mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-31 22:25:24 +00:00
Code Issues Releases Wiki Activity

snapshot-20010806

Browse Source
This commit is contained in:
Wietse Venema
2001-08-06 00:00:00 -05:00
committed by Viktor Dukhovni
parent eb91b741af
commit 89867bfc4b
26 changed files with 487 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
postfix/HISTORY
View File

@@ -5405,3 +5405,19 @@ Apologies for any names omitted.
for myhostname, inet_interfaces, and mynetworks_style. for myhostname, inet_interfaces, and mynetworks_style.
This broke the default mynetworks setting calculation. This broke the default mynetworks setting calculation.
File: postconf/postconf.c. File: postconf/postconf.c.
20010803
Feature: masquerade_classes parameter for fine control of
address masquerading. The default setting is backwards
compatible: envelope_sender header_sender header_recipient.
Files: cleanup/whatever.c.
20010806
Bugfix: did not address masquerade the always_bcc recipient
after extracting envelope recipients from message headers.
File: cleanup/cleanup_extracted.c.
Bugfix: did not address masquerade the envelope recipients
extracted from message headers. File: cleanup/cleanup_message.c.

24
postfix/RELEASE_NOTES
View File

@@ -1,17 +1,29 @@
Incompatible changes with snapshot-20010801 Incompatible changes with snapshot-20010802
=========================================== ===========================================
The default setting for the maps_rbl_domains parameter is "empty",
because mail-abuse.org has become a subscription-based service.
The permit_mx_backup feature has changed. It accepts mail only when
the primary MX hosts for the recipient match the networks that are
specified with the new auth_permit_mx_backup configuration parameter.
Postfix will not accept mail when permit_mx_backup is used while
auth_permit_mx_backup is not configured.
The protocol between Postfix master and child processes has changed. The protocol between Postfix master and child processes has changed.
You must stop and start Postfix in order to switch between Snapshot You must stop and start Postfix in order to switch between Snapshot
20010801 and releases that implement the older protocol. 20010801 and releases that implement the older protocol.
Major changes with snapshot-20010801 Major changes with snapshot-20010802
==================================== ====================================
Specify "disable_verp_bounces = yes" to have Postfix send one Specify "disable_verp_bounces = yes" to have Postfix send one
RFC-standard, non-VERP, bounce report for multi-recipient mail, RFC-standard, non-VERP, bounce report for multi-recipient mail,
even when VERP style delivery is requested. even when VERP style delivery is requested.
Fine control over address masquerading. The masquerade_classes
parameter controls header and envelope sender and recipient addresses.
Variable coupling between message receiving rates and message Variable coupling between message receiving rates and message
delivery rates. When the message receiving rate exceeds the message delivery rates. When the message receiving rate exceeds the message
delivery rate, an SMTP server will pause for $in_flow_delay seconds delivery rate, an SMTP server will pause for $in_flow_delay seconds
@@ -20,14 +32,14 @@ a chance catch up and access the disk, while still allowing new
mail to arrive. mail to arrive.
The in_flow_delay feature has effect mainly when your system is The in_flow_delay feature has effect mainly when your system is
being flooded port through a limited number of SMTP connections. being flooded through a limited number of SMTP connections. This
This is also useful for mass-mailing applications, because it avoids is useful for mass-mailing applications, because it eliminates the
the need to hand-tune the rate at which mail is sent into Postfix. need to hand-tune the rate for sending mail into Postfix.
The in_flow_delay feature has negligible effect when mail arrives The in_flow_delay feature has negligible effect when mail arrives
via many different SMTP connections. With the default limit of 50 via many different SMTP connections. With the default limit of 50
SMTP server processes and with the default $in_flow_delay of 1 SMTP server processes and with the default $in_flow_delay of 1
second, total mail inflow is limited to 50 messages per second more second, the mail inflow is limited to 50 messages per second more
than the number of messages that are delivered per second. Many than the number of messages that are delivered per second. Many
systems saturate at values much smaller than 50 messages per second. systems saturate at values much smaller than 50 messages per second.

14
postfix/conf/canonical
View File

@@ -151,6 +151,11 @@
# The network interface addresses that this system # The network interface addresses that this system
# receives mail on. # receives mail on.
# #
# masquerade_classes
# List of address classes subject to masquerading:
# zero or more of envelope_sender, envelope_recipi-
# ent, header_sender, header_recipient.
#
# masquerade_domains # masquerade_domains
# List of domains that hide their subdomain struc- # List of domains that hide their subdomain struc-
# ture. # ture.
@@ -166,17 +171,16 @@
# myorigin # myorigin
# The domain that is appended to locally-posted mail. # The domain that is appended to locally-posted mail.
# #
# 3
#
# CANONICAL(5) CANONICAL(5)
#
# owner_request_special # owner_request_special
# Give special treatment to owner-xxx and xxx-request # Give special treatment to owner-xxx and xxx-request
# addresses. # addresses.
# #
# SEE ALSO # SEE ALSO
# cleanup(8) canonicalize and enqueue mail # cleanup(8) canonicalize and enqueue mail
#
# 3
#
# CANONICAL(5) CANONICAL(5)
#
# postmap(1) create mapping table # postmap(1) create mapping table
# virtual(5) virtual domain mapping # virtual(5) virtual domain mapping
# pcre_table(5) format of PCRE tables # pcre_table(5) format of PCRE tables

5
postfix/conf/master.cf
View File

@@ -84,6 +84,11 @@ error unix - - n - - error
local unix - n n - - local local unix - n n - - local
virtual unix - n n - - virtual virtual unix - n n - - virtual
lmtp unix - - n - - lmtp lmtp unix - - n - - lmtp
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
# The Cyrus deliver program has changed incompatibly.
#
cyrus unix - n n - - pipe cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
uucp unix - n n - - pipe uucp unix - n n - - pipe

