From a8e8c4d12335a932f8896ec40aafa8e4680663d3 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Wed, 31 May 2000 00:00:00 +0000 Subject: [PATCH] snapshot-20000531 --- postfix/FILTER_README | 205 ++++++++++++++++++++++++++++++++ postfix/HISTORY | 28 +++-- postfix/INSPECTION_README | 77 ------------ postfix/RELEASE_NOTES | 26 ++-- postfix/global/mail_params.h | 9 +- postfix/global/mail_version.h | 2 +- postfix/global/rec_type.c | 1 + postfix/global/rec_type.h | 3 +- postfix/html/pickup.8.html | 16 +-- postfix/html/smtpd.8.html | 102 ++++++++-------- postfix/man/man8/pickup.8 | 6 +- postfix/man/man8/smtpd.8 | 6 +- postfix/nqmgr/qmgr.h | 1 + postfix/nqmgr/qmgr_message.c | 20 +++- postfix/pickup/pickup.c | 16 +-- postfix/qmgr/qmgr.h | 2 +- postfix/qmgr/qmgr_message.c | 22 ++-- postfix/smtpd/smtpd.c | 14 +-- postfix/smtpd/smtpd_sasl_glue.c | 3 +- 19 files changed, 363 insertions(+), 196 deletions(-) create mode 100644 postfix/FILTER_README delete mode 100644 postfix/INSPECTION_README diff --git a/postfix/FILTER_README b/postfix/FILTER_README new file mode 100644 index 000000000..7c2284566 --- /dev/null +++ b/postfix/FILTER_README @@ -0,0 +1,205 @@ +This is a very first implementation of Postfix content filtering. +It involves an incompatible change to queue file formats. Older +Postfix versions will reject mail that needs to be content filtered, +and will move the queue file to the "corrupt" mail queue subdirectory. + +This document describes two approaches to content filtering. + +Simple content filtering example +================================ + +The first example is simpler to set up, but is also more resource +intensive. With the shell script as shown you will lose a factor +of four in Postfix performance for transit mail that arrives and +leaves via SMTP. You will lose another factor in transit performance +for each additional temporary file that is created and deleted in +the process of content filtering. The performance impact is less +for mail that is submitted or delivered locally, because such +deliveries are not as fast as SMTP transit mail. + +The example assumes that only mail arriving via SMTP needs to be +content filtered. + + .................................. + . Postfix . + ------smtpd \ /local----- + . -cleanup->queue- . + -----pickup / \smtp------ + ^ . | . + | . \pipe-----+ + | .................................. | + | | + | | + +------sendmail<-------filter<---------+ + +Create a dedicated local user account called "filter". The user +will never log in, and can be given a "*" password and non-existent +shell and home. + +Create a directory /var/spool/filter that is accessible only to +the "filter" user. This is where the content filtering will store +its temporary files. + +Define a content filtering entry in the Postfix master file: + + /etc/postfix/master.cf: + filter unix - n n - - pipe + user=filter argv=/some/where/filter -f ${sender} -- ${recipient} + +The filter program can start out as a simple shell script like this: + + #!/bin/sh + + # Localize these + INSPECT_DIR=/var/spool/filter + SENDMAIL=/usr/sbin/sendmail + + # Exit codes from + EX_TEMPFAIL=75 + EX_UNAVAILABLE=69 + + cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; } + + # Clean up when done or when aborting. + trap "rm -f in.$$; exit" 0 1 2 3 15 + + cat >in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; } + + # filter queue- . + -----pickup / ^ | \smtp------ + . | v . + . smtpd smtp . + . 10026 | . + ......................|........... + ^ | + | v + ....|............ + . | 10025 . + . filtering . + . . + ................. + +To enable content filtering in this manner, specify in main.cf a +new parameter: + + /etc/postfix/main.cf: + content_filter = smtp:localhost:10025 + +This causes Postfix to add one extra content filtering record to +each incoming mail message, with content smtp:localhost:10025. +You can use the same syntax as in the right-hand side of a Postfix +transport table. The content filtering records are added by the +smtpd and pickup servers. + +When a queue file has content filtering information, the queue +manager will deliver the mail to the specified content filtering +regardless of its final destination. + +The content filtering can be set up with the Postfix spawn service, +which is the Postfix equivalent of inetd. For example, to instantiate +up to 10 content