This qmail-1.03.isp-2013062201.patch is a combination of several
conflicting patches for qmail 1.03, which includes:
qmail-1.03.errno.patch \
qmail-local-sjoelund.patch \
qmail-1.03-0.0.0.0-0.2.patch \ e.g, netqmail-1.06
qmailqueue-patch /
qmail-sendmail-flagf.patch /
qmail-isoc.patch /
qmail-bounce.patch
oversize-dns.patch
qmail-1.03-maildir-uniq.patch
doublebounce-trim.patch
qmail-smtpd-relay-reject
patch-qmail-1.03-rfc2821.diff
nullenvsender-recipcount.patch 1.5 w/ Sami Farin fix
netscape-progress.patch
outgoingip.patch
tarpit.patch
qmail-smtpd-maxrecipients.patch
ext_todo-20030105.patch (silly qmail syndrome)
qmail-smtpd-auth-0.5.10
qmail-1.03-mfcheck.4jk.patch
qmail-smtpd-chkusr-1.0.patch (with several customizations)
qmail-spf-rc5.patch
qregex-20060423.patch
qmail-1.03.originip-field.patch
any-to-cname.patch
(for more information about the above patches, check out www.qmail.org)
and a few customizations:
reject mail when .qmail-user contains "bounce-no-mailbox"
control/smtpauth or SMTPAUTH env variable for presentation of "AUTH LOGIN" during ehlo
control/maxerrors or MAXERRORS env variable for disconnecting evil clients (spammers)
a. ignored if RELAYCLIENT is set
b. defaults to 10 if neither the above are found.
c. in compliance with rfc2821, section 3.9.
qmail-smtpd logging "Too many errors" functionality from above
qmail-smtpd logging bad recipient to
qmail-smtpd logging bad envelope sender domains
qmail-smtpd logging envelope sender domain dns failures
qmail-smtpd logging SPF failures
qmail-smtpd logging no gateways (bad relay or domain not in rcpthosts)
qmail-smtpd logging nullenvsender-recipcount violations
qmail-smtpd sleeping upon a client sending to a bad recipient
(to try to prevent a verifying effect).
qmail-smtpd sleeping upon a SPF failure
(to limit dictionary-style from attacks).
removal of uid/gid switching code from chkusr patch
(since we run as vpopmail/vchkpw for smtp-auth, anyway)
qmail-showctl updating (version,mfcheck,smtpauth,tarpit{count,delay},etc)
conf-spawn set to 255
control/badrdns contains patterns to compare against reverse dns
*********************************************************************
NOTES:
1. you may find the latest version of this qmail patch at:
http://jeremy.kister.net/code/qmail-1.03.isp.patch
2. this patch configures conf-ld and conf-cc to use GNU cc;
if you need otherwise, simply modify conf-ld and conf-cc.
3. be sure to change all references of /home/vpopmail/ to wherever
your vpopmail home directory is. If you do not use vpopmail
5.3.25 or above, this patch is not for you.
4. check TROUBLESHOOTING below, if you are having problems compiling
5. The terms "backscatter, back scatter, backscattering" are becoming
more popular; I'll make mention of them for google.
*********************************************************************
CHANGES:
* 2021091301 - note about gcc compiling
* 2013062201 - upgrade smtp-auth from 0.4.3 to 0.5.10
- remove qmail-smtpd.c.size.diff (rewritten in smtp-auth-0.5.10)
- replace dubious "strlen" in qmail-smtpd.c with str_len
- include string.h in qmail-smtpd.c for strstr (ick! - XXX)
* 2013061001 - Include Jonathan de Boyne Pollard's Any-To-Cname patch
* 2010062801 - don't check badhelo for RELAYCLIENTs
* 2010062001 - removed spf.trusted-forwarder.org suggestion
* 2009020401 - added smtp recipient detection for user@domain via
.qmail-user-default
* 2008040201 - fixed accepting email to non-vpopmail managaged address
* 2008031101 - don't check badrdns for RELAYCLIENTs via smtp-auth
* 2008012101 - fixed allow for .qmail-user-default and user-default
* 2008011901 - respect bounce-no-mailbox in .qmail-user even when
.qmail-default has no bounce-no-mailbox
* 2008011801 - fixed smtp reject for .qmail-user containing
bounce-no-mailbox
* 2007102801 - removed rogue files that should be made at 'make' time
(affecting the ability to compile on some OSs):
compile, make-compile, make-lib, make-makelib, make-load
- updated qmail-showctl version (forgot in 2007101001)
* 2007101001 - max recipients error now gives 452 (as per RFC2821)
* 2007053001 - updated qregex to qregex-20060423.patch
- added reverse DNS pattern matching via control/badrdns
* 2007041801 - smtp rejection if destination user is 'default' and
.qmail-default contains 'bounce-no-mailbox'
- smtp reject if .qmail-user file contains 'bounce-no-mailbox'
- understand .qmail-user-default
* 2006111001 - removed qmail-date-localtime.patch
- set 255 in conf-spawn
* 2006072201 - added qmail-bounce.patch
- added oversize-dns.patch
- added qmail-smtpd-maxrecipients.patch
- added qmail-1.03.originip-field.patch
* 2006012501 - ignored MAXERRORS if RELAYCLIENT is set
* 2005112801 - implemented MAXERRORS variable for kicking evil clients
* 2005053001 - added outgoingip.patch
- updated mfcheck.4jk.patch
* 2005022401 - added tarpit.patch
- updated qmail-spf-rc3 to qmail-spf-rc5.patch
- added qregex-20040725.patch
* 2004073101 - added qmail-spf-rc3.patch
- updated mfcheck.4.patch
* 2004070101 - added patch-qmail-1.03-rfc2821.diff
* 2004062001 - added qmail-1.03-mfcheck.3.patch
* 2004042501 - original version ?
*********************************************************************
TO INSTALL:
Note that this patch makes qmail use vpopmail libraries while
compiling. That [pretty much] means you must have some version of
qmail and vpopmail 5.3.25+ already installed. On a new installation,
this is easiest accomplished by following Life with qmail verbatim,
installing vpopmail, then continuing with these instructions.
lines starting with a tab are commands you're supposed to type.
load http://www.lifewithqmail.org/lwq.html
follow all instructions except for the following:
in section 2.4:
download qmail-1.03 - not netqmail-1.0X.
wget http://cr.yp.to/software/qmail-1.03.tar.gz
[...]
in section 2.5.2, do not use netqmail-1.0X.tar.gz; use qmail-1.03.tar.gz
mv qmail-1.03.tar.gz ucspi-tcp-0.88.tar.gz /usr/local/src
[...]
gunzip qmail-1.03.tar.gz
tar xpf qmail-1.03.tar
patch -d qmail-1.03 < qmail-1.03.isp.patch
echo '20971520' > /var/qmail/control/databytes
echo -e "\n" > /var/qmail/control/doublebounceto
### OPTIONAL, HIGHLY RECOMMENDED BEHAVIOR ###
if you want to reject connections based on reverse dns
(like c-10-8-33-128.dhcp.idx.example.net),
remember to take away the "-H" flag to tcpserver (in the
qmail-smtpd/run file below), and:
echo '[0-9][-\.][0-9][0-9]*[-\.][0-9][0-9]*[-\.][0-9]' >> /var/qmail/control/badrdns
echo 'dhcp[\.\-]' >> /var/qmail/control/badrdns
if you want to change the default number of maximum errors before
a client is disconnected:
echo 10 > /var/qmail/control/maxerrors
if you want to allow more or less than the default 50 maximum
recipients per message at smtp time:
echo 50 > /var/qmail/control/maxrecipients
if you want to specify the IP Address that qmail-remote will use:
(where 10.0.0.10 is the ip address you want to use):
echo '10.0.0.10' > /var/qmail/control/outgoingip
if you want to check that the envelope sender domain is valid:
echo 1 > /var/qmail/control/mfcheck
if you want to enable SMTP AUTH advertising in EHLO:
echo 1 > /var/qmail/control/smtpauth
if you want to implement tarpitting (http://www.palomine.net/qmail/tarpit.html):
echo 30 > /var/qmail/control/tarpitcount
echo 3 > /var/qmail/control/tarpitdelay
if you want to reject spammers from using your ip address in HELO
(where 10.0.0.10 is the public ip address of your machine):
echo '10.0.0.10' > /var/qmail/control/badhelo
echo 'yourmailservername.yourdomainname' >> /var/qmail/control/badhelo
you can edit badhelo and add as many ips or regexs you want. see README.qregex
if you want to change the default maximum bounce size (from 50000 bytes):
echo "50000" > /var/qmail/control/bouncemaxbytes
if you want to parse SPF records (see http://spf.pobox.com/):
echo 3 > /var/qmail/control/spfbehavior
### END OPTIONAL BEHAVIOR ###
then in section 2.5.5,
cd /usr/local/src/qmail-1.03/
(instead of /usr/local/src/netqmail-1.0X/netqmail-1.0X)
and lastly, in section 2.8.2.2, your /service/qmail-smtpd/run script:
#!/bin/sh
QUID=`id -u vpopmail` # remember solaris is /usr/xpg4/bin/id
QGID=`id -g vpopmail`
MAXSMTPD=`head -1 /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QUID" -o -z "$QGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QUID, QGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
sleep 5
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
sleep 5
exit 1
fi
exec /usr/local/bin/softlimit -m 2500000 \
/usr/local/bin/tcpserver -H -R -v -l "$LOCAL" \
-x /etc/tcp.smtp.cdb \
-c "$MAXSMTPD" -u "$QUID" -g "$QGID" \
0 smtp /var/qmail/bin/qmail-smtpd \
/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1
CRYPT TROUBLESHOOTING:
If you're having a problem similar to:
./load qmail-tcpto ip.o now.o open.a lock.a substdio.a error.a str.a fs.a auto_qmail.o
/home/vpopmail/lib/libvpopmail.a(vpopmail.o): In function `mkpasswd3':
/usr/local/src/vpopmail-5.4.4/vpopmail.c:602: undefined reference to `crypt'
/home/vpopmail/lib/libvpopmail.a(vauth.o): In function `vauth_crypt':
/usr/local/src/vpopmail-5.4.4/vauth.c:1118: undefined reference to `crypt'
*** Error code 1
1 error
I've found that if you:
echo "gcc -lcrypt -s" > conf-ld
and then execute make again, it'll compile fine.
Also, newer GCC wants flags in mixed up order. see:
https://bugs.launchpad.net/ubuntu/+source/manpages/+bug/1035996
old: gcc -lcrypt -s qmail-smtpd.c
new: gcc qmail-smtpd.c -lcrypt -s
stupid. so anyway, i did a quick hack by editing the Makefile
and adding "-lcrypt -s" to the end of the qmail-smtpd: section
READ/WRITE TROUBLESHOOTING:
If you're having a problem similar to:
./compile qmail-smtpd.c
In file included from qmail-smtpd.c:57:
/usr/include/unistd.h:356: error: conflicting types for 'read'
readwrite.h:4: error: previous declaration of 'read' was here
/usr/include/unistd.h:356: error: conflicting types for 'read'
readwrite.h:4: error: previous declaration of 'read' was here
/usr/include/unistd.h:370: error: conflicting types for 'write'
readwrite.h:5: error: previous declaration of 'write' was here
/usr/include/unistd.h:370: error: conflicting types for 'write'
readwrite.h:5: error: previous declaration of 'write' was here
qmail-smtpd.c: In function `main':
qmail-smtpd.c:1377: warning: return type of 'main' is not `int'
*** Error code 1
I've found that if you comment out the "read" and "write" definitions
of /usr/include/unistd.h (line 356 and line 370) and then make again,
it'll compile fine. don't forget to uncomment when finished.
EXTRA INFORMATION
I recommend applying and configuring the ucspi-tcp-0.88.isp.patch
to ucspi-tcp, available at:
http://jeremy.kister.net/code/ucspi-tcp-0.88.isp.patch
Looking for a qmail queue management tool? try qmqtool:
http://jeremy.kister.net/code/qmqtool/
Looking for an automatic abuse prevention system? try antiabuse:
http://jeremy.kister.net/code/antiabuse.pl
Jeremy Kister
http://jeremy.kister.net/
######################################################################
diff -ruBN qmail-1.03.org/EXTTODO qmail-1.03/EXTTODO
--- qmail-1.03.org/EXTTODO 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/EXTTODO 2013-06-22 03:03:24.000000000 -0400
@@ -0,0 +1,114 @@
+EXTTODO by Claudio Jeker and
+Andre Oppermann
+(c) 1998,1999,2000,2001,2002 Internet Business Solutions Ltd.
+
+The EXTTODO patch is a part of the qmail-ldap patch.
+This patches for qmail come with NO WARRANTY.
+
+These patches are under the BSD license.
+
+RELEASE: 5. Jan. 2003
+
+EXTTODO:
+======================
+
+TOC:
+ WHAT DOES IT DO
+ INSTALL
+ CONFIG FILES
+ SETUP
+ BIG PICTURE
+
+NEWS:
+
+ This is the first release of the EXTTODO patch.
+
+================================================================================
+
+WHAT DOES IT DO
+
+ The exttodo patch addresses a problem known as the silly qmail (queue)
+ problem. This problem is found only on system with high injection rates.
+
+ qmail with a big local and remote concurrency could deliver a tremendous
+ amount of messages but normally this can not be achieved because qmail-send
+ becomes a bottleneck on those high volumes servers.
+ qmail-send preprocesses all new messages before distributing them for local
+ or remote delivering. In one run qmail-send does one todo run but has the
+ ability to close multiple jobs. Because of this layout qmail-send can not
+ feed all the new available (local/remote) delivery slots and therefor it is
+ not possible to achieve the maximum throughput.
+ This would be a minor problem if one qmail-send run could be done in extreme
+ short time but because of many file system calls (fsync and (un)link) a todo
+ run is expensive and throttles the throughput.
+
+ The exttodo patch tries to solve the problem by moving the todo routine into
+ an external program. This reduces the run time in qmail-send.
+
+ exttodo adds a new program to qmail called qmail-todo. qmail-todo prepares
+ incoming messages for local and remote delivering (by creating info/
+ local/ and remote/ and removing todo/). See also
+ INTERNALS. As next qmail-todo transmits the to qmail-send which will
+ add this message into the priority queue which schedules the message for
+ delivery.
+
+INSTALL
+
+ To enable the exttodo patch you need to define EXTERNAL_TODO while compiling
+ qmail(-ldap) this can be done with the -D flag of cc (e.g. cc -DEXTERNAL_TODO).
+
+ NOTE: the exttodo patch can also be used on qmail systems without the
+ qmail-ldap patch.
+
+================================================================================
+
+CONFIG FILES
+
+ No additional control files are used or needed.
+
+================================================================================
+
+SETUP
+
+ qmail-todo will be started by qmail-start and therefor no additional setup
+ is needed.
+
+ To verify that exttodo is running just check if qmail-todo is running.
+
+================================================================================
+
+BIG PICTURE
+
+ +-------+ +-------+
+ | clean | | clean |
+ +--0-1--+ +--0-1--+ +-----------+
+ trigger ^ | ^ | +->0,1 lspawn |
+ | | v | v / +-----------+
+ +-------+ v +--2-3--+ +--5-6--+ /
+ | | | | 0<--7 1,2<-+
+ | queue |--+--| todo | | send |
+ | | | | 1-->8 3,4<-+
+ +-------+ +-------+ +---0---+ \
+ | \ +-----------+
+ v +->0,1 rspwan |
+ +---0---+ +-----------+
+ | logger|
+ +-------+
+
+Communication between qmail-send and qmail-todo
+
+todo -> send:
+ D[LRB]\0
+ Start delivery for new message with id .
+ the character L, R or B defines the type
+ of delivery, local, remote or both respectively.
+ L\0
+ Dump string to the logger without adding additional \n or similar.
+send -> todo:
+ H Got a SIGHUP reread ~/control/locals and ~/control/virtualdomains
+ X Quit ASAP.
+
+qmail-todo sends "\0" terminated messages whereas qmail-send just send one
+character to qmail-todo.
+
+
diff -ruBN qmail-1.03.org/EXTTODO-INFO qmail-1.03/EXTTODO-INFO
--- qmail-1.03.org/EXTTODO-INFO 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/EXTTODO-INFO 2013-06-22 03:03:24.000000000 -0400
@@ -0,0 +1,11 @@
+Files modified:
+Makefile
+EXTTODO
+FILES
+TARGETS
+qmail-send.c
+qmail-todo.c
+qmail-start.c
+hier.c
+install-big.c
+
diff -ruBN qmail-1.03.org/FILES qmail-1.03/FILES
--- qmail-1.03.org/FILES 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/FILES 2013-06-22 03:03:24.000000000 -0400
@@ -135,6 +135,8 @@
dnsip.c
dnsmxip.c
dnsptr.c
+dnstxt.c
+spfquery.c
hostname.c
ipmeprint.c
tcp-env.c
@@ -335,13 +337,16 @@
byte.h
byte_chr.c
byte_copy.c
+byte_cspn.c
byte_cr.c
byte_diff.c
byte_rchr.c
+byte_rcspn.c
byte_zero.c
str.h
str_chr.c
str_cpy.c
+str_cpyb.c
str_diff.c
str_diffn.c
str_len.c
@@ -401,6 +406,8 @@
date822fmt.c
dns.h
dns.c
+spf.h
+spf.c
trylsock.c
tryrsolv.c
ip.h
@@ -431,3 +438,4 @@
tcp-environ.5
constmap.h
constmap.c
+qmail-todo.c
diff -ruBN qmail-1.03.org/Makefile qmail-1.03/Makefile
--- qmail-1.03.org/Makefile 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/Makefile 2013-06-22 03:03:24.000000000 -0400
@@ -1,5 +1,7 @@
# Don't edit Makefile! Use conf-* for configuration.
+DEFINES=-DEXTERNAL_TODO # use to enable external todo
+
SHELL=/bin/sh
default: it
@@ -136,6 +138,10 @@
compile auto_usera.c
./compile auto_usera.c
+base64.o: \
+compile base64.c base64.h stralloc.h substdio.h str.h
+ ./compile base64.c
+
binm1: \
binm1.sh conf-qmail
cat binm1.sh \
@@ -203,6 +209,10 @@
compile byte_cr.c byte.h
./compile byte_cr.c
+byte_cspn.o: \
+compile byte_cspn.c byte.h
+ ./compile byte_cspn.c
+
byte_diff.o: \
compile byte_diff.c byte.h
./compile byte_diff.c
@@ -211,6 +221,10 @@
compile byte_rchr.c byte.h
./compile byte_rchr.c
+byte_rcspn.o: \
+compile byte_rcspn.c byte.h
+ ./compile byte_rcspn.c
+
byte_zero.o: \
compile byte_zero.c byte.h
./compile byte_zero.c
@@ -263,7 +277,7 @@
cdbmake_add.o
cdbmake_add.o: \
-compile cdbmake_add.c cdbmake.h uint32.h
+compile cdbmake_add.c cdbmake.h alloc.h uint32.h
./compile cdbmake_add.c
cdbmake_hash.o: \
@@ -393,84 +407,96 @@
rm -f trydrent.o
dns.lib: \
-tryrsolv.c compile load socket.lib dns.o ipalloc.o ip.o stralloc.a \
-alloc.a error.a fs.a str.a
+tryrsolv.c compile load socket.lib dns.o ipalloc.o strsalloc.o ip.o \
+stralloc.a alloc.a error.a fs.a str.a
( ( ./compile tryrsolv.c && ./load tryrsolv dns.o \
- ipalloc.o ip.o stralloc.a alloc.a error.a fs.a str.a \
+ ipalloc.o strsalloc.o ip.o stralloc.a alloc.a error.a fs.a str.a \
-lresolv `cat socket.lib` ) >/dev/null 2>&1 \
&& echo -lresolv || exit 0 ) > dns.lib
rm -f tryrsolv.o tryrsolv
dns.o: \
-compile dns.c ip.h ipalloc.h ip.h gen_alloc.h fmt.h alloc.h str.h \
-stralloc.h gen_alloc.h dns.h case.h
+compile dns.c ip.h ipalloc.h strsalloc.h gen_alloc.h fmt.h alloc.h \
+str.h stralloc.h dns.h case.h
./compile dns.c
dnscname: \
-load dnscname.o dns.o dnsdoe.o ip.o ipalloc.o stralloc.a alloc.a \
+load dnscname.o dns.o dnsdoe.o ip.o ipalloc.o strsalloc.o stralloc.a alloc.a \
substdio.a error.a str.a fs.a dns.lib socket.lib
- ./load dnscname dns.o dnsdoe.o ip.o ipalloc.o stralloc.a \
+ ./load dnscname dns.o dnsdoe.o ip.o ipalloc.o strsalloc.o stralloc.a \
alloc.a substdio.a error.a str.a fs.a `cat dns.lib` `cat \
socket.lib`
dnscname.o: \
-compile dnscname.c substdio.h subfd.h substdio.h stralloc.h \
+compile dnscname.c substdio.h subfd.h stralloc.h \
gen_alloc.h dns.h dnsdoe.h readwrite.h exit.h
./compile dnscname.c
dnsdoe.o: \
-compile dnsdoe.c substdio.h subfd.h substdio.h exit.h dns.h dnsdoe.h
+compile dnsdoe.c substdio.h subfd.h exit.h dns.h dnsdoe.h
./compile dnsdoe.c
dnsfq: \
-load dnsfq.o dns.o dnsdoe.o ip.o ipalloc.o stralloc.a alloc.a \
+load dnsfq.o dns.o dnsdoe.o ip.o ipalloc.o strsalloc.o stralloc.a alloc.a \
substdio.a error.a str.a fs.a dns.lib socket.lib
- ./load dnsfq dns.o dnsdoe.o ip.o ipalloc.o stralloc.a \
+ ./load dnsfq dns.o dnsdoe.o ip.o ipalloc.o strsalloc.o stralloc.a \
alloc.a substdio.a error.a str.a fs.a `cat dns.lib` `cat \
socket.lib`
dnsfq.o: \
-compile dnsfq.c substdio.h subfd.h substdio.h stralloc.h gen_alloc.h \
-dns.h dnsdoe.h ip.h ipalloc.h ip.h gen_alloc.h exit.h
+compile dnsfq.c substdio.h subfd.h stralloc.h gen_alloc.h \
+dns.h dnsdoe.h ip.h ipalloc.h strsalloc.h exit.h
./compile dnsfq.c
dnsip: \
-load dnsip.o dns.o dnsdoe.o ip.o ipalloc.o stralloc.a alloc.a \
+load dnsip.o dns.o dnsdoe.o ip.o ipalloc.o strsalloc.o stralloc.a alloc.a \
substdio.a error.a str.a fs.a dns.lib socket.lib
- ./load dnsip dns.o dnsdoe.o ip.o ipalloc.o stralloc.a \
+ ./load dnsip dns.o dnsdoe.o ip.o ipalloc.o strsalloc.o stralloc.a \
alloc.a substdio.a error.a str.a fs.a `cat dns.lib` `cat \
socket.lib`
dnsip.o: \
-compile dnsip.c substdio.h subfd.h substdio.h stralloc.h gen_alloc.h \
-dns.h dnsdoe.h ip.h ipalloc.h ip.h gen_alloc.h exit.h
+compile dnsip.c substdio.h subfd.h stralloc.h gen_alloc.h \
+dns.h dnsdoe.h ip.h ipalloc.h strsalloc.h exit.h
./compile dnsip.c
dnsmxip: \
-load dnsmxip.o dns.o dnsdoe.o ip.o ipalloc.o now.o stralloc.a alloc.a \
-substdio.a error.a str.a fs.a dns.lib socket.lib
- ./load dnsmxip dns.o dnsdoe.o ip.o ipalloc.o now.o \
+load dnsmxip.o dns.o dnsdoe.o ip.o ipalloc.o strsalloc.o now.o stralloc.a \
+alloc.a substdio.a error.a str.a fs.a dns.lib socket.lib
+ ./load dnsmxip dns.o dnsdoe.o ip.o ipalloc.o strsalloc.o now.o \
stralloc.a alloc.a substdio.a error.a str.a fs.a `cat \
dns.lib` `cat socket.lib`
dnsmxip.o: \
-compile dnsmxip.c substdio.h subfd.h substdio.h stralloc.h \
-gen_alloc.h fmt.h dns.h dnsdoe.h ip.h ipalloc.h ip.h gen_alloc.h \
+compile dnsmxip.c substdio.h subfd.h stralloc.h \
+gen_alloc.h fmt.h dns.h dnsdoe.h ip.h ipalloc.h strsalloc.h \
now.h datetime.h exit.h
./compile dnsmxip.c
dnsptr: \
-load dnsptr.o dns.o dnsdoe.o ip.o ipalloc.o stralloc.a alloc.a \
+load dnsptr.o dns.o dnsdoe.o ip.o ipalloc.o strsalloc.o stralloc.a alloc.a \
substdio.a error.a str.a fs.a dns.lib socket.lib
- ./load dnsptr dns.o dnsdoe.o ip.o ipalloc.o stralloc.a \
+ ./load dnsptr dns.o dnsdoe.o ip.o ipalloc.o strsalloc.o stralloc.a \
alloc.a substdio.a error.a str.a fs.a `cat dns.lib` `cat \
socket.lib`
dnsptr.o: \
-compile dnsptr.c substdio.h subfd.h substdio.h stralloc.h gen_alloc.h \
+compile dnsptr.c substdio.h subfd.h stralloc.h gen_alloc.h \
str.h scan.h dns.h dnsdoe.h ip.h exit.h
./compile dnsptr.c
+dnstxt: \
+load dnstxt.o dns.o dnsdoe.o ip.o ipalloc.o strsalloc.o stralloc.a alloc.a \
+substdio.a error.a str.a fs.a dns.lib socket.lib
+ ./load dnstxt dns.o dnsdoe.o ip.o ipalloc.o strsalloc.o stralloc.a \
+ alloc.a substdio.a error.a str.a fs.a `cat dns.lib` `cat \
+ socket.lib`
+
+dnstxt.o: \
+compile dnstxt.c substdio.h subfd.h stralloc.h gen_alloc.h \
+str.h scan.h dns.h dnsdoe.h ip.h exit.h
+ ./compile dnstxt.c
+
dot-qmail.0: \
dot-qmail.5
nroff -man dot-qmail.5 > dot-qmail.0
@@ -703,7 +729,7 @@
hier.o: \
compile hier.c auto_qmail.h auto_split.h auto_uids.h fmt.h fifo.h
- ./compile hier.c
+ ./compile $(DEFINES) hier.c
home: \
home.sh conf-qmail
@@ -755,7 +781,7 @@
install-big.o: \
compile install-big.c auto_qmail.h auto_split.h auto_uids.h fmt.h \
fifo.h
- ./compile install-big.c
+ ./compile $(DEFINES) install-big.c
install.o: \
compile install.c substdio.h strerr.h error.h open.h readwrite.h \
@@ -777,24 +803,24 @@
./compile ip.c
ipalloc.o: \
-compile ipalloc.c alloc.h gen_allocdefs.h ip.h ipalloc.h ip.h \
+compile ipalloc.c alloc.h gen_allocdefs.h ip.h ipalloc.h \
gen_alloc.h
./compile ipalloc.c
ipme.o: \
-compile ipme.c hassalen.h byte.h ip.h ipalloc.h ip.h gen_alloc.h \
-stralloc.h gen_alloc.h ipme.h ip.h ipalloc.h
+compile ipme.c hassalen.h byte.h ip.h ipalloc.h strsalloc.h ip.h gen_alloc.h \
+stralloc.h gen_alloc.h ipme.h ip.h ipalloc.h strsalloc.h
./compile ipme.c
ipmeprint: \
-load ipmeprint.o ipme.o ip.o ipalloc.o stralloc.a alloc.a substdio.a \
-error.a str.a fs.a socket.lib
- ./load ipmeprint ipme.o ip.o ipalloc.o stralloc.a alloc.a \
- substdio.a error.a str.a fs.a `cat socket.lib`
+load ipmeprint.o ipme.o ip.o ipalloc.o strsalloc.o stralloc.a alloc.a \
+substdio.a error.a str.a fs.a socket.lib
+ ./load ipmeprint ipme.o ip.o ipalloc.o strsalloc.o stralloc.a \
+ alloc.a substdio.a error.a str.a fs.a `cat socket.lib`
ipmeprint.o: \
compile ipmeprint.c subfd.h substdio.h substdio.h ip.h ipme.h ip.h \
-ipalloc.h ip.h gen_alloc.h exit.h
+ipalloc.h strsalloc.h ip.h gen_alloc.h exit.h
./compile ipmeprint.c
it: \
@@ -804,11 +830,11 @@
qmail-pw2u qmail-qread qmail-qstat qmail-tcpto qmail-tcpok \
qmail-pop3d qmail-popup qmail-qmqpc qmail-qmqpd qmail-qmtpd \
qmail-smtpd sendmail tcp-env qmail-newmrh config config-fast dnscname \
-dnsptr dnsip dnsmxip dnsfq hostname ipmeprint qreceipt qsmhook qbiff \
+dnsptr dnsip dnsmxip dnsfq dnstxt hostname ipmeprint qreceipt qsmhook qbiff \
forward preline condredirect bouncesaying except maildirmake \
maildir2mbox maildirwatch qail elq pinq idedit install-big install \
instcheck home home+df proc proc+df binm1 binm1+df binm2 binm2+df \
-binm3 binm3+df
+binm3 binm3+df qmail-todo spfquery
load: \
make-load warn-auto.sh systype
@@ -1421,11 +1447,11 @@
qmail-queue: \
load qmail-queue.o triggerpull.o fmtqfn.o now.o date822fmt.o \
datetime.a seek.a ndelay.a open.a sig.a alloc.a substdio.a error.a \
-str.a fs.a auto_qmail.o auto_split.o auto_uids.o
+fs.a auto_qmail.o auto_split.o auto_uids.o env.a str.a
./load qmail-queue triggerpull.o fmtqfn.o now.o \
date822fmt.o datetime.a seek.a ndelay.a open.a sig.a \
- alloc.a substdio.a error.a str.a fs.a auto_qmail.o \
- auto_split.o auto_uids.o
+ alloc.a substdio.a error.a fs.a auto_qmail.o \
+ auto_split.o auto_uids.o env.a str.a
qmail-queue.0: \
qmail-queue.8
@@ -1434,17 +1460,17 @@
qmail-queue.o: \
compile qmail-queue.c readwrite.h sig.h exit.h open.h seek.h fmt.h \
alloc.h substdio.h datetime.h now.h datetime.h triggerpull.h extra.h \
-auto_qmail.h auto_uids.h date822fmt.h fmtqfn.h
+auto_qmail.h auto_uids.h date822fmt.h fmtqfn.h env.h
./compile qmail-queue.c
qmail-remote: \
load qmail-remote.o control.o constmap.o timeoutread.o timeoutwrite.o \
-timeoutconn.o tcpto.o now.o dns.o ip.o ipalloc.o ipme.o quote.o \
+timeoutconn.o tcpto.o now.o dns.o ip.o ipalloc.o strsalloc.o ipme.o quote.o \
ndelay.a case.a sig.a open.a lock.a seek.a getln.a stralloc.a alloc.a \
substdio.a error.a str.a fs.a auto_qmail.o dns.lib socket.lib
./load qmail-remote control.o constmap.o timeoutread.o \
timeoutwrite.o timeoutconn.o tcpto.o now.o dns.o ip.o \
- ipalloc.o ipme.o quote.o ndelay.a case.a sig.a open.a \
+ ipalloc.o strsalloc.o ipme.o quote.o ndelay.a case.a sig.a open.a \
lock.a seek.a getln.a stralloc.a alloc.a substdio.a error.a \
str.a fs.a auto_qmail.o `cat dns.lib` `cat socket.lib`
@@ -1455,7 +1481,7 @@
qmail-remote.o: \
compile qmail-remote.c sig.h stralloc.h gen_alloc.h substdio.h \
subfd.h substdio.h scan.h case.h error.h auto_qmail.h control.h dns.h \
-alloc.h quote.h ip.h ipalloc.h ip.h gen_alloc.h ipme.h ip.h ipalloc.h \
+alloc.h quote.h ip.h ipalloc.h strsalloc.h ip.h gen_alloc.h ipme.h ip.h ipalloc.h strsalloc.h \
gen_alloc.h gen_allocdefs.h str.h now.h datetime.h exit.h constmap.h \
tcpto.h readwrite.h timeoutconn.h timeoutread.h timeoutwrite.h
./compile qmail-remote.c
@@ -1483,12 +1509,12 @@
trigger.o fmtqfn.o quote.o now.o readsubdir.o qmail.o date822fmt.o \
datetime.a case.a ndelay.a getln.a wait.a seek.a fd.a sig.a open.a \
lock.a stralloc.a alloc.a substdio.a error.a str.a fs.a auto_qmail.o \
-auto_split.o
+auto_split.o env.a
./load qmail-send qsutil.o control.o constmap.o newfield.o \
prioq.o trigger.o fmtqfn.o quote.o now.o readsubdir.o \
qmail.o date822fmt.o datetime.a case.a ndelay.a getln.a \
wait.a seek.a fd.a sig.a open.a lock.a stralloc.a alloc.a \
- substdio.a error.a str.a fs.a auto_qmail.o auto_split.o
+ substdio.a error.a str.a fs.a auto_qmail.o auto_split.o env.a
qmail-send.0: \
qmail-send.8
@@ -1509,7 +1535,7 @@
scan.h case.h auto_qmail.h trigger.h newfield.h stralloc.h quote.h \
qmail.h substdio.h qsutil.h prioq.h datetime.h gen_alloc.h constmap.h \
fmtqfn.h readsubdir.h direntry.h
- ./compile qmail-send.c
+ ./compile $(DEFINES) qmail-send.c
qmail-showctl: \
load qmail-showctl.o auto_uids.o control.o open.a getln.a stralloc.a \
@@ -1528,21 +1554,23 @@
compile qmail-showctl.c substdio.h subfd.h substdio.h exit.h fmt.h \
str.h control.h constmap.h stralloc.h gen_alloc.h direntry.h \
auto_uids.h auto_qmail.h auto_break.h auto_patrn.h auto_spawn.h \
-auto_split.h
+auto_split.h spf.h
./compile qmail-showctl.c
qmail-smtpd: \
-load qmail-smtpd.o rcpthosts.o commands.o timeoutread.o \
-timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o received.o \
-date822fmt.o now.o qmail.o cdb.a fd.a wait.a datetime.a getln.a \
-open.a sig.a case.a env.a stralloc.a alloc.a substdio.a error.a str.a \
-fs.a auto_qmail.o socket.lib
- ./load qmail-smtpd rcpthosts.o commands.o timeoutread.o \
- timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \
- received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \
+load qmail-smtpd.o rcpthosts.o qregex.o commands.o timeoutread.o \
+timeoutwrite.o ip.o ipme.o ipalloc.o strsalloc.o control.o \
+constmap.o received.o date822fmt.o now.o qmail.o spf.o dns.o cdb.a \
+fd.a wait.a datetime.a getln.a open.a sig.a case.a env.a stralloc.a \
+alloc.a strerr.a substdio.a error.a str.a fs.a auto_qmail.o base64.o \
+socket.lib dns.lib
+ ./load qmail-smtpd qregex.o rcpthosts.o commands.o timeoutread.o \
+ timeoutwrite.o ip.o ipme.o ipalloc.o strsalloc.o control.o constmap.o \
+ received.o date822fmt.o now.o qmail.o spf.o dns.o cdb.a fd.a wait.a \
datetime.a getln.a open.a sig.a case.a env.a stralloc.a \
- alloc.a substdio.a error.a str.a fs.a auto_qmail.o `cat \
- socket.lib`
+ alloc.a strerr.a substdio.a error.a str.a fs.a auto_qmail.o \
+ base64.o `cat socket.lib` /home/vpopmail/lib/libvpopmail.a \
+ `cat dns.lib`
qmail-smtpd.0: \
qmail-smtpd.8
@@ -1551,9 +1579,10 @@
qmail-smtpd.o: \
compile qmail-smtpd.c sig.h readwrite.h stralloc.h gen_alloc.h \
substdio.h alloc.h auto_qmail.h control.h received.h constmap.h \
-error.h ipme.h ip.h ipalloc.h ip.h gen_alloc.h ip.h qmail.h \
+error.h ipme.h ip.h ipalloc.h strsalloc.h ip.h gen_alloc.h ip.h qmail.h \
substdio.h str.h fmt.h scan.h byte.h case.h env.h now.h datetime.h \
-exit.h rcpthosts.h timeoutread.h timeoutwrite.h commands.h
+exit.h rcpthosts.h timeoutread.h timeoutwrite.h commands.h spf.h base64.h \
+/home/vpopmail/include/vpopmail.h /home/vpopmail/include/vauth.h
./compile qmail-smtpd.c
qmail-start: \
@@ -1574,7 +1603,7 @@
qmail-start.o: \
compile qmail-start.c fd.h prot.h exit.h fork.h auto_uids.h
- ./compile qmail-start.c
+ ./compile $(DEFINES) qmail-start.c
qmail-tcpok: \
load qmail-tcpok.o open.a lock.a strerr.a substdio.a error.a str.a \
@@ -1606,6 +1635,20 @@
fmt.h ip.h lock.h error.h exit.h datetime.h now.h datetime.h
./compile qmail-tcpto.c
+qmail-todo: \
+load qmail-todo.o control.o constmap.o trigger.o fmtqfn.o now.o \
+readsubdir.o case.a ndelay.a getln.a sig.a open.a stralloc.a alloc.a \
+substdio.a error.a str.a fs.a auto_qmail.o auto_split.o
+ ./load qmail-todo control.o constmap.o trigger.o fmtqfn.o now.o \
+ readsubdir.o case.a ndelay.a getln.a sig.a open.a stralloc.a \
+ alloc.a substdio.a error.a str.a fs.a auto_qmail.o auto_split.o
+
+qmail-todo.o: \
+compile alloc.h auto_qmail.h byte.h constmap.h control.h direntry.h error.h \
+exit.h fmt.h fmtqfn.h getln.h open.h ndelay.h now.h readsubdir.h readwrite.h \
+scan.h select.h str.h stralloc.h substdio.h trigger.h
+ ./compile $(DEFINES) qmail-todo.c
+
qmail-upq: \
warn-auto.sh qmail-upq.sh conf-qmail conf-break conf-split
cat warn-auto.sh qmail-upq.sh \
@@ -1681,6 +1724,10 @@
constmap.h stralloc.h gen_alloc.h rcpthosts.h
./compile rcpthosts.c
+qregex.o: \
+compile qregex.c qregex.h
+ ./compile qregex.c
+
readsubdir.o: \
compile readsubdir.c readsubdir.h direntry.h fmt.h scan.h str.h \
auto_split.h
@@ -1779,7 +1826,7 @@
qmail-qread.c qmail-qstat.sh qmail-queue.c qmail-remote.c \
qmail-rspawn.c qmail-send.c qmail-showctl.c qmail-smtpd.c \
qmail-start.c qmail-tcpok.c qmail-tcpto.c spawn.c dnscname.c dnsfq.c \
-dnsip.c dnsmxip.c dnsptr.c hostname.c ipmeprint.c tcp-env.c \
+dnsip.c dnsmxip.c dnsptr.c dnstxt.c hostname.c ipmeprint.c tcp-env.c \
sendmail.c qreceipt.c qsmhook.c qbiff.c forward.c preline.c predate.c \
except.c bouncesaying.c condredirect.c maildirmake.c maildir2mbox.c \
maildirwatch.c splogger.c qail.sh elq.sh pinq.sh qmail-upq.sh \
@@ -1813,8 +1860,9 @@
trywaitp.c sig.h sig_alarm.c sig_block.c sig_catch.c sig_pause.c \
sig_pipe.c sig_child.c sig_term.c sig_hup.c sig_misc.c sig_bug.c \
trysgact.c trysgprm.c env.3 env.h env.c envread.c byte.h byte_chr.c \
-byte_copy.c byte_cr.c byte_diff.c byte_rchr.c byte_zero.c str.h \
-str_chr.c str_cpy.c str_diff.c str_diffn.c str_len.c str_rchr.c \
+byte_copy.c byte_cr.c byte_cspn.c byte_diff.c byte_rchr.c byte_rcspn.c \
+byte_zero.c str.h spf.c spf.h spfquery.c \
+str_chr.c str_cpy.c str_cpyb.c str_diff.c str_diffn.c str_len.c str_rchr.c \
str_start.c lock.h lock_ex.c lock_exnb.c lock_un.c tryflock.c getln.3 \
getln.h getln.c getln2.3 getln2.c sgetopt.3 sgetopt.h sgetopt.c \
subgetopt.3 subgetopt.h subgetopt.c error.3 error_str.3 error_temp.3 \
@@ -1824,7 +1872,7 @@
headerbody.h headerbody.c token822.h token822.c control.h control.c \
datetime.3 datetime.h datetime.c datetime_un.c prioq.h prioq.c \
date822fmt.h date822fmt.c dns.h dns.c trylsock.c tryrsolv.c ip.h ip.c \
-ipalloc.h ipalloc.c select.h1 select.h2 trysysel.c ndelay.h ndelay.c \
+ipalloc.h strsalloc.h ipalloc.c select.h1 select.h2 trysysel.c ndelay.h ndelay.c \
ndelay_off.c direntry.3 direntry.h1 direntry.h2 trydrent.c prot.h \
prot.c chkshsgr.c warn-shsgr tryshsgr.c ipme.h ipme.c trysalen.c \
maildir.5 maildir.h maildir.c tcp-environ.5 constmap.h constmap.c
@@ -1892,11 +1940,28 @@
spawn.o: \
compile chkspawn spawn.c sig.h wait.h substdio.h byte.h str.h \
-stralloc.h gen_alloc.h select.h exit.h coe.h open.h error.h \
+stralloc.h gen_alloc.h select.h exit.h alloc.h coe.h open.h error.h \
auto_qmail.h auto_uids.h auto_spawn.h
./chkspawn
./compile spawn.c
+spf.o: \
+compile spf.c stralloc.h gen_alloc.h alloc.h ipme.h ip.h ipalloc.h \
+strsalloc.h str.h fmt.h scan.h byte.h now.h case.h
+ ./compile spf.c
+
+spfquery: \
+load spfquery.o spf.o ip.o ipme.o ipalloc.o strsalloc.o now.o dns.o \
+datetime.a stralloc.a alloc.a str.a substdio.a error.a fs.a case.a dns.lib
+ ./load spfquery spf.o ip.o ipme.o ipalloc.o strsalloc.o \
+ now.o dns.o datetime.a stralloc.a alloc.a str.a substdio.a \
+ case.a error.a fs.a `cat dns.lib` `cat socket.lib`
+
+spfquery.o: \
+compile spfquery.c substdio.h subfd.h stralloc.h gen_alloc.h alloc.h \
+spf.h exit.h
+ ./compile spfquery.c
+
splogger: \
load splogger.o substdio.a error.a str.a fs.a syslog.lib socket.lib
./load splogger substdio.a error.a str.a fs.a `cat \
@@ -1912,12 +1977,12 @@
./compile splogger.c
str.a: \
-makelib str_len.o str_diff.o str_diffn.o str_cpy.o str_chr.o \
-str_rchr.o str_start.o byte_chr.o byte_rchr.o byte_diff.o byte_copy.o \
-byte_cr.o byte_zero.o
- ./makelib str.a str_len.o str_diff.o str_diffn.o str_cpy.o \
- str_chr.o str_rchr.o str_start.o byte_chr.o byte_rchr.o \
- byte_diff.o byte_copy.o byte_cr.o byte_zero.o
+makelib str_len.o str_diff.o str_diffn.o str_cpy.o str_cpyb.o str_chr.o \
+str_rchr.o str_start.o byte_chr.o byte_rchr.o byte_cspn.o byte_rcspn.o \
+byte_diff.o byte_copy.o byte_cr.o byte_zero.o
+ ./makelib str.a str_len.o str_diff.o str_diffn.o str_cpy.o str_cpyb.o \
+ str_chr.o str_rchr.o str_start.o byte_chr.o byte_rchr.o byte_cspn.o \
+ byte_rcspn.o byte_diff.o byte_copy.o byte_cr.o byte_zero.o
str_chr.o: \
compile str_chr.c str.h
@@ -1927,6 +1992,10 @@
compile str_cpy.c str.h
./compile str_cpy.c
+str_cpyb.o: \
+compile str_cpyb.c str.h
+ ./compile str_cpyb.c
+
str_diff.o: \
compile str_diff.c str.h
./compile str_diff.c
@@ -2006,6 +2075,11 @@
compile strerr_sys.c error.h strerr.h
./compile strerr_sys.c
+strsalloc.o: \
+compile strsalloc.c alloc.h gen_allocdefs.h stralloc.h strsalloc.h \
+gen_alloc.h
+ ./compile strsalloc.c
+
subfderr.o: \
compile subfderr.c readwrite.h substdio.h subfd.h substdio.h
./compile subfderr.c
@@ -2066,11 +2140,11 @@
tcp-env: \
load tcp-env.o dns.o remoteinfo.o timeoutread.o timeoutwrite.o \
-timeoutconn.o ip.o ipalloc.o case.a ndelay.a sig.a env.a getopt.a \
-stralloc.a alloc.a substdio.a error.a str.a fs.a dns.lib socket.lib
+timeoutconn.o ip.o ipalloc.o strsalloc.o case.a ndelay.a sig.a env.a \
+getopt.a stralloc.a alloc.a substdio.a error.a str.a fs.a dns.lib socket.lib
./load tcp-env dns.o remoteinfo.o timeoutread.o \
- timeoutwrite.o timeoutconn.o ip.o ipalloc.o case.a ndelay.a \
- sig.a env.a getopt.a stralloc.a alloc.a substdio.a error.a \
+ timeoutwrite.o timeoutconn.o ip.o ipalloc.o strsalloc.o case.a \
+ ndelay.a sig.a env.a getopt.a stralloc.a alloc.a substdio.a error.a \
str.a fs.a `cat dns.lib` `cat socket.lib`
tcp-env.0: \
diff -ruBN qmail-1.03.org/README.auth qmail-1.03/README.auth
--- qmail-1.03.org/README.auth 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/README.auth 2013-06-22 03:03:24.000000000 -0400
@@ -0,0 +1,76 @@
+README qmail-smtpd SMTP Authentication
+======================================
+
+
+History:
+--------
+
+This patch is based on Krzysztof Dabrowski's qmail-smtpd-auth-0.31 patch
+which itself uses "Mrs. Brisby's" initial code.
+Version 0.41 of this patch fixes the "CAPS-LOCK" typo announcing
+'CRAM_MD5' instead of 'CRAM-MD5' (german keyboard) - tx to Mike Garrison.
+Version 0.42 fixes the '421 unable to read controls (#4.3.0)' problem
+(can't read control/morercpthosts.cdb) because FD 3 was already closed - tx Richard Lyons.
+Version 0.43 fixes the ba64decode() failure in case CRAM_MD5 is not enabled - tx Vladimir Zidar.
+Version 0.51 includes the evaluation of the 'Auth' and the 'Size' parameter in the 'Mail From:' command.
+Version 0.52 uses DJB functions to copy FDs.
+Version 0.56 corrects some minor mistakes displaying the 'Auth' userid.
+Version 0.57 uses keyword "ESMTPA" in Received header in case of authentication to comply with RFC 3848.
+Version 0.58 fixes a potential problem with cc -O2 optimization within base64.c - tx John Simpson.
+Version 0.59 adds new feature SUMBISSION port; tx Markus Stumpf.
+Version 0.510 includes support for complex Usernames "user name" including white spaces for CRAM-MD5.
+
+
+Scope:
+------
+
+This patch supports RFC 2554 "SMTP Service Extension for Authentication". and
+RFC 4409 "Message Submission for Mail" for qmail-smtpd.
+Additionally, RFC 1870 is honoured ("SMTP Service Extension for Message Size Declaration").
+For more technical details see: http://www.fehcom.de/qmail/docu/smtpauth.html.
+
+
+Installation:
+-------------
+
+* Untar the source in the qmail-1.03 home direcotry.
+* Run ./install_auth.
+* Modify the compile time option "#define CRAM_MD5" to your needs.
+* Re-make qmail.
+
+
+Setup:
+------
+
+In order to use SMTP Authentication you have to use a 'Pluggable Authentication Module'
+PAM to be called by qmail-smtpd; typically
+
+ /var/qmail/bin/qmail-smtpd /bin/checkpassword true 2>&1
+
+Since qmail-smtpd does not run as root, checkpassword has to be made sticky.
+There is no need to include additionally the hostname in the call.
+In order to compute the CRAM-MD5 challenge, qmail-smtpd uses the 'tcplocalhost' information.
+
+Version 0.59 allows to setup a special qmail-smtpd instance on the SUBMISSION port 587.
+If qmail-smtpd receives SMTP connections on this port, it requires SMTP Authentication.
+Alternatively, you can employ the environment variable SUBMISSIONPORT while setting it to some specific value.
+
+
+Changes wrt. Krysztof Dabrowski's patch:
+----------------------------------------
+
+* Avoid the 'hostname' in the call of the PAM.
+* Confirm to Dan Bernstein's checkpassword interface even for CRAM-MD5.
+* Doesn't close FD 2; thus not inhibiting logging to STDERR.
+* Fixed bugs in base64.c.
+* Modified unconditional close of FD 3 in order to sustain reading of 'control/morecpthosts.cdb'.
+* Evaluation of the (informational) Mail From: < > Auth=username.
+* Additional support for the advertised "Size" via 'Mail From: SIZE=123456780' (RFC 1870).
+* RFC 3848 conformance for Received header in case of SMTP Auth.
+* Added SUBMISSION port feature.
+* Support for complex user names within CRAM-MD5 authentication.
+
+
+Erwin Hoffmann - Hoehn 2010-02-08 (www.fehcom.de)
+
+
diff -ruBN qmail-1.03.org/README.qregex qmail-1.03/README.qregex
--- qmail-1.03.org/README.qregex 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/README.qregex 2013-06-22 03:03:24.000000000 -0400
@@ -0,0 +1,203 @@
+QREGEX (v2) 20060423 - README April 23, 2006
+A Regular Expression matching patch for qmail 1.03 and netqmail
+
+
+OVERVIEW:
+
+qregex adds the ability to match address evelopes via Regular Expressions (REs)
+in the qmail-smtpd process. It has the abiltiy to match `helo/ehlo` (host name),
+`mail from` (envelope sender), and `rcpt to` (envelope recipient) commands.
+It follows all the base rules that are set out with qmail (ie using control
+files) so it makes for easy integretion into an existing setup (see the
+install instructions for more info). The v2 is specified because qregex was
+re-written to better conform to the security guarantee set forth by the author
+of qmail. The original version used stdio.h and stdlib.h for reading the
+control files whereas v2 now uses all stralloc functions which are much more
+regulated against buffer overruns and the like.
+See: http://cr.yp.to/qmail/guarantee.html
+
+
+FEATURES:
+
+Features of qregex include:
+
+1. Performs pattern matching on envelope senders and envelope
+ recipients against REs in the badmailfrom and badmailto control
+ files. Two additional control files, badmailfromnorelay and
+ badmailtonorelay, are used for pattern matching when the
+ RELAYCLIENT environment variable is not set.
+
+2. Performs pattern matching on the helo/ehlo host name. Setting the
+ NOBADHELO environment variable prevents the host name from being
+ compared to the patterns in the badhelo control file.
+
+3. Matches to patterns are logged. Setting the LOGREGEX environment
+ variable causes the matched regex pattern to be included in the log.
+
+4. Matching is case insensitive.
+
+5. qregex ignores empty envelope senders. An empty envelope sender is not
+ compared to the patterns in the badmailfrom and badmailfromnorelay
+ control files and is always accepted.
+
+
+PLATFORMS:
+
+qregex has been built and tested on the following platforms. I'm sure it won't
+have any problems on any platform that qmail will run on (providing they have
+a regex interface) but if you run into problems let me know.
+
+ - OpenBSD 3.x
+ - FreeBSD 4.x, 5.x
+ - Mandrake Linux 9.x
+ - SuSE Linux 8.x
+
+
+
+INSTALLATION INSTRUCTIONS:
+
+Installation is very simple, there is only one requirement. You need to use the
+GNU version of the patch utility (http://www.gnu.org/software/patch/patch.html).
+(For Solaris 8 users it is installed as 'gpatch')
+
+- If this is a new setup.
+Unpack the qmail archive, cd into the qmail-1.03 directory and run
+"patch < /path/to/qregex-.patch". Follow the instructions as per the
+included qmail INSTALL file. Once you are done come back to this file and read
+the section on the control files.
+
+If you are using netqmail, then unpack the netqmail archive. Run the collate.sh
+script and cd into the resulting netqmail- directory. From there, run
+"patch < /path/to/qregex-.patch". Complete the netqmail installation
+normally. Once you are done, come back to this file and read the section on the
+control files.
+
+- If this is an existing setup.
+FIRST: create your control files (see below).
+cd into your existing qmail or netqmail source directory. Run
+"patch < /path/to/qregex-.patch" then "make qmail-smtpd". Now run
+./qmail-smtpd and test your new rules to make sure they work as expected.
+
+Install the new binary by cd'ing to /var/qmail/bin and as root (in one command)
+copy the existing binary to 'qmail-smtpd.old' and copy the new binary from the
+source directory to 'qmail-smtpd'.
+(ex. cp qmail-smtpd qmail-smtpd.old && cp ~/qmail-1.03/qmail-smtpd qmail-smtpd)
+
+You can also optionally just run "make setup check" as it will install the
+updated documentation and man pages provided with this patch. Stopping qmail
+before doing the "make setup check" is always a good idea.
+
+
+LOGGING:
+
+qregex will log matches to the patterns in the various control files. Log
+messages will take these three forms depending on which control file was
+matched:
+
+badhelo
+qmail-smtpd: badhelo: at
+
+badmailfrom and badmailfromnorelay
+qmail-smtpd: badmailfrom: at
+
+badmailto and badmailtonorelay
+qmail-smtpd: badmailto: at
+
+When the LOGREGEX environment variable is set, the matched pattern will
+be included in the log. Log messages will have the regex pattern appended
+to them. For example, a badhelo log message will look like this:
+
+qmail-smtpd: badhelo: at matches pattern:
+
+
+CONTROL FILES:
+
+qregex provides you with five control files. None of these control files
+is mandatory and you can use them in any combination you choose in your setup.
+
+The "control/badmailfrom" and "control/badmailto" files contain your REs for
+matching against the 'mail from' (envelope sender) and 'rcpt to' (envelope
+recipient) smtp commands respectively.
+The "control/badmailfromnorelay" and "control/badmailtonorelay" match against
+the same commands but are read only when the RELAYCLIENT environment variable
+is not set.
+The "control/badhelo" file matches against the 'helo/ehlo' smtp command.
+
+If you prefer you can symlink the badmailfrom and badmailto control files
+(ln -s badmailfrom badmailto) and maintain fewer sets of rules. Beware
+this might cause problems in certain setups.
+
+ Here's an example "badhelo" file.
+ -----------------------------------
+ # block host strings with no dot (not a FQDN)
+ !\.
+ -----------------------------------
+
+ An example "badmailfrom" file.
+ -----------------------------------
+ # this will drop everything containing the string
+ # bad.domain.com or Bad.Domain.Com or BAD.domain.COM
+ bad\.domain\.com
+ # force users to fully qualify themselves
+ # (i.e. deny "user", accept "user@domain")
+ !@
+ -----------------------------------
+
+ And "badmailto" (a little more interesting)
+ -----------------------------------
+ # must not contain invalid characters, brakets or multiple @'s
+ [!%#:*^(){}]
+ @.*@
+ -----------------------------------
+
+You can use the non-RE character '!' to start an RE as a signal to qregex to
+negate the action. As used above in the badmailfrom file, by negating the '@'
+symbol qregex will signal qmail-smtpd to deny the 'mail from' command whenever
+the address doesn't contain an @ symbol. When used inside a bracket expression,
+the '!' character looses this special meaning. This is shown in the badmailto
+example.
+
+The norelay control files follow the same rules as the other control files but
+are intended to address two specific scenarios.
+The badmailfromnorelay file can be used to block mail trying to spoof a domain
+hosted on your mail server. It prevents a mail client that is not allowed to
+relay email through your server from using one of your hosted domains as its
+envelope sender.
+The badmailtonorelay file can be used to create email addresses that cannot
+receive mail from any source not allowed to relay email through your server.
+This is handy for creating email addresses for use only within your own
+domain(s) that can't receive spam from the world at large.
+
+
+INTERNALS:
+
+qregex (or regexmatch as the function is called) will be called during the
+`helo/ehlo`, `rcpt to` and `mail from` handling routines in "qmail-smtpd.c".
+When called, it will read the proper control file then one by one compile and
+execute the regex on the string passed into qmail-smtpd. If the regex matches
+it returns TRUE (1) and the qmail-smtpd process will deny the user the ability
+to continue. If you change anything and think it betters this patch please
+send me a new diff file so I can take a peek.
+
+
+CONTACT:
+qregex is maintained by:
+ Andrew St. Jean
+ andrew@arda.homeunix.net
+ www.arda.homeunix.net/store/qmail/
+
+Contributers to qregex:
+ Jeremy Kitchen
+ kitchen at scriptkitchen dot com
+ http://www.scriptkitchen.com/qmail
+
+ Alex Pleiner
+ alex@zeitform.de
+ zeitform Internet Dienste
+ http://www.zeitform.de/
+
+ Thanos Massias
+
+Original qregex patch written by:
+ Evan Borgstrom
+ evan at unixpimps dot org
diff -ruBN qmail-1.03.org/TARGETS qmail-1.03/TARGETS
--- qmail-1.03.org/TARGETS 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/TARGETS 2013-06-22 03:03:24.000000000 -0400
@@ -10,6 +10,7 @@
qmail.o
quote.o
now.o
+base64.o
gfrom.o
myctime.o
slurpclose.o
@@ -100,11 +101,14 @@
str_diff.o
str_diffn.o
str_cpy.o
+str_cpyb.o
str_chr.o
str_rchr.o
str_start.o
byte_chr.o
byte_rchr.o
+byte_cspn.o
+byte_rcspn.o
byte_diff.o
byte_copy.o
byte_cr.o
@@ -171,8 +175,10 @@
timeoutconn.o
tcpto.o
dns.o
+spf.o
ip.o
ipalloc.o
+strsalloc.o
hassalen.h
ipme.o
ndelay.o
@@ -212,6 +218,9 @@
headerbody.o
hfield.o
token822.o
+spf.o
+spfquery.o
+spfquery
qmail-inject
predate.o
predate
@@ -252,6 +261,7 @@
qmail-qmtpd
qmail-smtpd.o
qmail-smtpd
+qregex.o
sendmail.o
sendmail
tcp-env.o
@@ -270,6 +280,8 @@
dnsip
dnsmxip.o
dnsmxip
+dnstxt.o
+dnstxt
dnsfq.o
dnsfq
hostname.o
@@ -385,3 +397,5 @@
man
setup
check
+qmail-todo.o
+qmail-todo
diff -ruBN qmail-1.03.org/auto-ccld.sh qmail-1.03/auto-ccld.sh
--- qmail-1.03.org/auto-ccld.sh 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/auto-ccld.sh 2013-06-22 03:03:24.000000000 -0400
@@ -0,0 +1,4 @@
+#!/bin/sh
+# WARNING: This file was auto-generated. Do not edit!
+CC='gcc -O2'
+LD='gcc -s'
diff -ruBN qmail-1.03.org/auto_qmail.c qmail-1.03/auto_qmail.c
--- qmail-1.03.org/auto_qmail.c 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/auto_qmail.c 2013-06-22 03:03:24.000000000 -0400
@@ -0,0 +1,3 @@
+char auto_qmail[] = "\
+\057\166\141\162\057\161\155\141\151\154\
+";
diff -ruBN qmail-1.03.org/base64.c qmail-1.03/base64.c
--- qmail-1.03.org/base64.c 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/base64.c 2013-06-22 03:03:24.000000000 -0400
@@ -0,0 +1,124 @@
+#include "base64.h"
+#include "stralloc.h"
+#include "substdio.h"
+#include "str.h"
+
+static char *b64alpha =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+#define B64PAD '='
+
+/* returns 0 ok, 1 illegal, -1 problem */
+
+int b64decode(in,l,out)
+const unsigned char *in;
+int l;
+stralloc *out; /* not null terminated */
+{
+ int p = 0;
+ int n;
+ unsigned int x;
+ int i, j;
+ char *s;
+ unsigned char b[3];
+
+ if (l == 0)
+ {
+ if (!stralloc_copys(out,"")) return -1;
+ return 0;
+ }
+
+ while(in[l-1] == B64PAD) {
+ p ++;
+ l--;
+ }
+
+ n = (l + p) / 4;
+ i = (n * 3) - p;
+ if (!stralloc_ready(out,i)) return -1;
+ out->len = i;
+ s = out->s;
+
+ for(i = 0; i < n - 1 ; i++) {
+ x = 0;
+ for(j = 0; j < 4; j++) {
+ if(in[j] >= 'A' && in[j] <= 'Z')
+ x = (x << 6) + (unsigned int)(in[j] - 'A' + 0);
+ else if(in[j] >= 'a' && in[j] <= 'z')
+ x = (x << 6) + (unsigned int)(in[j] - 'a' + 26);
+ else if(in[j] >= '0' && in[j] <= '9')
+ x = (x << 6) + (unsigned int)(in[j] - '0' + 52);
+ else if(in[j] == '+')
+ x = (x << 6) + 62;
+ else if(in[j] == '/')
+ x = (x << 6) + 63;
+ else if(in[j] == '=')
+ x = (x << 6);
+ }
+
+ s[2] = (unsigned char)(x & 255); x >>= 8;
+ s[1] = (unsigned char)(x & 255); x >>= 8;
+ s[0] = (unsigned char)(x & 255); x >>= 8;
+ s += 3; in += 4;
+ }
+
+ x = 0;
+ for(j = 0; j < 4; j++) {
+ if(in[j] >= 'A' && in[j] <= 'Z')
+ x = (x << 6) + (unsigned int)(in[j] - 'A' + 0);
+ else if(in[j] >= 'a' && in[j] <= 'z')
+ x = (x << 6) + (unsigned int)(in[j] - 'a' + 26);
+ else if(in[j] >= '0' && in[j] <= '9')
+ x = (x << 6) + (unsigned int)(in[j] - '0' + 52);
+ else if(in[j] == '+')
+ x = (x << 6) + 62;
+ else if(in[j] == '/')
+ x = (x << 6) + 63;
+ else if(in[j] == '=')
+ x = (x << 6);
+ }
+
+ b[2] = (unsigned char)(x & 255); x >>= 8;
+ b[1] = (unsigned char)(x & 255); x >>= 8;
+ b[0] = (unsigned char)(x & 255); x >>= 8;
+
+ for(i = 0; i < 3 - p; i++)
+ s[i] = b[i];
+
+ return 0;
+}
+
+int b64encode(in,out)
+stralloc *in;
+stralloc *out; /* not null terminated */
+{
+ unsigned char a, b, c;
+ int i;
+ char *s;
+
+ if (in->len == 0)
+ {
+ if (!stralloc_copys(out,"")) return -1;
+ return 0;
+ }
+
+ i = in->len / 3 * 4 + 4;
+ if (!stralloc_ready(out,i)) return -1;
+ s = out->s;
+
+ for (i = 0;i < in->len;i += 3) {
+ a = in->s[i];
+ b = i + 1 < in->len ? in->s[i + 1] : 0;
+ c = i + 2 < in->len ? in->s[i + 2] : 0;
+
+ *s++ = b64alpha[a >> 2];
+ *s++ = b64alpha[((a & 3 ) << 4) | (b >> 4)];
+
+ if (i + 1 >= in->len) *s++ = B64PAD;
+ else *s++ = b64alpha[((b & 15) << 2) | (c >> 6)];
+
+ if (i + 2 >= in->len) *s++ = B64PAD;
+ else *s++ = b64alpha[c & 63];
+ }
+ out->len = s - out->s;
+ return 0;
+}
diff -ruBN qmail-1.03.org/base64.h qmail-1.03/base64.h
--- qmail-1.03.org/base64.h 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/base64.h 2013-06-22 03:03:24.000000000 -0400
@@ -0,0 +1,7 @@
+#ifndef BASE64_H
+#define BASE64_H
+
+extern int b64decode();
+extern int b64encode();
+
+#endif
diff -ruBN qmail-1.03.org/byte.h qmail-1.03/byte.h
--- qmail-1.03.org/byte.h 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/byte.h 2013-06-22 03:03:24.000000000 -0400
@@ -3,6 +3,8 @@
extern unsigned int byte_chr();
extern unsigned int byte_rchr();
+extern unsigned int byte_cspn();
+extern unsigned int byte_rcspn();
extern void byte_copy();
extern void byte_copyr();
extern int byte_diff();
diff -ruBN qmail-1.03.org/byte_cspn.c qmail-1.03/byte_cspn.c
--- qmail-1.03.org/byte_cspn.c 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/byte_cspn.c 2013-06-22 03:03:24.000000000 -0400
@@ -0,0 +1,11 @@
+#include "byte.h"
+
+unsigned int byte_cspn(s,n,c)
+register char *s;
+register unsigned int n;
+register char *c;
+{
+ while(*c)
+ n = byte_chr(s,n,*c++);
+ return n;
+}
diff -ruBN qmail-1.03.org/byte_rcspn.c qmail-1.03/byte_rcspn.c
--- qmail-1.03.org/byte_rcspn.c 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/byte_rcspn.c 2013-06-22 03:03:24.000000000 -0400
@@ -0,0 +1,17 @@
+#include "byte.h"
+
+unsigned int byte_rcspn(s,n,c)
+register char *s;
+register unsigned int n;
+register char *c;
+{
+ unsigned int ret,pos,i;
+
+ for(ret = n,pos = 0;*c;++c) {
+ i = byte_rchr(s + pos,n - pos,*c) + pos;
+ if (i < n) ret = pos = i;
+ }
+
+ return ret;
+}
+
diff -ruBN qmail-1.03.org/case_startb.c qmail-1.03/case_startb.c
--- qmail-1.03.org/case_startb.c 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/case_startb.c 2013-06-22 03:03:24.000000000 -0400
@@ -0,0 +1,21 @@
+#include "case.h"
+
+int case_startb(s,len,t)
+register char *s;
+unsigned int len;
+register char *t;
+{
+ register unsigned char x;
+ register unsigned char y;
+
+ for (;;) {
+ y = *t++ - 'A';
+ if (y <= 'Z' - 'A') y += 'a'; else y += 'A';
+ if (!y) return 1;
+ if (!len) return 0;
+ --len;
+ x = *s++ - 'A';
+ if (x <= 'Z' - 'A') x += 'a'; else x += 'A';
+ if (x != y) return 0;
+ }
+}
diff -ruBN qmail-1.03.org/cdb_seek.c qmail-1.03/cdb_seek.c
--- qmail-1.03.org/cdb_seek.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/cdb_seek.c 2013-06-22 03:03:24.000000000 -0400
@@ -1,6 +1,5 @@
#include
#include
-extern int errno;
#include "cdb.h"
#ifndef SEEK_SET
diff -ruBN qmail-1.03.org/cdbmake_add.c qmail-1.03/cdbmake_add.c
--- qmail-1.03.org/cdbmake_add.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/cdbmake_add.c 2013-06-22 03:03:24.000000000 -0400
@@ -1,3 +1,4 @@
+#include "alloc.h"
#include "cdbmake.h"
void cdbmake_init(cdbm)
diff -ruBN qmail-1.03.org/conf-cc qmail-1.03/conf-cc
--- qmail-1.03.org/conf-cc 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/conf-cc 2013-06-22 03:03:24.000000000 -0400
@@ -1,3 +1 @@
-cc -O2
-
-This will be used to compile .c files.