24
postfix/conf/pcre_table
View File

@@ -43,13 +43,13 @@
# is `U', which makes matching ungreedy (see PCRE documenta- # is `U', which makes matching ungreedy (see PCRE documenta-
# tion and source for more info). # tion and source for more info).
# #
# Each pattern is applied to the entire string being looked # Each pattern is applied to the entire lookup key string.
# up. Depending on the application, that string is an # Depending on the application, that string is an entire
# entire client hostname, an entire client IP address, or an # client hostname, an entire client IP address, or an entire
# entire mail address. Thus, no parent domain or parent # mail address. Thus, no parent domain or parent network
# network search is done, and user@domain mail addresses are # search is done, and user@domain mail addresses are not
# not broken up into their user and domain constituent # broken up into their user and domain constituent parts,
# parts, nor is user+foo broken up into user and foo. # nor is user+foo broken up into user and foo.
# #
# Patterns are applied in the order as specified in the # Patterns are applied in the order as specified in the
# table, until a pattern is found that matches the search # table, until a pattern is found that matches the search
@@ -59,11 +59,11 @@
# #
# PCRE_TABLE(5) PCRE_TABLE(5) # PCRE_TABLE(5) PCRE_TABLE(5)
# #
# Substitution of sub-strings from the matched expression is # Substitution of substrings from the matched expression
# possible using the conventional perl syntax ($1, $2, # into the result string is possible using the conventional
# etc.). The macros in the replacement string may need to be # perl syntax ($1, $2, etc.). The macros in the result
# written as ${n} or $(n) if they aren't followed by whites- # string may need to be written as ${n} or $(n) if they
# pace. # aren't followed by whitespace.
# #
# EXAMPLES # EXAMPLES
# # Protect your outgoing majordomo exploders # # Protect your outgoing majordomo exploders

22
postfix/conf/regexp_table
View File

@@ -46,13 +46,13 @@
# Other flags are `x' (disable extended expression syntax), # Other flags are `x' (disable extended expression syntax),
# and `m' (enable multi-line mode). # and `m' (enable multi-line mode).
# #
# Each pattern is applied to the entire string being looked # Each pattern is applied to the entire lookup key string.
# up. Depending on the application, that string is an # Depending on the application, that string is an entire
# entire client hostname, an entire client IP address, or an # client hostname, an entire client IP address, or an entire
# entire mail address. Thus, no parent domain or parent # mail address. Thus, no parent domain or parent network
# network search is done, and user@domain mail addresses are # search is done, and user@domain mail addresses are not
# not broken up into their user and domain constituent # broken up into their user and domain constituent parts,
# parts, nor is user+foo broken up into user and foo. # nor is user+foo broken up into user and foo.
# #
# Patterns are applied in the order as specified in the # Patterns are applied in the order as specified in the
# #
@@ -63,10 +63,10 @@
# table, until a pattern is found that matches the search # table, until a pattern is found that matches the search
# string. # string.
# #
# Substitution of sub-strings from the matched expression is # Substitution of substrings from the matched expression
# possible using $1, $2, etc.. The macros in the replacement # into the result string is possible using $1, $2, etc.. The
# string may need to be written as ${n} or $(n) if they # macros in the result string may need to be written as ${n}
# aren't followed by whitespace. # or $(n) if they aren't followed by whitespace.
# #
# EXAMPLES # EXAMPLES
# # Disallow sender-specified routing. This is a must if you relay mail # # Disallow sender-specified routing. This is a must if you relay mail

13
postfix/conf/sample-rewrite.cf
View File

@@ -27,6 +27,19 @@ append_dot_mydomain = yes
# #
empty_address_recipient = MAILER-DAEMON empty_address_recipient = MAILER-DAEMON
# The masquerade_classes parameter controls what addresses are
# subject to address masquerading.
#
# By default, address masquerading is limited to envelope recipient
# addresses, and to header sender and header recipient addresses.
# This allows you to use address masquerading on a mail gateway while
# still being able to forward mail to users on individual machines.
#
# Specify zero or more of: envelope_sender, envelope_recipient,
# header_sender, header_recipient
#
masquerade_classes = envelope_sender, header_sender, header_recipient
# The masquerade_domains parameter gives an optional list of domains # The masquerade_domains parameter gives an optional list of domains
# that must have their subdomain structure stripped off. # that must have their subdomain structure stripped off.
# #

17
postfix/conf/sample-smtpd.cf
View File

@@ -282,7 +282,8 @@ smtpd_sender_restrictions =
# - to destinations matching $relay_domains or subdomain thereof, # - to destinations matching $relay_domains or subdomain thereof,
# except for addresses with sender-specified routing. # except for addresses with sender-specified routing.
# reject_unauth_pipelining: reject mail from improperly pipelining spamware # reject_unauth_pipelining: reject mail from improperly pipelining spamware
# permit_mx_backup: accept mail for sites that list me as MX host. # permit_mx_backup: accept mail for sites whose primary MX hosts
# match the networks specified with auth_mx_backup_networks.
# reject_unknown_recipient_domain: reject domains without A or MX record. # reject_unknown_recipient_domain: reject domains without A or MX record.
# check_recipient_access maptype:mapname # check_recipient_access maptype:mapname
# maptype:mapname: look up recipient address, parent domain, or localpart@. # maptype:mapname: look up recipient address, parent domain, or localpart@.
@@ -309,6 +310,20 @@ smtpd_sender_restrictions =
# #
smtpd_recipient_restrictions = permit_mynetworks,check_relay_domains smtpd_recipient_restrictions = permit_mynetworks,check_relay_domains
# The auth_mx_backup_networks parameter specifies a list of networks
# for which the permit_mx_backup feature (see above) can be used.
#
# By default, auth_mx_backup_networks is empty and no networks are
# authorized to use the permit_mx_backup feature. You can specify
# a complete class A network (X.0.0.0/8), a complete class B network
# (X.X.0.0/16), and so on. If you want stricter control, specify a
# list of network/mask patterns, where the mask specifies the number
# of bits in the network part of a host address. You can also specify
# the absolute pathname of a pattern file instead of listing the
# patterns here.
#
auth_mx_backup_networks =
# #
# ADDITIONAL UCE CONTROLS # ADDITIONAL UCE CONTROLS
# #

5
postfix/html/canonical.5.html
View File

@@ -143,6 +143,11 @@ CANONICAL(5) CANONICAL(5)
The network interface addresses that this system The network interface addresses that this system
receives mail on. receives mail on.
<b>masquerade</b><i>_</i><b>classes</b>
List of address classes subject to masquerading:
zero or more of <b>envelope</b><i>_</i><b>sender</b>, <b>envelope</b><i>_</i><b>recipi-</b>
<b>ent</b>, <b>header</b><i>_</i><b>sender</b>, <b>header</b><i>_</i><b>recipient</b>.
<b>masquerade</b><i>_</i><b>domains</b> <b>masquerade</b><i>_</i><b>domains</b>
List of domains that hide their subdomain struc- List of domains that hide their subdomain struc-
ture. ture.

