mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 13:48:06 +00:00
Code Issues Releases Wiki Activity

snapshot-20000529

Browse Source
This commit is contained in:
Wietse Venema
2000-05-29 00:00:00 +00:00
parent 7da180a864
commit df9542112c
20 changed files with 266 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
postfix/HISTORY
View File

@@ -4009,3 +4009,12 @@ Apologies for any names omitted.
feature uses the same filtering syntax as the header_checks
feature. File: cleanup/cleanup_message.c. See also the
conf/sample-filter.cf file.
20000529
Feature: full content inspection through external software.
This uses existing interfaces for sending and receiving mail
from and to the content inspector. Currently, only the SMTP
server is suitable for receiving inspected mail. Details
in INSPECTION_README. Files: pickup/pickup.c, smtpd/smtpd.c,
qmgr/qmgr_message.c.

77
postfix/INSPECTION_README Normal file
View File

@@ -0,0 +1,77 @@
This is a very first implementation of Postfix content inspection.
It involves an incompatible change to queue file formats. Older
Postfix versions will move the mail aside to the "corrupt" mail
queue subdirectory.
The example uses content inspection software that can receive and
deliver mail via SMTP. At present, Postfix can receive already
inspected mail only via SMTP. In the future it may become possible
to submit already filtered mail via the postdrop command. However,
doing business over SMTP is much less inefficient.
We will set up a content inspector program listening on localhost
port 10025 that receives mail via the SMTP protocol, and that
submits mail back into Postfix via localhost port 10026.
..................................
. Postfix .
------smtpd \ /local-----
. -cleanup->queue- .
-----pickup / ^ | \smtp------
. | v .
. smtpd smtp .
. 10026 | .
......................|...........
^ |
| v
....|............
. | 10025 .
. inspector .
. .
.................
To enable content inspection in this manner, specify in main.cf a
new parameter:
/etc/postfix/main.cf:
content_inspector = smtp:localhost:10025
This causes Postfix to add one extra content inspection record to
each incoming mail message, with content smtp:localhost:10025.
You can use the same syntax as in the right-hand side of a Postfix
transport table. The content inspection records are added by the
smtpd and pickup servers.
When a queue file has content inspection information, the queue
manager will deliver the mail to the specified content inspector
regardless of its final destination.
Setting up the content inspector could be done with the Postfix
spawn service, to instantiate up to 10 processes on demand:
/etc/postfix/master.cf:
localhost:10025 inet - n n - 10 spawn
user=inspect argv=/some/where/inspect localhost 10026
The spawn server is part of Postfix but is not installed by default.
Edit the top-level Makefile.in file, run "make makefiles", "make",
and "make install".
The /some/where/inspect command is most likely a PERL script. PERL
has modules that make talking SMTP easy. The command-line specifies
that mail shouldbe sent back into Postfix via localhost port 10026.
The job of the content inspector is to either bounce mail with a
suitable diagnostic, or to feed the mail back into Postfix through
a dedicated listener on port localhost 10026:
/etc/postfix/master.cf:
localhost:10026 inet n - n - 0 smtpd
-o content_inspector= myhostname=localhost.domain.name
This is just another SMTP server. It is configured NOT to request
content inspection for incoming mail, has no process limit (so
Postfix will not deadlock), and is configured to use a different
hostname in the greeting message (this is necessary for testing
when I simply use no inspector program and let the SMTP content
inspection interfaces talk directly to each other).

22
postfix/RELEASE_NOTES
View File

@@ -1,4 +1,24 @@
Major changes with snapshot-20000526
Incompatible changes with snapshot-20000529
===========================================
This version introduces an incompatible queue file format change
when content inspection is enabled. Old Postfix queue files will
work fine, but new queue files will not work with old Postfix
versions. They log a warning and move incompatible queue files to
the "corrupt" mail queue subdirectory.
Major changes with snapshot-20000529
====================================
This version introduces full content inspection through an external
process. This involves an incompatible change in queue file format.
Mail is delivered to content inspection software via an existing
mail delivery agent, and is re-injected into Postfix via an existing
mail submission agent. Presently, only the Postfix SMTP server is
suitable for receiving already inspected mail. Details in the
INSPECTION_README file.
Major changes with snapshot-20000528
====================================
Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick

4
postfix/SASL_README
View File

@@ -137,8 +137,8 @@ Enabling SASL authentication in the Postfix SMTP client
Turn on client-side SASL authentication, and specify a table with
per-host or per-destination username and password information.
Postfix first looks up the server hostname; if no entry is found,
then Postfix looks up the destination domain name (the address
remote part).
then Postfix looks up the destination domain name (usually, the
remote part of an email address).
/etc/postfix/main.cf:
smtp_sasl_auth_enable = yes

9
postfix/conf/sample-filter.cf
View File

@@ -11,12 +11,15 @@
# When a pattern matches, and the associated action is REJECT, the
# entire message is rejected.
#
# These patterns do not apply to MIME headers in the message body.
#
header_checks = regexp:/etc/postfix/header_checks
# The body_checks parameter specifies an optional table with patterns
# that each physical non-header line is matched against (including
# MIME headers inside the message body). Lines are matched one at
# a time. Long lines are matched in chunks of at most $line_length_limit
# that each physical line in the message body is matched against
# (including MIME headers inside the message body - Postfix does not
# recognize multi-line MIME headers). Lines are matched one at a
# time. Long lines are matched in chunks of at most $line_length_limit
# characters. Patterns are matched in the specified order, and the
# search stops upon the first match. When a pattern matches, and
# the associated action is REJECT, the entire message is rejected.

8
postfix/global/mail_params.h
View File

@@ -1045,6 +1045,14 @@ extern bool var_allow_min_user;
extern void mail_params_init(void);
/*
* Content inspection transport. The things we have to do because some
* over-paid peecee programmers could not do a proper job.
*/
#define VAR_INSPECT_XPORT "content_inspector"
#define DEF_INSPECT_XPORT ""
extern char *var_inspect_xport;
/* LICENSE
/* .ad
/* .fi

2
postfix/global/mail_version.h
View File

@@ -15,7 +15,7 @@
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "Snapshot-20000528"
#define DEF_MAIL_VERSION "Snapshot-20000529"
extern char *var_mail_version;
/* LICENSE

1
postfix/global/rec_type.c
View File

@@ -43,6 +43,7 @@ REC_TYPE_NAME rec_type_names[] = {
REC_TYPE_SIZE, "message_size",
REC_TYPE_TIME, "time",
REC_TYPE_FULL, "fullname",
REC_TYPE_INSP, "content_inspector",
REC_TYPE_FROM, "sender",
REC_TYPE_DONE, "done",
REC_TYPE_RCPT, "recipient",

3
postfix/global/rec_type.h
View File

@@ -28,6 +28,7 @@
#define REC_TYPE_SIZE 'C' /* first record, created by cleanup */
#define REC_TYPE_TIME 'T' /* time stamp, required */
#define REC_TYPE_FULL 'F' /* full name, optional */
#define REC_TYPE_INSP 'I' /* inspector transport */
#define REC_TYPE_FROM 'S' /* sender, required */
#define REC_TYPE_DONE 'D' /* delivered recipient, optional */
#define REC_TYPE_RCPT 'R' /* todo recipient, optional */
@@ -51,7 +52,7 @@
* record groups. The first member in each set is the record type that
* indicates the end of that record group.
*/
#define REC_TYPE_ENVELOPE "MCTFSDRW"
#define REC_TYPE_ENVELOPE "MCTFISDRW"
#define REC_TYPE_CONTENT "XLN"
#define REC_TYPE_EXTRACT "EDRPre"
#define REC_TYPE_NOEXTRACT "E"

28
postfix/html/pickup.8.html
View File

@@ -47,18 +47,18 @@ PICKUP(8) PICKUP(8)
details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
<b>Content</b> <b>inspection</b> <b>controls</b>
<b>content</b><i>_</i><b>inspector</b>
The name of a mail delivery transport that inspects
mail prior to delivery. This parameter uses the
same syntax as the right-hand side of a Postfix
transport table.
<b>Miscellaneous</b>
<b>always</b><i>_</i><b>bcc</b>
Address to send a copy of each message that enters
the system.
<b>mail</b><i>_</i><b>owner</b>
The process privileges used while not opening a
<b>maildrop</b> file.
<b>queue</b><i>_</i><b>directory</b>
Top-level directory of the Postfix queue.
@@ -71,6 +71,13 @@ PICKUP(8) PICKUP(8)
PICKUP(8) PICKUP(8)
<b>mail</b><i>_</i><b>owner</b>
The process privileges used while not opening a
<b>maildrop</b> file.
<b>queue</b><i>_</i><b>directory</b>
Top-level directory of the Postfix queue.
<b>SEE</b> <b>ALSO</b>
<a href="cleanup.8.html">cleanup(8)</a> message canonicalization
<a href="master.8.html">master(8)</a> process manager
@@ -113,13 +120,6 @@ PICKUP(8) PICKUP(8)