+gcc -O2
diff -ruBN qmail-1.03.org/conf-ld qmail-1.03/conf-ld
--- qmail-1.03.org/conf-ld 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/conf-ld 2013-06-22 03:03:24.000000000 -0400
@@ -1,3 +1 @@
-cc -s
-
-This will be used to link .o files into an executable.
+gcc -s
diff -ruBN qmail-1.03.org/conf-spawn qmail-1.03/conf-spawn
--- qmail-1.03.org/conf-spawn 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/conf-spawn 2013-06-22 03:03:24.000000000 -0400
@@ -1,4 +1,4 @@
-120
+255
This is a silent concurrency limit. You can't set it above 255. On some
systems you can't set it above 125. qmail will refuse to compile if the
diff -ruBN qmail-1.03.org/dns.c qmail-1.03/dns.c
--- qmail-1.03.org/dns.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/dns.c 2013-06-22 03:03:34.000000000 -0400
@@ -1,4 +1,3 @@
-#include
#include
#include
#include
@@ -7,10 +6,9 @@
#include
extern int res_query();
extern int res_search();
-extern int errno;
-extern int h_errno;
#include "ip.h"
#include "ipalloc.h"
+#include "strsalloc.h"
#include "fmt.h"
#include "alloc.h"
#include "str.h"
@@ -21,14 +19,17 @@
static unsigned short getshort(c) unsigned char *c;
{ unsigned short u; u = c[0]; return (u << 8) + c[1]; }
-static union { HEADER hdr; unsigned char buf[PACKETSZ]; } response;
+static struct { unsigned char *buf; } response;
+static int responsebuflen = 0;
static int responselen;
static unsigned char *responseend;
static unsigned char *responsepos;
+static u_long saveresoptions;
static int numanswers;
static char name[MAXDNAME];
static struct ip_address ip;
+static stralloc txt = {0};
unsigned short pref;
static stralloc glue = {0};
@@ -45,18 +46,33 @@
errno = 0;
if (!stralloc_copy(&glue,domain)) return DNS_MEM;
if (!stralloc_0(&glue)) return DNS_MEM;
- responselen = lookup(glue.s,C_IN,type,response.buf,sizeof(response));
+ if (!responsebuflen)
+ if (response.buf = (unsigned char *)alloc(PACKETSZ+1))
+ responsebuflen = PACKETSZ+1;
+ else return DNS_MEM;
+
+ responselen = lookup(glue.s,C_IN,type,response.buf,responsebuflen);
+ if ((responselen >= responsebuflen) ||
+ (responselen > 0 && (((HEADER *)response.buf)->tc)))
+ {
+ if (responsebuflen < 65536)
+ if (alloc_re(&response.buf, responsebuflen, 65536))
+ responsebuflen = 65536;
+ else return DNS_MEM;
+ saveresoptions = _res.options;
+ _res.options |= RES_USEVC;
+ responselen = lookup(glue.s,C_IN,type,response.buf,responsebuflen);
+ _res.options = saveresoptions;
+ }
if (responselen <= 0)
{
if (errno == ECONNREFUSED) return DNS_SOFT;
if (h_errno == TRY_AGAIN) return DNS_SOFT;
return DNS_HARD;
}
- if (responselen >= sizeof(response))
- responselen = sizeof(response);
responseend = response.buf + responselen;
responsepos = response.buf + sizeof(HEADER);
- n = ntohs(response.hdr.qdcount);
+ n = ntohs(((HEADER *)response.buf)->qdcount);
while (n-- > 0)
{
i = dn_expand(response.buf,responseend,responsepos,name,MAXDNAME);
@@ -66,7 +82,7 @@
if (i < QFIXEDSZ) return DNS_SOFT;
responsepos += QFIXEDSZ;
}
- numanswers = ntohs(response.hdr.ancount);
+ numanswers = ntohs(((HEADER *)response.buf)->ancount);
return 0;
}
@@ -179,6 +195,48 @@
return 0;
}
+static int findtxt(wanttype)
+int wanttype;
+{
+ unsigned short rrtype;
+ unsigned short rrdlen;
+ int i;
+
+ if (numanswers <= 0) return 2;
+ --numanswers;
+ if (responsepos == responseend) return DNS_SOFT;
+
+ i = dn_expand(response.buf,responseend,responsepos,name,MAXDNAME);
+ if (i < 0) return DNS_SOFT;
+ responsepos += i;
+
+ i = responseend - responsepos;
+ if (i < 4 + 3 * 2) return DNS_SOFT;
+
+ rrtype = getshort(responsepos);
+ rrdlen = getshort(responsepos + 8);
+ responsepos += 10;
+
+ if (rrtype == wanttype) {
+ unsigned short txtpos;
+ unsigned short txtlen;
+
+ txt.len = 0;
+ for (txtpos = 0;txtpos < rrdlen;txtpos += txtlen)
+ {
+ txtlen = responsepos[txtpos++];
+ if (txtlen > rrdlen-txtpos) txtlen = rrdlen-txtpos;
+ if (!stralloc_catb(&txt,&responsepos[txtpos],txtlen)) return DNS_MEM;
+ }
+
+ responsepos += rrdlen;
+ return 1;
+ }
+
+ responsepos += rrdlen;
+ return 0;
+}
+
void dns_init(flagsearch)
int flagsearch;
{
@@ -196,7 +254,7 @@
if (!sa->len) return loop;
if (sa->s[sa->len - 1] == ']') return loop;
if (sa->s[sa->len - 1] == '.') { --sa->len; continue; }
- switch(resolve(sa,T_ANY))
+ switch(resolve(sa,T_CNAME))
{
case DNS_MEM: return DNS_MEM;
case DNS_SOFT: return DNS_SOFT;
@@ -237,15 +295,18 @@
return len;
}
-int dns_ptr(sa,ip)
-stralloc *sa;
+static int dns_ptrplus(ssa,ip)
+strsalloc *ssa;
struct ip_address *ip;
{
+ stralloc sa = {0};
int r;
- if (!stralloc_ready(sa,iaafmt((char *) 0,ip))) return DNS_MEM;
- sa->len = iaafmt(sa->s,ip);
- switch(resolve(sa,T_PTR))
+ if (!stralloc_ready(&sa,iaafmt((char *) 0,ip))) return DNS_MEM;
+ sa.len = iaafmt(sa.s,ip);
+ r = resolve(&sa,T_PTR);
+ alloc_free(sa.s);
+ switch(r)
{
case DNS_MEM: return DNS_MEM;
case DNS_SOFT: return DNS_SOFT;
@@ -256,13 +317,35 @@
if (r == DNS_SOFT) return DNS_SOFT;
if (r == 1)
{
- if (!stralloc_copys(sa,name)) return DNS_MEM;
- return 0;
+ stralloc sa2 = {0};
+ if (!stralloc_copys(&sa2,name)) return DNS_MEM;
+ if (!strsalloc_append(ssa,&sa2)) return DNS_MEM;
}
}
+ if (ssa->len) return 0;
return DNS_HARD;
}
+int dns_ptr(ssa,ip)
+strsalloc *ssa;
+struct ip_address *ip;
+{
+ int r;
+ int j;
+
+ if (!strsalloc_readyplus(ssa,0)) return DNS_MEM;
+ ssa->len = 0;
+ r = dns_ptrplus(ssa,ip);
+ if (r < 0)
+ {
+ for (j = 0;j < ssa->len;++j)
+ alloc_free(ssa->sa[j].s);
+ ssa->len = 0;
+ }
+ return r;
+}
+
+
static int dns_ipplus(ia,sa,pref)
ipalloc *ia;
stralloc *sa;
@@ -398,3 +481,49 @@
alloc_free(mx);
return flagsoft;
}
+
+
+static int dns_txtplus(ssa,sa)
+strsalloc *ssa;
+stralloc *sa;
+{
+ int r;
+
+ switch(resolve(sa,T_TXT))
+ {
+ case DNS_MEM: return DNS_MEM;
+ case DNS_SOFT: return DNS_SOFT;
+ case DNS_HARD: return DNS_HARD;
+ }
+ while ((r = findtxt(T_TXT)) != 2)
+ {
+ if (r == DNS_SOFT) return DNS_SOFT;
+ if (r == 1)
+ {
+ stralloc sa = {0};
+ if (!stralloc_copy(&sa,&txt)) return DNS_MEM;
+ if (!strsalloc_append(ssa,&sa)) return DNS_MEM;
+ }
+ }
+ if (ssa->len) return 0;
+ return DNS_HARD;
+}
+
+int dns_txt(ssa,sa)
+strsalloc *ssa;
+stralloc *sa;
+{
+ int r;
+ int j;
+
+ if (!strsalloc_readyplus(ssa,0)) return DNS_MEM;
+ ssa->len = 0;
+ r = dns_txtplus(ssa,sa);
+ if (r < 0)
+ {
+ for (j = 0;j < ssa->len;++j)
+ alloc_free(ssa->sa[j].s);
+ ssa->len = 0;
+ }
+ return r;
+}
diff -ruBN qmail-1.03.org/dns.h qmail-1.03/dns.h
--- qmail-1.03.org/dns.h 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/dns.h 2013-06-22 03:03:24.000000000 -0400
@@ -10,5 +10,6 @@
int dns_mxip();
int dns_ip();
int dns_ptr();
+int dns_txt();
#endif
diff -ruBN qmail-1.03.org/dns.lib qmail-1.03/dns.lib
--- qmail-1.03.org/dns.lib 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/dns.lib 2013-06-22 03:03:24.000000000 -0400
@@ -0,0 +1 @@
+-lresolv
diff -ruBN qmail-1.03.org/dnsfq.c qmail-1.03/dnsfq.c
--- qmail-1.03.org/dnsfq.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/dnsfq.c 2013-06-22 03:03:24.000000000 -0400
@@ -5,15 +5,19 @@
#include "dnsdoe.h"
#include "ip.h"
#include "ipalloc.h"
+#include "strsalloc.h"
#include "exit.h"
stralloc sa = {0};
+strsalloc ssa = {0};
ipalloc ia = {0};
void main(argc,argv)
int argc;
char **argv;
{
+ int j;
+
if (!argv[1]) _exit(100);
if (!stralloc_copys(&sa,argv[1]))
@@ -25,8 +29,11 @@
{
substdio_putsflush(subfderr,"no IP addresses\n"); _exit(100);
}
- dnsdoe(dns_ptr(&sa,&ia.ix[0].ip));
- substdio_putflush(subfdout,sa.s,sa.len);
+ dnsdoe(dns_ptr(&ssa,&ia.ix[0].ip));
+ for(j = 0;j < ssa.len;++j)
+ {
+ substdio_putflush(subfdout,ssa.sa[j].s,ssa.sa[j].len);
substdio_putsflush(subfdout,"\n");
+ }
_exit(0);
}
diff -ruBN qmail-1.03.org/dnsptr.c qmail-1.03/dnsptr.c
--- qmail-1.03.org/dnsptr.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/dnsptr.c 2013-06-22 03:03:24.000000000 -0400
@@ -6,22 +6,28 @@
#include "dns.h"
#include "dnsdoe.h"
#include "ip.h"
+#include "strsalloc.h"
#include "exit.h"
-stralloc sa = {0};
+strsalloc ssa = {0};
struct ip_address ip;
void main(argc,argv)
int argc;
char **argv;
{
+ int j;
+
if (!argv[1]) _exit(100);
ip_scan(argv[1],&ip);
dns_init(0);
- dnsdoe(dns_ptr(&sa,&ip));
- substdio_putflush(subfdout,sa.s,sa.len);
+ dnsdoe(dns_ptr(&ssa,&ip));
+ for(j = 0;j < ssa.len;++j)
+ {
+ substdio_putflush(subfdout,ssa.sa[j].s,ssa.sa[j].len);
substdio_putsflush(subfdout,"\n");
+ }
_exit(0);
}
diff -ruBN qmail-1.03.org/dnstxt.c qmail-1.03/dnstxt.c
--- qmail-1.03.org/dnstxt.c 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/dnstxt.c 2013-06-22 03:03:24.000000000 -0400
@@ -0,0 +1,32 @@
+#include "substdio.h"
+#include "subfd.h"
+#include "stralloc.h"
+#include "str.h"
+#include "scan.h"
+#include "dns.h"
+#include "dnsdoe.h"
+#include "strsalloc.h"
+#include "exit.h"
+
+strsalloc ssa = {0};
+stralloc sa = {0};
+
+void main(argc,argv)
+int argc;
+char **argv;
+{
+ int j;
+
+ if (!argv[1]) _exit(100);
+
+ if (!stralloc_copys(&sa, argv[1]))
+ { substdio_putsflush(subfderr,"out of memory\n"); _exit(111); }
+ dns_init(0);
+ dnsdoe(dns_txt(&ssa,&sa));
+ for (j = 0;j < ssa.len;++j)
+ {
+ substdio_put(subfdout,ssa.sa[j].s,ssa.sa[j].len);
+ substdio_putsflush(subfdout,"\n");
+ }
+ _exit(0);
+}
diff -ruBN qmail-1.03.org/error.3 qmail-1.03/error.3
--- qmail-1.03.org/error.3 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/error.3 2013-06-22 03:03:24.000000000 -0400
@@ -3,8 +3,7 @@
error \- syscall error codes
.SH SYNTAX
.B #include
-
-extern int \fBerrno\fP;
+.B #include
extern int \fBerror_intr\fP;
.br
diff -ruBN qmail-1.03.org/error.h qmail-1.03/error.h
--- qmail-1.03.org/error.h 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/error.h 2013-06-22 03:03:24.000000000 -0400
@@ -1,7 +1,7 @@
#ifndef ERROR_H
#define ERROR_H
-extern int errno;
+#include
extern int error_intr;
extern int error_nomem;
diff -ruBN qmail-1.03.org/find-systype qmail-1.03/find-systype
--- qmail-1.03.org/find-systype 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/find-systype 2013-06-22 03:03:24.000000000 -0400
@@ -0,0 +1,148 @@
+#!/bin/sh
+# WARNING: This file was auto-generated. Do not edit!
+CC='gcc -O2'
+LD='gcc -s'
+# oper-:arch-:syst-:chip-:kern-
+# oper = operating system type; e.g., sunos-4.1.4
+# arch = machine language; e.g., sparc
+# syst = which binaries can run; e.g., sun4
+# chip = chip model; e.g., micro-2-80
+# kern = kernel version; e.g., sun4m
+# dependence: arch --- chip
+# \ \
+# oper --- syst --- kern
+# so, for example, syst is interpreted in light of oper, but chip is not.
+# anyway, no slashes, no extra colons, no uppercase letters.
+# the point of the extra -'s is to ease parsing: can add hierarchies later.
+# e.g., *:i386-*:*:pentium-*:* would handle pentium-100 as well as pentium,
+# and i386-486 (486s do have more instructions, you know) as well as i386.
+# the idea here is to include ALL useful available information.
+
+exec 2>/dev/null
+sys="`uname -s | tr '/:[A-Z]' '..[a-z]'`"
+if [ x"$sys" != x ]
+then
+ unamer="`uname -r | tr /: ..`"
+ unamem="`uname -m | tr /: ..`"
+ unamev="`uname -v | tr /: ..`"
+
+ case "$sys" in
+ bsd.os)
+ # in bsd 4.4, uname -v does not have useful info.
+ # in bsd 4.4, uname -m is arch, not chip.
+ oper="$sys-$unamer"
+ arch="$unamem"
+ syst=""
+ chip="`sysctl -n hw.model`"
+ kern=""
+ ;;
+ freebsd)
+ # see above about bsd 4.4
+ oper="$sys-$unamer"
+ arch="$unamem"
+ syst=""
+ chip="`sysctl -n hw.model`" # hopefully
+ kern=""
+ ;;
+ netbsd)
+ # see above about bsd 4.4
+ oper="$sys-$unamer"
+ arch="$unamem"
+ syst=""
+ chip="`sysctl -n hw.model`" # hopefully
+ kern=""
+ ;;
+ linux)
+ # as in bsd 4.4, uname -v does not have useful info.
+ oper="$sys-$unamer"
+ syst=""
+ chip="$unamem"
+ kern=""
+ case "$chip" in
+ i386|i486|i586|i686)
+ arch="i386"
+ ;;
+ alpha)
+ arch="alpha"
+ ;;
+ esac
+ ;;
+ aix)
+ # naturally IBM has to get uname -r and uname -v backwards. dorks.
+ oper="$sys-$unamev-$unamer"
+ arch="`arch | tr /: ..`"
+ syst=""
+ chip="$unamem"
+ kern=""
+ ;;
+ sunos)
+ oper="$sys-$unamer-$unamev"
+ arch="`(uname -p || mach) | tr /: ..`"
+ syst="`arch | tr /: ..`"
+ chip="$unamem" # this is wrong; is there any way to get the real info?
+ kern="`arch -k | tr /: ..`"
+ ;;
+ unix_sv)
+ oper="$sys-$unamer-$unamev"
+ arch="`uname -m`"
+ syst=""
+ chip="$unamem"
+ kern=""
+ ;;
+ *)
+ oper="$sys-$unamer-$unamev"
+ arch="`arch | tr /: ..`"
+ syst=""
+ chip="$unamem"
+ kern=""
+ ;;
+ esac
+else
+ $CC -c trycpp.c
+ $LD -o trycpp trycpp.o
+ case `./trycpp` in
+ nextstep)
+ oper="nextstep-`hostinfo | sed -n 's/^[ ]*NeXT Mach \([^:]*\):.*$/\1/p'`"
+ arch="`hostinfo | sed -n 's/^Processor type: \(.*\) (.*)$/\1/p' | tr /: ..`"
+ syst=""
+ chip="`hostinfo | sed -n 's/^Processor type: .* (\(.*\))$/\1/p' | tr ' /:' '...'`"
+ kern=""
+ ;;
+ *)
+ oper="unknown"
+ arch=""
+ syst=""
+ chip=""
+ kern=""
+ ;;
+ esac
+ rm -f trycpp.o trycpp
+fi
+
+case "$chip" in
+80486)
+ # let's try to be consistent here. (BSD/OS)
+ chip=i486
+ ;;
+i486DX)
+ # respect the hyphen hierarchy. (FreeBSD)
+ chip=i486-dx
+ ;;
+i486.DX2)
+ # respect the hyphen hierarchy. (FreeBSD)
+ chip=i486-dx2
+ ;;
+Intel.586)
+ # no, you nitwits, there is no such chip. (NeXTStep)
+ chip=pentium
+ ;;
+i586)
+ # no, you nitwits, there is no such chip. (Linux)
+ chip=pentium
+ ;;
+i686)
+ # STOP SAYING THAT! (Linux)
+ chip=ppro
+esac
+
+echo "$oper-:$arch-:$syst-:$chip-:$kern-" | tr ' [A-Z]' '.[a-z]'
diff -ruBN qmail-1.03.org/fork.h qmail-1.03/fork.h
--- qmail-1.03.org/fork.h 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/fork.h 2013-06-22 03:03:24.000000000 -0400
@@ -0,0 +1,7 @@
+#ifndef FORK_H
+#define FORK_H
+
+extern int fork();
+extern int vfork();
+
+#endif
diff -ruBN qmail-1.03.org/hassgact.h qmail-1.03/hassgact.h
--- qmail-1.03.org/hassgact.h 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/hassgact.h 2013-06-22 03:03:24.000000000 -0400
@@ -0,0 +1 @@
+#define HASSIGACTION 1
diff -ruBN qmail-1.03.org/hassgprm.h qmail-1.03/hassgprm.h
--- qmail-1.03.org/hassgprm.h 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/hassgprm.h 2013-06-22 03:03:24.000000000 -0400
@@ -0,0 +1 @@
+#define HASSIGPROCMASK 1
diff -ruBN qmail-1.03.org/haswaitp.h qmail-1.03/haswaitp.h
--- qmail-1.03.org/haswaitp.h 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/haswaitp.h 2013-06-22 03:03:24.000000000 -0400
@@ -0,0 +1 @@
+#define HASWAITPID 1
diff -ruBN qmail-1.03.org/hier.c qmail-1.03/hier.c
--- qmail-1.03.org/hier.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/hier.c 2013-06-22 03:03:24.000000000 -0400
@@ -76,6 +76,7 @@
c(auto_qmail,"boot","binm3+df",auto_uido,auto_gidq,0755);
c(auto_qmail,"doc","FAQ",auto_uido,auto_gidq,0644);
+ c(auto_qmail,"doc","README.qregex",auto_uido,auto_gidq,0644);
c(auto_qmail,"doc","UPGRADE",auto_uido,auto_gidq,0644);
c(auto_qmail,"doc","SENDMAIL",auto_uido,auto_gidq,0644);
c(auto_qmail,"doc","INSTALL",auto_uido,auto_gidq,0644);
@@ -108,6 +109,9 @@
c(auto_qmail,"bin","qmail-rspawn",auto_uido,auto_gidq,0711);
c(auto_qmail,"bin","qmail-clean",auto_uido,auto_gidq,0711);
c(auto_qmail,"bin","qmail-send",auto_uido,auto_gidq,0711);
+#ifdef EXTERNAL_TODO
+ c(auto_qmail,"bin","qmail-todo",auto_uido,auto_gidq,0711);
+#endif
c(auto_qmail,"bin","splogger",auto_uido,auto_gidq,0711);
c(auto_qmail,"bin","qmail-newu",auto_uido,auto_gidq,0700);
c(auto_qmail,"bin","qmail-newmrh",auto_uido,auto_gidq,0700);
diff -ruBN qmail-1.03.org/install-big.c qmail-1.03/install-big.c
--- qmail-1.03.org/install-big.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/install-big.c 2013-06-22 03:03:24.000000000 -0400
@@ -76,6 +76,7 @@
c(auto_qmail,"boot","binm3+df",auto_uido,auto_gidq,0755);
c(auto_qmail,"doc","FAQ",auto_uido,auto_gidq,0644);
+ c(auto_qmail,"doc","README.qregex",auto_uido,auto_gidq,0644);
c(auto_qmail,"doc","UPGRADE",auto_uido,auto_gidq,0644);
c(auto_qmail,"doc","SENDMAIL",auto_uido,auto_gidq,0644);
c(auto_qmail,"doc","INSTALL",auto_uido,auto_gidq,0644);
@@ -108,6 +109,9 @@
c(auto_qmail,"bin","qmail-rspawn",auto_uido,auto_gidq,0711);
c(auto_qmail,"bin","qmail-clean",auto_uido,auto_gidq,0711);
c(auto_qmail,"bin","qmail-send",auto_uido,auto_gidq,0711);
+#ifdef EXTERNAL_TODO
+ c(auto_qmail,"bin","qmail-todo",auto_uido,auto_gidq,0711);
+#endif
c(auto_qmail,"bin","splogger",auto_uido,auto_gidq,0711);
c(auto_qmail,"bin","qmail-newu",auto_uido,auto_gidq,0700);
c(auto_qmail,"bin","qmail-newmrh",auto_uido,auto_gidq,0700);
diff -ruBN qmail-1.03.org/ipme.c qmail-1.03/ipme.c
--- qmail-1.03.org/ipme.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/ipme.c 2013-06-22 03:03:24.000000000 -0400
@@ -23,6 +23,9 @@
{
int i;
if (ipme_init() != 1) return -1;
+ /* This is a hack. -sg */
+ if (ip->d[0] == 127)
+ return 1;
for (i = 0;i < ipme.len;++i)
if (byte_equal(&ipme.ix[i].ip,4,ip))
return 1;
@@ -46,6 +49,11 @@
ipme.len = 0;
ix.pref = 0;
+ /* 0.0.0.0 is a special address which always refers to
+ * "this host, this network", according to RFC 1122, Sec. 3.2.1.3a.