10
postfix/html/cleanup.8.html
View File

@@ -40,8 +40,9 @@ CLEANUP(8) CLEANUP(8)
and message header addresses (i.e. strip host or and message header addresses (i.e. strip host or
domain information below all domains listed in the domain information below all domains listed in the
<b>masquerade</b><i>_</i><b>domains</b> parameter, except for user names <b>masquerade</b><i>_</i><b>domains</b> parameter, except for user names
listed in <b>masquerade</b><i>_</i><b>exceptions</b>). Address mas- listed in <b>masquerade</b><i>_</i><b>exceptions</b>). By default,
querading does not affect envelope recipients. address masquerading does not affect envelope
recipients.
<b>o</b> Optionally, expand envelope recipients according to <b>o</b> Optionally, expand envelope recipients according to
information found in the <a href="virtual.5.html"><b>virtual</b>(5)</a> lookup tables. information found in the <a href="virtual.5.html"><b>virtual</b>(5)</a> lookup tables.
@@ -112,6 +113,11 @@ CLEANUP(8) CLEANUP(8)
Address mapping lookup table for envelope and Address mapping lookup table for envelope and
header sender addresses. header sender addresses.
<b>masquerade</b><i>_</i><b>classes</b>
List of address classes subject to masquerading:
zero or more of <b>envelope</b><i>_</i><b>sender</b>, <b>envelope</b><i>_</i><b>recipi-</b>
<b>ent</b>, <b>header</b><i>_</i><b>sender</b>, <b>header</b><i>_</i><b>recipient</b>.
<b>masquerade</b><i>_</i><b>domains</b> <b>masquerade</b><i>_</i><b>domains</b>
List of domains that hide their subdomain struc- List of domains that hide their subdomain struc-
ture. ture.

5
postfix/html/faq.html
View File

@@ -1521,7 +1521,10 @@ href="uce.html#reject_unauth_destination">reject_unauth_destination</a>:
reject when the destination is not local. reject when the destination is not local.
<li> <a href="uce.html#permit_mx_backup">permit_mx_backup</a>: <li> <a href="uce.html#permit_mx_backup">permit_mx_backup</a>:
reject when the destination is not local. permit if the local system is listed as MX host for the recipient
domain, provided that the primary MX host for the recipient domain
is within the networks specified with <a
href="uce.html#auth_mx_backup_networks">auth_mx_backup_networks</a>.
<li> Other UCE restrictions (e.g., SMTPD access maps) are not aware <li> Other UCE restrictions (e.g., SMTPD access maps) are not aware
of sender-provided routing information. of sender-provided routing information.

26
postfix/html/rewrite.html
View File

@@ -226,7 +226,7 @@ send mail to the those ugly address without creating a mailer loop.
<a name="masquerade"> <h2> Address masquerading</h2> <a name="masquerade"> <h2> Address masquerading</h2>
Address masquerading is a method to hide all hosts below a domain Address masquerading is a method to hide all hosts inside a domain
behind their mail gateway, and to make it appear as if the mail behind their mail gateway, and to make it appear as if the mail
comes from the gateway itself, instead of from individual machines. comes from the gateway itself, instead of from individual machines.
@@ -267,8 +267,28 @@ For example,
By default, Postfix makes no exceptions. By default, Postfix makes no exceptions.
<p> <p>
Subtle point: address masquerading is applied only to message Subtle point: by default, address masquerading is applied only to
headers and envelope sender addresses, not to envelope recipients. message headers and to envelope sender addresses, but not to envelope
recipients. This allows you to use address masquerading on a mail
gateway machine, while still being able to forward mail from outside
to users on individual machines.
<p>
In order to subject envelope recipient addresses to masquerading,
too, specify (only available with Postfix versions after 20010802):
<dl>
<dd><b>masquerade_classes = envelope_sender, envelope_recipient,
header_sender, header_recipient</b>
</dl>
<p>
If you do this, Postfix will no longer be able to send mail to
individual machines.
<a name="virtual"> <h2> Virtual address mapping</h2> <a name="virtual"> <h2> Virtual address mapping</h2>

63
postfix/html/uce.html
View File

@@ -722,17 +722,20 @@ code for rejected requests (default: <b>554</b>).
<a name="permit_mx_backup"> <a name="permit_mx_backup">
<dt> <b>permit_mx_backup</b> <dd> Permit the request when the local <dt> <b>permit_mx_backup</b> <dd> Permit the request when the local
mail system is MX host for the resolved destination. This includes mail system is MX host for the resolved destination, provided that
the case that the local mail system is the final destination. the primary MX host is within the networks specified with <a
However, the SMTP server will not forward mail with addresses that href="#auth_mx_backup_networks">auth_mx_backup_networks</a> parameter.
have sender-specified routing information (example: This includes the case that the local mail system is the final
destination. However, the SMTP server will not forward mail with
addresses that have sender-specified routing information (example:
<i>user@elsewhere@domain</i>), <i>user@elsewhere@domain</i>),
<p> <p>
Relevant configuration parameters: <a href="basic.html#mydestination"> Relevant configuration parameters: <a
$mydestination</a>, <a href="basic.html#inet_interfaces"> href="#auth_mx_backup_networks">auth_mx_backup_networks</a>, <a
$inet_interfaces</a>. href="basic.html#mydestination"> $mydestination</a>, <a
href="basic.html#inet_interfaces"> $inet_interfaces</a>.
<p> <p>
@@ -966,6 +969,52 @@ to speed up deliveries.
<dl> <dl>
<a name="auth_mx_backup_networks">
<dt> <b>auth_mx_backup_networks</b>
<dd>This parameter specifies the networks that are allowed to
use the <a href="#permit_mx_backup">permit_mx_backup</a>
relay control feature.
<p>
<dl>
<dt>Default:
<dd><b>auth_mx_backup_networks = </b>
<p>
That is, no networks are authorized by default.
<p>
<dt>Syntax:
<dd> Specify a list of network
blocks in CIDR (network/mask) notation, for example:
<p>
<dl>
<dd> <b>auth_mx_backup_networks = 168.100.0.0/16</b>
</dl>
<p>
You can also specify the absolute pathname of a pattern file instead
of listing the patterns in the <b>main.cf</b> file.
</dl>
</dl>
<dl>
<a name="maps_rbl_domains"> <a name="maps_rbl_domains">
<dt> <b>maps_rbl_domains</b> <dt> <b>maps_rbl_domains</b>