filtering processes on demand: + + /etc/postfix/master.cf: + localhost:10025 inet n n n - 10 spawn + user=filter argv=/some/where/filter localhost 10026 + +"filter" is a dedicated local user account. The user will never +log in, and can be given a "*" password and non-existent shell and +home. + +The spawn server is part of Postfix but is not installed by default. +Edit the top-level Makefile.in file, run "make makefiles", "make", +and "make install". The manual page isn't installed by default, +either. See the spawn.c source file. + +The /some/where/filter command is most likely a PERL script. PERL +has modules that make talking SMTP easy. The command-line specifies +that mail should be sent back into Postfix via localhost port 10026. + +For now, it is left up to the Postfix users to come up with a +PERL/SMTP framework for Postfix content filtering. If done well, +it can be used with other mailers too, which is a nice spin-off. + +The simplest content filtering just copies SMTP commands and data +between its inputs and outputs. If it has a problem, all it has to +do is to reply to an input of `.' with `550 content rejected', and +to disconnect its output side instead of sending `.'. + +The job of the content filtering is to either bounce mail with a +suitable diagnostic, or to feed the mail back into Postfix through +a dedicated listener on port localhost 10026: + + /etc/postfix/master.cf: + localhost:10026 inet n - n - 10 smtpd + -o content_filter= myhostname=localhost.domain.name + +This is just another SMTP server. It is configured NOT to request +content filtering for incoming mail, has the same process limit +as the filter master.cf entry, and is configured to use a different +hostname in the greeting message (this is necessary for testing +when I simply use no filtering program and let the SMTP content +filtering interfaces talk directly to each other). diff --git a/postfix/HISTORY b/postfix/HISTORY index 2169e9c81..69089100b 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -4010,11 +4010,25 @@ Apologies for any names omitted. feature. File: cleanup/cleanup_message.c. See also the conf/sample-filter.cf file. -20000529 +20000530 - Feature: full content inspection through external software. - This uses existing interfaces for sending and receiving mail - from and to the content inspector. Currently, only the SMTP - server is suitable for receiving inspected mail. Details - in INSPECTION_README. Files: pickup/pickup.c, smtpd/smtpd.c, - qmgr/qmgr_message.c. + Feature: full content filtering through external software. + This uses existing interfaces for sending mail to the + external content filter and for injecting it back into + Postfix. Details in FILTER_README. Files: pickup/pickup.c, + smtpd/smtpd.c, qmgr/qmgr_message.c. + +20000531 + + More SASL feedback by Liviu Daia, regarding the use of + authentication realms. File smtpd/smtpd_sasl_glue.c. + + Added a simple shell-script based content filtering example + to the FILTER_README file. + + Content filtering support for nqmgr by Patrik Rak. File: + nqmgr/qmgr_message.c. + + Renamed "content inspection" etc. to "content filtering" + in anticipation of a new hook for content inspection that + only inspects mail without re-injecting it into Postfix. diff --git a/postfix/INSPECTION_README b/postfix/INSPECTION_README deleted file mode 100644 index e9968c185..000000000 --- a/postfix/INSPECTION_README +++ /dev/null @@ -1,77 +0,0 @@ -This is a very first implementation of Postfix content inspection. -It involves an incompatible change to queue file formats. Older -Postfix versions will move the mail aside to the "corrupt" mail -queue subdirectory. - -The example uses content inspection software that can receive and -deliver mail via SMTP. At present, Postfix can receive already -inspected mail only via SMTP. In the future it may become possible -to submit already filtered mail via the postdrop command. However, -doing business over SMTP is much less inefficient. - -We will set up a content inspector program listening on localhost -port 10025 that receives mail via the SMTP protocol, and that -submits mail back into Postfix via localhost port 10026. - - .................................. - . Postfix . - ------smtpd \ /local----- - . -cleanup->queue- . - -----pickup / ^ | \smtp------ - . | v . - . smtpd smtp . - . 