+ */
+ byte_copy(&ix.ip,4,"\0\0\0\0");
+ if (!ipalloc_append(&ipme,&ix)) { return 0; }
if ((s = socket(AF_INET,SOCK_STREAM,0)) == -1) return -1;
len = 256;
diff -ruBN qmail-1.03.org/qmail-control.9 qmail-1.03/qmail-control.9
--- qmail-1.03.org/qmail-control.9 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/qmail-control.9 2013-06-22 03:03:25.000000000 -0400
@@ -20,7 +20,11 @@
Comments are allowed
in
+.IR badhelo ,
.IR badmailfrom ,
+.IR badmailfromnorelay ,
+.IR badmailto ,
+.IR badmailtonorelay ,
.IR locals ,
.IR percenthack ,
.IR qmqpservers ,
@@ -40,7 +44,11 @@
.ta 5c 10c
control default used by
+.I badhelo \fR(none) \fRqmail-smtpd
.I badmailfrom \fR(none) \fRqmail-smtpd
+.I badmailfromnorelay \fR(none) \fRqmail-smtpd
+.I badmailto \fR(none) \fRqmail-smtpd
+.I badmailtonorelay \fR(none) \fRqmail-smtpd
.I bouncefrom \fRMAILER-DAEMON \fRqmail-send
.I bouncehost \fIme \fRqmail-send
.I concurrencylocal \fR10 \fRqmail-send
@@ -55,7 +63,9 @@
.I idhost \fIme \fRqmail-inject
.I localiphost \fIme \fRqmail-smtpd
.I locals \fIme \fRqmail-send
+.I mfcheck \fR0 \fRqmail-smtpd
.I morercpthosts \fR(none) \fRqmail-smtpd
+.I outgoingip \fR0.0.0.0 \fRqmail-remote
.I percenthack \fR(none) \fRqmail-send
.I plusdomain \fIme \fRqmail-inject
.I qmqpservers \fR(none) \fRqmail-qmqpc
@@ -63,6 +73,10 @@
.I rcpthosts \fR(none) \fRqmail-smtpd
.I smtpgreeting \fIme \fRqmail-smtpd
.I smtproutes \fR(none) \fRqmail-remote
+.I spfbehavior \fR0 \fRqmail-smtpd
+.I spfexp \fR(default) \fRqmail-smtpd
+.I spfguess \fR(none) \fRqmail-smtpd
+.I spfrules \fR(none) \fRqmail-smtpd
.I timeoutconnect \fR60 \fRqmail-remote
.I timeoutremote \fR1200 \fRqmail-remote
.I timeoutsmtpd \fR1200 \fRqmail-smtpd
diff -ruBN qmail-1.03.org/qmail-local.c qmail-1.03/qmail-local.c
--- qmail-1.03.org/qmail-local.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/qmail-local.c 2013-06-22 03:03:25.000000000 -0400
@@ -1,4 +1,5 @@
#include
+#include
#include
#include "readwrite.h"
#include "sig.h"
@@ -41,6 +42,20 @@
void temp_qmail(fn) char *fn;
{ strerr_die5x(111,"Unable to open ",fn,": ",error_str(errno),". (#4.3.0)"); }
+/* writes ulong u in hex to char *s, does not NULL-terminate */
+unsigned int fmt_xlong(s,u) char *s; unsigned long u;
+{
+ unsigned int len; unsigned long q; unsigned long c;
+ len = 1; q = u;
+ while (q > 15) { ++len; q /= 16; }
+ if (s)
+ {
+ s += len;
+ do { c = u & 15; *--s = (c > 9 ? 'a' - 10 : '0') + c; u /= 16; } while(u);
+ }
+ return len;
+}
+
int flagdoit;
int flag99;
@@ -63,6 +78,7 @@
stralloc cmds = {0};
stralloc messline = {0};
stralloc foo = {0};
+stralloc hostname = {0};
char buf[1024];
char outbuf[1024];
@@ -78,7 +94,7 @@
char *dir;
{
unsigned long pid;
- unsigned long time;
+ struct timeval time;
char host[64];
char *s;
int loop;
@@ -92,21 +108,37 @@
pid = getpid();
host[0] = 0;
gethostname(host,sizeof(host));
+
+ s = host;
+ for (loop = 0; loop < str_len(host); ++loop)
+ {
+ if (host[loop] == '/')
+ {
+ if (!stralloc_cats(&hostname,"057")) temp_nomem();
+ continue;
+ }
+ if (host[loop] == ':')
+ {
+ if (!stralloc_cats(&hostname,"072")) temp_nomem();
+ continue;
+ }
+ if (!stralloc_append(&hostname,s+loop)) temp_nomem();
+ }
+
for (loop = 0;;++loop)
{
- time = now();
+ gettimeofday(&time, 0);
s = fntmptph;
s += fmt_str(s,"tmp/");
- s += fmt_ulong(s,time); *s++ = '.';
- s += fmt_ulong(s,pid); *s++ = '.';
- s += fmt_strn(s,host,sizeof(host)); *s++ = 0;
+ s += fmt_ulong(s,time.tv_sec); *s++ = '.';
+ *s++ = 'M'; s += fmt_ulong(s,time.tv_usec);
+ *s++ = 'P'; s += fmt_ulong(s,pid); *s++ = '.';
+ s += fmt_strn(s,hostname.s,hostname.len); *s++ = 0;
if (stat(fntmptph,&st) == -1) if (errno == error_noent) break;
/* really should never get to this point */
if (loop == 2) _exit(1);
sleep(2);
}
- str_copy(fnnewtph,fntmptph);
- byte_copy(fnnewtph,3,"new");
alarm(86400);
fd = open_excl(fntmptph);
@@ -124,9 +156,24 @@
}
if (substdio_flush(&ssout) == -1) goto fail;
+ if (fstat(fd, &st) == -1) goto fail;
if (fsync(fd) == -1) goto fail;
if (close(fd) == -1) goto fail; /* NFS dorks */
+ s = fnnewtph;
+ s += fmt_str(s,"new/");
+ s += fmt_ulong(s,time.tv_sec); *s++ = '.';
+
+ /* in hexadecimal */
+ *s++ = 'I'; s += fmt_xlong(s,st.st_ino);
+ *s++ = 'V'; s += fmt_xlong(s,st.st_dev);
+
+ /* in decimal */
+ *s++ = 'M'; s += fmt_ulong(s,time.tv_usec);
+ *s++ = 'P'; s += fmt_ulong(s,pid); *s++ = '.';
+
+ s += fmt_strn(s,hostname.s,hostname.len); *s++ = 0;
+
if (link(fntmptph,fnnewtph) == -1) goto fail;
/* if it was error_exist, almost certainly successful; i hate NFS */
tryunlinktmp(); _exit(0);
@@ -645,7 +692,7 @@
{
cmds.s[j] = 0;
k = j;
- while ((k > i) && (cmds.s[k - 1] == ' ') || (cmds.s[k - 1] == '\t'))
+ while ((k > i) && ((cmds.s[k - 1] == ' ') || (cmds.s[k - 1] == '\t')))
cmds.s[--k] = 0;
switch(cmds.s[i])
{
diff -ruBN qmail-1.03.org/qmail-pop3d.c qmail-1.03/qmail-pop3d.c
--- qmail-1.03.org/qmail-pop3d.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/qmail-pop3d.c 2013-06-22 03:03:25.000000000 -0400
@@ -66,14 +66,14 @@
void die_scan() { err("unable to scan $HOME/Maildir"); die(); }
void err_syntax() { err("syntax error"); }
-void err_unimpl() { err("unimplemented"); }
+void err_unimpl(arg) char *arg; { err("unimplemented"); }
void err_deleted() { err("already deleted"); }
void err_nozero() { err("messages are counted from 1"); }
void err_toobig() { err("not that many messages"); }
void err_nosuch() { err("unable to open that message"); }
void err_nounlink() { err("unable to unlink all deleted messages"); }
-void okay() { puts("+OK \r\n"); flush(); }
+void okay(arg) char *arg; { puts("+OK \r\n"); flush(); }
void printfn(fn) char *fn;
{
@@ -146,7 +146,7 @@
}
}
-void pop3_stat()
+void pop3_stat(arg) char *arg;
{
int i;
unsigned long total;
@@ -161,15 +161,15 @@
flush();
}
-void pop3_rset()
+void pop3_rset(arg) char *arg;
{
int i;
for (i = 0;i < numm;++i) m[i].flagdeleted = 0;
last = 0;
- okay();
+ okay(0);
}
-void pop3_last()
+void pop3_last(arg) char *arg;
{
puts("+OK ");
put(strnum,fmt_uint(strnum,last));
@@ -177,7 +177,7 @@
flush();
}
-void pop3_quit()
+void pop3_quit(arg) char *arg;
{
int i;
for (i = 0;i < numm;++i)
@@ -192,7 +192,7 @@
if (!stralloc_0(&line)) die_nomem();
rename(m[i].fn,line.s); /* if it fails, bummer */
}
- okay();
+ okay(0);
die();
}
@@ -214,7 +214,7 @@
if (i == -1) return;
m[i].flagdeleted = 1;
if (i + 1 > last) last = i + 1;
- okay();
+ okay(0);
}
void list(i,flaguidl)
@@ -238,7 +238,7 @@
list(i,flaguidl);
}
else {
- okay();
+ okay(0);
for (i = 0;i < numm;++i)
if (!m[i].flagdeleted)
list(i,flaguidl);
@@ -267,7 +267,10 @@
fd = open_read(m[i].fn);
if (fd == -1) { err_nosuch(); return; }
- okay();
+ puts("+OK ");
+ put(strnum,fmt_ulong(strnum,m[i].size));
+ puts(" octets\r\n");
+ flush();
substdio_fdbuf(&ssmsg,read,fd,ssmsgbuf,sizeof(ssmsgbuf));
blast(&ssmsg,limit);
close(fd);
@@ -299,7 +302,7 @@
getlist();
- okay();
+ okay(0);
commands(&ssin,pop3commands);
die();
}
diff -ruBN qmail-1.03.org/qmail-popup.c qmail-1.03/qmail-popup.c
--- qmail-1.03.org/qmail-popup.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/qmail-popup.c 2013-06-22 03:03:25.000000000 -0400
@@ -64,10 +64,10 @@
void err_syntax() { err("syntax error"); }
void err_wantuser() { err("USER first"); }
-void err_authoriz() { err("authorization first"); }
+void err_authoriz(arg) char *arg; { err("authorization first"); }
-void okay() { puts("+OK \r\n"); flush(); }
-void pop3_quit() { okay(); die(); }
+void okay(arg) char *arg; { puts("+OK \r\n"); flush(); }
+void pop3_quit(arg) char *arg; { okay(0); die(); }
char unique[FMT_ULONG + FMT_ULONG + 3];
@@ -136,7 +136,7 @@
void pop3_user(arg) char *arg;
{
if (!*arg) { err_syntax(); return; }
- okay();
+ okay(0);
seenuser = 1;
if (!stralloc_copys(&username,arg)) die_nomem();
if (!stralloc_0(&username)) die_nomem();
diff -ruBN qmail-1.03.org/qmail-queue.c qmail-1.03/qmail-queue.c
--- qmail-1.03.org/qmail-queue.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/qmail-queue.c 2013-06-22 03:03:25.000000000 -0400
@@ -16,6 +16,7 @@
#include "auto_uids.h"
#include "date822fmt.h"
#include "fmtqfn.h"
+#include "env.h"
#define DEATH 86400 /* 24 hours; _must_ be below q-s's OSSIFIED (36 hours) */
#define ADDR 1003
@@ -39,6 +40,7 @@
int intdfd;
int flagmademess = 0;
int flagmadeintd = 0;
+char *remoteip;
void cleanup()
{
@@ -61,8 +63,11 @@
void sigbug() { die(81); }
unsigned int receivedlen;
-char *received;
+unsigned int originlen;
/* "Received: (qmail-queue invoked by alias); 26 Sep 1995 04:46:54 -0000\n" */
+char *received;
+char *origin;
+/* "X-Originating-IP: 10.0.0.1\n" */
static unsigned int receivedfmt(s)
char *s;
@@ -97,6 +102,27 @@
receivedfmt(received);
}
+static unsigned int originfmt(s)
+char *s;
+{
+ unsigned int i;
+ unsigned int len;
+ len = 0;
+ i = fmt_str(s,"X-Originating-IP: "); len += i; if (s) s += i;
+ i = fmt_str(s,remoteip); len += i; if (s) s += i;
+ i = fmt_str(s,"\n"); len += i; if (s) s += i;
+
+ return len;
+}
+
+void origin_setup()
+{
+ originlen = originfmt((char *) 0);
+ origin = alloc(originlen + 1);
+ if (!origin) die(51);
+ originfmt(origin);
+}
+
unsigned int pidfmt(s,seq)
char *s;
unsigned long seq;
@@ -192,6 +218,12 @@
if (substdio_bput(&ssout,received,receivedlen) == -1) die_write();
+ remoteip = env_get("TCPREMOTEIP");
+ if(remoteip) {
+ origin_setup();
+ if (substdio_bput(&ssout,origin,originlen) == -1) die_write();
+ }
+
switch(substdio_copy(&ssout,&ssin))
{
case -2: die_read();
diff -ruBN qmail-1.03.org/qmail-remote.8 qmail-1.03/qmail-remote.8
--- qmail-1.03.org/qmail-remote.8 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/qmail-remote.8 2013-06-22 03:03:25.000000000 -0400
@@ -124,6 +124,13 @@
.B qmail-remote
refuses to run.
.TP 5
+.I outgoingip
+IP address to be used on outgoing connections.
+Default: system-defined.
+The value
+.IR 0.0.0.0
+is equivalent to the system default.
+.TP 5
.I smtproutes
Artificial SMTP routes.
Each route has the form
diff -ruBN qmail-1.03.org/qmail-remote.c qmail-1.03/qmail-remote.c
--- qmail-1.03.org/qmail-remote.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/qmail-remote.c 2013-06-22 03:03:25.000000000 -0400
@@ -39,6 +39,7 @@
static stralloc sauninit = {0};
stralloc helohost = {0};
+stralloc outgoingip = {0};
stralloc routes = {0};
struct constmap maproutes;
stralloc host = {0};
@@ -47,6 +48,7 @@
saa reciplist = {0};
struct ip_address partner;
+struct ip_address outip;
void out(s) char *s; { if (substdio_puts(subfdoutsmall,s) == -1) _exit(0); }
void zero() { if (substdio_put(subfdoutsmall,"\0",1) == -1) _exit(0); }
@@ -56,6 +58,7 @@
ch = sa->s[i]; if (ch < 33) ch = '?'; if (ch > 126) ch = '?';
if (substdio_put(subfdoutsmall,&ch,1) == -1) _exit(0); } }
+void temp_noip() { out("Zinvalid ipaddr in control/outgoingip (#4.3.0)\n"); zerodie(); }
void temp_nomem() { out("ZOut of memory. (#4.3.0)\n"); zerodie(); }
void temp_oserr() { out("Z\
System resources temporarily unavailable. (#4.3.0)\n"); zerodie(); }
@@ -222,7 +225,11 @@
int flagbother;
int i;
- if (smtpcode() != 220) quit("ZConnected to "," but greeting failed");
+ code = smtpcode();
+ if (code >= 500 && code < 600) quit("DConnected to "," but greeting failed");
+ if (code >= 400 && code < 500) return; /* try next MX, see RFC-2821 */
+ if (code != 220) quit("ZConnected to "," but greeting failed");
+
substdio_puts(&smtpto,"HELO ");
substdio_put(&smtpto,helohost.s,helohost.len);
@@ -310,6 +317,7 @@
void getcontrols()
{
+ int r;
if (control_init() == -1) temp_control();
if (control_readint(&timeout,"control/timeoutremote") == -1) temp_control();
if (control_readint(&timeoutconnect,"control/timeoutconnect") == -1)
@@ -324,6 +332,12 @@
case 1:
if (!constmap_init(&maproutes,routes.s,routes.len,1)) temp_nomem(); break;
}
+ r = control_readline(&outgoingip,"control/outgoingip");
+ if (-1 == r) { if (errno == error_nomem) temp_nomem(); temp_control(); }
+ if (0 == r && !stralloc_copys(&outgoingip, "0.0.0.0")) temp_nomem();
+ if (str_equal(outgoingip.s, "0.0.0.0"))
+ { outip.d[0]=outip.d[1]=outip.d[2]=outip.d[3]=(unsigned long) 0; }
+ else if (!ip_scan(outgoingip.s, &outip)) temp_noip();
}
void main(argc,argv)
@@ -414,10 +428,10 @@
smtpfd = socket(AF_INET,SOCK_STREAM,0);
if (smtpfd == -1) temp_oserr();
- if (timeoutconn(smtpfd,&ip.ix[i].ip,(unsigned int) port,timeoutconnect) == 0) {
+ if (timeoutconn(smtpfd,&ip.ix[i].ip,&outip,(unsigned int) port,timeoutconnect) == 0) {
tcpto_err(&ip.ix[i].ip,0);
partner = ip.ix[i].ip;
- smtp(); /* does not return */
+ smtp(); /* only returns when the next MX is to be tried */
}
tcpto_err(&ip.ix[i].ip,errno == error_timeout);
close(smtpfd);
diff -ruBN qmail-1.03.org/qmail-send.9 qmail-1.03/qmail-send.9
--- qmail-1.03.org/qmail-send.9 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/qmail-send.9 2013-06-22 03:03:25.000000000 -0400
@@ -115,6 +115,10 @@
(If that bounces,
.B qmail-send
gives up.)
+As a special case, if the first line of
+.IR doublebounceto
+is blank (contains a single linefeed), qmail-send will not queue
+the double-bounce at all.
.TP 5
.I envnoathost
Presumed domain name for addresses without @ signs.
diff -ruBN qmail-1.03.org/qmail-send.c qmail-1.03/qmail-send.c
--- qmail-1.03.org/qmail-send.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/qmail-send.c 2013-06-22 03:03:25.000000000 -0400
@@ -44,6 +44,8 @@
int lifetime = 604800;
+int bouncemaxbytes = 50000;
+
stralloc percenthack = {0};
struct constmap mappercenthack;
stralloc locals = {0};
@@ -683,6 +685,8 @@
}
if (str_equal(sender.s,"#@[]"))
log3("triple bounce: discarding ",fn2.s,"\n");
+ else if (!*sender.s && *doublebounceto.s == '@')
+ log3("double bounce: discarding ",fn2.s,"\n");
else
{
if (qmail_open(&qqt) == -1)
@@ -740,9 +744,17 @@
qmail_fail(&qqt);
else
{
+ int bytestogo = bouncemaxbytes;
+ int bytestoget = (bytestogo < sizeof buf) ? bytestogo : sizeof buf;
substdio_fdbuf(&ssread,read,fd,inbuf,sizeof(inbuf));
- while ((r = substdio_get(&ssread,buf,sizeof(buf))) > 0)
+ while (bytestoget > 0 && (r = substdio_get(&ssread,buf,bytestoget)) > 0) {
qmail_put(&qqt,buf,r);
+ bytestogo -= bytestoget;
+ bytestoget = (bytestogo < sizeof buf) ? bytestogo : sizeof buf;
+ }
+ if (r > 0) {
+ qmail_puts(&qqt,"\n\n--- End of message stripped.\n");
+ }
close(fd);
if (r == -1)
qmail_fail(&qqt);
@@ -1215,6 +1227,7 @@
/* this file is too long ---------------------------------------------- TODO */
+#ifndef EXTERNAL_TODO
datetime_sec nexttodorun;
DIR *tododir; /* if 0, have to opendir again */
stralloc todoline = {0};
@@ -1438,10 +1451,148 @@
if (fdchan[c] != -1) close(fdchan[c]);
}
+#endif
+
+/* this file is too long ------------------------------------- EXTERNAL TODO */
+
+#ifdef EXTERNAL_TODO
+stralloc todoline = {0};
+char todobuf[2048];
+int todofdin;
+int todofdout;
+int flagtodoalive;
+
+void tododied() { log1("alert: oh no! lost qmail-todo connection! dying...\n");
+ flagexitasap = 1; flagtodoalive = 0; }
+
+void todo_init()
+{
+ todofdout = 7;
+ todofdin = 8;
+ flagtodoalive = 1;
+ /* sync with external todo */
+ if (write(todofdout, "S", 1) != 1) tododied();
+
+ return;
+}
+
+void todo_selprep(nfds,rfds,wakeup)
+int *nfds;
+fd_set *rfds;
+datetime_sec *wakeup;
+{
+ if (flagexitasap) {
+ if (flagtodoalive) {
+ write(todofdout, "X", 1);
+ }
+ }
+ if (flagtodoalive) {
+ FD_SET(todofdin,rfds);
+ if (*nfds <= todofdin)
+ *nfds = todofdin + 1;
+ }
+}
+
+void todo_del(char* s)
+{
+ int flagchan[CHANNELS];
+ struct prioq_elt pe;
+ unsigned long id;
+ unsigned int len;
+ int c;
+
+ for (c = 0;c < CHANNELS;++c) flagchan[c] = 0;
+ switch(*s++) {
+ case 'L':
+ flagchan[0] = 1;
+ break;
+ case 'R':
+ flagchan[1] = 1;
+ break;
+ case 'B':
+ flagchan[0] = 1;
+ flagchan[1] = 1;
+ break;
+ case 'X':
+ break;
+ default:
+ log1("warning: qmail-send unable to understand qmail-todo\n");
+ return;
+ }
+
+ len = scan_ulong(s,&id);
+ if (!len || s[len]) {
+ log1("warning: qmail-send unable to understand qmail-todo\n");
+ return;
+ }
+
+ pe.id = id; pe.dt = now();
+ for (c = 0;c < CHANNELS;++c)
+ if (flagchan[c])
+ while (!prioq_insert(&pqchan[c],&pe)) nomem();
+
+ for (c = 0;c < CHANNELS;++c) if (flagchan[c]) break;
+ if (c == CHANNELS)
+ while (!prioq_insert(&pqdone,&pe)) nomem();
+
+ return;
+}
+
+void todo_do(rfds)
+fd_set *rfds;
+{
+ int r;
+ char ch;
+ int i;
+
+ if (!flagtodoalive) return;
+ if (!FD_ISSET(todofdin,rfds)) return;
+
+ r = read(todofdin,todobuf,sizeof(todobuf));
+ if (r == -1) return;
+ if (r == 0) {
+ if (flagexitasap)
+ flagtodoalive = 0;
+ else
+ tododied();
+ return;
+ }
+ for (i = 0;i < r;++i) {
+ ch = todobuf[i];
+ while (!stralloc_append(&todoline,&ch)) nomem();
+ if (todoline.len > REPORTMAX)
+ todoline.len = REPORTMAX;
+ /* qmail-todo is responsible for keeping it short */
+ if (!ch && (todoline.len > 1)) {
+ switch (todoline.s[0]) {
+ case 'D':
+ if (flagexitasap) break;
+ todo_del(todoline.s + 1);
+ break;
+ case 'L':
+ log1(todoline.s + 1);
+ break;
+ case 'X':
+ if (flagexitasap)
+ flagtodoalive = 0;
+ else
+ tododied();
+ break;
+ default:
+ log1("warning: qmail-send unable to understand qmail-todo: report mangled\n");
+ break;
+ }
+ todoline.len = 0;
+ }
+ }
+}
+
+#endif
/* this file is too long ---------------------------------------------- MAIN */
int getcontrols() { if (control_init() == -1) return 0;
+ if (control_readint(&bouncemaxbytes,"control/bouncemaxbytes") == -1) return 0;
if (control_readint(&lifetime,"control/queuelifetime") == -1) return 0;
if (control_readint(&concurrency[0],"control/concurrencylocal") == -1) return 0;
if (control_readint(&concurrency[1],"control/concurrencyremote") == -1) return 0;
@@ -1504,6 +1655,9 @@
log1("alert: unable to reread controls: unable to switch to home directory\n");
return;
}
+#ifdef EXTERNAL_TODO
+ write(todofdout, "H", 1);
+#endif
regetcontrols();
while (chdir("queue") == -1)
{
@@ -1568,7 +1722,11 @@
todo_init();
cleanup_init();
+#ifdef EXTERNAL_TODO
+ while (!flagexitasap || !del_canexit() || flagtodoalive)
+#else
while (!flagexitasap || !del_canexit())
+#endif
{
recent = now();
diff -ruBN qmail-1.03.org/qmail-showctl.c qmail-1.03/qmail-showctl.c
--- qmail-1.03.org/qmail-showctl.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/qmail-showctl.c 2013-06-22 03:03:25.000000000 -0400
@@ -15,6 +15,7 @@
#include "auto_patrn.h"
#include "auto_spawn.h"
#include "auto_split.h"
+#include "spf.h"
stralloc me = {0};
int meok;
@@ -143,6 +144,8 @@
struct stat stmrh;
struct stat stmrhcdb;
+ substdio_puts(subfdout,"qmail version: qmail-1.03 + qmail-1.03.isp-2013062201.patch\n");
+
substdio_puts(subfdout,"qmail home directory: ");
substdio_puts(subfdout,auto_qmail);
substdio_puts(subfdout,".\n");
@@ -214,9 +217,15 @@
_exit(111);
}
- do_lst("badmailfrom","Any MAIL FROM is allowed.",""," not accepted in MAIL FROM.");
+ do_lst("badhelo","Any HELO host name is allowed.",""," HELO host name denied if it matches this pattern.");
+ do_lst("badmailfrom","Any MAIL FROM is allowed.",""," MAIL FROM denied if it matches this pattern.");
+ do_lst("badmailfromnorelay","Any MAIL FROM is allowed.",""," MAIL FROM denied if it matches this pattern and RELAYCLIENT is not set.");
+ do_lst("badmailto","No RCPT TO are specifically denied.",""," RCPT TO denied if it matches this pattern.");
+ do_lst("badmailtonorelay","No RCPT TO are specifically denied.",""," RCPT TO denied if it matches this pattern and RELAYCLIENT is not set.");
+ do_lst("badrdns","Any reverse DNS pattern is allowed.",""," Reverse DNS denied if it matches this pattern and RELAYCLIENT is not set.");
do_str("bouncefrom",0,"MAILER-DAEMON","Bounce user name is ");
do_str("bouncehost",1,"bouncehost","Bounce host name is ");
+ do_int("boncemaxbytes","50000","Maximum size of bounce messages is "," bytes");
do_int("concurrencylocal","10","Local concurrency is ","");
do_int("concurrencyremote","20","Remote concurrency is ","");
do_int("databytes","0","SMTP DATA limit is "," bytes");
@@ -229,7 +238,11 @@
do_str("idhost",1,"idhost","Message-ID host name is ");
do_str("localiphost",1,"localiphost","Local IP address becomes ");
do_lst("locals","Messages for me are delivered locally.","Messages for "," are delivered locally.");
+ do_int("maxrecipients","50","Maximum number of envelope recipients per email: ","");
+ do_int("maxerrors","10","Number of errors before closing SMTP session: ","");
do_str("me",0,"undefined! Uh-oh","My name is ");
+ do_str("mfcheck",0,"Disabled","Envelope sender domain checking is: ");
+ do_str("outgoingip",0,"0.0.0.0","Outgoing IP address is ");
do_lst("percenthack","The percent hack is not allowed.","The percent hack is allowed for user%host@",".");
do_str("plusdomain",1,"plusdomain","Plus domain name is ");
do_lst("qmqpservers","No QMQP servers.","QMQP server: ",".");
@@ -254,9 +267,15 @@
substdio_puts(subfdout,"Oops! morercpthosts.cdb is older than morercpthosts.\n");
else
substdio_puts(subfdout,"Modified recently enough; hopefully up to date.\n");
-
+ do_str("smtpauth",0,"Disabled","SMTP Auth advertising in EHLO is: ");
do_str("smtpgreeting",1,"smtpgreeting","SMTP greeting: 220 ");
do_lst("smtproutes","No artificial SMTP routes.","SMTP route: ","");
+ do_int("spfbehavior","0","The SPF behavior is ","");
+ do_str("spfexp",0,SPF_DEFEXP,"The SPF default explanation is: 550 ");
+ do_str("spfguess",0,"","The guess SPF rules are: ");
+ do_str("spfrules",0,"","The local SPF rules are: ");
+ do_int("tarpitcount","0","Tarpitting activated after "," recipients");
+ do_int("tarpitdelay","0","Tarpit delay is: "," seconds");
do_int("timeoutconnect","60","SMTP client connection timeout is "," seconds");
do_int("timeoutremote","1200","SMTP client data timeout is "," seconds");
do_int("timeoutsmtpd","1200","SMTP server data timeout is "," seconds");
@@ -267,9 +286,15 @@
if (str_equal(d->d_name,"..")) continue;
if (str_equal(d->d_name,"bouncefrom")) continue;
if (str_equal(d->d_name,"bouncehost")) continue;
+ if (str_equal(d->d_name,"badhelo")) continue;
if (str_equal(d->d_name,"badmailfrom")) continue;
+ if (str_equal(d->d_name,"badmailfromnorelay")) continue;
+ if (str_equal(d->d_name,"badmailto")) continue;
+ if (str_equal(d->d_name,"badmailtonorelay")) continue;
+ if (str_equal(d->d_name,"badrdns")) continue;
if (str_equal(d->d_name,"bouncefrom")) continue;
if (str_equal(d->d_name,"bouncehost")) continue;
+ if (str_equal(d->d_name,"bouncemaxbytes")) continue;
if (str_equal(d->d_name,"concurrencylocal")) continue;
if (str_equal(d->d_name,"concurrencyremote")) continue;
if (str_equal(d->d_name,"databytes")) continue;
@@ -282,16 +307,27 @@
if (str_equal(d->d_name,"idhost")) continue;
if (str_equal(d->d_name,"localiphost")) continue;
if (str_equal(d->d_name,"locals")) continue;
+ if (str_equal(d->d_name,"maxrecipients")) continue;
+ if (str_equal(d->d_name,"maxerrors")) continue;
if (str_equal(d->d_name,"me")) continue;
+ if (str_equal(d->d_name,"mfcheck")) continue;
if (str_equal(d->d_name,"morercpthosts")) continue;
if (str_equal(d->d_name,"morercpthosts.cdb")) continue;
+ if (str_equal(d->d_name,"outgoingip")) continue;
if (str_equal(d->d_name,"percenthack")) continue;
if (str_equal(d->d_name,"plusdomain")) continue;
if (str_equal(d->d_name,"qmqpservers")) continue;
if (str_equal(d->d_name,"queuelifetime")) continue;
if (str_equal(d->d_name,"rcpthosts")) continue;
+ if (str_equal(d->d_name,"smtpauth")) continue;
if (str_equal(d->d_name,"smtpgreeting")) continue;
if (str_equal(d->d_name,"smtproutes")) continue;
+ if (str_equal(d->d_name,"spfbehavior")) continue;
+ if (str_equal(d->d_name,"spfexp")) continue;
+ if (str_equal(d->d_name,"spfguess")) continue;
+ if (str_equal(d->d_name,"spfrules")) continue;
+ if (str_equal(d->d_name,"tarpitcount")) continue;
+ if (str_equal(d->d_name,"tarpitdelay")) continue;
if (str_equal(d->d_name,"timeoutconnect")) continue;
if (str_equal(d->d_name,"timeoutremote")) continue;
if (str_equal(d->d_name,"timeoutsmtpd")) continue;
diff -ruBN qmail-1.03.org/qmail-smtpd.8 qmail-1.03/qmail-smtpd.8
--- qmail-1.03.org/qmail-smtpd.8 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/qmail-smtpd.8 2013-06-22 03:03:25.000000000 -0400
@@ -23,7 +23,38 @@
header fields.
.B qmail-smtpd
-supports ESMTP, including the 8BITMIME and PIPELINING options.
+supports ESMTP, including the 8BITMIME, DATA, PIPELINING, SIZE, and AUTH options.
+.B qmail-smtpd
+includes a \'MAIL FROM:\; parameter parser and obeys \'Auth\' and \'Size\' advertisements.
+.B qmail-smtpd
+can accept LOGIN, PLAIN, and CRAM-MD5 AUTH types. It invokes
+.IR checkprogram ,
+which reads on file descriptor 3 the username, a 0 byte, the password
+or CRAM-MD5 digest/response derived from the SMTP client,
+another 0 byte, a CRAM-MD5 challenge (if applicable to the AUTH type),
+and a final 0 byte.
+.I checkprogram
+invokes
+.I subprogram
+upon successful authentication, which should in turn return 0 to
+.BR qmail-smtpd ,
+effectively setting the environment variables $RELAYCLIENT and $TCPREMOTEINFO
+(any supplied value replaced with the authenticated username).
+.B qmail-smtpd
+will reject the authentication attempt if it receives a nonzero return
+value from
+.I checkprogram
+or
+.IR subprogram .
+
+Binding
+.B qmail-smtpd
+to the SUBMISSION port (\'587\') instead of the standard SMTP port 25 will advice
+.B qmail-smtpd
+to require SMTP authention prior of accepting the \'MAIL FROM:\' command.
+A different port can be chosen, populating the environment variable
+.IR SUBMISSIONPORT .
+
.SH TRANSPARENCY
.B qmail-smtpd
converts the SMTP newline convention into the UNIX newline convention
@@ -37,11 +68,26 @@
even though such messages violate the SMTP protocol.
.SH "CONTROL FILES"
.TP 5
+.I badhelo
+Unacceptable HELO/EHLO host names.
+.B qmail-smtpd
+will reject every recipient address for a message if
+the host name is listed in,
+or matches a POSIX regular expression pattern listed in,
+.IR badhelo .
+If the
+.B NOBADHELO
+environment variable is set, then the contents of
+.IR badhelo
+will be ignored.
+For more information, please have a look at doc/README.qregex.
+.TP 5
.I badmailfrom
Unacceptable envelope sender addresses.
.B qmail-smtpd
will reject every recipient address for a message
-if the envelope sender address is listed in
+if the envelope sender address is listed in, or matches a POSIX regular expression
+pattern listed in,
.IR badmailfrom .
A line in
.I badmailfrom
@@ -49,6 +95,32 @@
.BR @\fIhost ,
meaning every address at
.IR host .
+For more information, please have a look at doc/README.qregex.
+.TP 5
+.I badmailfromnorelay
+Functions the same as the
+.IR badmailfrom
+control file but is read only if the
+.B RELAYCLIENT
+environment variable is not set.
+For more information, please have a look at doc/README.qregex.
+.TP 5
+.I badmailto
+Unacceptable envelope recipient addresses.
+.B qmail-smtpd
+will reject every recipient address for a message if the recipient address
+is listed in,
+or matches a POSIX regular expression pattern listed in,
+.IR badmailto .
+For more information, please have a look at doc/README.qregex.
+.TP 5
+.I badmailtonorelay
+Functions the same as the
+.IR badmailto
+control file but is read only if the
+.B RELAYCLIENT
+environment variable is not set.
+For more information, please have a look at doc/README.qregex.
.TP 5
.I databytes
Maximum number of bytes allowed in a message,
@@ -97,6 +169,12 @@
This is done before
.IR rcpthosts .
.TP 5
+.I mfcheck
+If set,
+.B qmail-smtpd
+tries to resolve the domain of the envelope from address. It can be
+handy when you want to filter out spamhosts.
+.TP 5
.I morercpthosts
Extra allowed RCPT domains.
If
@@ -169,6 +247,41 @@
.B qmail-smtpd
will wait for each new buffer of data from the remote SMTP client.
Default: 1200.
+.TP 5
+.I spfbehavior
+Set to a value between 1 and 6 to enable SPF checks; 0 to disable.
+1 selects 'annotate-only' mode, where
+.B qmail-smtpd
+will annotate incoming email with
+.B Received-SPF
+fields, but will not reject any messages. 2 will produce temporary
+failures on DNS lookup problems so you can make sure you always have
+meaningful Received-SPF headers. 3 selects 'reject' mode,
+where incoming mail will be rejected if the SPF record says 'fail'. 4
+selects a more stricter rejection mode, which is like 'reject' mode,
+except that incoming mail will also be rejected when the SPF record
+says 'softfail'. 5 will also reject when the SPF record says 'neutral',
+and 6 if no SPF records are available at all (or a syntax error was
+encountered). The contents of this file are overridden by the value of
+the
+.B SPFBEHAVIOR
+environment variable, if set.
+Default: 0.