4
postfix/man/man5/canonical.5
View File

@@ -139,6 +139,10 @@ addresses.
Other parameters of interest: Other parameters of interest:
.IP \fBinet_interfaces\fR .IP \fBinet_interfaces\fR
The network interface addresses that this system receives mail on. The network interface addresses that this system receives mail on.
.IP \fBmasquerade_classes\fR
List of address classes subject to masquerading: zero or more of
\fBenvelope_sender\fR, \fBenvelope_recipient\fR, \fBheader_sender\fR,
\fBheader_recipient\fR.
.IP \fBmasquerade_domains\fR .IP \fBmasquerade_domains\fR
List of domains that hide their subdomain structure. List of domains that hide their subdomain structure.
.IP \fBmasquerade_exceptions\fR .IP \fBmasquerade_exceptions\fR

6
postfix/man/man8/cleanup.8
View File

@@ -41,7 +41,7 @@ Optionally, masquerade envelope sender addresses and message
header addresses (i.e. strip host or domain information below header addresses (i.e. strip host or domain information below
all domains listed in the \fBmasquerade_domains\fR parameter, all domains listed in the \fBmasquerade_domains\fR parameter,
except for user names listed in \fBmasquerade_exceptions\fR). except for user names listed in \fBmasquerade_exceptions\fR).
Address masquerading does not affect envelope recipients. By default, address masquerading does not affect envelope recipients.
.IP \(bu .IP \(bu
Optionally, expand envelope recipients according to information Optionally, expand envelope recipients according to information
found in the \fBvirtual\fR(5) lookup tables. found in the \fBvirtual\fR(5) lookup tables.
@@ -108,6 +108,10 @@ addresses.
.IP \fBsender_canonical_maps\fR .IP \fBsender_canonical_maps\fR
Address mapping lookup table for envelope and header sender Address mapping lookup table for envelope and header sender
addresses. addresses.
.IP \fBmasquerade_classes\fR
List of address classes subject to masquerading: zero or
more of \fBenvelope_sender\fR, \fBenvelope_recipient\fR,
\fBheader_sender\fR, \fBheader_recipient\fR.
.IP \fBmasquerade_domains\fR .IP \fBmasquerade_domains\fR
List of domains that hide their subdomain structure. List of domains that hide their subdomain structure.
.IP \fBmasquerade_exceptions\fR .IP \fBmasquerade_exceptions\fR

4
postfix/proto/canonical
View File

@@ -123,6 +123,10 @@
# Other parameters of interest: # Other parameters of interest:
# .IP \fBinet_interfaces\fR # .IP \fBinet_interfaces\fR
# The network interface addresses that this system receives mail on. # The network interface addresses that this system receives mail on.
# .IP \fBmasquerade_classes\fR
# List of address classes subject to masquerading: zero or more of
# \fBenvelope_sender\fR, \fBenvelope_recipient\fR, \fBheader_sender\fR,
# \fBheader_recipient\fR.
# .IP \fBmasquerade_domains\fR # .IP \fBmasquerade_domains\fR
# List of domains that hide their subdomain structure. # List of domains that hide their subdomain structure.
# .IP \fBmasquerade_exceptions\fR # .IP \fBmasquerade_exceptions\fR

6
postfix/src/cleanup/cleanup.c
View File

@@ -35,7 +35,7 @@
/* header addresses (i.e. strip host or domain information below /* header addresses (i.e. strip host or domain information below
/* all domains listed in the \fBmasquerade_domains\fR parameter, /* all domains listed in the \fBmasquerade_domains\fR parameter,
/* except for user names listed in \fBmasquerade_exceptions\fR). /* except for user names listed in \fBmasquerade_exceptions\fR).
/* Address masquerading does not affect envelope recipients. /* By default, address masquerading does not affect envelope recipients.
/* .IP \(bu /* .IP \(bu
/* Optionally, expand envelope recipients according to information /* Optionally, expand envelope recipients according to information
/* found in the \fBvirtual\fR(5) lookup tables. /* found in the \fBvirtual\fR(5) lookup tables.
@@ -94,6 +94,10 @@
/* .IP \fBsender_canonical_maps\fR /* .IP \fBsender_canonical_maps\fR
/* Address mapping lookup table for envelope and header sender /* Address mapping lookup table for envelope and header sender
/* addresses. /* addresses.
/* .IP \fBmasquerade_classes\fR
/* List of address classes subject to masquerading: zero or
/* more of \fBenvelope_sender\fR, \fBenvelope_recipient\fR,
/* \fBheader_sender\fR, \fBheader_recipient\fR.
/* .IP \fBmasquerade_domains\fR /* .IP \fBmasquerade_domains\fR
/* List of domains that hide their subdomain structure. /* List of domains that hide their subdomain structure.
/* .IP \fBmasquerade_exceptions\fR /* .IP \fBmasquerade_exceptions\fR

9
postfix/src/cleanup/cleanup.h
View File

@@ -71,6 +71,15 @@ extern MAPS *cleanup_header_checks;
extern MAPS *cleanup_body_checks; extern MAPS *cleanup_body_checks;
extern MAPS *cleanup_virtual_maps; extern MAPS *cleanup_virtual_maps;
extern ARGV *cleanup_masq_domains; extern ARGV *cleanup_masq_domains;
extern int cleanup_masq_flags;
/*
* Address masquerading fine control.
*/
#define CLEANUP_MASQ_FLAG_ENV_FROM (1<<0) /* envelope sender */
#define CLEANUP_MASQ_FLAG_ENV_RCPT (1<<1) /* envelope recipient */
#define CLEANUP_MASQ_FLAG_HDR_FROM (1<<2) /* header sender */
#define CLEANUP_MASQ_FLAG_HDR_RCPT (1<<3) /* header recipient */
/* /*
* Restrictions on extension propagation. * Restrictions on extension propagation.