10026 | . - ......................|........... - ^ | - | v - ....|............ - . | 10025 . - . inspector . - . . - ................. - -To enable content inspection in this manner, specify in main.cf a -new parameter: - - /etc/postfix/main.cf: - content_inspector = smtp:localhost:10025 - -This causes Postfix to add one extra content inspection record to -each incoming mail message, with content smtp:localhost:10025. -You can use the same syntax as in the right-hand side of a Postfix -transport table. The content inspection records are added by the -smtpd and pickup servers. - -When a queue file has content inspection information, the queue -manager will deliver the mail to the specified content inspector -regardless of its final destination. - -Setting up the content inspector could be done with the Postfix -spawn service, to instantiate up to 10 processes on demand: - - /etc/postfix/master.cf: - localhost:10025 inet - n n - 10 spawn - user=inspect argv=/some/where/inspect localhost 10026 - -The spawn server is part of Postfix but is not installed by default. -Edit the top-level Makefile.in file, run "make makefiles", "make", -and "make install". - -The /some/where/inspect command is most likely a PERL script. PERL -has modules that make talking SMTP easy. The command-line specifies -that mail shouldbe sent back into Postfix via localhost port 10026. - -The job of the content inspector is to either bounce mail with a -suitable diagnostic, or to feed the mail back into Postfix through -a dedicated listener on port localhost 10026: - - /etc/postfix/master.cf: - localhost:10026 inet n - n - 0 smtpd - -o content_inspector= myhostname=localhost.domain.name - -This is just another SMTP server. It is configured NOT to request -content inspection for incoming mail, has no process limit (so -Postfix will not deadlock), and is configured to use a different -hostname in the greeting message (this is necessary for testing -when I simply use no inspector program and let the SMTP content -inspection interfaces talk directly to each other). diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 08047e365..514f443e8 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -1,22 +1,30 @@ +Incompatible changes with snapshot-20000531 +=========================================== + +All references to "content inspection" have been replaced by "content +filtering", in anticipation of hooks for true content inspection +that does not re-inject mail back into Postfix. + Incompatible changes with snapshot-20000529 =========================================== This version introduces an incompatible queue file format change -when content inspection is enabled. Old Postfix queue files will -work fine, but new queue files will not work with old Postfix -versions. They log a warning and move incompatible queue files to -the "corrupt" mail queue subdirectory. +when content filtering is enabled. Old Postfix queue files will +work fine, but new queue files with content filtering info will +not work with old Postfix versions. They log a warning and move +incompatible queue files to the "corrupt" mail queue subdirectory. Major changes with snapshot-20000529 ==================================== -This version introduces full content inspection through an external +This version introduces full content filtering through an external process. This involves an incompatible change in queue file format. -Mail is delivered to content inspection software via an existing +Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing -mail submission agent. Presently, only the Postfix SMTP server is -suitable for receiving already inspected mail. Details in the -INSPECTION_README file. +mail submission agent. See examples in the FILTER_README file. +Depending on how the filter is implemented, you can expect to lose +a factor of 2 to 4 in delivery performance of SMTP transit mail, +more if the content filtering software needs lots of CPU or memory. Major changes with snapshot-20000528 ==================================== diff --git a/postfix/global/mail_params.h b/postfix/global/mail_params.h index a802addf6..94d0dda9f 100644 --- a/postfix/global/mail_params.h +++ b/postfix/global/mail_params.h @@ -1046,12 +1046,11 @@ extern bool var_allow_min_user; extern void mail_params_init(void); /* - * Content inspection transport. The things we have