+.TP 5
+.I spfexp
+You can add a line with a an SPF explanation that will be shown to the
+sender in case of a reject. It will override the default one. You can
+use SPF macro expansion.
+.TP 5
+.I spfguess
+You can add a line with SPF rules that will be checked if a sender
+domain doesn't have a SPF record. The local rules will also be used
+in this case.
+.TP 5
+.I spfrules
+You can add a line with SPF rules that will be checked before other SPF
+rules would fail. This can be used to always allow certain machines to
+send certain mails.
.SH "SEE ALSO"
tcp-env(1),
tcp-environ(5),
diff -ruBN qmail-1.03.org/qmail-smtpd.c qmail-1.03/qmail-smtpd.c
--- qmail-1.03.org/qmail-smtpd.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/qmail-smtpd.c 2013-06-22 03:03:54.000000000 -0400
@@ -1,3 +1,13 @@
+
+/*
+ *
+ * Patch 'qmail-smtpd-chkusr' v.1.0
+ * for qmail 1.03 and vpopmail 5.3.3
+ *
+ * Antonio Nati tonix@interazioni.it
+ *
+ */
+
#include "sig.h"
#include "readwrite.h"
#include "stralloc.h"
@@ -23,10 +33,47 @@
#include "timeoutread.h"
#include "timeoutwrite.h"
#include "commands.h"
+#include "spf.h"
+#include "wait.h"
+#include "strerr.h"
+#include "dns.h"
+#include "qregex.h"
+
+#define CRAM_MD5
+#define MAXERR_SLEEP 5
+#define AUTHSLEEP 5
+#define SUBMISSION "576"
+#define BADRCPT_SLEEP 3
+#define SPF_FAIL_SLEEP 3
+#define BMCHECK_BMF 0
+#define BMCHECK_BMFNR 1
+#define BMCHECK_BMT 2
+#define BMCHECK_BMTNR 3
+#define BMCHECK_BHELO 4
+#define BMCHECK_BRDNS 5
+
+
+#include
+#include
+#include
+#include
+#include
+
+#include "open.h"
+#include "/home/vpopmail/include/vpopmail.h"
+#include "/home/vpopmail/include/vauth.h"
+#include "/home/vpopmail/include/vpopmail_config.h"
#define MAXHOPS 100
unsigned int databytes = 0;
+unsigned int mfchk = 0;
+unsigned int smtpauth = 0;
int timeout = 1200;
+unsigned int spfbehavior = 0;
+unsigned int protoerrors = 0;
+unsigned int maxerrors = 10;
+unsigned int maxrcptcount = 50;
+char *relayclient;
int safewrite(fd,buf,len) int fd; char *buf; int len;
{
@@ -48,39 +95,94 @@
void die_control() { out("421 unable to read controls (#4.3.0)\r\n"); flush(); _exit(1); }
void die_ipme() { out("421 unable to figure out my IP addresses (#4.3.0)\r\n"); flush(); _exit(1); }
void straynewline() { out("451 See http://pobox.com/~djb/docs/smtplf.html.\r\n"); flush(); _exit(1); }
+void die_excesserr(arg1) char *arg1; {
+ strerr_warn2("qmail-smtpd: Too many errors at ",arg1,0);
+ sleep(MAXERR_SLEEP);
+ out("421 Too many errors.\r\n"); flush(); _exit(1);
+}
-void err_bmf() { out("553 sorry, your envelope sender is in my badmailfrom list (#5.7.1)\r\n"); }
-void err_nogateway() { out("553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)\r\n"); }
-void err_unimpl() { out("502 unimplemented (#5.5.1)\r\n"); }
+void bump_protoerr(arg1) char *arg1; {
+ protoerrors += 1;
+ if(protoerrors > maxerrors) die_excesserr(arg1);
+}
+void err_bmf(arg1) char *arg1; {
+ if(!relayclient) bump_protoerr(arg1);
+ out("553 sorry, your envelope sender is in my badmailfrom list (#5.7.1)\r\n");
+}
+void err_bmt(arg1) char *arg1; {
+ if(!relayclient) bump_protoerr(arg1);
+ out("553 sorry, your envelope recipient has been denied (#5.7.1)\r\n");
+}
+void err_bhelo(arg1) char *arg1; {
+ if(!relayclient) bump_protoerr(arg1);
+ out("553 sorry, your HELO host name has been denied (#5.7.1)\r\n");
+}
+void err_brdns(arg1) char *arg1; {
+ if(!relayclient) bump_protoerr(arg1);
+ out("553 sorry, your reverse DNS pattern has been denied (#5.7.1)\r\n");
+}
+void err_hmf(arg1,arg2) char *arg1,*arg2; {
+ if(!relayclient) bump_protoerr(arg2);
+ strerr_warn4("qmail-smtpd: Invalid Sender <", arg1, "> at ", arg2,0);
+ out("553 sorry, your envelope sender domain must exist (#5.7.1)\r\n");
+}
+void err_smf(arg1,arg2) char *arg1,*arg2; {
+ if(!relayclient) bump_protoerr(arg2);
+ strerr_warn4("qmail-smtpd: Error verifying sender domain: <", arg1, "> at ", arg2,0);
+ out("451 DNS temporary failure (#4.3.0)\r\n");
+}
+void err_mrc(arg1,arg2) char *arg1,*arg2; {
+ if(!relayclient) bump_protoerr(arg2);
+ strerr_warn4("qmail-smtpd: Maximum recipients reached from: <", arg1, "> at ", arg2,0);
+ out("452 sorry, you have exceed my maximum number of recipients (#5.7.1)\r\n");
+ flush(); _exit(1);
+}
+void err_nogateway(arg1,arg2,arg3) char *arg1,*arg2,*arg3; {
+ bump_protoerr(arg3); /* no need for if(!relayclient) here */
+ strerr_warn6("qmail-smtpd: No gateway for <", arg1, "> from <", arg2, "> at ", arg3,0);
+ out("553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)\r\n");
+}
+void err_badbounce(arg1) char *arg1; {
+ if(!relayclient) bump_protoerr(arg1);
+ strerr_warn2("qmail-smtpd: nullenvsender-recipcount at ", arg1,0);
+ out("550 sorry, bounce messages should have a single envelope recipient (#5.7.1)\r\n");
+}
+void err_unimpl(arg) char *arg; { out("502 unimplemented (#5.5.1)\r\n"); }
+void err_size() { out("552 sorry, that message size exceeds my databytes limit (#5.3.4)\r\n"); }
void err_syntax() { out("555 syntax error (#5.5.4)\r\n"); }
+void err_relay() { out("553 routing data prohibited here (#5.7.1)\r\n"); }
void err_wantmail() { out("503 MAIL first (#5.5.1)\r\n"); }
void err_wantrcpt() { out("503 RCPT first (#5.5.1)\r\n"); }
-void err_noop() { out("250 ok\r\n"); }
-void err_vrfy() { out("252 send some mail, i'll try my best\r\n"); }
+void err_noop(arg) char *arg; { out("250 ok\r\n"); }
+void err_vrfy(arg) char *arg; { out("252 send some mail, i'll try my best\r\n"); }
void err_qqt() { out("451 qqt failure (#4.3.0)\r\n"); }
-
stralloc greeting = {0};
+stralloc spflocal = {0};
+stralloc spfguess = {0};
+stralloc spfexp = {0};
void smtp_greet(code) char *code;
{
substdio_puts(&ssout,code);
substdio_put(&ssout,greeting.s,greeting.len);
}
-void smtp_help()
+void smtp_help(arg) char *arg;
{
out("214 qmail home page: http://pobox.com/~djb/qmail.html\r\n");
}
-void smtp_quit()
+void smtp_quit(arg) char *arg;
{
smtp_greet("221 "); out("\r\n"); flush(); _exit(0);
}
+char *protocol;
char *remoteip;
char *remotehost;
char *remoteinfo;
char *local;
-char *relayclient;
+char *localport;
+char *submission;
stralloc helohost = {0};
char *fakehelo; /* pointer into helohost, or 0 */
@@ -93,9 +195,32 @@
int liphostok = 0;
stralloc liphost = {0};
+
int bmfok = 0;
stralloc bmf = {0};
+
+int bmfnrok = 0;
+stralloc bmfnr = {0};
+
+int bmtok = 0;
+stralloc bmt = {0};
+
+int bmtnrok = 0;
+stralloc bmtnr = {0};
+
+int bhelook = 0;
+stralloc bhelo = {0};
+
+int brdnsok = 0;
+stralloc brdns = {0};
+int flagbarfbrdns = 0; /* played with in setup */
+
+int logregex = 0;
+stralloc matchedregex = {0};
+
struct constmap mapbmf;
+int tarpitcount = 0;
+int tarpitdelay = 5;
void setup()
{
@@ -110,30 +235,103 @@
if (control_readint(&timeout,"control/timeoutsmtpd") == -1) die_control();
if (timeout <= 0) timeout = 1;
+ if (control_readint(&tarpitcount,"control/tarpitcount") == -1) die_control();
+ if (tarpitcount < 0) tarpitcount = 0;
+ x = env_get("TARPITCOUNT");
+ if (x) { scan_ulong(x,&u); tarpitcount = u; };
+ if (control_readint(&tarpitdelay,"control/tarpitdelay") == -1) die_control();
+ if (tarpitdelay < 0) tarpitdelay = 0;
+ x = env_get("TARPITDELAY");
+ if (x) { scan_ulong(x,&u); tarpitdelay = u; };
+
if (rcpthosts_init() == -1) die_control();
+ if (control_readint(&maxrcptcount,"control/maxrecipients") == -1) die_control();
+ x = env_get("MAXRECIPIENTS");
+ if(x) { scan_ulong(x,&u); maxrcptcount = u; }
+
+ if (control_readint(&maxerrors,"control/maxerrors") == -1) die_control();
+ x = env_get("MAXERRORS");
+ if (x) { scan_ulong(x,&u); maxerrors = u; }
+
+ if (control_readint(&mfchk,"control/mfcheck") == -1) die_control();
+ x = env_get("MFCHECK");
+ if (x) { scan_ulong(x,&u); mfchk = u; }
+
+ if (control_readint(&smtpauth,"control/smtpauth") == -1) die_control();
+ x = env_get("SMTPAUTH");
+ if (x) { scan_ulong(x,&u); smtpauth = u; }
+
bmfok = control_readfile(&bmf,"control/badmailfrom",0);
if (bmfok == -1) die_control();
if (bmfok)
if (!constmap_init(&mapbmf,bmf.s,bmf.len,0)) die_nomem();
+ bmfnrok = control_readfile(&bmfnr,"control/badmailfromnorelay",0);
+ if (bmfnrok == -1) die_control();
+
+ bmtok = control_readfile(&bmt,"control/badmailto",0);
+ if (bmtok == -1) die_control();
+
+ bmtnrok = control_readfile(&bmtnr,"control/badmailtonorelay",0);
+ if (bmtnrok == -1) die_control();
+
+ bhelook = control_readfile(&bhelo, "control/badhelo",0);
+ if (bhelook == -1) die_control();
+ if (env_get("NOBADHELO")) bhelook = 0;
+
+ brdnsok = control_readfile(&brdns, "control/badrdns",0);
+ if (brdnsok == -1) die_control();
+ if (env_get("NOBADRDNS")) brdnsok = 0;
+
+ if (env_get("LOGREGEX")) logregex = 1;
+
if (control_readint(&databytes,"control/databytes") == -1) die_control();
x = env_get("DATABYTES");
if (x) { scan_ulong(x,&u); databytes = u; }
if (!(databytes + 1)) --databytes;
+ if (control_readint(&spfbehavior,"control/spfbehavior") == -1)
+ die_control();
+ x = env_get("SPFBEHAVIOR");
+ if (x) { scan_ulong(x,&u); spfbehavior = u; }
+
+ if (control_readline(&spflocal,"control/spfrules") == -1) die_control();
+ if (spflocal.len && !stralloc_0(&spflocal)) die_nomem();
+ if (control_readline(&spfguess,"control/spfguess") == -1) die_control();
+ if (spfguess.len && !stralloc_0(&spfguess)) die_nomem();
+ if (control_rldef(&spfexp,"control/spfexp",0,SPF_DEFEXP) == -1)
+ die_control();
+ if (!stralloc_0(&spfexp)) die_nomem();
+
+ protocol = "SMTP";
remoteip = env_get("TCPREMOTEIP");
if (!remoteip) remoteip = "unknown";
local = env_get("TCPLOCALHOST");
if (!local) local = env_get("TCPLOCALIP");
if (!local) local = "unknown";
+ localport = env_get("TCPLOCALPORT");
+ if (!localport) localport = "0";
remotehost = env_get("TCPREMOTEHOST");
if (!remotehost) remotehost = "unknown";
remoteinfo = env_get("TCPREMOTEINFO");
relayclient = env_get("RELAYCLIENT");
+ submission = env_get("SUBMISSIONPORT");
+ if (!submission) submission= SUBMISSION;
dohelo(remotehost);
}
+int err_child() { out("454 oops, problem with child and I can't auth (#4.3.0)\r\n"); return -1; }
+int err_fork() { out("454 oops, child won't start and I can't auth (#4.3.0)\r\n"); return -1; }
+int err_pipe() { out("454 oops, unable to open pipe and I can't auth (#4.3.0)\r\n"); return -1; }
+int err_write() { out("454 oops, unable to write pipe and I can't auth (#4.3.0)\r\n"); return -1; }
+void err_authd() { out("503 you're already authenticated (#5.5.0)\r\n"); }
+void err_authmail() { out("503 no auth during mail transaction (#5.5.0)\r\n"); }
+int err_noauth() { out("504 auth type unimplemented (#5.5.1)\r\n"); return -1; }
+int err_authabrt() { out("501 auth exchange canceled (#5.0.0)\r\n"); return -1; }
+int err_input() { out("501 malformed auth input (#5.5.4)\r\n"); return -1; }
+void err_authfail() { out("535 authentication failed (#5.7.1)\r\n"); }
+void err_submission() { out("530 Authorization required (#5.7.1) \r\n"); }
stralloc addr = {0}; /* will be 0-terminated, if addrparse returns 1 */
@@ -197,15 +395,357 @@
return 1;
}
-int bmfcheck()
+int bmcheck(which) int which;
{
+ int i = 0;
+ int j = 0;
+ int x = 0;
+ int negate = 0;
+ static stralloc bmb = {0};
+ static stralloc curregex = {0};
+
+ if (which == BMCHECK_BMF) {
+ if (!stralloc_copy(&bmb,&bmf)) die_nomem();
+ } else if (which == BMCHECK_BMFNR) {
+ if (!stralloc_copy(&bmb,&bmfnr)) die_nomem();
+ } else if (which == BMCHECK_BMT) {
+ if (!stralloc_copy(&bmb,&bmt)) die_nomem();
+ } else if (which == BMCHECK_BMTNR) {
+ if (!stralloc_copy(&bmb,&bmtnr)) die_nomem();
+ } else if (which == BMCHECK_BHELO) {
+ if (!stralloc_copy(&bmb,&bhelo)) die_nomem();
+ } else if (which == BMCHECK_BRDNS) {
+ if (!stralloc_copy(&bmb,&brdns)) die_nomem();
+ } else {
+ die_control();
+ }
+
+ while (j < bmb.len) {
+ i = j;
+ while ((bmb.s[i] != '\0') && (i < bmb.len)) i++;
+ if (bmb.s[j] == '!') {
+ negate = 1;
+ j++;
+ }
+ if (!stralloc_copyb(&curregex,bmb.s + j,(i - j))) die_nomem();
+ if (!stralloc_0(&curregex)) die_nomem();
+ if (which == BMCHECK_BHELO) {
+ x = matchregex(helohost.s, curregex.s);
+ } else if (which == BMCHECK_BRDNS) {
+ x = matchregex(remotehost, curregex.s);
+ } else {
+ x = matchregex(addr.s, curregex.s);
+ }
+ if ((negate) && (x == 0)) {
+ if (!stralloc_copyb(&matchedregex,bmb.s + j - 1,(i - j + 1))) die_nomem();
+ if (!stralloc_0(&matchedregex)) die_nomem();
+ return 1;
+ }
+ if (!(negate) && (x > 0)) {
+ if (!stralloc_copyb(&matchedregex,bmb.s + j,(i - j))) die_nomem();
+ if (!stralloc_0(&matchedregex)) die_nomem();
+ return 1;
+ }
+ j = i + 1;
+ negate = 0;
+ }
+ return 0;
+}
+
+void err_realrcpt(arg1,arg2,arg3) char *arg1,*arg2,*arg3; {
+ strerr_warn6("qmail-smtpd: Invalid Recipient <", arg1, "> from: <", arg2, "> at ", arg3,0);
+ bump_protoerr(arg3);
+ sleep(BADRCPT_SLEEP);
+ out("550 sorry, no mailbox here by that name (#5.1.1 - chkusr)\r\n");
+}
+
+int realrcpt_check()
+{
+ stralloc user = {0};
+ stralloc domain = {0};
+ stralloc domain_path = {0};
+ stralloc bounce_path = {0};
+ stralloc alias_name = {0};
+ stralloc alias_path = {0};
+ stralloc mailing_path = {0};
+ int count;
+ int retstat;
+ struct vqpasswd *user_passwd = NULL;
+ int fd_file = -1;
+ int read_char;
+ DIR *dir_file = NULL;
+ int offset;
+ char read_buf[1024];
+
+/* if not local rcpthost we cannot control mailbox */
+
+ if (!addrallowed()) { return 1; } /* in case of RELAYCLIENT */
+
+/* Set up our variables */
+
+/* Search the '@' character */
+ count = byte_rchr(addr.s,addr.len,'@');
+
+/* The following lines could interest people using # instead of @ in e-mail address */
+/* If '@' not found search the '%' character */
+/*
+ if (count >= addr.len) {
+ count = byte_rchr(addr.s,addr.len,'%');
+ }
+*/
+
+/*
+ * Give extra room to variables used often or used outside stralloc_x calls
+ * This should make all safer and even faster
+ * (when these fields are used by stralloc_x routines)
+*/
+ if (!stralloc_ready (&domain, 1000)) die_nomem();
+ if (!stralloc_ready (&domain_path, 1000)) die_nomem();
+
+ if (count < addr.len) {
+ if (!stralloc_copyb (&user, addr.s, count)) die_nomem();
+ if (!stralloc_0 (&user)) die_nomem();
+ if (!stralloc_copys (&domain, addr.s + count + 1)) die_nomem();
+ if (!stralloc_0 (&domain)) die_nomem();
+ }
+ else {
+ if (!stralloc_copys (&user, addr.s)) die_nomem();
+ if (!stralloc_0 (&user)) die_nomem();
+ if (!stralloc_copys (&domain, DEFAULT_DOMAIN)) die_nomem();
+ if (!stralloc_0 (&domain)) die_nomem();
+ }
+
+/* My personal control: continue only if a domain (default or not) is specified */
+
+ if (domain.len == 1)
+ return 0;
+
+ case_lowers (user.s);
+ case_lowers (domain.s);
+
+/* Check if domain is a real domain */
+
+ /* if (!stralloc_0 (&domain)) die_nomem();
+ vget_real_domain(domain.s, domain.a);
+
+ domain.len = str_len (domain.s);
+ if (domain.len > (domain.a - 1)) die_nomem(); */
+
+/* Let's get domain's real path */
+ vget_assign(domain.s, domain_path.s, 156, NULL, NULL);
+
+ domain_path.len = str_len (domain_path.s);
+
+ if(domain_path.len > 0){
+ retstat = 0; /* vpopmail managed domain - prove to accept */
+ }else{
+ return 1; /* qmail managed - smtproutes, direct Maildir/, ... */
+ }
+/* Now Let's start the test suite */
+
+ switch (0) {
+
+ case 0:
+ /* Check if domain has bouncing enabled */
+
+ /* Allocate room for bounce_path */
+ if (!stralloc_ready (&bounce_path, 1000)) die_nomem();
+ if (!stralloc_copy (&bounce_path, &domain_path)) die_nomem();
+ if (!stralloc_cats (&bounce_path, "/.qmail-default")) die_nomem();
+ if (!stralloc_0 (&bounce_path)) die_nomem();
+
+ read_char = 0;
+ fd_file = open_read (bounce_path.s);
+ if (fd_file != -1) {
+ read_char = read (fd_file, read_buf, sizeof(read_buf) - 1);
+ close (fd_file);
+ if (read_char < 0) read_char = 0;
+ }else{
+ retstat = 0; /* no .qmail-default (could queue local here, but we reject) */
+ break;
+ }
+ read_buf[read_char] = 0;
+
+ if ( strstr(read_buf, "bounce-no-mailbox") == NULL ) {
+ retstat = 1; /* accept mail -- prove otherwise via bounce-no-mailbox in a .qmail-user */
+ }else if( str_equal(user.s, "default") ){
+ retstat = 0;
+ break;
+ }
+
+ case 1:
+ /* Check for aliases/forwards - .qmail-x files */
+
+ /* Allocate room for alias_path */
+ if (!stralloc_ready (&alias_path, 1000)) die_nomem();
+ if (!stralloc_copy (&alias_name, &user)) die_nomem();
+
+ /* Change all '.' in ':' before continuing on aliases */
+ for (count = 0; count < alias_name.len; ++count)
+ if (*(alias_name.s + count) == '.') *(alias_name.s + count) = ':';
+
+ if (!stralloc_copy (&alias_path, &domain_path)) die_nomem();
+ if (!stralloc_cats (&alias_path, "/.qmail-")) die_nomem();
+ if (!stralloc_cats (&alias_path, alias_name.s)) die_nomem();
+ if (!stralloc_0 (&alias_path)) die_nomem();
+
+ /* check .qmail-file for 'bounce-no-mailbox' stolen from Stephane Bouvard 2007.04.17 */
+ fd_file = open_read (alias_path.s);
+ if (fd_file == -1) {
+ /* check for .qmail-user-default */
+ if (!stralloc_copy (&alias_path, &domain_path)) die_nomem();
+ if (!stralloc_cats (&alias_path, "/.qmail-")) die_nomem();
+ if (!stralloc_catb (&alias_path, alias_name.s, offset)) die_nomem();
+ if (!stralloc_cats (&alias_path, "-default")) die_nomem();
+ if (!stralloc_0 (&alias_path)) die_nomem();
+ fd_file = open_read (alias_path.s);
+ }
+ if (fd_file != -1) {
+ read_char = read (fd_file, read_buf, sizeof(read_buf) - 1);
+ close (fd_file);
+ if(read_char < 0) read_char = 0;
+
+ read_buf[read_char] = 0;
+
+ if ( strstr(read_buf, "bounce-no-mailbox") ) {
+ retstat = 0;
+ }else{
+ retstat = 1;
+ }
+ break;
+ }
+
+ case 2:
+ /* check for aliases .qmail-x-default */
+
+ /* Allocate room for alias_path */
+ if (!stralloc_ready (&alias_path, 1000)) die_nomem();
+ if (!stralloc_copy (&alias_name, &user)) die_nomem();
+
+ /* Change all '.' in ':' before continuing on aliases */
+ for (count = 0; count < alias_name.len; ++count)
+ if (*(alias_name.s + count) == '.') *(alias_name.s + count) = ':';
+
+
+ /* Search for the outer '-' character */
+ for (offset = user.len - 1; offset > 0; --offset) {
+ if (*(alias_name.s + offset) == '-') {
+ if (!stralloc_copy (&alias_path, &domain_path)) die_nomem();
+ if (!stralloc_cats (&alias_path, "/.qmail-")) die_nomem();
+ if (!stralloc_catb (&alias_path, alias_name.s, offset)) die_nomem();
+ if (!stralloc_cats (&alias_path, "-default")) die_nomem();
+ if (!stralloc_0 (&alias_path)) die_nomem();
+
+ /* check .qmail-file for 'bounce-no-mailbox' stolen from Stephane Bouvard 2007.04.17 */
+ fd_file = open_read (alias_path.s);
+ if (fd_file != -1) {
+ read_char = read (fd_file, read_buf, sizeof(read_buf) - 1);
+ close (fd_file);
+ if(read_char < 0) read_char = 0;
+
+ read_buf[read_char] = 0;
+
+ if ( strstr(read_buf, "bounce-no-mailbox") ) {
+ retstat = 0;
+ }else{
+ retstat = 1;
+ }
+ break;
+ }
+ }
+ }
+
+ case 3:
+ /* Check for aliases/forwards - valias*/
+ /* moved here because we want to read .qmail-user files for bounce-no-mailbox
+ -jk 20070418 (does having this check do any good??) */
+
+ if (valias_select (user.s, domain.s) != NULL) {
+ retstat = 1;
+ break;
+ }
+
+ case 4:
+ /* User control: check the existance of a real user */
+
+ user_passwd = vauth_getpw (user.s, domain.s);
+ if (user_passwd == NULL) {
+ count = 0;
+ while ((count < (user.len -1)) && (user_passwd == NULL)) {
+ count += byte_chr(&user.s[count], user.len - count,'-');
+ if (count < user.len) {
+ if (!stralloc_copyb (&alias_name, user.s, count)) die_nomem();
+ if (!stralloc_0 (&alias_name)) die_nomem();
+ user_passwd = vauth_getpw (alias_name.s, domain.s);
+ ++count;
+ }
+ }
+ }
+ if(user_passwd != NULL){
+ /* If user exists check if he has BOUNCE_MAIL flag set */
+
+ if (user_passwd->pw_gid & BOUNCE_MAIL){
+ retstat = 0;
+ }else{
+ retstat = 1;
+ }
+ break;
+ }
+
+ case 5:
+ /* Let's check for mailing lists */
+
+ /* Allocate room for mailing_path */
+ if (!stralloc_ready (&mailing_path, 300)) die_nomem();
+
+ /* Search for the outer '-' character */
+ for (offset = user.len - 1; offset > 0; --offset)
+ if (*(user.s + offset) == '-') {
+ if (!stralloc_copy (&mailing_path, &domain_path)) die_nomem();
+ if (!stralloc_cats (&mailing_path, "/")) die_nomem();
+ if (!stralloc_catb (&mailing_path, user.s, offset)) die_nomem();
+ if (!stralloc_cats (&mailing_path, "/mailinglist")) die_nomem();
+ if (!stralloc_0 (&mailing_path)) die_nomem();
+ /* access executes anyway as real (vpopmail:vchkpw), that's ok */
+ if (access (mailing_path.s, F_OK) == 0) {
+ retstat = 1;
+ break;
+ }
+ }
+
+/*
+ * Add this code if another case is following
+ if (retstat == 1)
+ break;
+*/
+
+ } /* end switch */
+
+ return retstat;
+}
+
+int mfcheck()
+{
+ stralloc sa = {0};
+ ipalloc ia = {0};
+ unsigned int random;
int j;
- if (!bmfok) return 0;
- if (constmap(&mapbmf,addr.s,addr.len - 1)) return 1;
- j = byte_rchr(addr.s,addr.len,'@');
- if (j < addr.len)
- if (constmap(&mapbmf,addr.s + j,addr.len - j - 1)) return 1;
+
+ if (str_equal(addr.s,"#@[]")) return 0;
+ if (!mfchk) return 0;
+ random = now() + (getpid() << 16);
+ j = byte_rchr(addr.s,addr.len,'@') + 1;
+ if(addr.len == 1){
return 0;
+ }else if (j < addr.len) {
+ stralloc_copys(&sa, addr.s + j);
+ dns_init(0);
+ j = dns_mxip(&ia,&sa,random);
+ if (j < 0){ return j;
+ }else{ return 0; }
+ }else{
+ return -2;
+ }
}
int addrallowed()
@@ -216,51 +756,273 @@
return r;
}
+int addrrelay()
+{
+ int j;
+ j = addr.len;
+ while(--j >= 0)
+ if (addr.s[j] == '@') break;
+ if (j < 0) j = addr.len;
+ while(--j >= 0) {
+ if (addr.s[j] == '@') return 1;
+ if (addr.s[j] == '%') return 1;
+ if (addr.s[j] == '!') return 1;
+ }
+ return 0;
+}
+int flagauth = 0;
int seenmail = 0;
-int flagbarf; /* defined if seenmail */
+int flagsize;
+int flagbarfbmf; /* defined if seenmail */
+int flagbarfbmt;
+int flagbarfbhelo;
+int flagbarfspf;
+stralloc spfbarfmsg = {0};
stralloc mailfrom = {0};
stralloc rcptto = {0};
+stralloc fuser = {0};
+stralloc mfparms = {0};
+int rcptcount;
+
+int mailfrom_size(arg) char *arg;
+{