6
postfix/src/cleanup/cleanup_envelope.c
View File

@@ -149,7 +149,8 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type, char *buf,
if (cleanup_comm_canon_maps) if (cleanup_comm_canon_maps)
cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps, cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL); cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
if (cleanup_masq_domains) if (cleanup_masq_domains
&& (cleanup_masq_flags & CLEANUP_MASQ_FLAG_ENV_FROM))
cleanup_masquerade_internal(clean_addr, cleanup_masq_domains); cleanup_masquerade_internal(clean_addr, cleanup_masq_domains);
CLEANUP_OUT_BUF(state, type, clean_addr); CLEANUP_OUT_BUF(state, type, clean_addr);
if (state->sender == 0) if (state->sender == 0)
@@ -171,6 +172,9 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type, char *buf,
if (cleanup_comm_canon_maps) if (cleanup_comm_canon_maps)
cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps, cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL); cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
if (cleanup_masq_domains
&& (cleanup_masq_flags & CLEANUP_MASQ_FLAG_ENV_RCPT))
cleanup_masquerade_internal(clean_addr, cleanup_masq_domains);
cleanup_out_recipient(state, STR(clean_addr)); cleanup_out_recipient(state, STR(clean_addr));
if (state->recip == 0) if (state->recip == 0)
state->recip = mystrdup(STR(clean_addr)); state->recip = mystrdup(STR(clean_addr));

16
postfix/src/cleanup/cleanup_extracted.c
View File

@@ -123,6 +123,9 @@ static void cleanup_extracted_process(CLEANUP_STATE *state, int type, char *buf,
if (cleanup_comm_canon_maps) if (cleanup_comm_canon_maps)
cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps, cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL); cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
if (cleanup_masq_domains
&& (cleanup_masq_flags & CLEANUP_MASQ_FLAG_ENV_RCPT))
cleanup_masquerade_internal(clean_addr, cleanup_masq_domains);
cleanup_out_recipient(state, STR(clean_addr)); cleanup_out_recipient(state, STR(clean_addr));
if (state->recip == 0) if (state->recip == 0)
state->recip = mystrdup(STR(clean_addr)); state->recip = mystrdup(STR(clean_addr));
@@ -150,8 +153,8 @@ static void cleanup_extracted_process(CLEANUP_STATE *state, int type, char *buf,
if (rcpt->argc >= var_extra_rcpt_limit) { if (rcpt->argc >= var_extra_rcpt_limit) {
state->errs |= CLEANUP_STAT_ROVFL; state->errs |= CLEANUP_STAT_ROVFL;
} else { } else {
if (*var_always_bcc && rcpt->argv[0]) {
clean_addr = vstring_alloc(100); clean_addr = vstring_alloc(100);
if (*var_always_bcc && rcpt->argv[0]) {
cleanup_rewrite_internal(clean_addr, var_always_bcc); cleanup_rewrite_internal(clean_addr, var_always_bcc);
if (cleanup_rcpt_canon_maps) if (cleanup_rcpt_canon_maps)
cleanup_map11_internal(state, clean_addr, cleanup_rcpt_canon_maps, cleanup_map11_internal(state, clean_addr, cleanup_rcpt_canon_maps,
@@ -160,13 +163,20 @@ static void cleanup_extracted_process(CLEANUP_STATE *state, int type, char *buf,
cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps, cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL); cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
argv_add(rcpt, STR(clean_addr), (char *) 0); argv_add(rcpt, STR(clean_addr), (char *) 0);
vstring_free(clean_addr);
} }
argv_terminate(rcpt); argv_terminate(rcpt);
for (cpp = rcpt->argv; CLEANUP_OUT_OK(state) && *cpp; cpp++) for (cpp = rcpt->argv; CLEANUP_OUT_OK(state) && *cpp; cpp++) {
if (cleanup_masq_domains
&& (cleanup_masq_flags & CLEANUP_MASQ_FLAG_ENV_RCPT)) {
vstring_strcpy(clean_addr, *cpp);
cleanup_masquerade_internal(clean_addr, cleanup_masq_domains);
cleanup_out_recipient(state, STR(clean_addr));
} else
cleanup_out_recipient(state, *cpp); cleanup_out_recipient(state, *cpp);
}
if (rcpt->argv[0]) if (rcpt->argv[0])
state->recip = mystrdup(rcpt->argv[0]); state->recip = mystrdup(rcpt->argv[0]);
vstring_free(clean_addr);
} }
} }