6
postfix/html/smtp.8.html
View File

@@ -155,9 +155,9 @@ SMTP(8) SMTP(8)
support.
<b>smtp</b><i>_</i><b>sasl</b><i>_</i><b>password</b><i>_</i><b>maps</b>
Lookup tables with per-host <i>name</i>:<i>password</i> entries.
No entry for a host means no attempt to authenti-
cate.
Lookup tables with per-host or domain <i>name</i>:<i>password</i>
entries. No entry for a host means no attempt to
authenticate.
<b>smtp</b><i>_</i><b>sasl</b><i>_</i><b>security</b><i>_</i><b>options</b>
Zero or more of the following.

58
postfix/html/smtpd.8.html
View File

@@ -80,6 +80,13 @@ SMTPD(8) SMTPD(8)
For example, allow <a href="http://www.faqs.org/rfcs/rfc822.html">RFC822</a>-style address forms with
comments, like Sendmail does.
<b>Content</b> <b>inspection</b> <b>controls</b>
<b>content</b><i>_</i><b>inspector</b>
The name of a mail delivery transport that inspects
mail prior to delivery. This parameter uses the
same syntax as the right-hand side of a Postfix
transport table.
<b>Authenication</b> <b>controls</b>
<b>enable</b><i>_</i><b>sasl</b><i>_</i><b>authentication</b>
Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
@@ -119,13 +126,6 @@ SMTPD(8) SMTPD(8)
host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
parameter.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
2
@@ -137,6 +137,12 @@ SMTPD(8) SMTPD(8)
SMTPD(8) SMTPD(8)
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
<b>error</b><i>_</i><b>notice</b><i>_</i><b>recipient</b>
Recipient of protocol/policy/resource/software
error notices.
@@ -184,12 +190,6 @@ SMTPD(8) SMTPD(8)
Limit the total size in bytes of a message, includ-
ing on-disk storage for envelope information.
<b>queue</b><i>_</i><b>minfree</b>
Minimal amount of free space in bytes in the queue
file system for the SMTP server to accept any mail
at all.
<b>Tarpitting</b>
@@ -203,6 +203,12 @@ SMTPD(8) SMTPD(8)
SMTPD(8) SMTPD(8)
<b>queue</b><i>_</i><b>minfree</b>
Minimal amount of free space in bytes in the queue
file system for the SMTP server to accept any mail
at all.
<b>Tarpitting</b>
<b>smtpd</b><i>_</i><b>error</b><i>_</i><b>sleep</b><i>_</i><b>time</b>
Time to wait in seconds before sending a 4xx or 5xx
server error response.
@@ -251,12 +257,6 @@ SMTPD(8) SMTPD(8)
Allow untrusted clients to specify addresses with
sender-specified routing. Enabling this opens up
nasty relay loopholes involving trusted backup MX
hosts.
<b>restriction</b><i>_</i><b>classes</b>
Declares the name of zero or more parameters that
contain a list of UCE restrictions. The names of
these parameters can then be used instead of the
@@ -269,6 +269,12 @@ SMTPD(8) SMTPD(8)
SMTPD(8) SMTPD(8)
hosts.
<b>restriction</b><i>_</i><b>classes</b>
Declares the name of zero or more parameters that
contain a list of UCE restrictions. The names of
these parameters can then be used instead of the
restriction lists that they represent.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b>
@@ -318,12 +324,6 @@ SMTPD(8) SMTPD(8)
<a href="master.8.html">master(8)</a> process manager
syslogd(8) system logging
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
software.
5
@@ -335,6 +335,10 @@ SMTPD(8) SMTPD(8)
SMTPD(8) SMTPD(8)
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
Wietse Venema
IBM T.J. Watson Research
@@ -383,10 +387,6 @@ SMTPD(8) SMTPD(8)