+ long r;
+ unsigned long sizebytes = 0;
+
+ scan_ulong(arg,&r);
+ sizebytes = r;
+ if (databytes) if (sizebytes > databytes) return 1;
+ return 0;
+}
+
+void mailfrom_auth(arg,len)
+char *arg;
+int len;
+{
+ if (!stralloc_copys(&fuser,"")) die_nomem();
+ if (case_starts(arg,"<>")) { if (!stralloc_cats(&fuser,"unknown")) die_nomem(); }
+ else
+ while (len) {
+ if (*arg == '+') {
+ if (case_starts(arg,"+3D")) { arg=arg+2; len=len-2; if (!stralloc_cats(&fuser,"=")) die_nomem(); }
+ if (case_starts(arg,"+2B")) { arg=arg+2; len=len-2; if (!stralloc_cats(&fuser,"+")) die_nomem(); }
+ }
+ else
+ if (!stralloc_catb(&fuser,arg,1)) die_nomem();
+ arg++; len--;
+ }
+ if(!stralloc_0(&fuser)) die_nomem();
+ if (!remoteinfo) {
+ remoteinfo = fuser.s;
+ if (!env_unset("TCPREMOTEINFO")) die_read();
+ if (!env_put2("TCPREMOTEINFO",remoteinfo)) die_nomem();
+ }
+}
+
+void mailfrom_parms(arg) char *arg;
+{
+ int i;
+ int len;
+
+ len = str_len(arg);
+ if (!stralloc_copys(&mfparms,"")) die_nomem;
+ i = byte_chr(arg,len,'>');
+ if (i > 4 && i < len) {
+ while (len) {
+ arg++; len--;
+ if (*arg == ' ' || *arg == '\0' ) {
+ if (case_starts(mfparms.s,"SIZE=")) if (mailfrom_size(mfparms.s+5)) { flagsize = 1; return; }
+ if (case_starts(mfparms.s,"AUTH=")) mailfrom_auth(mfparms.s+5,mfparms.len-5);
+ if (!stralloc_copys(&mfparms,"")) die_nomem;
+ }
+ else
+ if (!stralloc_catb(&mfparms,arg,1)) die_nomem;
+ }
+ }
+}
void smtp_helo(arg) char *arg;
{
smtp_greet("250 "); out("\r\n");
seenmail = 0; dohelo(arg);
+ if (bhelook) flagbarfbhelo = bmcheck(BMCHECK_BHELO);
}
void smtp_ehlo(arg) char *arg;
{
- smtp_greet("250-"); out("\r\n250-PIPELINING\r\n250 8BITMIME\r\n");
+ smtp_greet("250-");
+ out("\r\n250-PIPELINING\r\n250-8BITMIME\r\n");
+ if(smtpauth){
+#ifdef CRAM_MD5
+ out("250-AUTH LOGIN PLAIN CRAM-MD5\r\n");
+#else
+ out("250-AUTH LOGIN PLAIN\r\n");
+#endif
+ }
+ char size[FMT_ULONG];
+ size[fmt_ulong(size,(unsigned int) databytes)] = 0;
+ out("250 SIZE "); out(size); out("\r\n");
seenmail = 0; dohelo(arg);
+ if (bhelook) flagbarfbhelo = bmcheck(BMCHECK_BHELO);
}
-void smtp_rset()
+void smtp_rset(arg) char *arg;
{
seenmail = 0;
out("250 flushed\r\n");
}
void smtp_mail(arg) char *arg;
{
+ int r;
+ rcptcount = 0;
+
+ if (str_equal(localport,submission))
+ if (!flagauth) { err_submission(); return; }
if (!addrparse(arg)) { err_syntax(); return; }
- flagbarf = bmfcheck();
+ flagsize = 0;
+ mailfrom_parms(arg);
+ if (flagsize) { err_size(); return; }
+ flagbarfbmf = 0; /* bmcheck is skipped for empty envelope senders */
+ if ((bmfok) && (addr.len != 1)) flagbarfbmf = bmcheck(BMCHECK_BMF);
+ if ((!flagbarfbmf) && (bmfnrok) && (addr.len != 1) && (!relayclient)) {
+ flagbarfbmf = bmcheck(BMCHECK_BMFNR);
+ }
+ if(!relayclient) {
+ if (brdnsok) flagbarfbrdns = bmcheck(BMCHECK_BRDNS);
+ }
+
+ flagbarfspf = 0;
+ if (spfbehavior && !relayclient)
+ {
+ switch(r = spfcheck()) {
+ case SPF_OK: env_put2("SPFRESULT","pass"); break;
+ case SPF_NONE: env_put2("SPFRESULT","none"); break;
+ case SPF_UNKNOWN: env_put2("SPFRESULT","unknown"); break;
+ case SPF_NEUTRAL: env_put2("SPFRESULT","neutral"); break;
+ case SPF_SOFTFAIL: env_put2("SPFRESULT","softfail"); break;
+ case SPF_FAIL: env_put2("SPFRESULT","fail"); break;
+ case SPF_ERROR: env_put2("SPFRESULT","error"); break;
+ }
+ switch (r) {
+ case SPF_NOMEM:
+ die_nomem();
+ case SPF_ERROR:
+ if (spfbehavior < 2) break;
+ out("451 SPF lookup failure (#4.3.0)\r\n");
+ return;
+ case SPF_NONE:
+ case SPF_UNKNOWN:
+ if (spfbehavior < 6) break;
+ case SPF_NEUTRAL:
+ if (spfbehavior < 5) break;
+ case SPF_SOFTFAIL:
+ if (spfbehavior < 4) break;
+ case SPF_FAIL:
+ if (spfbehavior < 3) break;
+ if (!spfexplanation(&spfbarfmsg)) die_nomem();
+ if (!stralloc_0(&spfbarfmsg)) die_nomem();
+ flagbarfspf = 1;
+ }
+ }
+ else
+ env_unset("SPFRESULT");
+ switch(mfcheck()) {
+ case DNS_HARD: err_hmf(addr.s,remoteip); return;
+ case DNS_SOFT: err_smf(addr.s,remoteip); return;
+ case DNS_MEM: die_nomem();
+ }
seenmail = 1;
if (!stralloc_copys(&rcptto,"")) die_nomem();
if (!stralloc_copys(&mailfrom,addr.s)) die_nomem();
if (!stralloc_0(&mailfrom)) die_nomem();
+ rcptcount = 0;
out("250 ok\r\n");
}
+
+void err_spf(arg1,arg2,arg3) char *arg1,*arg2,*arg3; {
+ int i,j;
+ strerr_warn6("qmail-smtpd: SPF Failure for Recipient <", arg1, "> from: <", arg2, "> at ", arg3,0);
+ bump_protoerr(arg3);
+
+ sleep(SPF_FAIL_SLEEP);
+ for(i = 0; i < spfbarfmsg.len; i = j + 1) {
+ j = byte_chr(spfbarfmsg.s + i, spfbarfmsg.len - i, '\n') + i;
+ if (j < spfbarfmsg.len) {
+ out("550-");
+ spfbarfmsg.s[j] = 0;
+ out(spfbarfmsg.s);
+ spfbarfmsg.s[j] = '\n';
+ out("\r\n");
+ } else {
+ out("550 ");
+ out(spfbarfmsg.s);
+ out(" (#5.7.1)\r\n");
+ }
+ }
+}
+
void smtp_rcpt(arg) char *arg; {
if (!seenmail) { err_wantmail(); return; }
if (!addrparse(arg)) { err_syntax(); return; }
- if (flagbarf) { err_bmf(); return; }
+ if (addrrelay()) { err_relay(); return; }
+ if (flagbarfbrdns) {
+ if (logregex) {
+ strerr_warn6("qmail-smtpd: badrdns: <",remotehost,"> at ",remoteip," matches pattern: ",matchedregex.s,0);
+ } else {
+ strerr_warn4("qmail-smtpd: badrdns: <",remotehost,"> at ",remoteip,0);
+ }
+ err_brdns(remoteip);
+ return;
+ }
+ if ((flagbarfbhelo) && (!relayclient)) {
+ if (logregex) {
+ strerr_warn6("qmail-smtpd: badhelo: <",helohost.s,"> at ",remoteip," matches pattern: ",matchedregex.s,0);
+ } else {
+ strerr_warn4("qmail-smtpd: badhelo: <",helohost.s,"> at ",remoteip,0);
+ }
+ err_bhelo(remoteip);
+ return;
+ }
+ if (flagbarfbmf) {
+ if (logregex) {
+ strerr_warn6("qmail-smtpd: badmailfrom: <",mailfrom.s,"> at ",remoteip," matches pattern: ",matchedregex.s,0);
+ } else {
+ strerr_warn4("qmail-smtpd: badmailfrom: <",mailfrom.s,"> at ",remoteip,0);
+ }
+ err_bmf(remoteip);
+ return;
+ }
+ if (bmtok) flagbarfbmt = bmcheck(BMCHECK_BMT);
+ if ((!flagbarfbmt) && (bmtnrok) && (!relayclient)) {
+ flagbarfbmt = bmcheck(BMCHECK_BMTNR);
+ }
+ if (flagbarfbmt) {
+ if (logregex) {
+ strerr_warn6("qmail-smtpd: badmailto: <",addr.s,"> at ",remoteip," matches pattern: ",matchedregex.s,0);
+ } else {
+ strerr_warn4("qmail-smtpd: badmailto: <",addr.s,"> at ",remoteip,0);
+ }
+ err_bmt(remoteip);
+ return;
+ }
+ if (flagbarfspf) { err_spf(addr.s,mailfrom.s,remoteip); return; }
if (relayclient) {
--addr.len;
if (!stralloc_cats(&addr,relayclient)) die_nomem();
if (!stralloc_0(&addr)) die_nomem();
}
else
- if (!addrallowed()) { err_nogateway(); return; }
+ if (!addrallowed()) { err_nogateway(addr.s,mailfrom.s,remoteip); return; }
+ if (!realrcpt_check()) {
+ err_realrcpt(addr.s,mailfrom.s,remoteip);
+ return;
+ }
if (!stralloc_cats(&rcptto,"T")) die_nomem();
if (!stralloc_cats(&rcptto,addr.s)) die_nomem();
if (!stralloc_0(&rcptto)) die_nomem();
+ if(tarpitcount && ++rcptcount >= tarpitcount) while (sleep(tarpitdelay));
+ if(maxrcptcount != 0){
+ if(rcptcount > maxrcptcount) { err_mrc(mailfrom.s,remoteip); return; }
+ }
out("250 ok\r\n");
}
@@ -316,8 +1078,8 @@
if (flagmaybex) if (pos == 7) ++*hops;
if (pos < 2) if (ch != "\r\n"[pos]) flagmaybey = 0;
if (flagmaybey) if (pos == 1) flaginheader = 0;
- }
++pos;
+ }
if (ch == '\n') { pos = 0; flagmaybex = flagmaybey = flagmaybez = 1; }
}
switch(state) {
@@ -351,6 +1113,25 @@
}
}
+void spfreceived()
+{
+ stralloc sa = {0};
+ stralloc rcvd_spf = {0};
+
+ if (!spfbehavior || relayclient) return;
+
+ if (!stralloc_copys(&rcvd_spf, "Received-SPF: ")) die_nomem();
+ if (!spfinfo(&sa)) die_nomem();
+ if (!stralloc_cat(&rcvd_spf, &sa)) die_nomem();
+ if (!stralloc_append(&rcvd_spf, "\n")) die_nomem();
+ if (bytestooverflow) {
+ bytestooverflow -= rcvd_spf.len;
+ if (bytestooverflow <= 0) qmail_fail(&qqt);
+ }
+ qmail_put(&qqt,rcvd_spf.s,rcvd_spf.len);
+}
+
+
char accept_buf[FMT_ULONG];
void acceptmessage(qp) unsigned long qp;
{
@@ -365,20 +1146,22 @@
out("\r\n");
}
-void smtp_data() {
+void smtp_data(arg) char *arg; {
int hops;
unsigned long qp;
char *qqx;
if (!seenmail) { err_wantmail(); return; }
if (!rcptto.len) { err_wantrcpt(); return; }
+ if (mailfrom.len == 1 && rcptcount > 1) { err_badbounce(remoteip); return; }
seenmail = 0;
if (databytes) bytestooverflow = databytes + 1;
if (qmail_open(&qqt) == -1) { err_qqt(); return; }
qp = qmail_qp(&qqt);
out("354 go ahead\r\n");
- received(&qqt,"SMTP",local,remoteip,remotehost,remoteinfo,fakehelo);
+ received(&qqt,protocol,local,remoteip,remotehost,remoteinfo,fakehelo);
+ spfreceived();
blast(&hops);
hops = (hops >= MAXHOPS);
if (hops) qmail_fail(&qqt);
@@ -388,16 +1171,241 @@
qqx = qmail_close(&qqt);
if (!*qqx) { acceptmessage(qp); return; }
if (hops) { out("554 too many hops, this message is looping (#5.4.6)\r\n"); return; }
- if (databytes) if (!bytestooverflow) { out("552 sorry, that message size exceeds my databytes limit (#5.3.4)\r\n"); return; }
+ if (databytes) if (!bytestooverflow) { err_size(); return; }
if (*qqx == 'D') out("554 "); else out("451 ");
out(qqx + 1);
out("\r\n");
}
+/* this file is too long ----------------------------------------- SMTP AUTH */
+
+char unique[FMT_ULONG + FMT_ULONG + 3];
+static stralloc authin = {0}; /* input from SMTP client */
+static stralloc user = {0}; /* authorization user-id */
+static stralloc pass = {0}; /* plain passwd or digest */
+static stralloc resp = {0}; /* b64 response */
+#ifdef CRAM_MD5
+static stralloc chal = {0}; /* plain challenge */
+static stralloc slop = {0}; /* b64 challenge */
+#endif
+
+char **childargs;
+char ssauthbuf[512];
+substdio ssauth = SUBSTDIO_FDBUF(safewrite,3,ssauthbuf,sizeof(ssauthbuf));
+
+int authgetl(void) {
+ int i;
+
+ if (!stralloc_copys(&authin,"")) die_nomem();
+ for (;;) {
+ if (!stralloc_readyplus(&authin,1)) die_nomem(); /* XXX */
+ i = substdio_get(&ssin,authin.s + authin.len,1);
+ if (i != 1) die_read();
+ if (authin.s[authin.len] == '\n') break;
+ ++authin.len;
+ }
+
+ if (authin.len > 0) if (authin.s[authin.len - 1] == '\r') --authin.len;
+ authin.s[authin.len] = 0;
+ if (*authin.s == '*' && *(authin.s + 1) == 0) { return err_authabrt(); }
+ if (authin.len == 0) { return err_input(); }
+ return authin.len;
+}
+
+int authenticate(void)
+{
+ int child;
+ int wstat;
+ int pi[2];
+
+ if (!stralloc_0(&user)) die_nomem();
+ if (!stralloc_0(&pass)) die_nomem();
+#ifdef CRAM_MD5
+ if (!stralloc_0(&chal)) die_nomem();
+#endif
+
+ if (pipe(pi) == -1) return err_pipe();
+ switch(child = fork()) {
+ case -1:
+ return err_fork();
+ case 0:
+ close(pi[1]);
+ if(fd_copy(3,pi[0]) == -1) return err_pipe();
+ sig_pipedefault();
+ execvp(*childargs, childargs);
+ _exit(1);
+ }
+ close(pi[0]);
+
+ substdio_fdbuf(&ssauth,write,pi[1],ssauthbuf,sizeof ssauthbuf);
+ if (substdio_put(&ssauth,user.s,user.len) == -1) return err_write();
+ if (substdio_put(&ssauth,pass.s,pass.len) == -1) return err_write();
+#ifdef CRAM_MD5
+ if (substdio_put(&ssauth,chal.s,chal.len) == -1) return err_write();
+#endif
+ if (substdio_flush(&ssauth) == -1) return err_write();
+
+ close(pi[1]);
+#ifdef CRAM_MD5
+ if (!stralloc_copys(&chal,"")) die_nomem();
+ if (!stralloc_copys(&slop,"")) die_nomem();
+#endif
+ byte_zero(ssauthbuf,sizeof ssauthbuf);
+ if (wait_pid(&wstat,child) == -1) return err_child();
+ if (wait_crashed(wstat)) return err_child();
+ if (wait_exitcode(wstat)) { sleep(AUTHSLEEP); return 1; } /* no */
+ return 0; /* yes */
+}
+
+int auth_login(arg) char *arg;
+{
+ int r;
+
+ if (*arg) {
+ if (r = b64decode(arg,str_len(arg),&user) == 1) return err_input();
+ }
+ else {
+ out("334 VXNlcm5hbWU6\r\n"); flush(); /* Username: */
+ if (authgetl() < 0) return -1;
+ if (r = b64decode(authin.s,authin.len,&user) == 1) return err_input();
+ }
+ if (r == -1) die_nomem();
+
+ out("334 UGFzc3dvcmQ6\r\n"); flush(); /* Password: */
+
+ if (authgetl() < 0) return -1;
+ if (r = b64decode(authin.s,authin.len,&pass) == 1) return err_input();
+ if (r == -1) die_nomem();
+
+ if (!user.len || !pass.len) return err_input();
+ return authenticate();
+}
+
+int auth_plain(arg) char *arg;
+{
+ int r, id = 0;
+
+ if (*arg) {
+ if (r = b64decode(arg,str_len(arg),&resp) == 1) return err_input();
+ }
+ else {
+ out("334 \r\n"); flush();
+ if (authgetl() < 0) return -1;
+ if (r = b64decode(authin.s,authin.len,&resp) == 1) return err_input();
+ }
+ if (r == -1 || !stralloc_0(&resp)) die_nomem();
+ while (resp.s[id]) id++; /* "authorize-id\0userid\0passwd\0" */
+
+ if (resp.len > id + 1)
+ if (!stralloc_copys(&user,resp.s + id + 1)) die_nomem();
+ if (resp.len > id + user.len + 2)
+ if (!stralloc_copys(&pass,resp.s + id + user.len + 2)) die_nomem();
+
+ if (!user.len || !pass.len) return err_input();
+ return authenticate();
+}
+
+#ifdef CRAM_MD5
+int auth_cram()
+{
+ int i, r;
+ char *s;
+
+ s = unique; /* generate challenge */
+ s += fmt_uint(s,getpid());
+ *s++ = '.';
+ s += fmt_ulong(s,(unsigned long) now());
+ *s++ = '@';
+ *s++ = 0;
+
+ if (!stralloc_copys(&chal,"<")) die_nomem();
+ if (!stralloc_cats(&chal,unique)) die_nomem();
+ if (!stralloc_cats(&chal,local)) die_nomem();
+ if (!stralloc_cats(&chal,">")) die_nomem();
+ if (b64encode(&chal,&slop) < 0) die_nomem();
+ if (!stralloc_0(&slop)) die_nomem();
+
+ out("334 "); /* "334 base64_challenge \r\n" */
+ out(slop.s);
+ out("\r\n");
+ flush();
+
+ if (authgetl() < 0) return -1; /* got response */
+ if (r = b64decode(authin.s,authin.len,&resp) == 1) return err_input();
+ if (r == -1 || !stralloc_0(&resp)) die_nomem();
+
+ i = str_rchr(resp.s,' ');
+ s = resp.s + i;
+ while (*s == ' ') ++s;
+ resp.s[i] = 0;
+ if (!stralloc_copys(&user,resp.s)) die_nomem(); /* userid */
+ if (!stralloc_copys(&pass,s)) die_nomem(); /* digest */
+
+ if (!user.len || !pass.len) return err_input();
+ return authenticate();
+}
+#endif
+
+struct authcmd {
+ char *text;
+ int (*fun)();
+} authcmds[] = {
+ { "login",auth_login }
+, { "plain",auth_plain }
+#ifdef CRAM_MD5
+, { "cram-md5",auth_cram }
+#endif
+, { 0,err_noauth }
+};
+
+void smtp_auth(arg)
+char *arg;
+{
+ int i;
+ char *cmd = arg;
+
+ if (!*childargs) { out("503 auth not available (#5.3.3)\r\n"); return; }
+ if (flagauth) { err_authd(); return; }
+ if (seenmail) { err_authmail(); return; }
+
+ if (!stralloc_copys(&user,"")) die_nomem();
+ if (!stralloc_copys(&pass,"")) die_nomem();
+ if (!stralloc_copys(&resp,"")) die_nomem();
+#ifdef CRAM_MD5
+ if (!stralloc_copys(&chal,"")) die_nomem();
+#endif
+
+ i = str_chr(cmd,' ');
+ arg = cmd + i;
+ while (*arg == ' ') ++arg;
+ cmd[i] = 0;
+
+ for (i = 0;authcmds[i].text;++i)
+ if (case_equals(authcmds[i].text,cmd)) break;
+
+ switch (authcmds[i].fun(arg)) {
+ case 0:
+ flagauth = 1;
+ protocol = "ESMTPA";
+ relayclient = "";
+ remoteinfo = user.s;
+ if (!env_unset("TCPREMOTEINFO")) die_read();
+ if (!env_put2("TCPREMOTEINFO",remoteinfo)) die_nomem();
+ if (!env_put2("RELAYCLIENT",relayclient)) die_nomem();
+ out("235 ok, go ahead (#2.0.0)\r\n");
+ break;
+ case 1:
+ err_authfail(user.s,authcmds[i].text);
+ }
+}
+
+/* this file is too long --------------------------------------------- GO ON */
+
struct commands smtpcommands[] = {
{ "rcpt", smtp_rcpt, 0 }
, { "mail", smtp_mail, 0 }
, { "data", smtp_data, flush }
+, { "auth", smtp_auth, flush }
, { "quit", smtp_quit, flush }
, { "helo", smtp_helo, flush }
, { "ehlo", smtp_ehlo, flush }
@@ -408,8 +1416,11 @@
, { 0, err_unimpl, flush }
} ;
-void main()
+void main(argc,argv)
+int argc;
+char **argv;
{
+ childargs = argv + 1;
sig_pipeignore();
if (chdir(auto_qmail) == -1) die_control();
setup();
diff -ruBN qmail-1.03.org/qmail-start.c qmail-1.03/qmail-start.c
--- qmail-1.03.org/qmail-start.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/qmail-start.c 2013-06-22 03:03:25.000000000 -0400
@@ -8,6 +8,9 @@
char *(qcargs[]) = { "qmail-clean", 0 };
char *(qlargs[]) = { "qmail-lspawn", "./Mailbox", 0 };
char *(qrargs[]) = { "qmail-rspawn", 0 };
+#ifdef EXTERNAL_TODO
+char *(qtargs[]) = { "qmail-todo", 0};
+#endif
void die() { _exit(111); }
@@ -18,13 +21,28 @@
int pi4[2];
int pi5[2];
int pi6[2];
-
-void close23456() { close(2); close(3); close(4); close(5); close(6); }
+#ifdef EXTERNAL_TODO
+int pi7[2];
+int pi8[2];
+int pi9[2];
+int pi10[2];
+#endif
+
+void close23456() {
+ close(2); close(3); close(4); close(5); close(6);
+#ifdef EXTERNAL_TODO
+ close(7); close(8);
+#endif
+}
void closepipes() {
close(pi1[0]); close(pi1[1]); close(pi2[0]); close(pi2[1]);
close(pi3[0]); close(pi3[1]); close(pi4[0]); close(pi4[1]);
close(pi5[0]); close(pi5[1]); close(pi6[0]); close(pi6[1]);
+#ifdef EXTERNAL_TODO
+ close(pi7[0]); close(pi7[1]); close(pi8[0]); close(pi8[1]);
+ close(pi9[0]); close(pi9[1]); close(pi10[0]); close(pi10[1]);
+#endif
}
void main(argc,argv)
@@ -40,6 +58,10 @@
if (fd_copy(4,0) == -1) die();
if (fd_copy(5,0) == -1) die();
if (fd_copy(6,0) == -1) die();
+#ifdef EXTERNAL_TODO
+ if (fd_copy(7,0) == -1) die();
+ if (fd_copy(8,0) == -1) die();
+#endif
if (argv[1]) {
qlargs[1] = argv[1];
@@ -70,6 +92,12 @@
if (pipe(pi4) == -1) die();
if (pipe(pi5) == -1) die();
if (pipe(pi6) == -1) die();
+#ifdef EXTERNAL_TODO
+ if (pipe(pi7) == -1) die();
+ if (pipe(pi8) == -1) die();
+ if (pipe(pi9) == -1) die();
+ if (pipe(pi10) == -1) die();
+#endif
switch(fork()) {
case -1: die();
@@ -106,6 +134,34 @@
die();
}
+#ifdef EXTERNAL_TODO
+ switch(fork()) {
+ case -1: die();
+ case 0:
+ if (prot_uid(auto_uids) == -1) die();
+ if (fd_copy(0,pi7[0]) == -1) die();
+ if (fd_copy(1,pi8[1]) == -1) die();
+ close23456();
+ if (fd_copy(2,pi9[1]) == -1) die();
+ if (fd_copy(3,pi10[0]) == -1) die();
+ closepipes();
+ execvp(*qtargs,qtargs);
+ die();
+ }
+
+ switch(fork()) {
+ case -1: die();
+ case 0:
+ if (prot_uid(auto_uidq) == -1) die();
+ if (fd_copy(0,pi9[0]) == -1) die();
+ if (fd_copy(1,pi10[1]) == -1) die();
+ close23456();
+ closepipes();
+ execvp(*qcargs,qcargs);
+ die();
+ }
+#endif
+
if (prot_uid(auto_uids) == -1) die();
if (fd_copy(0,1) == -1) die();
if (fd_copy(1,pi1[1]) == -1) die();
@@ -114,6 +170,10 @@
if (fd_copy(4,pi4[0]) == -1) die();
if (fd_copy(5,pi5[1]) == -1) die();
if (fd_copy(6,pi6[0]) == -1) die();
+#ifdef EXTERNAL_TODO
+ if (fd_copy(7,pi7[1]) == -1) die();
+ if (fd_copy(8,pi8[0]) == -1) die();
+#endif
closepipes();
execvp(*qsargs,qsargs);
die();
diff -ruBN qmail-1.03.org/qmail-todo.c qmail-1.03/qmail-todo.c
--- qmail-1.03.org/qmail-todo.c 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/qmail-todo.c 2013-06-22 03:03:25.000000000 -0400
@@ -0,0 +1,688 @@
+#include
+#include
+#include "alloc.h"
+#include "auto_qmail.h"
+#include "byte.h"
+#include "constmap.h"
+#include "control.h"
+#include "direntry.h"
+#include "error.h"
+#include "exit.h"
+#include "fmt.h"
+#include "fmtqfn.h"
+#include "getln.h"
+#include "open.h"
+#include "ndelay.h"
+#include "now.h"
+#include "readsubdir.h"
+#include "readwrite.h"
+#include "scan.h"
+#include "select.h"
+#include "str.h"
+#include "stralloc.h"
+#include "substdio.h"
+#include "trigger.h"
+
+/* critical timing feature #1: if not triggered, do not busy-loop */
+/* critical timing feature #2: if triggered, respond within fixed time */
+/* important timing feature: when triggered, respond instantly */
+#define SLEEP_TODO 1500 /* check todo/ every 25 minutes in any case */
+#define SLEEP_FUZZ 1 /* slop a bit on sleeps to avoid zeno effect */
+#define SLEEP_FOREVER 86400 /* absolute maximum time spent in select() */
+#define SLEEP_SYSFAIL 123
+
+stralloc percenthack = {0};
+struct constmap mappercenthack;
+stralloc locals = {0};
+struct constmap maplocals;
+stralloc vdoms = {0};
+struct constmap mapvdoms;
+stralloc envnoathost = {0};
+
+char strnum[FMT_ULONG];
+
+/* XXX not good, if qmail-send.c changes this has to be updated */
+#define CHANNELS 2
+char *chanaddr[CHANNELS] = { "local/", "remote/" };
+
+datetime_sec recent;
+
+void log1(char *x);
+void log3(char* x, char* y, char* z);
+
+int flagstopasap = 0;
+void sigterm(void)
+{
+ if (flagstopasap == 0)
+ log1("status: qmail-todo stop processing asap\n");
+ flagstopasap = 1;
+}
+
+int flagreadasap = 0; void sighup(void) { flagreadasap = 1; }
+int flagsendalive = 1; void senddied(void) { flagsendalive = 0; }
+
+void nomem() { log1("alert: out of memory, sleeping...\n"); sleep(10); }
+void pausedir(dir) char *dir;
+{ log3("alert: unable to opendir ",dir,", sleeping...\n"); sleep(10); }
+
+void cleandied()
+{
+ log1("alert: qmail-todo: oh no! lost qmail-clean connection! dying...\n");
+ flagstopasap = 1;
+}
+
+
+/* this file is not so long ------------------------------------- FILENAMES */
+
+stralloc fn = {0};
+
+void fnmake_init(void)
+{
+ while (!stralloc_ready(&fn,FMTQFN)) nomem();
+}
+
+void fnmake_info(unsigned long id) { fn.len = fmtqfn(fn.s,"info/",id,1); }
+void fnmake_todo(unsigned long id) { fn.len = fmtqfn(fn.s,"todo/",id,0); }
+void fnmake_mess(unsigned long id) { fn.len = fmtqfn(fn.s,"mess/",id,1); }
+void fnmake_chanaddr(unsigned long id, int c)
+{ fn.len = fmtqfn(fn.s,chanaddr[c],id,1); }
+
+
+/* this file is not so long ------------------------------------- REWRITING */
+
+stralloc rwline = {0};
+
+/* 1 if by land, 2 if by sea, 0 if out of memory. not allowed to barf. */
+/* may trash recip. must set up rwline, between a T and a \0. */
+int rewrite(char *recip)
+{
+ int i;
+ int j;
+ char *x;
+ static stralloc addr = {0};
+ int at;
+
+ if (!stralloc_copys(&rwline,"T")) return 0;
+ if (!stralloc_copys(&addr,recip)) return 0;
+
+ i = byte_rchr(addr.s,addr.len,'@');
+ if (i == addr.len) {
+ if (!stralloc_cats(&addr,"@")) return 0;
+ if (!stralloc_cat(&addr,&envnoathost)) return 0;
+ }
+
+ while (constmap(&mappercenthack,addr.s + i + 1,addr.len - i - 1)) {
+ j = byte_rchr(addr.s,i,'%');
+ if (j == i) break;
+ addr.len = i;
+ i = j;
+ addr.s[i] = '@';
+ }
+
+ at = byte_rchr(addr.s,addr.len,'@');
+
+ if (constmap(&maplocals,addr.s + at + 1,addr.len - at - 1)) {
+ if (!stralloc_cat(&rwline,&addr)) return 0;
+ if (!stralloc_0(&rwline)) return 0;
+ return 1;
+ }
+
+ for (i = 0;i <= addr.len;++i)
+ if (!i || (i == at + 1) || (i == addr.len) || ((i > at) && (addr.s[i] == '.')))