15
postfix/src/cleanup/cleanup_init.c
View File

@@ -69,6 +69,7 @@
#include <msg.h> #include <msg.h>
#include <iostuff.h> #include <iostuff.h>
#include <name_mask.h>
/* Global library. */ /* Global library. */
@@ -106,6 +107,7 @@ char *var_prop_extension; /* propagate unmatched extension */
char *var_always_bcc; /* big brother */ char *var_always_bcc; /* big brother */
int var_extra_rcpt_limit; /* recipient extract limit */ int var_extra_rcpt_limit; /* recipient extract limit */
char *var_rcpt_witheld; /* recipients not disclosed */ char *var_rcpt_witheld; /* recipients not disclosed */
char *var_masq_classes; /* what to masquerade */
CONFIG_INT_TABLE cleanup_int_table[] = { CONFIG_INT_TABLE cleanup_int_table[] = {
VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0, VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0,
@@ -133,6 +135,7 @@ CONFIG_STR_TABLE cleanup_str_table[] = {
VAR_PROP_EXTENSION, DEF_PROP_EXTENSION, &var_prop_extension, 0, 0, VAR_PROP_EXTENSION, DEF_PROP_EXTENSION, &var_prop_extension, 0, 0,
VAR_ALWAYS_BCC, DEF_ALWAYS_BCC, &var_always_bcc, 0, 0, VAR_ALWAYS_BCC, DEF_ALWAYS_BCC, &var_always_bcc, 0, 0,
VAR_RCPT_WITHELD, DEF_RCPT_WITHELD, &var_rcpt_witheld, 1, 0, VAR_RCPT_WITHELD, DEF_RCPT_WITHELD, &var_rcpt_witheld, 1, 0,
VAR_MASQ_CLASSES, DEF_MASQ_CLASSES, &var_masq_classes, 0, 0,
0, 0,
}; };
@@ -146,6 +149,7 @@ MAPS *cleanup_header_checks;
MAPS *cleanup_body_checks; MAPS *cleanup_body_checks;
MAPS *cleanup_virtual_maps; MAPS *cleanup_virtual_maps;
ARGV *cleanup_masq_domains; ARGV *cleanup_masq_domains;
int cleanup_masq_flags;
/* /*
* Address extension propagation restrictions. * Address extension propagation restrictions.
@@ -164,6 +168,14 @@ void cleanup_all(void)
void cleanup_pre_jail(char *unused_name, char **unused_argv) void cleanup_pre_jail(char *unused_name, char **unused_argv)
{ {
static NAME_MASK masq_class_table[] = {
MASQ_CLASS_ENV_FROM, CLEANUP_MASQ_FLAG_ENV_FROM,
MASQ_CLASS_ENV_RCPT, CLEANUP_MASQ_FLAG_ENV_RCPT,
MASQ_CLASS_HDR_FROM, CLEANUP_MASQ_FLAG_HDR_FROM,
MASQ_CLASS_HDR_RCPT, CLEANUP_MASQ_FLAG_HDR_RCPT,
0,
};
if (*var_canonical_maps) if (*var_canonical_maps)
cleanup_comm_canon_maps = cleanup_comm_canon_maps =
maps_create(VAR_CANONICAL_MAPS, var_canonical_maps, DICT_FLAG_LOCK); maps_create(VAR_CANONICAL_MAPS, var_canonical_maps, DICT_FLAG_LOCK);
@@ -186,6 +198,9 @@ void cleanup_pre_jail(char *unused_name, char **unused_argv)
if (*var_body_checks) if (*var_body_checks)
cleanup_body_checks = cleanup_body_checks =
maps_create(VAR_BODY_CHECKS, var_body_checks, DICT_FLAG_LOCK); maps_create(VAR_BODY_CHECKS, var_body_checks, DICT_FLAG_LOCK);
if (*var_masq_classes)
cleanup_masq_flags = name_mask(VAR_MASQ_CLASSES, masq_class_table,
var_masq_classes);
} }
/* cleanup_post_jail - initialize after entering the chroot jail */ /* cleanup_post_jail - initialize after entering the chroot jail */

6
postfix/src/cleanup/cleanup_message.c
View File

@@ -178,7 +178,8 @@ static void cleanup_rewrite_sender(CLEANUP_STATE *state, HEADER_OPTS *hdr_opts)
if (cleanup_comm_canon_maps) if (cleanup_comm_canon_maps)
cleanup_map11_tree(state, *tpp, cleanup_comm_canon_maps, cleanup_map11_tree(state, *tpp, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL); cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
if (cleanup_masq_domains) if (cleanup_masq_domains
&& (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_FROM))
cleanup_masquerade_tree(*tpp, cleanup_masq_domains); cleanup_masquerade_tree(*tpp, cleanup_masq_domains);
if (hdr_opts->type == HDR_FROM && state->from == 0) if (hdr_opts->type == HDR_FROM && state->from == 0)
state->from = cleanup_extract_internal(state->header_buf, *tpp); state->from = cleanup_extract_internal(state->header_buf, *tpp);
@@ -230,7 +231,8 @@ static void cleanup_rewrite_recip(CLEANUP_STATE *state, HEADER_OPTS *hdr_opts)
argv_add(rcpt, vstring_str(state->temp1), (char *) 0); argv_add(rcpt, vstring_str(state->temp1), (char *) 0);
} }
} }
if (cleanup_masq_domains) if (cleanup_masq_domains
&& (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_RCPT))
cleanup_masquerade_tree(*tpp, cleanup_masq_domains); cleanup_masquerade_tree(*tpp, cleanup_masq_domains);
if (hdr_opts->type == HDR_RETURN_RECEIPT_TO && !state->return_receipt) if (hdr_opts->type == HDR_RETURN_RECEIPT_TO && !state->return_receipt)
state->return_receipt = state->return_receipt =

17
postfix/src/global/mail_params.h
View File

@@ -124,6 +124,17 @@ extern char *var_masq_domains;
#define DEF_MASQ_EXCEPTIONS "" #define DEF_MASQ_EXCEPTIONS ""
extern char *var_masq_exceptions; extern char *var_masq_exceptions;
#define MASQ_CLASS_ENV_FROM "envelope_sender"
#define MASQ_CLASS_ENV_RCPT "envelope_recipient"
#define MASQ_CLASS_HDR_FROM "header_sender"
#define MASQ_CLASS_HDR_RCPT "header_recipient"
#define VAR_MASQ_CLASSES "masquerade_classes"
#define DEF_MASQ_CLASSES MASQ_CLASS_ENV_FROM ", " \
MASQ_CLASS_HDR_FROM ", " \
MASQ_CLASS_HDR_RCPT
extern char *var_masq_classes;
/* /*
* Intranet versus internet. * Intranet versus internet.
*/ */
@@ -1111,6 +1122,10 @@ extern int var_relay_code;
#define PERMIT_MX_BACKUP "permit_mx_backup" #define PERMIT_MX_BACKUP "permit_mx_backup"
#define VAR_AUTH_MX_NETWORKS "auth_mx_backup_networks"
#define DEF_AUTH_MX_NETWORKS ""
extern char *var_auth_mx_networks;
#define VAR_ACCESS_MAP_CODE "access_map_reject_code" #define VAR_ACCESS_MAP_CODE "access_map_reject_code"
#define DEF_ACCESS_MAP_CODE 554 #define DEF_ACCESS_MAP_CODE 554
extern int var_access_map_code; extern int var_access_map_code;
@@ -1127,7 +1142,7 @@ extern int var_access_map_code;
extern int var_maps_rbl_code; extern int var_maps_rbl_code;
#define VAR_MAPS_RBL_DOMAINS "maps_rbl_domains" #define VAR_MAPS_RBL_DOMAINS "maps_rbl_domains"
#define DEF_MAPS_RBL_DOMAINS "blackholes.mail-abuse.org" #define DEF_MAPS_RBL_DOMAINS ""
extern char *var_maps_rbl_domains; extern char *var_maps_rbl_domains;
#define VAR_SMTPD_DELAY_REJECT "smtpd_delay_reject" #define VAR_SMTPD_DELAY_REJECT "smtpd_delay_reject"

