diff options
| author |   deraadt <deraadt@openbsd.org> | 2002-10-04 23:16:41 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2002-10-04 23:16:41 +0000 |
| commit | 9bac424c3b69eacdf1ef94d897a5af9d3d1820da (patch) | |
| tree | 557b97c52bb57a12922d399532826ada30db56f6 | |
| parent | Match INTEL PRO_100_VE_2, too; Chris Nadovich <chris@jtan.com> (diff) | |
| download | wireguard-openbsd-9bac424c3b69eacdf1ef94d897a5af9d3d1820da.tar.xz wireguard-openbsd-9bac424c3b69eacdf1ef94d897a5af9d3d1820da.zip | |
smtpd leaves the building
36 files changed, 5 insertions, 9558 deletions
diff --git a/distrib/sets/lists/base/mi b/distrib/sets/lists/base/mi index 95ca864b0ee..96643a6f13c 100644 --- a/distrib/sets/lists/base/mi +++ b/distrib/sets/lists/base/mi @@ -1183,8 +1183,6 @@ ./usr/libexec/sftp-server ./usr/libexec/sm.bin ./usr/libexec/smrsh -./usr/libexec/smtpd -./usr/libexec/smtpfwdd ./usr/libexec/spellprog ./usr/libexec/ssh-keysign ./usr/libexec/tcpd @@ -1984,10 +1982,6 @@ ./usr/share/sendmail/siteconfig/uucp.old.arpa.m4 ./usr/share/sendmail/siteconfig/uucp.ucbarpa.m4 ./usr/share/sendmail/siteconfig/uucp.ucbvax.m4 -./usr/share/smtpd -./usr/share/smtpd/example.antispam -./usr/share/smtpd/example.features -./usr/share/smtpd/example.norelay ./usr/share/tabset ./usr/share/tabset/3101 ./usr/share/tabset/9837 @@ -3780,7 +3774,6 @@ ./var/spool/lpd ./var/spool/mqueue ./var/spool/output -./var/spool/smtpd ./var/spool/uucp ./var/spool/uucppublic ./var/ssyslog diff --git a/distrib/sets/lists/man/mi b/distrib/sets/lists/man/mi index f48051ef7c7..5bac804d7ab 100644 --- a/distrib/sets/lists/man/mi +++ b/distrib/sets/lists/man/mi @@ -1877,8 +1877,6 @@ ./usr/share/man/cat8/sliplogin.0 ./usr/share/man/cat8/slstats.0 ./usr/share/man/cat8/smrsh.0 -./usr/share/man/cat8/smtpd.0 -./usr/share/man/cat8/smtpfwdd.0 ./usr/share/man/cat8/snkadm.0 ./usr/share/man/cat8/snkinit.0 ./usr/share/man/cat8/sparc diff --git a/etc/rc.conf b/etc/rc.conf index c8469cbb9ad..26aca5f1609 100644 --- a/etc/rc.conf +++ b/etc/rc.conf @@ -1,6 +1,6 @@ #!/bin/sh - # -# $OpenBSD: rc.conf,v 1.79 2002/09/06 21:30:22 deraadt Exp $ +# $OpenBSD: rc.conf,v 1.80 2002/10/04 23:16:41 deraadt Exp $ # set these to "NO" to turn them off. otherwise, they're used as flags routed_flags=NO # for normal use: "-q" @@ -11,8 +11,6 @@ rarpd_flags=NO # for normal use: "-a" bootparamd_flags=NO # for normal use: "" rbootd_flags=NO # for normal use: "" sshd_flags="" # for normal use: "" -smtpfwdd_flags=NO # for normal use: ""; be sure to configure smtpd(8) - # and sendmail(8) to use MSA only named_flags=NO # for normal use: "" rdate_flags=NO # for normal use: [RFC868-host] or [-n RFC1361-host] timed_flags=NO # for normal use: "" diff --git a/libexec/Makefile b/libexec/Makefile index 9956f7adc83..b177ffce537 100644 --- a/libexec/Makefile +++ b/libexec/Makefile @@ -1,12 +1,12 @@ # from: @(#)Makefile 5.7 (Berkeley) 4/1/91 -# $OpenBSD: Makefile,v 1.32 2002/09/29 03:25:31 millert Exp $ +# $OpenBSD: Makefile,v 1.33 2002/10/04 23:16:41 deraadt Exp $ .include <bsd.own.mk> SUBDIR= comsat fingerd ftpd ftp-proxy getNAME getty identd lockspool \ mail.local makewhatis \ rpc.rquotad rpc.rstatd rpc.rusersd rpc.rwalld rpc.sprayd \ - rshd talkd tcpd telnetd tftpd uucpd smtpd + rshd talkd tcpd telnetd tftpd uucpd SUBDIR+=login_passwd login_skey login_krb4 login_krb4-or-pwd login_reject \ login_chpass login_lchpass login_token login_radius diff --git a/libexec/smtpd/Makefile b/libexec/smtpd/Makefile deleted file mode 