smtpd_check: : reject: RCPT from dummy[dummy]: 554 5.1.3 : Recipient address rejected: reject; from= to= proto=SMTP helo=<4.4.0_dsn> +554 5.1.3 : Recipient address rejected: reject +>>> rcpt user@4.1.8_dsn +./smtpd_check: mapping DSN status 4.1.8 into Recipient address status 4.1.2 +./smtpd_check: : reject: RCPT from dummy[dummy]: 554 5.1.2 : Recipient address rejected: reject; from= to= proto=SMTP helo=<4.4.0_dsn> +554 5.1.2 : Recipient address rejected: reject +>>> rcpt user@4.4.0_dsn +./smtpd_check: : reject: RCPT from dummy[dummy]: 554 5.4.0 : Recipient address rejected: reject; from= to= proto=SMTP helo=<4.4.0_dsn> +554 5.4.0 : Recipient address rejected: reject diff --git a/postfix/src/smtpd/smtpd_dsn_fix.c b/postfix/src/smtpd/smtpd_dsn_fix.c new file mode 100644 index 000000000..48cb4b4fc --- /dev/null +++ b/postfix/src/smtpd/smtpd_dsn_fix.c @@ -0,0 +1,140 @@ +/*++ +/* NAME +/* smtpd_dsn_fix 3 +/* SUMMARY +/* fix DSN status +/* SYNOPSIS +/* #include +/* +/* const char *smtpd_dsn_fix(status, reply_class) +/* const char *status; +/* const char *reply_class; +/* DESCRIPTION +/* smtpd_dsn_fix() transforms DSN status codes according to the +/* status information that is actually being reported. The +/* following transformations are implemented: +/* .IP \(bu +/* Transform a recipient address DSN into a sender address DSN +/* when reporting sender address status information, and vice +/* versa. This transformation may be needed because some Postfix +/* access control features don't know whether the address being +/* rejected is a sender or recipient. Examples are smtpd access +/* tables, rbl reply templates, and the error mailer. +/* .IP \(bu +/* Transform a sender or recipient address DSN into a non-address +/* DSN when reporting non-address status information. For +/* example, if something rejects HELO with DSN status 4.1.1 +/* (unknown recipient address), then we send the more neutral +/* 4.0.0 DSN instead. This transformation is needed when the +/* same smtpd access map entry or rbl reply template is used +/* for both address and non-address information. +/* .PP +/* No transformation is done when reporting a non-address DSN +/* when reporting sender or recipient address status information, +/* as there are many legitimate instances of such usage. +/* +/* It is left up to the caller to update the initial DSN digit +/* appropriately; in Postfix this is done as late as possible, +/* because hard rejects may be changed into soft rejects for +/* all kinds of reasons. +/* +/* Arguments: +/* .IP status +/* A DSN status as per RFC 3463. +/* .IP reply_class +/* SMTPD_NAME_SENDER, SMTPD_NAME_RECIPIENT or some other +/* null-terminated string. +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/*--*/ +/* System library. */ + +#include +#include +#include + +/* Utility library. */ + +#include + +/* Global library. */ + +/* Application-specific. */ + +#include + +struct dsn_map { + const char *micro_code; /* Final digits in mailbox D.S.N. */ + const char *sender_dsn; /* Replacement sender D.S.N. */ + const char *rcpt_dsn; /* Replacement recipient D.S.N. */ +}; + +static struct dsn_map dsn_map[] = { + /* - Sender - Recipient */ + "1", "4.1.0", "4.1.1", /* 4.1.1: Bad dest mbox addr */ + "2", "4.1.8", "4.1.2", /* 4.1.2: Bad dest system addr */ + "3", "4.1.7", "4.1.3", /* 4.1.3: Bad dest mbox addr syntax */ + "4", "4.1.0", "4.1.4", /* 4.1.4: Dest mbox addr ambiguous */ + "5", "4.1.0", "4.1.5", /* 4.1.5: Dest mbox addr valid */ + "6", "4.1.0", "4.1.6", /* 4.1.6: Mailbox has moved */ + "7", "4.1.7", "4.1.3", /* 4.1.7: Bad sender mbox addr syntax */ + "8", "4.1.8", "4.1.2", /* 4.1.8: Bad sender system addr */ + 0, "4.1.0", "4.1.0", /* Default mapping */ +}; + +/* smtpd_dsn_fix - fix DSN status */ + +const char *smtpd_dsn_fix(const char *status, const char *reply_class) +{ + struct dsn_map *dp; + const char *result = status; + + if (ISDIGIT(status[0]) && strncmp(status + 1, ".1.", 3) == 0) { + + /* + * Fix recipient address DSN while rejecting a sender address. Don't + * let future recipient-specific DSN codes slip past us. + */ + if (strcmp(reply_class, SMTPD_NAME_SENDER) == 0) { + for (dp = dsn_map; dp->micro_code != 0; dp++) + if (strcmp(status + 4, dp->micro_code) == 0) + break; + result = dp->sender_dsn; + } + + /* + * Fix sender address DSN while rejecting a recipient address. Don't + * let future sender-specific DSN codes slip past us. + */ + else if (strcmp(reply_class, SMTPD_NAME_RECIPIENT) == 0) { + for (dp = dsn_map; dp->micro_code != 0; dp++) + if (strcmp(status + 4, dp->micro_code) == 0) + break; + result = dp->rcpt_dsn; + } + + /* + * Fix address-specific DSN while rejecting a non-address. + */ + else { + result = "4.0.0"; + } + + /* + * Give them a clue of what is going on. + */ + if (strcmp(status + 2, result + 2) != 0) + msg_info("mapping DSN status %s into %s status %c%s", + status, reply_class, status[0], result + 1); + return (result); + } else { + return (status); + } +} diff --git a/postfix/src/smtpd/smtpd_dsn_fix.h b/postfix/src/smtpd/smtpd_dsn_fix.h new file mode 100644 index 000000000..fa9a4450f --- /dev/null +++ b/postfix/src/smtpd/smtpd_dsn_fix.h @@ -0,0 +1,35 @@ +/*++ +/* NAME +/* smtpd_check 3h +/* SUMMARY +/* SMTP client request filtering +/* SYNOPSIS +/* #include "smtpd.h" +/* #include "smtpd_check_int.h" +/* DESCRIPTION +/* .nf + + /* + * Internal interface. + */ +#define SMTPD_NAME_CLIENT "Client host" +#define SMTPD_NAME_CCERT "Client certificate" +#define SMTPD_NAME_HELO "Helo command" +#define SMTPD_NAME_SENDER "Sender address" +#define SMTPD_NAME_RECIPIENT "Recipient address" +#define SMTPD_NAME_ETRN "Etrn command" +#define SMTPD_NAME_DATA "Data command" +#define SMTPD_NAME_EOD "End-of-data" + +extern const char *smtpd_dsn_fix(const char *, const char *); + +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/*--*/ diff --git a/postfix/src/smtpd/smtpd_exp.ref b/postfix/src/smtpd/smtpd_exp.ref index c04381ba8..75b6c84f3 100644 --- a/postfix/src/smtpd/smtpd_exp.ref +++ b/postfix/src/smtpd/smtpd_exp.ref @@ -107,8 +107,8 @@ OK >>> mail sname@sdomain OK >>> rcpt rname@rdomain -./smtpd_check: : reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 Service unavailable; Helo command [example.tld] blocked using abuse.rfc-ignorant.org; Not supporting abuse@domain; from= to= proto=SMTP helo= -554 5.7.1 Service unavailable; Helo command [example.tld] blocked using abuse.rfc-ignorant.org; Not supporting abuse@domain +./smtpd_check: : reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 Service unavailable; Helo command [example.tld] blocked using abuse.rfc-ignorant.org; Not supporting abuse@example.tld; from= to= proto=SMTP