6
postfix/man/man8/pickup.8
View File

@@ -56,6 +56,12 @@ The following \fBmain.cf\fR parameters are especially relevant to
this program. See the Postfix \fBmain.cf\fR file for syntax details
and for default values. Use the \fBpostfix reload\fR command after
a configuration change.
.SH "Content inspection controls"
.IP \fBcontent_inspector\fR
The name of a mail delivery transport that inspects mail prior
to delivery.
This parameter uses the same syntax as the right-hand side of
a Postfix transport table.
.SH Miscellaneous
.ad
.fi

2
postfix/man/man8/smtp.8
View File

@@ -117,7 +117,7 @@ Numerical network address to bind to when making a connection.
Enable per-session authentication as per RFC 2554 (SASL).
By default, Postfix is built without SASL support.
.IP \fBsmtp_sasl_password_maps\fR
Lookup tables with per-host \fIname\fR:\fIpassword\fR entries.
Lookup tables with per-host or domain \fIname\fR:\fIpassword\fR entries.
No entry for a host means no attempt to authenticate.
.IP \fBsmtp_sasl_security_options\fR
Zero or more of the following.

6
postfix/man/man8/smtpd.8
View File

@@ -75,6 +75,12 @@ a configuration change.
.IP \fBstrict_rfc821_envelopes\fR
Disallow non-RFC 821 style addresses in envelopes. For example,
allow RFC822-style address forms with comments, like Sendmail does.
.SH "Content inspection controls"
.IP \fBcontent_inspector\fR
The name of a mail delivery transport that inspects mail prior
to delivery.
This parameter uses the same syntax as the right-hand side of
a Postfix transport table.
.SH "Authenication controls"
.IP \fBenable_sasl_authentication\fR
Enable per-session authentication as per RFC 2554 (SASL).

16
postfix/pickup/pickup.c
View File

@@ -40,6 +40,12 @@
/* this program. See the Postfix \fBmain.cf\fR file for syntax details
/* and for default values. Use the \fBpostfix reload\fR command after
/* a configuration change.
/* .SH "Content inspection controls"
/* .IP \fBcontent_inspector\fR
/* The name of a mail delivery transport that inspects mail prior
/* to delivery.
/* This parameter uses the same syntax as the right-hand side of
/* a Postfix transport table.
/* .SH Miscellaneous
/* .ad
/* .fi
@@ -106,6 +112,7 @@
/* Application-specific. */
char *var_always_bcc;
char *var_inspect_xport;
/*
* Structure to bundle a bunch of information about a queue file.
@@ -173,6 +180,8 @@ static int copy_segment(VSTREAM *qfile, VSTREAM *cleanup, PICKUP_INFO *info,
info->rcpt = mystrdup(vstring_str(buf));
if (type == REC_TYPE_TIME)
continue;
if (type == REC_TYPE_INSP)
continue;
else {
/*
@@ -223,6 +232,12 @@ static int pickup_copy(VSTREAM *qfile, VSTREAM *cleanup,
*/
rec_fprintf(cleanup, REC_TYPE_TIME, "%ld", (long) info->st.st_mtime);
/*
* Add content inspection transport.
*/
if (*var_inspect_xport)
rec_fprintf(cleanup, REC_TYPE_INSP, "%s", var_inspect_xport);
/*
* Copy the message envelope segment. Allow only those records that we
* expect to see in the envelope section. The envelope segment must
@@ -442,6 +457,7 @@ int main(int argc, char **argv)
{
static CONFIG_STR_TABLE str_table[] = {
VAR_ALWAYS_BCC, DEF_ALWAYS_BCC, &var_always_bcc, 0, 0,
VAR_INSPECT_XPORT, DEF_INSPECT_XPORT, &var_inspect_xport, 0, 0,
0,
};

1
postfix/qmgr/qmgr.h
View File

@@ -229,6 +229,7 @@ struct QMGR_MESSAGE {
char *sender; /* complete address */
char *errors_to; /* error report address */
char *return_receipt; /* confirm receipt address */
char *inspect_xport; /* inspection transport */
long data_size; /* message content size */
long rcpt_offset; /* more recipients here */
QMGR_RCPT_LIST rcpt_list; /* complete addresses */