2
postfix/src/global/mail_version.h
View File

@@ -15,7 +15,7 @@
* Version of this program. * Version of this program.
*/ */
#define VAR_MAIL_VERSION "mail_version" #define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "Snapshot-20010801" #define DEF_MAIL_VERSION "Snapshot-20010806"
extern char *var_mail_version; extern char *var_mail_version;
/* LICENSE /* LICENSE

2
postfix/src/smtpd/smtpd.c
View File

@@ -356,6 +356,7 @@ char *var_smtpd_sasl_opts;
char *var_smtpd_sasl_realm; char *var_smtpd_sasl_realm;
char *var_filter_xport; char *var_filter_xport;
bool var_broken_auth_clients; bool var_broken_auth_clients;
char *var_auth_mx_networks;
/* /*
* Global state, for stand-alone mode queue file cleanup. When this is * Global state, for stand-alone mode queue file cleanup. When this is
@@ -1590,6 +1591,7 @@ int main(int argc, char **argv)
VAR_SMTPD_SASL_OPTS, DEF_SMTPD_SASL_OPTS, &var_smtpd_sasl_opts, 0, 0, VAR_SMTPD_SASL_OPTS, DEF_SMTPD_SASL_OPTS, &var_smtpd_sasl_opts, 0, 0,
VAR_SMTPD_SASL_REALM, DEF_SMTPD_SASL_REALM, &var_smtpd_sasl_realm, 1, 0, VAR_SMTPD_SASL_REALM, DEF_SMTPD_SASL_REALM, &var_smtpd_sasl_realm, 1, 0,
VAR_FILTER_XPORT, DEF_FILTER_XPORT, &var_filter_xport, 0, 0, VAR_FILTER_XPORT, DEF_FILTER_XPORT, &var_filter_xport, 0, 0,
VAR_AUTH_MX_NETWORKS, DEF_AUTH_MX_NETWORKS, &var_auth_mx_networks, 0, 0,
0, 0,
}; };

