diff options
| author |   Gilles Chehade <gilles@poolp.org> | 2018-12-22 10:17:35 +0100 |
|---|---|---|
| committer | Gilles Chehade <gilles@poolp.org> | 2018-12-22 10:17:35 +0100 |
| commit | 4dbf6143f9027056efb3e6afaa22543cf3492d04 (patch) | |
| tree | dfb830c430110ad4472ac70b5783c2edfeefb1e3 | |
| parent | sync (diff) | |
| download | OpenSMTPD-4dbf6143f9027056efb3e6afaa22543cf3492d04.tar.xz OpenSMTPD-4dbf6143f9027056efb3e6afaa22543cf3492d04.zip | |
sync
| -rw-r--r-- | smtpd/parse.y | 49 | ||||
| -rw-r--r-- | smtpd/ruleset.c | 8 | ||||
| -rw-r--r-- | smtpd/smtpd.conf.5 | 22 | ||||
| -rw-r--r-- | smtpd/smtpd.h | 5 |
4 files changed, 73 insertions, 11 deletions
diff --git a/smtpd/parse.y b/smtpd/parse.y index d0efed8b..406a3ae0 100644 --- a/smtpd/parse.y +++ b/smtpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.241 2018/12/21 21:35:29 gilles Exp $ */ +/* $OpenBSD: parse.y,v 1.242 2018/12/22 08:54:02 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -190,7 +190,7 @@ typedef struct { %token ON %token PKI PORT PROC PROC_EXEC %token QUEUE QUIT -%token RCPT_TO RECIPIENT RECEIVEDAUTH REGEX RELAY REJECT REPORT REWRITE RSET +%token RCPT_TO RDNS RECIPIENT RECEIVEDAUTH REGEX RELAY REJECT REPORT REWRITE RSET %token SCHEDULER SENDER SENDERS SMTP SMTP_IN SMTP_OUT SMTPS SOCKET SRC SUB_ADDR_DELIM %token TABLE TAG TAGGED TLS TLS_REQUIRE TTL %token USER USERBASE @@ -927,11 +927,12 @@ negation TAG REGEX tables { rule->flag_tag_regex = 1; rule->table_tag = strdup(t->t_name); } + | negation HELO tables { struct table *t = $3; if (rule->flag_smtp_helo) { - yyerror("mail-helo already specified for this rule"); + yyerror("helo already specified for this rule"); YYERROR; } @@ -948,7 +949,7 @@ negation TAG REGEX tables { struct table *t = $4; if (rule->flag_smtp_helo) { - yyerror("mail-helo already specified for this rule"); + yyerror("helo already specified for this rule"); YYERROR; } @@ -1146,6 +1147,45 @@ negation TAG REGEX tables { rule->table_from = strdup(t->t_name); } +| negation FROM RDNS tables { + struct table *t = $4; + + if (rule->flag_from) { + yyerror("from already specified for this rule"); + YYERROR; + } + + if (!table_check_use(t, T_DYNAMIC|T_LIST, K_DOMAIN)) { + yyerror("table \"%s\" may not be used for rdns lookups", + t->t_name); + YYERROR; + } + + rule->flag_from = $1 ? -1 : 1; + rule->flag_from_rdns = 1; + rule->table_from = strdup(t->t_name); +} +| negation FROM RDNS REGEX tables { + struct table *t = $5; + + if (rule->flag_from) { + yyerror("from already specified for this rule"); + YYERROR; + } + + if (!table_check_use(t, T_DYNAMIC|T_LIST, K_DOMAIN)) { + yyerror("table \"%s\" may not be used for rdns lookups", + t->t_name); + YYERROR; + } + + rule->flag_from = $1 ? -1 : 1; + rule->flag_from_regex = 1; + rule->flag_from_rdns = 1; + rule->table_from = strdup(t->t_name); +} + + | negation FOR LOCAL { struct table *t = table_find(conf, "<localnames>", NULL); @@ -2164,6 +2204,7 @@ lookup(char *s) { "queue", QUEUE }, { "quit", QUIT }, { "rcpt-to", RCPT_TO }, + { "rdns", RDNS }, { "received-auth", RECEIVEDAUTH }, { "recipient", RECIPIENT }, { "regex", REGEX }, diff --git a/smtpd/ruleset.c b/smtpd/ruleset.c index 0aa9806c..7ab7755c 100644 --- a/smtpd/ruleset.c +++ b/smtpd/ruleset.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ruleset.c,v 1.37 2018/12/21 21:35:29 gilles Exp $ */ +/* $OpenBSD: ruleset.c,v 1.38 2018/12/22 08:54:02 gilles Exp $ */ /* * Copyright (c) 2009 Gilles Chehade <gilles@poolp.org> @@ -86,9 +86,13 @@ ruleset_match_from(struct rule *r, const struct envelope *evp) return -1; } - /* XXX - socket should also be considered local */ if (evp->flags & EF_INTERNAL) key = "local"; + else if (r->flag_from_rdns) { + if (strcmp(evp->hostname, "<unknown>") == 0) + return 0; + key = evp->hostname; + } else key = ss_to_text(&evp->ss); diff --git a/smtpd/smtpd.conf.5 b/smtpd/smtpd.conf.5 index 8736d3db..e9ca99ed 100644 --- a/smtpd/smtpd.conf.5 +++ b/smtpd/smtpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: smtpd.conf.5,v 1.208 2018/12/21 21:35:29 gilles Exp $ +.\" $OpenBSD: smtpd.conf.5,v 1.210 2018/12/22 08:54:02 gilles Exp $ .\" .\" Copyright (c) 2008 Janne Johansson <jj@openbsd.org> .\" Copyright (c) 2009 Jacek Masiulaniec <jacekm@dobremiasto.net> @@ -17,7 +17,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .\" -.Dd $Mdocdate: December 21 2018 $ +.Dd $Mdocdate: December 22 2018 $ .Dt SMTPD.CONF 5 .Os .Sh NAME @@ -504,6 +504,22 @@ or from the local enqueuer. This is the default, and may be omitted. .It Xo .Op Ic \&! +.Cm from rdns +.Ar hostname | Pf < Ar hostname Ns > +.Xc +Specify that session may only originate from an IP address that +resolves to a reverse DNS matching string or list string +.Ar hostname . +.It Xo +.Op Ic \&! +.Cm from rdns regex +.Ar hostname | Pf < Ar hostname Ns > +.Xc +Specify that session may only originate from an IP address that +resolves to a reverse DNS matching regex or list regex +.Ar hostname . +.It Xo +.Op Ic \&! .Cm from socket .Xc Specify that session may only originate from the local enqueuer. @@ -586,7 +602,7 @@ Matches transactions tagged with the given .Xc Matches transactions tagged with the given .Ar tag -regex . +regex. .It Xo .Op Ic \&! .Cm tls diff --git a/smtpd/smtpd.h b/smtpd/smtpd.h index d3c7b4d9..913c4478 100644 --- a/smtpd/smtpd.h +++ b/smtpd/smtpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpd.h,v 1.597 2018/12/21 21:35:29 gilles Exp $ */ +/* $OpenBSD: smtpd.h,v 1.598 2018/12/22 08:54:02 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -1201,11 +1201,12 @@ struct rule { int8_t flag_tag; int8_t flag_from; int8_t flag_for; + int8_t flag_from_rdns; int8_t flag_from_socket; int8_t flag_tag_regex; - int8_t flag_for_regex; int8_t flag_from_regex; + int8_t flag_for_regex; int8_t flag_smtp_helo; int8_t flag_smtp_starttls; |