14
postfix/qmgr/qmgr_message.c
View File

@@ -144,6 +144,7 @@ static QMGR_MESSAGE *qmgr_message_create(const char *queue_name,
message->sender = 0;
message->errors_to = 0;
message->return_receipt = 0;
message->inspect_xport = 0;
message->data_size = 0;
message->warn_offset = 0;
message->warn_time = 0;
@@ -246,6 +247,9 @@ static int qmgr_message_read(QMGR_MESSAGE *message)
} else if (rec_type == REC_TYPE_TIME) {
if (message->arrival_time == 0)
message->arrival_time = atol(start);
} else if (rec_type == REC_TYPE_INSP) {
if (message->inspect_xport == 0)
message->inspect_xport = mystrdup(start);
} else if (rec_type == REC_TYPE_FROM) {
if (message->sender == 0) {
message->sender = mystrdup(start);
@@ -428,6 +432,7 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
char **cpp;
char *domain;
const char *junk;
char *nexthop;
#define STREQ(x,y) (strcasecmp(x,y) == 0)
#define STR vstring_str
@@ -457,9 +462,14 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
* result address may differ from the one specified by the sender.
*/
resolve_clnt_query(recipient->address, &reply);
if (message->inspect_xport) {
vstring_strcpy(reply.transport, message->inspect_xport);
if ((nexthop = split_at(STR(reply.transport), ':')) != 0)
vstring_strcpy(reply.nexthop, nexthop);
} else {
if (!STREQ(recipient->address, STR(reply.recipient)))
UPDATE(recipient->address, STR(reply.recipient));
}
/*
* Bounce recipients that have moved. We do it here instead of in the
@@ -692,6 +702,8 @@ void qmgr_message_free(QMGR_MESSAGE *message)
myfree(message->errors_to);
if (message->return_receipt)
myfree(message->return_receipt);
if (message->inspect_xport)
myfree(message->inspect_xport);
qmgr_rcpt_list_free(&message->rcpt_list);
qmgr_message_count--;
myfree((char *) message);

2
postfix/smtp/smtp.c
View File

@@ -101,7 +101,7 @@
/* Enable per-session authentication as per RFC 2554 (SASL).
/* By default, Postfix is built without SASL support.
/* .IP \fBsmtp_sasl_password_maps\fR
/* Lookup tables with per-host \fIname\fR:\fIpassword\fR entries.
/* Lookup tables with per-host or domain \fIname\fR:\fIpassword\fR entries.
/* No entry for a host means no attempt to authenticate.
/* .IP \fBsmtp_sasl_security_options\fR
/* Zero or more of the following.

10
postfix/smtpd/smtpd.c
View File

@@ -59,6 +59,12 @@
/* .IP \fBstrict_rfc821_envelopes\fR
/* Disallow non-RFC 821 style addresses in envelopes. For example,
/* allow RFC822-style address forms with comments, like Sendmail does.
/* .SH "Content inspection controls"
/* .IP \fBcontent_inspector\fR
/* The name of a mail delivery transport that inspects mail prior
/* to delivery.
/* This parameter uses the same syntax as the right-hand side of
/* a Postfix transport table.
/* .SH "Authenication controls"
/* .IP \fBenable_sasl_authentication\fR
/* Enable per-session authentication as per RFC 2554 (SASL).
@@ -335,6 +341,7 @@ int var_smtpd_junk_cmd_limit;
bool var_smtpd_sasl_enable;
char *var_smtpd_sasl_opts;
char *var_smtpd_sasl_realm;
char *var_inspect_xport;
/*
* Global state, for stand-alone mode queue file cleanup. When this is
@@ -660,6 +667,8 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
*/
rec_fprintf(state->cleanup, REC_TYPE_TIME, "%ld",
(long) time((time_t *) 0));
if (*var_inspect_xport)
rec_fprintf(state->cleanup, REC_TYPE_INSP, "%s", var_inspect_xport);
rec_fputs(state->cleanup, REC_TYPE_FROM, argv[2].strval);
state->sender = mystrdup(argv[2].strval);
smtpd_chat_reply(state, "250 Ok");
@@ -1425,6 +1434,7 @@ int main(int argc, char **argv)
VAR_LOCAL_RCPT_MAPS, DEF_LOCAL_RCPT_MAPS, &var_local_rcpt_maps, 0, 0,
VAR_SMTPD_SASL_OPTS, DEF_SMTPD_SASL_OPTS, &var_smtpd_sasl_opts, 0, 0,
VAR_SMTPD_SASL_REALM, DEF_SMTPD_SASL_REALM, &var_smtpd_sasl_realm, 1, 0,
VAR_INSPECT_XPORT, DEF_INSPECT_XPORT, &var_inspect_xport, 0, 0,
0,
};