to do because some - * over-paid peecee programmers could not do a proper job. + * Content inspection and filtering. */ -#define VAR_INSPECT_XPORT "content_inspector" -#define DEF_INSPECT_XPORT "" -extern char *var_inspect_xport; +#define VAR_FILTER_XPORT "content_filter" +#define DEF_FILTER_XPORT "" +extern char *var_filter_xport; /* LICENSE /* .ad diff --git a/postfix/global/mail_version.h b/postfix/global/mail_version.h index 56a44ccf6..5ab30414c 100644 --- a/postfix/global/mail_version.h +++ b/postfix/global/mail_version.h @@ -15,7 +15,7 @@ * Version of this program. */ #define VAR_MAIL_VERSION "mail_version" -#define DEF_MAIL_VERSION "Snapshot-20000529" +#define DEF_MAIL_VERSION "Snapshot-20000531" extern char *var_mail_version; /* LICENSE diff --git a/postfix/global/rec_type.c b/postfix/global/rec_type.c index 21684209c..c86a461aa 100644 --- a/postfix/global/rec_type.c +++ b/postfix/global/rec_type.c @@ -44,6 +44,7 @@ REC_TYPE_NAME rec_type_names[] = { REC_TYPE_TIME, "time", REC_TYPE_FULL, "fullname", REC_TYPE_INSP, "content_inspector", + REC_TYPE_FILT, "content_filter", REC_TYPE_FROM, "sender", REC_TYPE_DONE, "done", REC_TYPE_RCPT, "recipient", diff --git a/postfix/global/rec_type.h b/postfix/global/rec_type.h index 135714bfe..4412ee37d 100644 --- a/postfix/global/rec_type.h +++ b/postfix/global/rec_type.h @@ -29,6 +29,7 @@ #define REC_TYPE_TIME 'T' /* time stamp, required */ #define REC_TYPE_FULL 'F' /* full name, optional */ #define REC_TYPE_INSP 'I' /* inspector transport */ +#define REC_TYPE_FILT 'L' /* loop filter transport */ #define REC_TYPE_FROM 'S' /* sender, required */ #define REC_TYPE_DONE 'D' /* delivered recipient, optional */ #define REC_TYPE_RCPT 'R' /* todo recipient, optional */ @@ -52,7 +53,7 @@ * record groups. The first member in each set is the record type that * indicates the end of that record group. */ -#define REC_TYPE_ENVELOPE "MCTFISDRW" +#define REC_TYPE_ENVELOPE "MCTFILSDRW" #define REC_TYPE_CONTENT "XLN" #define REC_TYPE_EXTRACT "EDRPre" #define REC_TYPE_NOEXTRACT "E" diff --git a/postfix/html/pickup.8.html b/postfix/html/pickup.8.html index c372e6cfd..b70e54e76 100644 --- a/postfix/html/pickup.8.html +++ b/postfix/html/pickup.8.html @@ -48,20 +48,20 @@ PICKUP(8) PICKUP(8) command after a configuration change. Content inspection controls - content_inspector - The name of a mail delivery transport that inspects - mail prior to delivery. This parameter uses the - same syntax as the right-hand side of a Postfix + content_filter + The name of a mail delivery transport that filters + mail and that either bounces mail or re-injects the + result back into Postfix. This parameter uses the + same syntax as the right-hand side of a Postfix transport table. Miscellaneous always_bcc - Address to send a copy of each message that enters + Address to send a copy of each message that enters the system. - 1 @@ -72,7 +72,7 @@ PICKUP(8) PICKUP(8) mail_owner - The process privileges used while not opening a + The process privileges used while not opening a maildrop file. queue_directory @@ -84,7 +84,7 @@ PICKUP(8) PICKUP(8) syslogd(8) system logging LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index f0a013531..963aed645 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -81,16 +81,17 @@ SMTPD(8) SMTPD(8) comments, like Sendmail does. Content inspection controls - content_inspector - The name of a mail delivery transport that inspects - mail prior to delivery. This parameter uses the - same syntax as the right-hand side of a Postfix + content_filter + The name of a mail delivery transport that filters + mail and that either bounces mail or re-injects the + result back into Postfix. This parameter uses the + same syntax as the right-hand side of a Postfix transport table. Authenication controls enable_sasl_authentication - Enable per-session authentication as per RFC 2554 - (SASL). This functionality is available only when + Enable per-session authentication as per RFC 2554 + (SASL). This functionality is available only when explicitly selected at program build time and explicitly enabled at runtime. @@ -114,7 +115,7 @@ SMTPD(8) SMTPD(8) Miscellaneous always_bcc - Address to send a copy of each message that enters + Address to send a copy of each message that enters the system. command_directory @@ -122,9 +123,8 @@ SMTPD(8) SMTPD(8) $program_directory). debug_peer_level - Increment in verbose logging level when a remote + Increment in verbose logging level when a remote host matches a pattern in the debug_peer_list - parameter. @@ -137,53 +137,55 @@ SMTPD(8) SMTPD(8) SMTPD(8) SMTPD(8) + parameter. + debug_peer_list - List of domain or network patterns. When a remote - host matches a pattern, increase the verbose log- - ging level by the amount specified in the + List of domain or network patterns. When a remote + host matches a pattern, increase the verbose log- + ging level by the amount specified in the debug_peer_level parameter. error_notice_recipient - Recipient of protocol/policy/resource/software + Recipient of protocol/policy/resource/software error notices. hopcount_limit Limit the number of Received: message headers. local_recipient_maps - List of maps with user names that are local to + List of maps with user names that are local to $myorigin or $inet_interfaces. If this parameter is - defined, then the SMTP server rejects mail for + defined, then the SMTP server rejects mail for unknown local users. notify_classes List of error classes. Of special interest are: - policy When a client violates any policy, mail a + policy When a client violates any policy, mail a transcript of the entire SMTP session to the postmaster. protocol - When a client violates the SMTP protocol or + When a client violates the SMTP protocol or issues an unimplemented command, mail a transcript of the entire SMTP session to the postmaster. smtpd_banner - Text that follows the 220 status code in the SMTP + Text that follows the 220 status code in the SMTP greeting banner. smtpd_recipient_limit - Restrict the number of recipients that the SMTP + Restrict the number of recipients that the SMTP server accepts per message delivery. smtpd_timeout - Limit the time to send a server response and to + Limit the time to send a server response and to receive a client request. Resource controls line_length_limit - Limit the amount of memory in bytes used for the + Limit the amount of memory in bytes used for the handling of partial input lines. message_size_limit @@ -192,8 +194,6 @@ SMTPD(8) SMTPD(8) - - 3 @@ -204,8 +204,8 @@ SMTPD(8) SMTPD(8) queue_minfree - Minimal amount of free space in bytes in the queue - file system for the SMTP server to accept any mail + Minimal amount of free space in bytes in the queue + file system for the SMTP server to accept any mail at all. Tarpitting @@ -215,17 +215,17 @@ SMTPD(8) SMTPD(8) smtpd_soft_error_limit When an SMTP client has made this number of errors, - wait error_count seconds before responding to any + wait error_count seconds before responding to any client request. smtpd_hard_error_limit - Disconnect after a client has made this number of + Disconnect after a client has made this number of errors. smtpd_junk_command_limit Limit the number of times a client can issue a junk - command such as NOOP, VRFY, ETRN or RSET in one - SMTP session before it is penalized with tarpit + command such as NOOP, VRFY, ETRN or RSET in one + SMTP session before it is penalized with tarpit delays. UCE control restrictions @@ -234,19 +234,19 @@ SMTPD(8) SMTPD(8) tem. smtpd_helo_required - Require that clients introduce themselves at the + Require that clients introduce themselves at the beginning of an SMTP session. smtpd_helo_restrictions - Restrict what client hostnames are allowed in HELO + Restrict what client hostnames are allowed in HELO and EHLO commands. smtpd_sender_restrictions - Restrict what sender addresses are allowed in MAIL + Restrict what sender addresses are allowed in MAIL FROM commands. smtpd_recipient_restrictions - Restrict what recipient addresses are allowed in + Restrict what recipient addresses are allowed in RCPT TO commands. smtpd_etrn_restrictions @@ -254,9 +254,9 @@ SMTPD(8) SMTPD(8) mands, and what clients may issue ETRN commands. allow_untrusted_routing - Allow untrusted clients to specify addresses with - sender-specified routing. Enabling this opens up - nasty relay loopholes involving trusted backup MX + Allow untrusted clients to specify addresses with + sender-specified routing. Enabling this opens up + nasty relay loopholes involving trusted backup MX @@ -272,51 +272,51 @@ SMTPD(8) SMTPD(8) hosts. restriction_classes - Declares the name of zero or more parameters that - contain a list