helo= +554 5.7.1 Service unavailable; Helo command [example.tld] blocked using abuse.rfc-ignorant.org; Not supporting abuse@example.tld >>> # >>> # Check MX access >>> # diff --git a/postfix/src/smtpd/smtpd_token.c b/postfix/src/smtpd/smtpd_token.c index 66bc6bc9c..d45408132 100644 --- a/postfix/src/smtpd/smtpd_token.c +++ b/postfix/src/smtpd/smtpd_token.c @@ -222,6 +222,7 @@ int main(int unused_argc, char **unused_argv) vstream_printf("Token value: %s\n", tok_argv[i].strval); } } + vstring_free(vp); exit(0); } diff --git a/postfix/src/smtpstone/smtp-sink.c b/postfix/src/smtpstone/smtp-sink.c index 3c78678ce..4a6c3d7cd 100644 --- a/postfix/src/smtpstone/smtp-sink.c +++ b/postfix/src/smtpstone/smtp-sink.c @@ -27,6 +27,8 @@ /* .IP \fB-6\fR /* Support IPv6 only. This option is not available when /* Postfix is built without IPv6 support. +/* .IP \fB-8\fR +/* Do not announce 8BITMIME support. /* .IP \fB-a\fR /* Do not announce SASL authentication support. /* .IP \fB-c\fR @@ -74,8 +76,6 @@ /* Show the SMTP conversations. /* .IP "\fB-w \fIdelay\fR" /* Wait \fIdelay\fR seconds before responding to a DATA command. -/* .IP \fB-8\fR -/* Do not announce 8BITMIME support. /* .IP [\fBinet:\fR][\fIhost\fR]:\fIport\fR /* Listen on network interface \fIhost\fR (default: any interface) /* TCP port \fIport\fR. Both \fIhost\fR and \fIport\fR may be @@ -675,7 +675,7 @@ static void connect_event(int unused_event, char *context) static void usage(char *myname) { - msg_fatal("usage: %s [-acCeFLpPv8] [-f commands] [-h hostname] [-n count] [-q commands] [-r commands] [-s commands] [-w delay] [host]:port backlog", myname); + msg_fatal("usage: %s [-468acCeEFLpPv] [-f commands] [-h hostname] [-n count] [-q commands] [-r commands] [-s commands] [-w delay] [host]:port backlog", myname); } int main(int argc, char **argv) @@ -694,7 +694,7 @@ int main(int argc, char **argv) /* * Parse JCL. */ - while ((ch = GETOPT(argc, argv, "46acCeEf:Fh:Ln:pPq:r:s:t:vw:8")) > 0) { + while ((ch = GETOPT(argc, argv, "468acCeEf:Fh:Ln:pPq:r:s:t:vw:")) > 0) { switch (ch) { case '4': protocols = INET_PROTO_NAME_IPV4; @@ -702,6 +702,9 @@ int main(int argc, char **argv) case '6': protocols = INET_PROTO_NAME_IPV6; break; + case '8': + disable_8bitmime = 1; + break; case 'a': disable_saslauth = 1; break; @@ -765,9 +768,6 @@ int main(int argc, char **argv) if ((fixed_delay = atoi(optarg)) <= 0) usage(argv[0]); break; - case '8': - disable_8bitmime = 1; - break; default: usage(argv[0]); } diff --git a/postfix/src/tls/Makefile.in b/postfix/src/tls/Makefile.in index 442de65f0..92d15c755 100644 --- a/postfix/src/tls/Makefile.in +++ b/postfix/src/tls/Makefile.in @@ -130,6 +130,7 @@ tls_mgr.o: tls_mgr.c tls_mgr.o: tls_mgr.h tls_misc.o: ../../include/msg.h tls_misc.o: ../../include/mymalloc.h +tls_misc.o: ../../include/stringops.h tls_misc.o: ../../include/sys_defs.h tls_misc.o: ../../include/vbuf.h tls_misc.o: ../../include/vstream.h diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in index 1548a1ade..28b79cd66 100644 --- a/postfix/src/util/Makefile.in +++ b/postfix/src/util/Makefile.in @@ -965,6 +965,7 @@ fullname.o: safe.h fullname.o: sys_defs.h fullname.o: vbuf.h fullname.o: vstring.h +gccw.o: gccw.c get_domainname.o: get_domainname.c get_domainname.o: get_domainname.h get_domainname.o: get_hostname.h -- 2.47.3