+ if (x = constmap(&mapvdoms,addr.s + i,addr.len - i)) {
+ if (!*x) break;
+ if (!stralloc_cats(&rwline,x)) return 0;
+ if (!stralloc_cats(&rwline,"-")) return 0;
+ if (!stralloc_cat(&rwline,&addr)) return 0;
+ if (!stralloc_0(&rwline)) return 0;
+ return 1;
+ }
+
+ if (!stralloc_cat(&rwline,&addr)) return 0;
+ if (!stralloc_0(&rwline)) return 0;
+ return 2;
+}
+
+/* this file is not so long --------------------------------- COMMUNICATION */
+
+substdio sstoqc; char sstoqcbuf[1024];
+substdio ssfromqc; char ssfromqcbuf[1024];
+stralloc comm_buf = {0};
+int comm_pos;
+int fdout = -1;
+int fdin = -1;
+
+void comm_init(void)
+{
+ substdio_fdbuf(&sstoqc,write,2,sstoqcbuf,sizeof(sstoqcbuf));
+ substdio_fdbuf(&ssfromqc,read,3,ssfromqcbuf,sizeof(ssfromqcbuf));
+
+ fdout = 1; /* stdout */
+ fdin = 0; /* stdin */
+ if (ndelay_on(fdout) == -1)
+ /* this is so stupid: NDELAY semantics should be default on write */
+ senddied(); /* drastic, but better than risking deadlock */
+
+ while (!stralloc_ready(&comm_buf,1024)) nomem();
+}
+
+int comm_canwrite(void)
+{
+ /* XXX: could allow a bigger buffer; say 10 recipients */
+ /* XXX: returns true if there is something in the buffer */
+ if (!flagsendalive) return 0;
+ if (comm_buf.s && comm_buf.len) return 1;
+ return 0;
+}
+
+void log1(char* x)
+{
+ int pos;
+
+ pos = comm_buf.len;
+ if (!stralloc_cats(&comm_buf,"L")) goto fail;
+ if (!stralloc_cats(&comm_buf,x)) goto fail;
+ if (!stralloc_0(&comm_buf)) goto fail;
+ return;
+
+fail:
+ /* either all or nothing */
+ comm_buf.len = pos;
+}
+
+void log3(char* x, char *y, char *z)
+{
+ int pos;
+
+ pos = comm_buf.len;
+ if (!stralloc_cats(&comm_buf,"L")) goto fail;
+ if (!stralloc_cats(&comm_buf,x)) goto fail;
+ if (!stralloc_cats(&comm_buf,y)) goto fail;
+ if (!stralloc_cats(&comm_buf,z)) goto fail;
+ if (!stralloc_0(&comm_buf)) goto fail;
+ return;
+
+fail:
+ /* either all or nothing */
+ comm_buf.len = pos;
+}
+
+void comm_write(unsigned long id, int local, int remote)
+{
+ int pos;
+ char *s;
+
+ if(local && remote) s="B";
+ else if(local) s="L";
+ else if(remote) s="R";
+ else s="X";
+
+ pos = comm_buf.len;
+ strnum[fmt_ulong(strnum,id)] = 0;
+ if (!stralloc_cats(&comm_buf,"D")) goto fail;
+ if (!stralloc_cats(&comm_buf,s)) goto fail;
+ if (!stralloc_cats(&comm_buf,strnum)) goto fail;
+ if (!stralloc_0(&comm_buf)) goto fail;
+ return;
+
+fail:
+ /* either all or nothing */
+ comm_buf.len = pos;
+}
+
+static int issafe(char ch)
+{
+ if (ch == '%') return 0; /* general principle: allman's code is crap */
+ if (ch < 33) return 0;
+ if (ch > 126) return 0;
+ return 1;
+}
+
+void comm_info(unsigned long id, unsigned long size, char* from, unsigned long pid, unsigned long uid)
+{
+ int pos;
+ int i;
+
+ pos = comm_buf.len;
+ if (!stralloc_cats(&comm_buf,"Linfo msg ")) goto fail;
+ strnum[fmt_ulong(strnum,id)] = 0;
+ if (!stralloc_cats(&comm_buf,strnum)) goto fail;
+ if (!stralloc_cats(&comm_buf,": bytes ")) goto fail;
+ strnum[fmt_ulong(strnum,size)] = 0;
+ if (!stralloc_cats(&comm_buf,strnum)) goto fail;
+ if (!stralloc_cats(&comm_buf," from <")) goto fail;
+ i = comm_buf.len;
+ if (!stralloc_cats(&comm_buf,from)) goto fail;
+ for (;i < comm_buf.len;++i)
+ if (comm_buf.s[i] == '\n')
+ comm_buf.s[i] = '/';
+ else
+ if (!issafe(comm_buf.s[i]))
+ comm_buf.s[i] = '_';
+ if (!stralloc_cats(&comm_buf,"> qp ")) goto fail;
+ strnum[fmt_ulong(strnum,pid)] = 0;
+ if (!stralloc_cats(&comm_buf,strnum)) goto fail;
+ if (!stralloc_cats(&comm_buf," uid ")) goto fail;
+ strnum[fmt_ulong(strnum,uid)] = 0;
+ if (!stralloc_cats(&comm_buf,strnum)) goto fail;
+ if (!stralloc_cats(&comm_buf,"\n")) goto fail;
+ if (!stralloc_0(&comm_buf)) goto fail;
+ return;
+
+fail:
+ /* either all or nothing */
+ comm_buf.len = pos;
+}
+
+void comm_exit(void)
+{
+ int w;
+
+ /* if it fails exit, we have already stoped */
+ if (!stralloc_cats(&comm_buf,"X")) _exit(1);
+ if (!stralloc_0(&comm_buf)) _exit(1);
+}
+
+void comm_selprep(int *nfds, fd_set *wfds, fd_set *rfds)
+{
+ if (flagsendalive) {
+ if (flagstopasap && comm_canwrite() == 0)
+ comm_exit();
+ if (comm_canwrite()) {
+ FD_SET(fdout,wfds);
+ if (*nfds <= fdout)
+ *nfds = fdout + 1;
+ }
+ FD_SET(fdin,rfds);
+ if (*nfds <= fdin)
+ *nfds = fdin + 1;
+ }
+}
+
+void comm_do(fd_set *wfds, fd_set *rfds)
+{
+ /* first write then read */
+ if (flagsendalive)
+ if (comm_canwrite())
+ if (FD_ISSET(fdout,wfds)) {
+ int w;
+ int len;
+ len = comm_buf.len;
+ w = write(fdout,comm_buf.s + comm_pos,len - comm_pos);
+ if (w <= 0) {
+ if ((w == -1) && (errno == error_pipe))
+ senddied();
+ } else {
+ comm_pos += w;
+ if (comm_pos == len) {
+ comm_buf.len = 0;
+ comm_pos = 0;
+ }
+ }
+ }
+ if (flagsendalive)
+ if (FD_ISSET(fdin,rfds)) {
+ /* there are only two messages 'H' and 'X' */
+ char c;
+ int r;
+ r = read(fdin, &c, 1);
+ if (r <= 0) {
+ if ((r == -1) && (errno != error_intr))
+ senddied();
+ } else {
+ switch(c) {
+ case 'H':
+ sighup();
+ break;
+ case 'X':
+ sigterm();
+ break;
+ default:
+ log1("warning: qmail-todo: qmail-send speaks an obscure dialect\n");
+ break;
+ }
+ }
+ }
+}
+
+/* this file is not so long ------------------------------------------ TODO */
+
+datetime_sec nexttodorun;
+DIR *tododir; /* if 0, have to opendir again */
+stralloc todoline = {0};
+char todobuf[SUBSTDIO_INSIZE];
+char todobufinfo[512];
+char todobufchan[CHANNELS][1024];
+
+void todo_init(void)
+{
+ tododir = 0;
+ nexttodorun = now();
+ trigger_set();
+}
+
+void todo_selprep(int *nfds, fd_set *rfds, datetime_sec *wakeup)
+{
+ if (flagstopasap) return;
+ trigger_selprep(nfds,rfds);
+ if (tododir) *wakeup = 0;
+ if (*wakeup > nexttodorun) *wakeup = nexttodorun;
+}
+
+void todo_do(fd_set *rfds)
+{
+ struct stat st;
+ substdio ss; int fd;
+ substdio ssinfo; int fdinfo;
+ substdio sschan[CHANNELS];
+ int fdchan[CHANNELS];
+ int flagchan[CHANNELS];
+ char ch;
+ int match;
+ unsigned long id;
+ unsigned int len;
+ direntry *d;
+ int c;
+ unsigned long uid;
+ unsigned long pid;
+
+ fd = -1;
+ fdinfo = -1;
+ for (c = 0;c < CHANNELS;++c) fdchan[c] = -1;
+
+ if (flagstopasap) return;
+
+ if (!tododir)
+ {
+ if (!trigger_pulled(rfds))
+ if (recent < nexttodorun)
+ return;
+ trigger_set();
+ tododir = opendir("todo");
+ if (!tododir)
+ {
+ pausedir("todo");
+ return;
+ }
+ nexttodorun = recent + SLEEP_TODO;
+ }
+
+ d = readdir(tododir);
+ if (!d)
+ {
+ closedir(tododir);
+ tododir = 0;
+ return;
+ }
+ if (str_equal(d->d_name,".")) return;
+ if (str_equal(d->d_name,"..")) return;
+ len = scan_ulong(d->d_name,&id);
+ if (!len || d->d_name[len]) return;
+
+ fnmake_todo(id);
+
+ fd = open_read(fn.s);
+ if (fd == -1) { log3("warning: qmail-todo: unable to open ",fn.s,"\n"); return; }
+
+ fnmake_mess(id);
+ /* just for the statistics */
+ if (stat(fn.s,&st) == -1)
+ { log3("warning: qmail-todo: unable to stat ",fn.s,"\n"); goto fail; }
+
+ for (c = 0;c < CHANNELS;++c)
+ {
+ fnmake_chanaddr(id,c);
+ if (unlink(fn.s) == -1) if (errno != error_noent)
+ { log3("warning: qmail-todo: unable to unlink ",fn.s,"\n"); goto fail; }
+ }
+
+ fnmake_info(id);
+ if (unlink(fn.s) == -1) if (errno != error_noent)
+ { log3("warning: qmail-todo: unable to unlink ",fn.s,"\n"); goto fail; }
+
+ fdinfo = open_excl(fn.s);
+ if (fdinfo == -1)
+ { log3("warning: qmail-todo: unable to create ",fn.s,"\n"); goto fail; }
+
+ strnum[fmt_ulong(strnum,id)] = 0;
+ log3("new msg ",strnum,"\n");
+
+ for (c = 0;c < CHANNELS;++c) flagchan[c] = 0;
+
+ substdio_fdbuf(&ss,read,fd,todobuf,sizeof(todobuf));
+ substdio_fdbuf(&ssinfo,write,fdinfo,todobufinfo,sizeof(todobufinfo));
+
+ uid = 0;
+ pid = 0;
+
+ for (;;)
+ {
+ if (getln(&ss,&todoline,&match,'\0') == -1)
+ {
+ /* perhaps we're out of memory, perhaps an I/O error */
+ fnmake_todo(id);
+ log3("warning: qmail-todo: trouble reading ",fn.s,"\n"); goto fail;
+ }
+ if (!match) break;
+
+ switch(todoline.s[0])
+ {
+ case 'u':
+ scan_ulong(todoline.s + 1,&uid);
+ break;
+ case 'p':
+ scan_ulong(todoline.s + 1,&pid);
+ break;
+ case 'F':
+ if (substdio_putflush(&ssinfo,todoline.s,todoline.len) == -1)
+ {
+ fnmake_info(id);
+ log3("warning: qmail-todo: trouble writing to ",fn.s,"\n"); goto fail;
+ }
+ comm_info(id, (unsigned long) st.st_size, todoline.s + 1, pid, uid);
+ break;
+ case 'T':
+ switch(rewrite(todoline.s + 1))
+ {
+ case 0: nomem(); goto fail;
+ case 2: c = 1; break;
+ default: c = 0; break;
+ }
+ if (fdchan[c] == -1)
+ {
+ fnmake_chanaddr(id,c);
+ fdchan[c] = open_excl(fn.s);
+ if (fdchan[c] == -1)
+ { log3("warning: qmail-todo: unable to create ",fn.s,"\n"); goto fail; }
+ substdio_fdbuf(&sschan[c]
+ ,write,fdchan[c],todobufchan[c],sizeof(todobufchan[c]));
+ flagchan[c] = 1;
+ }
+ if (substdio_bput(&sschan[c],rwline.s,rwline.len) == -1)
+ {
+ fnmake_chanaddr(id,c);
+ log3("warning: qmail-todo: trouble writing to ",fn.s,"\n"); goto fail;
+ }
+ break;
+ default:
+ fnmake_todo(id);
+ log3("warning: qmail-todo: unknown record type in ",fn.s,"\n"); goto fail;
+ }
+ }
+
+ close(fd); fd = -1;
+
+ fnmake_info(id);
+ if (substdio_flush(&ssinfo) == -1)
+ { log3("warning: qmail-todo: trouble writing to ",fn.s,"\n"); goto fail; }
+ if (fsync(fdinfo) == -1)
+ { log3("warning: qmail-todo: trouble fsyncing ",fn.s,"\n"); goto fail; }
+ close(fdinfo); fdinfo = -1;
+
+ for (c = 0;c < CHANNELS;++c)
+ if (fdchan[c] != -1)
+ {
+ fnmake_chanaddr(id,c);
+ if (substdio_flush(&sschan[c]) == -1)
+ { log3("warning: qmail-todo: trouble writing to ",fn.s,"\n"); goto fail; }
+ if (fsync(fdchan[c]) == -1)
+ { log3("warning: qmail-todo: trouble fsyncing ",fn.s,"\n"); goto fail; }
+ close(fdchan[c]); fdchan[c] = -1;
+ }
+
+ fnmake_todo(id);
+ if (substdio_putflush(&sstoqc,fn.s,fn.len) == -1) { cleandied(); return; }
+ if (substdio_get(&ssfromqc,&ch,1) != 1) { cleandied(); return; }
+ if (ch != '+')
+ {
+ log3("warning: qmail-clean unable to clean up ",fn.s,"\n");
+ return;
+ }
+
+ comm_write(id, flagchan[0], flagchan[1]);
+
+ return;
+
+ fail:
+ if (fd != -1) close(fd);
+ if (fdinfo != -1) close(fdinfo);
+ for (c = 0;c < CHANNELS;++c)
+ if (fdchan[c] != -1) close(fdchan[c]);
+}
+
+/* this file is too long ---------------------------------------------- MAIN */
+
+int getcontrols(void)
+{
+ if (control_init() == -1) return 0;
+ if (control_rldef(&envnoathost,"control/envnoathost",1,"envnoathost") != 1) return 0;
+ if (control_readfile(&locals,"control/locals",1) != 1) return 0;
+ if (!constmap_init(&maplocals,locals.s,locals.len,0)) return 0;
+ switch(control_readfile(&percenthack,"control/percenthack",0))
+ {
+ case -1: return 0;
+ case 0: if (!constmap_init(&mappercenthack,"",0,0)) return 0; break;
+ case 1: if (!constmap_init(&mappercenthack,percenthack.s,percenthack.len,0)) return 0; break;
+ }
+ switch(control_readfile(&vdoms,"control/virtualdomains",0))
+ {
+ case -1: return 0;
+ case 0: if (!constmap_init(&mapvdoms,"",0,1)) return 0; break;
+ case 1: if (!constmap_init(&mapvdoms,vdoms.s,vdoms.len,1)) return 0; break;
+ }
+ return 1;
+}
+
+stralloc newlocals = {0};
+stralloc newvdoms = {0};
+
+void regetcontrols(void)
+{
+ int r;
+
+ if (control_readfile(&newlocals,"control/locals",1) != 1)
+ { log1("alert: qmail-todo: unable to reread control/locals\n"); return; }
+ r = control_readfile(&newvdoms,"control/virtualdomains",0);
+ if (r == -1)
+ { log1("alert: qmail-todo: unable to reread control/virtualdomains\n"); return; }
+
+ constmap_free(&maplocals);
+ constmap_free(&mapvdoms);
+
+ while (!stralloc_copy(&locals,&newlocals)) nomem();
+ while (!constmap_init(&maplocals,locals.s,locals.len,0)) nomem();
+
+ if (r)
+ {
+ while (!stralloc_copy(&vdoms,&newvdoms)) nomem();
+ while (!constmap_init(&mapvdoms,vdoms.s,vdoms.len,1)) nomem();
+ }
+ else
+ while (!constmap_init(&mapvdoms,"",0,1)) nomem();
+}
+
+void reread(void)
+{
+ if (chdir(auto_qmail) == -1)
+ {
+ log1("alert: qmail-todo: unable to reread controls: unable to switch to home directory\n");
+ return;
+ }
+ regetcontrols();
+ while (chdir("queue") == -1)
+ {
+ log1("alert: qmail-todo: unable to switch back to queue directory; HELP! sleeping...\n");
+ sleep(10);
+ }
+}
+
+void main()
+{
+ datetime_sec wakeup;
+ fd_set rfds;
+ fd_set wfds;
+ int nfds;
+ struct timeval tv;
+ int r;
+ char c;
+
+ if (chdir(auto_qmail) == -1)
+ { log1("alert: qmail-todo: cannot start: unable to switch to home directory\n"); _exit(111); }
+ if (!getcontrols())
+ { log1("alert: qmail-todo: cannot start: unable to read controls\n"); _exit(111); }
+ if (chdir("queue") == -1)
+ { log1("alert: qmail-todo: cannot start: unable to switch to queue directory\n"); _exit(111); }
+ sig_pipeignore();
+ umask(077);
+
+ fnmake_init();
+
+ todo_init();
+ comm_init();
+
+ do {
+ r = read(fdin, &c, 1);
+ if ((r == -1) && (errno != error_intr))
+ _exit(100); /* read failed probably qmail-send died */
+ } while (r =! 1); /* we assume it is a 'S' */
+
+ for (;;)
+ {
+ recent = now();
+
+ if (flagreadasap) { flagreadasap = 0; reread(); }
+ if (!flagsendalive) {
+ /* qmail-send finaly exited, so do the same. */
+ if (flagstopasap) _exit(0);
+ /* qmail-send died. We can not log and we can not work therefor _exit(1). */
+ _exit(1);
+ }
+
+ wakeup = recent + SLEEP_FOREVER;
+ FD_ZERO(&rfds);
+ FD_ZERO(&wfds);
+ nfds = 1;
+
+ todo_selprep(&nfds,&rfds,&wakeup);
+ comm_selprep(&nfds,&wfds,&rfds);
+
+ if (wakeup <= recent) tv.tv_sec = 0;
+ else tv.tv_sec = wakeup - recent + SLEEP_FUZZ;
+ tv.tv_usec = 0;
+
+ if (select(nfds,&rfds,&wfds,(fd_set *) 0,&tv) == -1)
+ if (errno == error_intr)
+ ;
+ else
+ log1("warning: qmail-todo: trouble in select\n");
+ else
+ {
+ recent = now();
+
+ todo_do(&rfds);
+ comm_do(&wfds, &rfds);
+ }
+ }
+ /* NOTREACHED */
+}
+
diff -ruBN qmail-1.03.org/qmail.c qmail-1.03/qmail.c
--- qmail-1.03.org/qmail.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/qmail.c 2013-06-22 03:03:25.000000000 -0400
@@ -6,8 +6,17 @@
#include "fd.h"
#include "qmail.h"
#include "auto_qmail.h"
+#include "env.h"
-static char *binqqargs[2] = { "bin/qmail-queue", 0 } ;
+static char *binqqargs[2] = { 0, 0 } ;
+
+static void setup_qqargs()
+{
+ if(!binqqargs[0])
+ binqqargs[0] = env_get("QMAILQUEUE");
+ if(!binqqargs[0])
+ binqqargs[0] = "bin/qmail-queue";
+}
int qmail_open(qq)
struct qmail *qq;
@@ -15,6 +24,8 @@
int pim[2];
int pie[2];
+ setup_qqargs();
+
if (pipe(pim) == -1) return -1;
if (pipe(pie) == -1) { close(pim[0]); close(pim[1]); return -1; }
diff -ruBN qmail-1.03.org/qregex.c qmail-1.03/qregex.c
--- qmail-1.03.org/qregex.c 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/qregex.c 2013-06-22 03:03:25.000000000 -0400
@@ -0,0 +1,57 @@
+/*
+ * qregex (v2)
+ * $Id: qregex.c,v 2.1 2001/12/28 07:05:21 evan Exp $
+ *
+ * Author : Evan Borgstrom (evan at unixpimps dot org)
+ * Created : 2001/12/14 23:08:16
+ * Modified: $Date: 2001/12/28 07:05:21 $
+ * Revision: $Revision: 2.1 $
+ *
+ * Do POSIX regex matching on addresses for anti-relay / spam control.
+ * It logs to the maillog
+ * See the qregex-readme file included with this tarball.
+ * If you didn't get this file in a tarball please see the following URL:
+ * http://www.unixpimps.org/software/qregex
+ *
+ * qregex.c is released under a BSD style copyright.
+ * See http://www.unixpimps.org/software/qregex/copyright.html
+ *
+ * Note: this revision follows the coding guidelines set forth by the rest of
+ * the qmail code and that described at the following URL.
+ * http://cr.yp.to/qmail/guarantee.html
+ *
+ */
+
+#include
+#include
+#include "qregex.h"
+
+#define REGCOMP(X,Y) regcomp(&X, Y, REG_EXTENDED|REG_ICASE)
+#define REGEXEC(X,Y) regexec(&X, Y, (size_t)0, (regmatch_t *)0, (int)0)
+
+int matchregex(char *text, char *regex) {
+ regex_t qreg;
+ int retval = 0;
+
+
+ /* build the regex */
+ if ((retval = REGCOMP(qreg, regex)) != 0) {
+ regfree(&qreg);
+ return(-retval);
+ }
+
+ /* execute the regex */
+ if ((retval = REGEXEC(qreg, text)) != 0) {
+ /* did we just not match anything? */
+ if (retval == REG_NOMATCH) {
+ regfree(&qreg);
+ return(0);
+ }
+ regfree(&qreg);
+ return(-retval);
+ }
+
+ /* signal the match */
+ regfree(&qreg);
+ return(1);
+}
diff -ruBN qmail-1.03.org/qregex.h qmail-1.03/qregex.h
--- qmail-1.03.org/qregex.h 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/qregex.h 2013-06-22 03:03:25.000000000 -0400
@@ -0,0 +1,5 @@
+/* simple header file for the matchregex prototype */
+#ifndef _QREGEX_H_
+#define _QREGEX_H_
+int matchregex(char *text, char *regex);
+#endif
diff -ruBN qmail-1.03.org/remoteinfo.c qmail-1.03/remoteinfo.c
--- qmail-1.03.org/remoteinfo.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/remoteinfo.c 2013-06-22 03:03:25.000000000 -0400
@@ -44,12 +44,12 @@
s = socket(AF_INET,SOCK_STREAM,0);
if (s == -1) return 0;
- byte_zero(&sin,sizeof(sin));
+/* byte_zero(&sin,sizeof(sin));
sin.sin_family = AF_INET;
byte_copy(&sin.sin_addr,4,ipl);
sin.sin_port = 0;
- if (bind(s,(struct sockaddr *) &sin,sizeof(sin)) == -1) { close(s); return 0; }
- if (timeoutconn(s,ipr,113,timeout) == -1) { close(s); return 0; }
+ if (bind(s,(struct sockaddr *) &sin,sizeof(sin)) == -1) { close(s); return 0; } */
+ if (timeoutconn(s,ipr,ipl,113,timeout) == -1) { close(s); return 0; }
fcntl(s,F_SETFL,fcntl(s,F_GETFL,0) & ~O_NDELAY);
len = 0;
diff -ruBN qmail-1.03.org/select.h qmail-1.03/select.h
--- qmail-1.03.org/select.h 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/select.h 2013-06-22 03:03:25.000000000 -0400
@@ -0,0 +1,9 @@
+#ifndef SELECT_H
+#define SELECT_H
+
+#include
+#include
+#include
+extern int select();
+
+#endif
diff -ruBN qmail-1.03.org/sendmail.c qmail-1.03/sendmail.c
--- qmail-1.03.org/sendmail.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/sendmail.c 2013-06-22 03:03:25.000000000 -0400
@@ -45,6 +45,38 @@
_exit(111);
}
+void do_sender(s)
+const char *s;
+{
+ char *x;
+ int n;
+ int a;
+ int i;
+
+ env_unset("QMAILNAME");
+ env_unset("MAILNAME");
+ env_unset("NAME");
+ env_unset("QMAILHOST");
+ env_unset("MAILHOST");
+
+ n = str_len(s);
+ a = str_rchr(s, '@');
+ if (a == n)
+ {
+ env_put2("QMAILUSER", s);
+ return;
+ }
+ env_put2("QMAILHOST", s + a + 1);
+
+ x = (char *) alloc((a + 1) * sizeof(char));
+ if (!x) nomem();
+ for (i = 0; i < a; i++)
+ x[i] = s[i];
+ x[i] = 0;
+ env_put2("QMAILUSER", x);
+ alloc_free(x);
+}
+
int flagh;
char *sender;
@@ -118,6 +150,7 @@
if (sender) {
*arg++ = "-f";
*arg++ = sender;
+ do_sender(sender);
}
*arg++ = "--";
for (i = 0;i < argc;++i) *arg++ = argv[i];
diff -ruBN qmail-1.03.org/socket.lib qmail-1.03/socket.lib
--- qmail-1.03.org/socket.lib 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/socket.lib 2013-06-22 03:03:25.000000000 -0400
@@ -0,0 +1 @@
+-lsocket -lnsl
diff -ruBN qmail-1.03.org/spawn.c qmail-1.03/spawn.c
--- qmail-1.03.org/spawn.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/spawn.c 2013-06-22 03:03:25.000000000 -0400
@@ -5,6 +5,7 @@
#include "substdio.h"
#include "byte.h"
#include "str.h"
+#include "alloc.h"
#include "stralloc.h"
#include "select.h"
#include "exit.h"
diff -ruBN qmail-1.03.org/spf.c qmail-1.03/spf.c
--- qmail-1.03.org/spf.c 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/spf.c 2013-06-22 03:03:25.000000000 -0400
@@ -0,0 +1,878 @@
+#include "stralloc.h"
+#include "strsalloc.h"
+#include "alloc.h"
+#include "ip.h"
+#include "ipalloc.h"
+#include "ipme.h"
+#include "str.h"
+#include "fmt.h"
+#include "scan.h"
+#include "byte.h"
+#include "now.h"
+#include "dns.h"
+#include "case.h"
+#include "spf.h"
+
+#define SPF_EXT -1
+#define SPF_SYNTAX -2
+
+#define WSPACE(x) ((x) == ' ' || (x) == '\t' || (x) == '\r' || (x) == '\n')
+#define NXTOK(b, p, a) do { (b) = (p); \
+ while((p) < (a)->len && !WSPACE((a)->s[(p)])) ++(p); \
+ while((p) < (a)->len && WSPACE((a)->s[(p)])) (a)->s[(p)++] = 0; \
+ } while(0)
+
+/* this table and macro came from wget more or less */
+/* and was in turn stolen by me from libspf as is :) */
+const static unsigned char urlchr_table[256] =
+{
+ 1, 1, 1, 1, 1, 1, 1, 1, /* NUL SOH STX ETX EOT ENQ ACK BEL */
+ 1, 1, 1, 1, 1, 1, 1, 1, /* BS HT LF VT FF CR SO SI */
+ 1, 1, 1, 1, 1, 1, 1, 1, /* DLE DC1 DC2 DC3 DC4 NAK SYN ETB */
+ 1, 1, 1, 1, 1, 1, 1, 1, /* CAN EM SUB ESC FS GS RS US */
+ 1, 0, 1, 1, 0, 1, 1, 0, /* SP ! " # $ % & ' */
+ 0, 0, 0, 1, 0, 0, 0, 1, /* ( ) * + , - . / */
+ 0, 0, 0, 0, 0, 0, 0, 0, /* 0 1 2 3 4 5 6 7 */
+ 0, 0, 1, 1, 1, 1, 1, 1, /* 8 9 : ; < = > ? */
+ 1, 0, 0, 0, 0, 0, 0, 0, /* @ A B C D E F G */
+ 0, 0, 0, 0, 0, 0, 0, 0, /* H I J K L M N O */
+ 0, 0, 0, 0, 0, 0, 0, 0, /* P Q R S T U V W */
+ 0, 0, 0, 1, 1, 1, 1, 0, /* X Y Z [ \ ] ^ _ */
+ 1, 0, 0, 0, 0, 0, 0, 0, /* ` a b c d e f g */
+ 0, 0, 0, 0, 0, 0, 0, 0, /* h i j k l m n o */
+ 0, 0, 0, 0, 0, 0, 0, 0, /* p q r s t u v w */
+ 0, 0, 0, 1, 1, 1, 1, 1, /* x y z { | } ~ DEL */
+
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+};
+
+
+extern stralloc addr;
+extern stralloc helohost;
+extern char *remoteip;
+extern char *local;
+
+extern stralloc spflocal;
+extern stralloc spfguess;
+extern stralloc spfexp;
+
+static stralloc sender_fqdn = {0};
+static stralloc explanation = {0};
+static stralloc expdomain = {0};
+static stralloc errormsg = {0};
+static char *received;
+
+static int recursion;
+static struct ip_address ip;
+
+static void hdr_pass() { received = "pass (%{xr}: %{xs} designates %{i} as permitted sender)"; };
+static void hdr_softfail() { received = "softfail (%{xr}: transitioning %{xs} does not designate %{i} as permitted sender)"; };
+static void hdr_fail() { received = "fail (%{xr}: %{xs} does not designate %{i} as permitted sender)"; };
+static void hdr_unknown() { received = "unknown (%{xr}: domain at %{d} does not designate permitted sender hosts)"; };
+static void hdr_neutral() { received = "neutral (%{xr}: %{i} is neither permitted nor denied by %{xs})"; };
+static void hdr_none() { received = "none (%{xr}: domain at %{d} does not designate permitted sender hosts)"; };
+static void hdr_unknown_msg(e) char *e; { stralloc_copys(&errormsg, e); received = "unknown (%{xr}: %{xe})"; };
+static void hdr_ext(e) char *e; { stralloc_copys(&errormsg, e); received = "unknown %{xe} (%{xr}: %{xs} uses mechanism not recognized by this client)"; };
+static void hdr_syntax() { received = "unknown (%{xr}: parse error in %{xs})"; };
+static void hdr_error(e) char *e; { stralloc_copys(&errormsg, e); received = "error (%{xr}: error in processing during lookup of %{d}: %{xe})"; };
+static void hdr_dns() { hdr_error("DNS problem"); }
+
+
+static int matchip(struct ip_address *net, int mask, struct ip_address *ip)
+{
+ int j;
+ int bytemask;
+
+ for (j = 0; j < 4 && mask > 0; ++j) {
+ if (mask > 8) bytemask = 8; else bytemask = mask;
+ mask -= bytemask;
+
+ if ((net->d[j] ^ ip->d[j]) & (0x100 - (1 << (8 - bytemask))))
+ return 0;
+ }
+ return 1;
+}
+
+static int getipmask(char *mask, int ipv6) {
+ unsigned long r;
+ int pos;
+
+ if (!mask) return 32;
+
+ pos = scan_ulong(mask, &r);
+ if (!pos || (mask[pos] && !(mask[pos] == '/' && ipv6))) return -1;
+ if (r > 32) return -1;
+
+ return r;
+}
+
+int spfget(stralloc *spf, stralloc *domain)
+{
+ strsalloc ssa = {0};
+ int j;
+ int begin, pos, i;
+ int r = SPF_NONE;
+
+ spf->len = 0;
+
+ switch(dns_txt(&ssa, domain)) {
+ case DNS_MEM: return SPF_NOMEM;
+ case DNS_SOFT: hdr_dns(); return SPF_ERROR;
+ case DNS_HARD: return SPF_NONE;
+ }
+
+ for (j = 0;j < ssa.len;++j) {
+ pos = 0;
+
+ NXTOK(begin, pos, &ssa.sa[j]);
+ if (str_len(ssa.sa[j].s + begin) < 6) continue;
+ if (!byte_equal(ssa.sa[j].s + begin,6,"v=spf1")) continue;
+ if (ssa.sa[j].s[begin + 6]) {
+ /* check for subversion */
+ if (ssa.sa[j].s[begin + 6] != '.') continue;
+ for(i = begin + 7;;++i)
+ if (!(ssa.sa[j].s[i] >= '0' && ssa.sa[j].s[i] <= '9')) break;
+ if (i == (begin + 7)) continue;
+ if (ssa.sa[j].s[i]) continue;
+ }
+
+ if (spf->len > 0) {
+ spf->len = 0;
+ hdr_unknown_msg("Multiple SPF records returned");
+ r = SPF_UNKNOWN;
+ break;
+ }
+ if (!stralloc_0(&ssa.sa[j])) return SPF_NOMEM;
+ if (!stralloc_copys(spf,ssa.sa[j].s + pos)) return SPF_NOMEM;
+ r = SPF_OK;
+ }
+
+ for (j = 0;j < ssa.len;++j)
+ alloc_free(ssa.sa[j].s);
+ alloc_free(ssa.sa);
+ return r;
+}
+
+static int spf_ptr(char *spec, char *mask);
+
+int spfsubst(stralloc *expand, char *spec, char *domain)
+{
+ static char hexdigits[] = "0123456789abcdef";
+ stralloc sa = {0};
+ char ch;
+ int digits = -1;