of UCE restrictions. The names of - these parameters can then be used instead of the + Declares the name of zero or more parameters that + contain a list of UCE restrictions. The names of + these parameters can then be used instead of the restriction lists that they represent. maps_rbl_domains - List of DNS domains that publish the addresses of + List of DNS domains that publish the addresses of blacklisted hosts. relay_domains - Restrict what domains or networks this mail system + Restrict what domains or networks this mail system will relay mail from or to. UCE control responses access_map_reject_code - Server response when a client violates an access + Server response when a client violates an access database restriction. invalid_hostname_reject_code - Server response when a client violates the + Server response when a client violates the reject_invalid_hostname restriction. maps_rbl_reject_code - Server response when a client violates the + Server response when a client violates the maps_rbl_domains restriction. reject_code - Response code when the client matches a reject + Response code when the client matches a reject restriction. relay_domains_reject_code - Server response when a client attempts to violate + Server response when a client attempts to violate the mail relay policy. unknown_address_reject_code - Server response when a client violates the + Server response when a client violates the reject_unknown_address restriction. unknown_client_reject_code - Server response when a client without address to - name mapping violates the reject_unknown_clients + Server response when a client without address to + name mapping violates the reject_unknown_clients restriction. unknown_hostname_reject_code - Server response when a client violates the + Server response when a client violates the reject_unknown_hostname restriction. SEE ALSO @@ -336,7 +336,7 @@ SMTPD(8) SMTPD(8) LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/man/man8/pickup.8 b/postfix/man/man8/pickup.8 index 9804d9a48..8dfa64b68 100644 --- a/postfix/man/man8/pickup.8 +++ b/postfix/man/man8/pickup.8 @@ -57,9 +57,9 @@ this program. See the Postfix \fBmain.cf\fR file for syntax details and for default values. Use the \fBpostfix reload\fR command after a configuration change. .SH "Content inspection controls" -.IP \fBcontent_inspector\fR -The name of a mail delivery transport that inspects mail prior -to delivery. +.IP \fBcontent_filter\fR +The name of a mail delivery transport that filters mail and that +either bounces mail or re-injects the result back into Postfix. This parameter uses the same syntax as the right-hand side of a Postfix transport table. .SH Miscellaneous diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index dc974dd22..faab87589 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -76,9 +76,9 @@ a configuration change. Disallow non-RFC 821 style addresses in envelopes. For example, allow RFC822-style address forms with comments, like Sendmail does. .SH "Content inspection controls" -.IP \fBcontent_inspector\fR -The name of a mail delivery transport that inspects mail prior -to delivery. +.IP \fBcontent_filter\fR +The name of a mail delivery transport that filters mail and that +either bounces mail or re-injects the result back into Postfix. This parameter uses the same syntax as the right-hand side of a Postfix transport table. .SH "Authenication controls" diff --git a/postfix/nqmgr/qmgr.h b/postfix/nqmgr/qmgr.h index f806ba968..3872ee35f 100644 --- a/postfix/nqmgr/qmgr.h +++ b/postfix/nqmgr/qmgr.h @@ -249,6 +249,7 @@ struct QMGR_MESSAGE { char *sender; /* complete address */ char *errors_to; /* error report address */ char *return_receipt; /* confirm receipt address */ + char *filter_xport; /* inspection transport */ long data_size; /* message content size */ long rcpt_offset; /* more recipients here */ long unread_offset; /* more unread recipients here */ diff --git a/postfix/nqmgr/qmgr_message.c b/postfix/nqmgr/qmgr_message.c index 07a530e86..f40f75c50 100644 --- a/postfix/nqmgr/qmgr_message.c +++ b/postfix/nqmgr/qmgr_message.c @@ -149,6 +149,7 @@ static QMGR_MESSAGE *qmgr_message_create(const char *queue_name, message->sender = 0; message->errors_to = 0; message->return_receipt = 0; + message->filter_xport = 0; message->data_size = 0; message->warn_offset = 0; message->warn_time = 0; @@ -358,6 +359,9 @@ static int qmgr_message_read(QMGR_MESSAGE *message) } else if (rec_type == REC_TYPE_TIME) { if (message->arrival_time == 0) message->arrival_time = atol(start); + } else if (rec_type == REC_TYPE_FILT) { + if (message->filter_xport == 0) + message->filter_xport = mystrdup(start); } else if (rec_type == REC_TYPE_FROM) { if (message->sender == 0) { message->sender = mystrdup(start); @@ -541,6 +545,7 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message) char **cpp; char *domain; const char *junk; + char *nexthop; #define STREQ(x,y) (strcasecmp(x,y) == 0) #define STR vstring_str @@ -570,9 +575,16 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message) * result address may differ from the one specified by the sender. */ resolve_clnt_query(recipient->address, &reply); - if (!STREQ(recipient->address, STR(reply.recipient))) - UPDATE(recipient->address, STR(reply.recipient)); - + if (message->filter_xport) { + vstring_strcpy(reply.transport, message->filter_xport); + if ((nexthop = split_at(STR(reply.transport), ':')) == 0 + || *nexthop == 0) + nexthop = var_myhostname; + vstring_strcpy(reply.nexthop, nexthop); + } else { + if (!STREQ(recipient->address, STR(reply.recipient))) + UPDATE(recipient->address, STR(reply.recipient)); + } /* * Bounce recipients that have moved. We do it here instead of in the @@ -815,6 +827,8 @@ void qmgr_message_free(QMGR_MESSAGE *message) myfree(message->errors_to); if (message->return_receipt) myfree(message->return_receipt); + if (message->filter_xport) + myfree(message->filter_xport); qmgr_rcpt_list_free(&message->rcpt_list); qmgr_message_count--; myfree((char *) message); diff --git a/postfix/pickup/pickup.c b/postfix/pickup/pickup.c index e5b09c956..6a59c2428 100644 --- a/postfix/pickup/pickup.c +++ b/postfix/pickup/pickup.c @@ -41,9 +41,9 @@ /* and for default values. Use the \fBpostfix reload\fR command after /* a configuration change. /* .SH "Content inspection controls" -/* .IP \fBcontent_inspector\fR -/* The name of a mail delivery transport that inspects mail prior -/* to delivery. +/* .IP \fBcontent_filter\fR +/* The name of a mail delivery transport that filters mail and that +/* either bounces mail or re-injects the result back into Postfix. /* This parameter uses the same syntax as the right-hand side of /* a Postfix transport table. /* .SH Miscellaneous @@ -112,7 +112,7 @@ /* Application-specific. */ char *var_always_bcc; -char *var_inspect_xport; +char *var_filter_xport; /* * Structure to bundle a bunch of information about a queue file. @@ -180,7 +180,7 @@ static int copy_segment(VSTREAM *qfile, VSTREAM *cleanup, PICKUP_INFO *info, info->rcpt = mystrdup(vstring_str(buf)); if (type == REC_TYPE_TIME) continue; - if (type == REC_TYPE_INSP) + if (type == REC_TYPE_FILT) continue; else { @@ -235,8 +235,8 @@ static int pickup_copy(VSTREAM *qfile, VSTREAM *cleanup, /* * Add content inspection transport. */ - if (*var_inspect_xport) - rec_fprintf(cleanup, REC_TYPE_INSP, "%s", var_inspect_xport); + if (*var_filter_xport) + rec_fprintf(cleanup, REC_TYPE_FILT, "%s", var_filter_xport); /* * Copy the message envelope segment. Allow only those records that we @@ -457,7 +457,7 @@ int main(int argc, char **argv) { static CONFIG_STR_TABLE str_table[] = { VAR_ALWAYS_BCC, DEF_ALWAYS_BCC, &var_always_bcc, 0, 0, - VAR_INSPECT_XPORT, DEF_INSPECT_XPORT, &var_inspect_xport, 0, 0, + VAR_FILTER_XPORT, DEF_FILTER_XPORT, &var_filter_xport, 0, 0, 0, }; diff --git a/postfix/qmgr/qmgr.h b/postfix/qmgr/qmgr.h index faefcf888..004fd1d91 100644 --- a/postfix/qmgr/qmgr.h +++ b/postfix/qmgr/qmgr.h @@ -229,7 +229,7 @@ struct QMGR_MESSAGE { char *sender; /* complete address */ char *errors_to; /* error report address */ char *return_receipt; /* confirm receipt address */ - char *inspect_xport; /* inspection transport */ + char *filter_xport; /* inspection transport */ long data_size; /* message content size */ long rcpt_offset; /* more recipients here */ QMGR_RCPT_LIST rcpt_list; /* complete addresses */ diff --git a/postfix/qmgr/qmgr_message.c b/postfix/qmgr/qmgr_message.c index 29f5a760f..feb247806 100644 --- a/postfix/qmgr/qmgr_message.c +++ b/postfix/qmgr/qmgr_message.c @@ -144,7 +144,7 @@ static QMGR_MESSAGE *qmgr_message_create(const char *queue_name, message->sender = 0; message->errors_to = 0; message->return_receipt = 