189
postfix/src/smtpd/smtpd_check.c
View File

@@ -145,9 +145,10 @@
/* Reject the request when the client has already sent the next request /* Reject the request when the client has already sent the next request
/* without being told that the server implements SMTP command pipelining. /* without being told that the server implements SMTP command pipelining.
/* .IP permit_mx_backup /* .IP permit_mx_backup
/* Allow the request when the local mail system is mail exchanger /* Allow the request when all primary MX hosts for the recipient
/* for the recipient domain (this includes the case where the local /* are in the networks specified with the $auth_mx_backup_networks
/* system is the final destination). /* configuration parameter, or when the local system is the final
/* destination.
/* .IP restriction_classes /* .IP restriction_classes
/* Defines a list of parameter names, each parameter being a list /* Defines a list of parameter names, each parameter being a list
/* of restrictions that can be used anywhere a restriction is legal. /* of restrictions that can be used anywhere a restriction is legal.
@@ -307,6 +308,11 @@ static jmp_buf smtpd_check_buf;
#define SMTPD_CHECK_OK 1 /* explicitly permit */ #define SMTPD_CHECK_OK 1 /* explicitly permit */
#define SMTPD_CHECK_REJECT 2 /* explicitly reject */ #define SMTPD_CHECK_REJECT 2 /* explicitly reject */
/*
* XXX For now define SMTPD_CHECK_TRYAGAIN as SMTPD_CHECK_OK.
*/
#define SMTPD_CHECK_TRYAGAIN 1 /* return 4xx try again */
/* /*
* Intermediate results. These are static to avoid unnecessary stress on the * Intermediate results. These are static to avoid unnecessary stress on the
* memory manager routines. * memory manager routines.
@@ -331,6 +337,7 @@ static MAPS *relocated_maps;
*/ */
static DOMAIN_LIST *relay_domains; static DOMAIN_LIST *relay_domains;
static NAMADR_LIST *mynetworks; static NAMADR_LIST *mynetworks;
static NAMADR_LIST *auth_mx_networks;
/* /*
* Pre-parsed restriction lists. * Pre-parsed restriction lists.
@@ -499,6 +506,7 @@ void smtpd_check_init(void)
*/ */
mynetworks = namadr_list_init(var_mynetworks); mynetworks = namadr_list_init(var_mynetworks);
relay_domains = domain_list_init(var_relay_domains); relay_domains = domain_list_init(var_relay_domains);
auth_mx_networks = namadr_list_init(var_auth_mx_networks);
/* /*
* Pre-parse and pre-open the recipient maps. * Pre-parse and pre-open the recipient maps.
@@ -1014,6 +1022,59 @@ static int reject_unauth_pipelining(SMTPD_STATE *state)
return (SMTPD_CHECK_DUNNO); return (SMTPD_CHECK_DUNNO);
} }
/* all_auth_mx_addr - match host addresses against auth_mx_backup_networks */
static int all_auth_mx_addr(char *host)
{
char *myname = "all_auth_mx_addr";
struct in_addr addr;
DNS_RR *rr;
DNS_RR *addr_list;
int dns_status;
if (msg_verbose)
msg_info("%s: host %s", myname, host);
/*
* If we can't lookup the host, try again.
*/
#define NOPE 0
#define YUP 1
#define TRYAGAIN 2
/*
* Resolve this host into IP addresses, and check if thy are within
* auth_mx_backup_networks
*/
dns_status = dns_lookup(host, T_A, 0, &addr_list, (VSTRING *) 0, (VSTRING *) 0);
if (dns_status != DNS_OK)
return (TRYAGAIN);
for (rr = addr_list; rr != 0; rr = rr->next) {
if (rr->data_len > sizeof(addr)) {
msg_warn("skipping address length %d", rr->data_len);
continue;
}
memcpy((char *) &addr, rr->data, sizeof(addr));
if (msg_verbose)
msg_info("%s: checking: %s", myname, inet_ntoa(addr));
if (!namadr_list_match(auth_mx_networks, host, inet_ntoa(addr))) {
/*
* Reject: IP address not listed in auth_mx_backup_networks.
*/
if (msg_verbose)
msg_info("%s: address %s does not match %s",
myname, inet_ntoa(addr), VAR_AUTH_MX_NETWORKS);
dns_rr_free(addr_list);
return (NOPE);
}
}
dns_rr_free(addr_list);
return (YUP);
}
/* has_my_addr - see if this host name lists one of my network addresses */ /* has_my_addr - see if this host name lists one of my network addresses */
static int has_my_addr(const char *host) static int has_my_addr(const char *host)
@@ -1055,6 +1116,8 @@ static int has_my_addr(const char *host)
return (NOPE); return (NOPE);
} }
#if 0
/* permit_mx_backup - permit use of me as MX backup for recipient domain */ /* permit_mx_backup - permit use of me as MX backup for recipient domain */
static int permit_mx_backup(SMTPD_STATE *state, const char *recipient) static int permit_mx_backup(SMTPD_STATE *state, const char *recipient)
@@ -1117,7 +1180,7 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient)
if (dns_status == DNS_NOTFOUND) if (dns_status == DNS_NOTFOUND)
return (has_my_addr(domain) ? SMTPD_CHECK_OK : SMTPD_CHECK_DUNNO); return (has_my_addr(domain) ? SMTPD_CHECK_OK : SMTPD_CHECK_DUNNO);
if (dns_status != DNS_OK) if (dns_status != DNS_OK)
return (SMTPD_CHECK_OK); return (SMTPD_CHECK_TRYAGAIN);
/* /*
* First, see if we match any of the MX host names listed. Only if no * First, see if we match any of the MX host names listed. Only if no
@@ -1150,6 +1213,122 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient)
return (SMTPD_CHECK_DUNNO); return (SMTPD_CHECK_DUNNO);
} }
#endif
/* permit_auth_mx_backup - relay for authorized networks */
static int permit_auth_mx_backup(SMTPD_STATE *state, const char *recipient)
{
char *myname = "permit_auth_mx_backup";
const RESOLVE_REPLY *reply;
const char *domain;
DNS_RR *mx_list;
DNS_RR *mx;
int dns_status;
int best_pref;
if (msg_verbose)
msg_info("%s: %s", myname, recipient);
/*
* Sanity check.
*/
if (*var_auth_mx_networks == 0) {
msg_warn("The %s feature requires that you specify authorized networks",
PERMIT_MX_BACKUP);
msg_warn("via the %s configuration parameter. See examples",
VAR_AUTH_MX_NETWORKS);
msg_warn("in the %s/sample-smtpd.cf configuration file.",
var_config_dir);
longjmp(smtpd_check_buf, smtpd_check_reject(state, MAIL_ERROR_SOFTWARE,
"%d <%s>: Configuration error in %s",
451, recipient,
VAR_AUTH_MX_NETWORKS));
}
/*
* Resolve the address.
*/
reply = (const RESOLVE_REPLY *)
ctable_locate(smtpd_resolve_cache, recipient);
/*
* If the destination is local, it is acceptable, because we are
* supposedly MX for our own address.
*/
if ((domain = strrchr(CONST_STR(reply->recipient), '@')) == 0)
return (SMTPD_CHECK_OK);
domain += 1;
if (resolve_local(domain)
|| (*var_virtual_maps
&& check_maps_find(state, recipient, virtual_maps, domain, 0))
|| (*var_virt_mailbox_maps
&& check_maps_find(state, recipient, virt_mailbox_maps, domain, 0)))
return (SMTPD_CHECK_OK);
if (msg_verbose)
msg_info("%s: not local: %s", myname, recipient);
/*
* Skip source-routed mail (uncertain destination).
*/
if (var_allow_untrust_route == 0 && (reply->flags & RESOLVE_FLAG_ROUTED))
return (SMTPD_CHECK_DUNNO);
/*
* Skip numerical forms that didn't match the local system.
*/
if (domain[0] == '#'
|| (domain[0] == '[' && domain[strlen(domain) - 1] == ']'))
return (SMTPD_CHECK_DUNNO);
/*
* Look up the list of MX host names for this domain. If no MX host is
* found, perhaps it is a CNAME for the local machine. Clients aren't
* supposed to send CNAMEs in SMTP commands, but it happens anyway.
*/
dns_status = dns_lookup(domain, T_MX, 0, &mx_list,
(VSTRING *) 0, (VSTRING *) 0);
if (dns_status == DNS_NOTFOUND)
return (has_my_addr(domain) ? SMTPD_CHECK_OK : SMTPD_CHECK_DUNNO);
if (dns_status != DNS_OK)
return (SMTPD_CHECK_TRYAGAIN);
/*
* Find the preference of the primary MX hosts.
*/
for (best_pref = 0xffff, mx = mx_list; mx != 0; mx = mx->next)
if (mx->pref < best_pref)
best_pref = mx->pref;
/*
* See if each best MX host has all IP addresses in
* auth_mx_backup_networks.
*/
for (mx = mx_list; mx != 0; mx = mx->next) {
if (mx->pref != best_pref)
continue;
switch (all_auth_mx_addr((char *) mx->data)) {
case NOPE:
dns_rr_free(mx_list);
return (SMTPD_CHECK_DUNNO);
case YUP:
continue;
case TRYAGAIN:
dns_rr_free(mx_list);
return (SMTPD_CHECK_TRYAGAIN);
}
}
/*
* All IP addresses of the best MX hosts are within
* auth_mx_backup_networks.
*/
dns_rr_free(mx_list);
return (SMTPD_CHECK_OK);
}
/* reject_non_fqdn_address - fail if address is not in fqdn form */ /* reject_non_fqdn_address - fail if address is not in fqdn form */
static int reject_non_fqdn_address(SMTPD_STATE *state, char *addr, static int reject_non_fqdn_address(SMTPD_STATE *state, char *addr,
@@ -1808,7 +1987,7 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
SMTPD_NAME_RECIPIENT, def_acl); SMTPD_NAME_RECIPIENT, def_acl);
} else if (strcasecmp(name, PERMIT_MX_BACKUP) == 0) { } else if (strcasecmp(name, PERMIT_MX_BACKUP) == 0) {
if (state->recipient) if (state->recipient)
status = permit_mx_backup(state, state->recipient); status = permit_auth_mx_backup(state, state->recipient);
} else if (strcasecmp(name, PERMIT_AUTH_DEST) == 0) { } else if (strcasecmp(name, PERMIT_AUTH_DEST) == 0) {
if (state->recipient) if (state->recipient)
status = permit_auth_destination(state, state->recipient); status = permit_auth_destination(state, state->recipient);