+ int urlencode = 0;
+ int reverse = 0;
+ int start = expand->len;
+ int i, pos;
+ char *split = ".";
+
+ if (!stralloc_readyplus(&sa,0)) return 0;
+
+ if (*spec == 'x') { i = 1; ++spec; } else i = 0;
+ ch = *spec++;
+ if (!ch) { alloc_free(sa.s); return 1; }
+ if (ch >= 'A' && ch <= 'Z') { ch += 32; urlencode = 1; }
+ if (i) ch -= 32;
+ while(*spec >= '0' && *spec <= '9') {
+ if (digits < 0) digits = 0;
+ if (digits >= 1000000) { digits = 10000000; continue; }
+ digits = (digits * 10) + (*spec - '0');
+ spec++;
+ }
+
+ while((*spec >= 'a' && *spec <= 'z') || (*spec >= 'A' && *spec <= 'Z')) {
+ if (*spec == 'r') reverse = 1;
+ spec++;
+ }
+
+ if (*spec) split = spec;
+
+ switch(ch) {
+ case 'l':
+ pos = byte_rchr(addr.s, addr.len, '@');
+ if (pos < addr.len) {
+ if (!stralloc_copyb(&sa, addr.s, pos)) return 0;
+ } else
+ if (!stralloc_copys(&sa, "postmaster")) return 0;
+ break;
+ case 's':
+ if (!stralloc_copys(&sa, addr.s)) return 0;
+ break;
+ case 'o':
+ pos = byte_rchr(addr.s, addr.len, '@') + 1;
+ if (pos > addr.len) break;
+ if (!stralloc_copys(&sa, addr.s + pos)) return 0;
+ break;
+ case 'd':
+ if (!stralloc_copys(&sa, domain)) return 0;
+ break;
+ case 'i':
+ if (!stralloc_ready(&sa, IPFMT)) return 0;
+ sa.len = ip_fmt(sa.s, &ip);
+ break;
+ case 't':
+ if (!stralloc_ready(&sa, FMT_ULONG)) return 0;
+ sa.len = fmt_ulong(sa.s, (unsigned long)now());
+ break;
+ case 'p':
+ if (!sender_fqdn.len)
+ spf_ptr(domain, 0);
+ if (sender_fqdn.len) {
+ if (!stralloc_copy(&sa, &sender_fqdn)) return 0;
+ } else
+ if (!stralloc_copys(&sa, "unknown")) return 0;
+ break;
+ case 'v':
+ if (!stralloc_copys(&sa, "in-addr")) return 0;
+ break;
+ case 'h':
+ if (!stralloc_copys(&sa, helohost.s)) return 0; /* FIXME: FQDN? */
+ break;
+ case 'E':
+ if (errormsg.len && !stralloc_copy(&sa, &errormsg)) return 0;
+ break;
+ case 'R':
+ if (!stralloc_copys(&sa, local)) return 0;
+ break;
+ case 'S':
+ if (expdomain.len > 0) {
+ if (!stralloc_copys(&sa, "SPF record at ")) return 0;
+ if (!stralloc_cats(&sa, expdomain.s)) return 0;
+ } else {
+ if (!stralloc_copys(&sa, "local policy")) return 0;
+ }
+ break;
+ }
+
+ if (reverse) {
+ for(pos = 0; digits; ++pos) {
+ pos += byte_cspn(sa.s + pos, sa.len - pos, split);
+ if (pos >= sa.len) break;
+ if (!--digits) break;
+ }
+
+ for(; pos > 0; pos = i - 1) {
+ i = byte_rcspn(sa.s, pos, split) + 1;
+ if (i > pos) i = 0;
+ if (!stralloc_catb(expand, sa.s + i, pos - i)) return 0;
+ if (i > 0 && !stralloc_append(expand, ".")) return 0;
+ }
+ } else {
+ for(pos = sa.len; digits; --pos) {
+ i = byte_rcspn(sa.s, pos, split) + 1;
+ if (i > pos) { pos = 0; break; }
+ pos = i;
+ if (!--digits) break;
+ }
+
+ if (!stralloc_catb(expand, sa.s + pos, sa.len - pos)) return 0;
+ if (split[0] != '.' || split[1])
+ for(pos = 0; pos < expand->len; pos++) {
+ pos += byte_cspn(expand->s + pos, expand->len - pos, split);
+ if (pos < expand->len)
+ expand->s[pos] = '.';
+ }
+ }
+
+ if (urlencode) {
+ stralloc_copyb(&sa, expand->s + start, expand->len - start);
+ expand->len = start;
+
+ for(pos = 0; pos < sa.len; ++pos) {
+ ch = sa.s[pos];
+ if (urlchr_table[(unsigned char)ch]) {
+ if (!stralloc_readyplus(expand, 3)) return 0;
+ expand->s[expand->len++] = '%';
+ expand->s[expand->len++] = hexdigits[(unsigned char)ch >> 4];
+ expand->s[expand->len++] = hexdigits[(unsigned char)ch & 15];
+ } else
+ if (!stralloc_append(expand, &ch)) return 0;
+ }
+ }
+
+ alloc_free(sa.s);
+ return 1;
+}
+
+int spfexpand(stralloc *sa, char *spec, char *domain)
+{
+ char *p;
+ char append;
+ int pos;
+
+ if (!stralloc_readyplus(sa, 0)) return 0;
+ sa->len = 0;
+
+ for(p = spec; *p; p++) {
+ append = *p;
+ if (*p == '%') {
+ p++;
+ switch(*p) {
+ case '%': break;
+ case '_': append = ' '; break;
+ case '-': if (!stralloc_cats(sa, "%20")) return 0; continue;
+ case '{':
+ pos = str_chr(p, '}');
+ if (p[pos] != '}') { p--; break; }
+ p[pos] = 0;
+ if (!spfsubst(sa, p + 1, domain)) return 0;
+ p += pos;
+ continue;
+ default: p--;
+ }
+ }
+ if (!stralloc_append(sa, &append)) return 0;
+ }
+
+ return 1;
+}
+
+static int spflookup(stralloc *domain);
+
+static int spf_include(char *spec, char *mask)
+{
+ stralloc sa = {0};
+ int r;
+
+ if (!stralloc_copys(&sa, spec)) return SPF_NOMEM;
+ r = spflookup(&sa);
+ alloc_free(sa.s);
+
+ switch(r) {
+ case SPF_NONE:
+ hdr_unknown();
+ r = SPF_UNKNOWN;
+ break;
+ case SPF_SYNTAX:
+ r = SPF_UNKNOWN;
+ break;
+ case SPF_NEUTRAL:
+ case SPF_SOFTFAIL:
+ case SPF_FAIL:
+ r = SPF_NONE;
+ break;
+ }
+
+ return r;
+}
+
+static int spf_a(char *spec, char *mask)
+{
+ stralloc sa = {0};
+ ipalloc ia = {0};
+ int ipmask = getipmask(mask, 1);
+ int r;
+ int j;
+
+ if (ipmask < 0) return SPF_SYNTAX;
+
+ if (!stralloc_copys(&sa, spec)) return SPF_NOMEM;
+ if (!stralloc_readyplus(&ia, 0)) return SPF_NOMEM;
+
+ switch(dns_ip(&ia, &sa)) {
+ case DNS_MEM: return SPF_NOMEM;
+ case DNS_SOFT: hdr_dns(); r = SPF_ERROR; break;
+ case DNS_HARD: r = SPF_NONE; break;
+ default:
+ r = SPF_NONE;
+ for(j = 0; j < ia.len; ++j)
+ if (matchip(&ia.ix[j].ip, ipmask, &ip)) {
+ r = SPF_OK;
+ break;
+ }
+ }
+
+ alloc_free(sa.s);
+ alloc_free(ia.ix);
+ return r;
+}
+
+static int spf_mx(char *spec, char *mask)
+{
+ stralloc sa = {0};
+ ipalloc ia = {0};
+ int ipmask = getipmask(mask, 1);
+ int random = now() + (getpid() << 16);
+ int r;
+ int j;
+
+ if (ipmask < 0) return SPF_SYNTAX;
+
+ if (!stralloc_copys(&sa, spec)) return SPF_NOMEM;
+ if (!stralloc_readyplus(&ia, 0)) return SPF_NOMEM;
+
+ switch(dns_mxip(&ia, &sa, random)) {
+ case DNS_MEM: return SPF_NOMEM;
+ case DNS_SOFT: hdr_dns(); r = SPF_ERROR; break;
+ case DNS_HARD: r = SPF_NONE; break;
+ default:
+ r = SPF_NONE;
+ for(j = 0; j < ia.len; ++j)
+ if (matchip(&ia.ix[j].ip, ipmask, &ip)) {
+ r = SPF_OK;
+ break;
+ }
+ }
+
+ alloc_free(sa.s);
+ alloc_free(ia.ix);
+ return r;
+}
+
+static int spf_ptr(char *spec, char *mask)
+{
+ strsalloc ssa = {0};
+ ipalloc ia = {0};
+ int len = str_len(spec);
+ int r;
+ int j, k;
+ int pos;
+
+ /* we didn't find host with the matching ip before */
+ if (sender_fqdn.len == 7 && str_equal(sender_fqdn.s, "unknown"))
+ return SPF_NONE;
+
+ /* the hostname found will probably be the same as before */
+ while (sender_fqdn.len) {
+ pos = sender_fqdn.len - len;
+ if (pos < 0) break;
+ if (pos > 0 && sender_fqdn.s[pos - 1] != '.') break;
+ if (case_diffb(sender_fqdn.s + pos, len, spec)) break;
+
+ return SPF_OK;
+ }
+
+ /* ok, either it's the first test or it's a very weird setup */
+
+ if (!stralloc_readyplus(&ssa, 0)) return SPF_NOMEM;
+ if (!stralloc_readyplus(&ia, 0)) return SPF_NOMEM;
+
+ switch(dns_ptr(&ssa, &ip)) {
+ case DNS_MEM: return SPF_NOMEM;
+ case DNS_SOFT: hdr_dns(); r = SPF_ERROR; break;
+ case DNS_HARD: r = SPF_NONE; break;
+ default:
+ r = SPF_NONE;
+ for(j = 0; j < ssa.len; ++j) {
+ switch(dns_ip(&ia, &ssa.sa[j])) {
+ case DNS_MEM: return SPF_NOMEM;
+ case DNS_SOFT: hdr_dns(); r = SPF_ERROR; break;
+ case DNS_HARD: break;
+ default:
+ for(k = 0; k < ia.len; ++k)
+ if (matchip(&ia.ix[k].ip, 32, &ip)) {
+ if (!sender_fqdn.len)
+ if (!stralloc_copy(&sender_fqdn, &ssa.sa[j])) return SPF_NOMEM;
+
+ pos = ssa.sa[j].len - len;
+ if (pos < 0) continue;
+ if (pos > 0 && ssa.sa[j].s[pos - 1] != '.') continue;
+ if (case_diffb(ssa.sa[j].s + pos, len, spec)) continue;
+
+ stralloc_copy(&sender_fqdn, &ssa.sa[j]);
+ r = SPF_OK;
+ break;
+ }
+ }
+
+ if (r == SPF_ERROR) break;
+ }
+ }
+
+ for(j = 0;j < ssa.len;++j)
+ alloc_free(ssa.sa[j].s);
+
+ alloc_free(ssa.sa);
+ alloc_free(ia.ix);
+
+ if (!sender_fqdn.len)
+ if (!stralloc_copys(&sender_fqdn, "unknown")) return SPF_NOMEM;
+
+ return r;
+}
+
+static int spf_ip(char *spec, char *mask)
+{
+ struct ip_address net;
+ int ipmask = getipmask(mask, 0);
+
+ if (ipmask < 0) return SPF_SYNTAX;
+ if (!ip_scan(spec, &net)) return SPF_SYNTAX;
+
+ if (matchip(&net, ipmask, &ip)) return SPF_OK;
+
+ return SPF_NONE;
+}
+
+static int spf_exists(char *spec, char *mask)
+{
+ stralloc sa = {0};
+ ipalloc ia = {0};
+ int r;
+
+ if (!stralloc_copys(&sa, spec)) return SPF_NOMEM;
+ if (!stralloc_readyplus(&ia, 0)) return SPF_NOMEM;
+
+ switch(dns_ip(&ia, &sa)) {
+ case DNS_MEM: return SPF_NOMEM;
+ case DNS_SOFT: hdr_dns(); r = SPF_ERROR; break;
+ case DNS_HARD: r = SPF_NONE; break;
+ default: r = SPF_OK;
+ }
+
+ alloc_free(sa.s);
+ alloc_free(ia.ix);
+ return r;
+}
+
+static struct mechanisms {
+ char *mechanism;
+ int (*func)(char *spec, char *mask);
+ unsigned int takes_spec : 1;
+ unsigned int takes_mask : 1;
+ unsigned int expands : 1;
+ unsigned int filldomain : 1;
+ int defresult : 4;
+} mechanisms[] = {
+ { "all", 0, 0,0,0,0,SPF_OK }
+, { "include", spf_include,1,0,1,0,0 }
+, { "a", spf_a, 1,1,1,1,0 }
+, { "mx", spf_mx, 1,1,1,1,0 }
+, { "ptr", spf_ptr, 1,0,1,1,0 }
+, { "ip4", spf_ip, 1,1,0,0,0 }
+, { "ip6", 0, 1,1,0,0,SPF_NONE }
+, { "exists", spf_exists, 1,0,1,0,0 }
+, { "extension",0, 1,1,0,0,SPF_EXT }
+, { 0, 0, 1,1,0,0,SPF_EXT }
+};
+
+static int spfmech(char *mechanism, char *spec, char *mask, char *domain)
+{
+ struct mechanisms *mech;
+ stralloc sa = {0};
+ int r;
+ int pos;
+
+ for(mech = mechanisms; mech->mechanism; mech++)
+ if (str_equal(mech->mechanism, mechanism)) break;
+
+ if (mech->takes_spec && !spec && mech->filldomain) spec = domain;
+ if (!mech->takes_spec != !spec) return SPF_SYNTAX;
+ if (!mech->takes_mask && mask) return SPF_SYNTAX;
+ if (!mech->func) return mech->defresult;
+
+ if (!stralloc_readyplus(&sa, 0)) return SPF_NOMEM;
+ if (mech->expands && spec != domain) {
+ if (!spfexpand(&sa, spec, domain)) return SPF_NOMEM;
+ for (pos = 0; (sa.len - pos) > 255;) {
+ pos += byte_chr(sa.s + pos, sa.len - pos, '.');
+ if (pos < sa.len) pos++;
+ }
+ sa.len -= pos;
+ if (pos > 0) byte_copy(sa.s, sa.len, sa.s + pos);
+ stralloc_0(&sa);
+ spec = sa.s;
+ }
+
+ r = mech->func(spec, mask);
+
+ alloc_free(sa.s);
+ return r;
+}
+
+static struct default_aliases {
+ char *alias;
+ int defret;
+} default_aliases[] = {
+ { "allow", SPF_OK }
+, { "pass", SPF_OK }
+, { "deny", SPF_FAIL }
+, { "softdeny",SPF_SOFTFAIL }
+, { "fail", SPF_FAIL }
+, { "softfail",SPF_SOFTFAIL }
+, { "unknown", SPF_NEUTRAL }
+, { 0, SPF_UNKNOWN }
+};
+
+static int spflookup(stralloc *domain)
+{
+ stralloc spf = {0};
+ stralloc sa = {0};
+ struct default_aliases *da;
+ int main = !recursion;
+ int local_pos = -1;
+ int r, q;
+ int begin, pos;
+ int i;
+ int prefix;
+ int done;
+ int guessing = 0;
+ char *p;
+
+ if (!stralloc_readyplus(&spf, 0)) return SPF_NOMEM;
+ if (!stralloc_readyplus(&sa, 0)) return SPF_NOMEM;
+
+ /* fallthrough result */
+ if (main) hdr_none();
+
+redirect:
+ if (++recursion > 20) {
+ alloc_free(spf.s);
+ alloc_free(sa.s);
+ hdr_unknown_msg("Maximum nesting level exceeded, possible loop");
+ return SPF_SYNTAX;
+ }
+
+ if (!stralloc_0(domain)) return SPF_NOMEM;
+ if (!stralloc_copy(&expdomain, domain)) return SPF_NOMEM;
+
+ r = spfget(&spf, domain);
+ if (r == SPF_NONE) {
+ if (!main) { alloc_free(spf.s); return r; }
+
+ if (spfguess.len) {
+ /* try to guess */
+ guessing = 1;
+ if (!stralloc_copys(&spf, spfguess.s)) return SPF_NOMEM;
+ if (!stralloc_append(&spf, " ")) return SPF_NOMEM;
+ } else
+ spf.len = 0;
+
+ /* append local rulest */
+ if (spflocal.len) {
+ local_pos = spf.len;
+ if (!stralloc_cats(&spf, spflocal.s)) return SPF_NOMEM;
+ }
+ if (!stralloc_0(&spf)) return SPF_NOMEM;
+
+ expdomain.len = 0;
+ } else if (r == SPF_OK) {
+ if (!stralloc_0(&spf)) return SPF_NOMEM;
+ if (main) hdr_neutral();
+ r = SPF_NEUTRAL;
+
+ /* try to add local rules before fail all mechs */
+ if (main && spflocal.len) {
+ pos = 0;
+ p = (char *) 0;
+ while(pos < spf.len) {
+ NXTOK(begin, pos, &spf);
+ if (!spf.s[begin]) continue;
+
+ if (p && spf.s[begin] != *p) p = (char *) 0;
+ if (!p && (spf.s[begin] == '-' || spf.s[begin] == '~' ||
+ spf.s[begin] == '?')) p = &spf.s[begin];
+
+ if (p && p > spf.s && str_equal(spf.s + begin + 1, "all")) {
+ /* ok, we can insert the local rules at p */
+ local_pos = p - spf.s;
+
+ stralloc_readyplus(&spf, spflocal.len);
+ p = spf.s + local_pos;
+ byte_copyr(p + spflocal.len, spf.len - local_pos, p);
+ byte_copy(p, spflocal.len, spflocal.s);
+ spf.len += spflocal.len;
+
+ pos += spflocal.len;
+ break;
+ }
+ }
+
+ if (pos >= spf.len) pos = spf.len - 1;
+ for(i = 0; i < pos; i++)
+ if (!spf.s[i]) spf.s[i] = ' ';
+ }
+ } else {
+ alloc_free(spf.s);
+ return r;
+ }
+
+ pos = 0;
+ done = 0;
+ while(pos < spf.len) {
+ NXTOK(begin, pos, &spf);
+ if (!spf.s[begin]) continue;
+
+ /* in local ruleset? */
+ if (!done && local_pos >= 0 && begin >= local_pos) {
+ if (begin < (local_pos + spflocal.len))
+ expdomain.len = 0;
+ else
+ if (!stralloc_copy(&expdomain, domain))
+ return SPF_NOMEM;
+ }
+
+ for (p = spf.s + begin;*p;++p)
+ if (*p == ':' || *p == '/' || *p == '=') break;
+
+ if (*p == '=') {
+ *p++ = 0;
+
+ /* modifiers are simply handled here */
+ if (str_equal(spf.s + begin, "redirect")) {
+ if (done) continue;
+
+ if (!spfexpand(&sa, p, domain->s)) return SPF_NOMEM;
+ stralloc_copy(domain, &sa);
+
+ hdr_unknown();
+ r = SPF_UNKNOWN;
+
+ goto redirect;
+ } else if (str_equal(spf.s + begin, "default")) {
+ if (done) continue;
+
+ for(da = default_aliases; da->alias; ++da)
+ if (str_equal(da->alias, p)) break;
+
+ r = da->defret;
+ } else if (str_equal(spf.s + begin, "exp")) {
+ strsalloc ssa = {0};
+
+ if (!main) continue;
+
+ if (!stralloc_copys(&sa, p)) return SPF_NOMEM;
+ switch(dns_txt(&ssa, &sa)) {
+ case DNS_MEM: return SPF_NOMEM;
+ case DNS_SOFT: continue; /* FIXME... */
+ case DNS_HARD: continue;
+ }
+
+ explanation.len = 0;
+ for(i = 0; i < ssa.len; i++) {
+ if (!stralloc_cat(&explanation, &ssa.sa[i])) return SPF_NOMEM;
+ if (i < (ssa.len - 1))
+ if (!stralloc_append(&explanation, "\n")) return SPF_NOMEM;
+
+ alloc_free(ssa.sa[i].s);
+ }
+ if (!stralloc_0(&explanation)) return SPF_NOMEM;
+ } /* and unknown modifiers are ignored */
+ } else if (!done) {
+ if (!stralloc_copys(&sa, spf.s + begin)) return SPF_NOMEM;
+ if (!stralloc_0(&sa)) return SPF_NOMEM;
+
+ switch(spf.s[begin]) {
+ case '-': begin++; prefix = SPF_FAIL; break;
+ case '~': begin++; prefix = SPF_SOFTFAIL; break;
+ case '+': begin++; prefix = SPF_OK; break;
+ case '?': begin++; prefix = SPF_NEUTRAL; break;
+ default: prefix = SPF_OK;
+ }
+
+ if (*p == '/') {
+ *p++ = 0;
+ q = spfmech(spf.s + begin, 0, p, domain->s);
+ } else {
+ if (*p) *p++ = 0;
+ i = str_chr(p, '/');
+ if (p[i] == '/') {
+ p[i++] = 0;
+ q = spfmech(spf.s + begin, p, p + i, domain->s);
+ } else if (i > 0)
+ q = spfmech(spf.s + begin, p, 0, domain->s);
+ else
+ q = spfmech(spf.s + begin, 0, 0, domain->s);
+ }
+
+ if (q == SPF_OK) q = prefix;
+
+ switch(q) {
+ case SPF_OK: hdr_pass(); break;
+ case SPF_NEUTRAL: hdr_neutral(); break;
+ case SPF_SYNTAX: hdr_syntax(); break;
+ case SPF_SOFTFAIL: hdr_softfail(); break;
+ case SPF_FAIL: hdr_fail(); break;
+ case SPF_EXT: hdr_ext(sa.s); break;
+ case SPF_ERROR:
+ if (!guessing)
+ break;
+ if (local_pos >= 0 && begin >= local_pos)
+ break;
+ hdr_none();
+ q = SPF_NONE;
+ break;
+ case SPF_NONE: continue;
+ }
+
+ r = q;
+ done = 1; /* we're done, no more mechanisms */
+ }
+ }
+
+ /* we fell through, no local rule applied */
+ if (!done && !stralloc_copy(&expdomain, domain)) return SPF_NOMEM;
+
+ alloc_free(spf.s);
+ alloc_free(sa.s);
+ return r;
+}
+
+int spfcheck()
+{
+ stralloc domain = {0};
+ int pos;
+ int r;
+
+ pos = byte_rchr(addr.s, addr.len, '@') + 1;
+ if (pos < addr.len) {
+ if (!stralloc_copys(&domain, addr.s + pos)) return SPF_NOMEM;
+ } else {
+ pos = str_rchr(helohost.s, '@');
+ if (helohost.s[pos]) {
+ if (!stralloc_copys(&domain, helohost.s + pos + 1)) return SPF_NOMEM;
+ } else
+ if (!stralloc_copys(&domain, helohost.s)) return SPF_NOMEM;
+ }
+ if (!stralloc_copys(&explanation, spfexp.s)) return SPF_NOMEM;
+ if (!stralloc_0(&explanation)) return SPF_NOMEM;
+ recursion = 0;
+
+ if (!remoteip || !ip_scan(remoteip, &ip)) {
+ hdr_unknown_msg("No IP address in conversation");
+ return SPF_UNKNOWN;
+ }
+
+ if (!stralloc_readyplus(&expdomain, 0)) return SPF_NOMEM;
+ if (!stralloc_readyplus(&errormsg, 0)) return SPF_NOMEM;
+ expdomain.len = 0;
+ errormsg.len = 0;
+ sender_fqdn.len = 0;
+ received = (char *) 0;
+
+ if ((ip.d[0] == 127 && ip.d[1] == 0 && ip.d[2] == 0 && ip.d[3] == 1) || ipme_is(&ip))
+ { hdr_pass(); r = SPF_OK; }
+ else
+ r = spflookup(&domain);
+
+ if (r < 0) r = SPF_UNKNOWN;
+
+ alloc_free(domain.s);
+ return r;
+}
+
+int spfexplanation(sa)
+stralloc *sa;
+{
+ return spfexpand(sa, explanation.s, expdomain.s);
+}
+
+int spfinfo(sa)
+stralloc *sa;
+{
+ stralloc tmp = {0};
+ if (!stralloc_copys(&tmp, received)) return 0;
+ if (!stralloc_0(&tmp)) return 0;
+ if (!spfexpand(sa, tmp.s, expdomain.s)) return 0;
+ alloc_free(tmp.s);
+ return 1;
+}
diff -ruBN qmail-1.03.org/spf.h qmail-1.03/spf.h
--- qmail-1.03.org/spf.h 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/spf.h 2013-06-22 03:03:25.000000000 -0400
@@ -0,0 +1,20 @@
+#ifndef SPF_H
+#define SPF_H
+
+#define SPF_OK 0
+#define SPF_NONE 1
+#define SPF_UNKNOWN 2
+#define SPF_NEUTRAL 3
+#define SPF_SOFTFAIL 4
+#define SPF_FAIL 5
+#define SPF_ERROR 6
+#define SPF_NOMEM 7
+
+#define SPF_DEFEXP "See http://spf.pobox.com/" \
+ "why.html?sender=%{S}&ip=%{I}&receiver=%{xR}"
+
+extern int spfcheck();
+extern int spfexplanation();
+extern int spfinfo();
+
+#endif
diff -ruBN qmail-1.03.org/spfquery.c qmail-1.03/spfquery.c
--- qmail-1.03.org/spfquery.c 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/spfquery.c 2013-06-22 03:03:25.000000000 -0400
@@ -0,0 +1,84 @@
+#include "substdio.h"
+#include "subfd.h"
+#include "stralloc.h"
+#include "alloc.h"
+#include "spf.h"
+#include "exit.h"
+
+void die(e,s) int e; char *s; { substdio_putsflush(subfderr,s); _exit(e); }
+void die_usage() { die(100,"fatal: invalid usage\nusage: spfquery [] []\n"); }
+void die_nomem() { die(111,"fatal: out of memory\n"); }
+
+stralloc addr = {0};
+stralloc helohost = {0};
+char *remoteip;
+char *local;
+
+stralloc spflocal = {0};
+stralloc spfguess = {0};
+stralloc spfexp = {0};
+
+void main(argc,argv)
+int argc;
+char **argv;
+{
+ stralloc sa = {0};
+ int r;
+
+ if (argc < 4) die_usage();
+
+ remoteip = (char *)strdup(argv[1]);
+ local = "localhost";
+
+ if (!stralloc_copys(&helohost, argv[2])) die_nomem();
+ if (!stralloc_0(&helohost)) die_nomem();
+
+ if (!stralloc_copys(&addr, argv[3])) die_nomem();
+ if (!stralloc_0(&addr)) die_nomem();
+
+ if (argc > 4) {
+ if (!stralloc_copys(&spflocal, argv[4])) die_nomem();
+ if (spflocal.len && !stralloc_0(&spflocal)) die_nomem();
+ }
+
+ if (argc > 5) {
+ if (!stralloc_copys(&spfguess, argv[5])) die_nomem();
+ if (spfguess.len && !stralloc_0(&spfguess)) die_nomem();
+ }
+
+ if (argc > 6) {
+ if (!stralloc_copys(&spfexp, argv[6])) die_nomem();
+ } else
+ if (!stralloc_copys(&spfexp, SPF_DEFEXP)) die_nomem();
+ if (spfexp.len && !stralloc_0(&spfexp)) die_nomem();
+
+ dns_init(0);
+ r = spfcheck();
+ if (r == SPF_NOMEM) die_nomem();
+
+ substdio_puts(subfdout,"result=");
+ switch(r) {
+ case SPF_OK: substdio_puts(subfdout,"pass"); break;
+ case SPF_NONE: substdio_puts(subfdout,"none"); break;
+ case SPF_UNKNOWN: substdio_puts(subfdout,"unknown"); break;
+ case SPF_NEUTRAL: substdio_puts(subfdout,"neutral"); break;
+ case SPF_SOFTFAIL: substdio_puts(subfdout,"softfail"); break;
+ case SPF_FAIL: substdio_puts(subfdout,"fail"); break;
+ case SPF_ERROR: substdio_puts(subfdout,"error"); break;
+ }
+
+ if (r == SPF_FAIL) {
+ substdio_puts(subfdout,": ");
+ if (!spfexplanation(&sa)) die_nomem();
+ substdio_put(subfdout,sa.s,sa.len);
+ }
+
+ substdio_putsflush(subfdout,"\n");
+
+ substdio_puts(subfdout,"Received-SPF: ");
+ if (!spfinfo(&sa)) die_nomem();
+ substdio_put(subfdout,sa.s,sa.len);
+ substdio_putsflush(subfdout,"\n");
+
+ _exit(0);
+}
diff -ruBN qmail-1.03.org/str.h qmail-1.03/str.h
--- qmail-1.03.org/str.h 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/str.h 2013-06-22 03:03:25.000000000 -0400
@@ -2,6 +2,7 @@
#define STR_H
extern unsigned int str_copy();
+extern unsigned int str_copyb();
extern int str_diff();
extern int str_diffn();
extern unsigned int str_len();
diff -ruBN qmail-1.03.org/str_cpyb.c qmail-1.03/str_cpyb.c
--- qmail-1.03.org/str_cpyb.c 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/str_cpyb.c 2013-06-22 03:03:25.000000000 -0400
@@ -0,0 +1,18 @@
+#include "str.h"
+
+unsigned int str_copyb(s,t,max)
+register char *s;
+register char *t;
+unsigned int max;
+{
+ register int len;
+
+ len = 0;
+ while (max-- > 0) {
+ if (!(*s = *t)) return len; ++s; ++t; ++len;
+ if (!(*s = *t)) return len; ++s; ++t; ++len;
+ if (!(*s = *t)) return len; ++s; ++t; ++len;
+ if (!(*s = *t)) return len; ++s; ++t; ++len;
+ }
+ return len;
+}
diff -ruBN qmail-1.03.org/strsalloc.c qmail-1.03/strsalloc.c
--- qmail-1.03.org/strsalloc.c 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/strsalloc.c 2013-06-22 03:03:25.000000000 -0400
@@ -0,0 +1,7 @@
+#include "alloc.h"
+#include "gen_allocdefs.h"
+#include "stralloc.h"
+#include "strsalloc.h"
+
+GEN_ALLOC_readyplus(strsalloc,stralloc,sa,len,a,i,n,x,10,strsalloc_readyplus)
+GEN_ALLOC_append(strsalloc,stralloc,sa,len,a,i,n,x,10,strsalloc_readyplus,strsalloc_append)
diff -ruBN qmail-1.03.org/strsalloc.h qmail-1.03/strsalloc.h
--- qmail-1.03.org/strsalloc.h 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/strsalloc.h 2013-06-22 03:03:25.000000000 -0400
@@ -0,0 +1,12 @@
+#ifndef STRSALLOC_H
+#define STRSALLOC_H
+
+#include "stralloc.h"
+
+#include "gen_alloc.h"
+
+GEN_ALLOC_typedef(strsalloc,stralloc,sa,len,a)
+extern int strsalloc_readyplus();
+extern int strsalloc_append();
+
+#endif
diff -ruBN qmail-1.03.org/systype qmail-1.03/systype
--- qmail-1.03.org/systype 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/systype 2013-06-22 03:03:25.000000000 -0400
@@ -0,0 +1 @@
+sunos-5.7-generic_106541-19-:sparc-:sun4-:sun4u-:sun4u-
diff -ruBN qmail-1.03.org/tcp-env.c qmail-1.03/tcp-env.c
--- qmail-1.03.org/tcp-env.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/tcp-env.c 2013-06-22 03:03:25.000000000 -0400
@@ -10,6 +10,7 @@
#include "scan.h"
#include "subgetopt.h"
#include "ip.h"
+#include "strsalloc.h"
#include "dns.h"
#include "byte.h"
#include "remoteinfo.h"
@@ -34,6 +35,7 @@
int argc;
char *argv[];
{
+ strsalloc ssa = {0};
int dummy;
char *proto;
int opt;
@@ -74,12 +76,13 @@
temp[ip_fmt(temp,&iplocal)] = 0;
if (!env_put2("TCPLOCALIP",temp)) die();
- switch(dns_ptr(&localname,&iplocal))
+ switch(dns_ptr(&ssa,&iplocal))
{
case DNS_MEM: die();
case DNS_SOFT:
if (!stralloc_copys(&localname,"softdnserror")) die();
case 0:
+ if (!stralloc_copy(&localname,&ssa.sa[0])) die();
if (!stralloc_0(&localname)) die();
case_lowers(localname.s);
if (!env_put2("TCPLOCALHOST",localname.s)) die();
@@ -99,12 +102,13 @@
temp[ip_fmt(temp,&ipremote)] = 0;
if (!env_put2("TCPREMOTEIP",temp)) die();
- switch(dns_ptr(&remotename,&ipremote))
+ switch(dns_ptr(&ssa,&ipremote))
{
case DNS_MEM: die();
case DNS_SOFT:
if (!stralloc_copys(&remotename,"softdnserror")) die();
case 0:
+ if (!stralloc_copy(&remotename,&ssa.sa[0])) die();
if (!stralloc_0(&remotename)) die();
case_lowers(remotename.s);
if (!env_put2("TCPREMOTEHOST",remotename.s)) die();
diff -ruBN qmail-1.03.org/timeoutconn.c qmail-1.03/timeoutconn.c
--- qmail-1.03.org/timeoutconn.c 1998-06-15 06:53:16.000000000 -0400
+++ qmail-1.03/timeoutconn.c 2013-06-22 03:03:25.000000000 -0400
@@ -10,9 +10,10 @@
#include "byte.h"
#include "timeoutconn.h"
-int timeoutconn(s,ip,port,timeout)
+int timeoutconn(s,ip,outip,port,timeout)
int s;
struct ip_address *ip;
+struct ip_address *outip;
unsigned int port;
int timeout;
{
@@ -22,6 +23,13 @@
fd_set wfds;
struct timeval tv;
+ /* bind() an outgoing ipaddr */
+ byte_zero(&sin,sizeof(sin));
+ byte_copy(&sin.sin_addr.s_addr,4,outip);
+ sin.sin_family = AF_INET;
+
+ if (-1 == bind(s,(struct sockaddr *) &sin,sizeof(sin))) return -1;
+
byte_zero(&sin,sizeof(sin));
byte_copy(&sin.sin_addr,4,ip);
x = (char *) &sin.sin_port;
diff -ruBN qmail-1.03.org/uint32.h qmail-1.03/uint32.h
--- qmail-1.03.org/uint32.h 1969-12-31 19:00:00.000000000 -0500
+++ qmail-1.03/uint32.h 2013-06-22 03:03:25.000000000 -0400
@@ -0,0 +1,6 @@
+#ifndef UINT32_H
+#define UINT32_H
+
+typedef unsigned long uint32;
+
+#endif