0; - message->inspect_xport = 0; + message->filter_xport = 0; message->data_size = 0; message->warn_offset = 0; message->warn_time = 0; @@ -247,9 +247,9 @@ static int qmgr_message_read(QMGR_MESSAGE *message) } else if (rec_type == REC_TYPE_TIME) { if (message->arrival_time == 0) message->arrival_time = atol(start); - } else if (rec_type == REC_TYPE_INSP) { - if (message->inspect_xport == 0) - message->inspect_xport = mystrdup(start); + } else if (rec_type == REC_TYPE_FILT) { + if (message->filter_xport == 0) + message->filter_xport = mystrdup(start); } else if (rec_type == REC_TYPE_FROM) { if (message->sender == 0) { message->sender = mystrdup(start); @@ -462,10 +462,12 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message) * result address may differ from the one specified by the sender. */ resolve_clnt_query(recipient->address, &reply); - if (message->inspect_xport) { - vstring_strcpy(reply.transport, message->inspect_xport); - if ((nexthop = split_at(STR(reply.transport), ':')) != 0) - vstring_strcpy(reply.nexthop, nexthop); + if (message->filter_xport) { + vstring_strcpy(reply.transport, message->filter_xport); + if ((nexthop = split_at(STR(reply.transport), ':')) == 0 + || *nexthop == 0) + nexthop = var_myhostname; + vstring_strcpy(reply.nexthop, nexthop); } else { if (!STREQ(recipient->address, STR(reply.recipient))) UPDATE(recipient->address, STR(reply.recipient)); @@ -702,8 +704,8 @@ void qmgr_message_free(QMGR_MESSAGE *message) myfree(message->errors_to); if (message->return_receipt) myfree(message->return_receipt); - if (message->inspect_xport) - myfree(message->inspect_xport); + if (message->filter_xport) + myfree(message->filter_xport); qmgr_rcpt_list_free(&message->rcpt_list); qmgr_message_count--; myfree((char *) message); diff --git a/postfix/smtpd/smtpd.c b/postfix/smtpd/smtpd.c index ecfde3440..e7fe2d31d 100644 --- a/postfix/smtpd/smtpd.c +++ b/postfix/smtpd/smtpd.c @@ -60,9 +60,9 @@ /* Disallow non-RFC 821 style addresses in envelopes. For example, /* allow RFC822-style address forms with comments, like Sendmail does. /* .SH "Content inspection controls" -/* .IP \fBcontent_inspector\fR -/* The name of a mail delivery transport that inspects mail prior -/* to delivery. +/* .IP \fBcontent_filter\fR +/* The name of a mail delivery transport that filters mail and that +/* either bounces mail or re-injects the result back into Postfix. /* This parameter uses the same syntax as the right-hand side of /* a Postfix transport table. /* .SH "Authenication controls" @@ -341,7 +341,7 @@ int var_smtpd_junk_cmd_limit; bool var_smtpd_sasl_enable; char *var_smtpd_sasl_opts; char *var_smtpd_sasl_realm; -char *var_inspect_xport; +char *var_filter_xport; /* * Global state, for stand-alone mode queue file cleanup. When this is @@ -667,8 +667,8 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) */ rec_fprintf(state->cleanup, REC_TYPE_TIME, "%ld", (long) time((time_t *) 0)); - if (*var_inspect_xport) - rec_fprintf(state->cleanup, REC_TYPE_INSP, "%s", var_inspect_xport); + if (*var_filter_xport) + rec_fprintf(state->cleanup, REC_TYPE_FILT, "%s", var_filter_xport); rec_fputs(state->cleanup, REC_TYPE_FROM, argv[2].strval); state->sender = mystrdup(argv[2].strval); smtpd_chat_reply(state, "250 Ok"); @@ -1434,7 +1434,7 @@ int main(int argc, char **argv) VAR_LOCAL_RCPT_MAPS, DEF_LOCAL_RCPT_MAPS, &var_local_rcpt_maps, 0, 0, VAR_SMTPD_SASL_OPTS, DEF_SMTPD_SASL_OPTS, &var_smtpd_sasl_opts, 0, 0, VAR_SMTPD_SASL_REALM, DEF_SMTPD_SASL_REALM, &var_smtpd_sasl_realm, 1, 0, - VAR_INSPECT_XPORT, DEF_INSPECT_XPORT, &var_inspect_xport, 0, 0, + VAR_FILTER_XPORT, DEF_FILTER_XPORT, &var_filter_xport, 0, 0, 0, }; diff --git a/postfix/smtpd/smtpd_sasl_glue.c b/postfix/smtpd/smtpd_sasl_glue.c index c703e5370..ee2fc55ac 100644 --- a/postfix/smtpd/smtpd_sasl_glue.c +++ b/postfix/smtpd/smtpd_sasl_glue.c @@ -193,11 +193,10 @@ void smtpd_sasl_connect(SMTPD_STATE *state) /* * Set up a new server context for this connection. */ -#define DEFAULT_USER_REALM ((char *) 0) #define NO_SECURITY_LAYERS (0) #define NO_SESSION_CALLBACKS ((sasl_callback_t *) 0) - if (sasl_server_new("smtp", var_smtpd_sasl_realm, DEFAULT_USER_REALM, + if (sasl_server_new("smtp", var_myhostname, var_smtpd_sasl_realm, NO_SESSION_CALLBACKS, NO_SECURITY_LAYERS, &state->sasl_conn) != SASL_OK) msg_fatal("SASL per-connection server initialization");