100644 index ecc636a6a64..00000000000 --- a/libexec/smtpd/Makefile +++ /dev/null @@ -1,9 +0,0 @@ -# $OpenBSD: Makefile,v 1.1 1997/12/12 05:55:20 beck Exp $ - -SUBDIR= smtpd smtpfwdd - -#.if make(install) -#SUBDIR+= SMM.doc -#.endif - -.include <bsd.subdir.mk> diff --git a/libexec/smtpd/Makefile.inc b/libexec/smtpd/Makefile.inc deleted file mode 100644 index 203790c5078..00000000000 --- a/libexec/smtpd/Makefile.inc +++ /dev/null @@ -1,310 +0,0 @@ -# $OpenBSD: Makefile.inc,v 1.6 2002/06/19 19:13:50 pvalchev Exp $ - -########################################################## -## Compile time options, These set defaults ############## -########################################################## -# What mail agent should smtpfwdd use? -# This must take arguments of the form: -# "mailprog -f fromaddr toaddr toaddr ..." -# to deliver mail. -MAIL_AGENT = /usr/sbin/sendmail -#MAIL_AGENT = /usr/lib/sendmail - -# What user and group should smtpfwdd and smtpd run as? -# This MUST NOT be root, and must be a user that is "trusted" by -# sendmail or whatever you are using as MAIL_AGENT above so that the user -# may use the "-f" flag to specify the sender of a mail message. -SMTP_USER = uucp -SMTP_GROUP = daemon - -# smtpd and smtpfwdd generate lots of syslogs, by design. -# -# What log facility should smtpd and smtpfwdd use for syslogs? The -# default is LOG_MAIL, which is also used by critters like sendmail. -# if you don't like this and want the logs going elsewhere for easy -# perusal change this to something else (like LOG_LOCAL5) and adjust -# your /etc/syslog.conf file to deal with it to your liking. -# -# LOG_FACILITY=LOG_LOCAL5 -LOG_FACILITY = LOG_MAIL - - -# Where is the spool directory located? -# This is the directory used by smtpd to chroot to and store -# messages. It is the directory watched for messages by smtpfwdd. This -# directory should be readable and writable only to the user specified -# in SMTP_USER above. -# -# The chroot directory -SPOOLDIR = /var/spool/smtpd -# Where to store messages, relative to SPOOLDIR above. -SPOOLSUBDIR = . -#Use below instead of above if you don't want smtpd to chroot. This -#isn't normally a good idea if security is your main goal. A nice -#chroot jail may be a pain to build but should give you enough of a -#warm fuzzy to make it worth your while. -#SPOOLDIR = / -#SPOOLSUBDIR = usr/spool/smtpd - -# How frequently (in seconds) should smtpfwdd wake up to check the -# spool directory for new mail? -POLL_TIME = 10 - -# What is the maximum number of children smtpfwdd should spawn at one time -# when delivering messages before waiting for some to complete? This ensures -# the arrival of hundreds of mail messages doesn't run you out of processes. -MAXCHILDREN = 10 - -# Should smtpfwdd check the exit code of sendmail? smtpfwdd checks any -# non-zero exit status from sendmail to see if it indicates that -# sendmail thinks the message might be deliverable later. Normally -# this should not be a problem, however if you are not running -# sendmail as your delivery agent, or if your sendmail is broken, the -# exit codes may not mean much. In such a case you may not want -# smtpfwdd to retry message delivery when the mta exits indicating a -# failure. Setting SENDMAIL_RETRY to 0 below will make sure smtpfwdd -# never retries delivery if the MTA returns a non-zero exit -# status. You probably shouldn't change this unless you are sure you -# know what you are doing. -SENDMAIL_RETRY = 1 - -# Sendmail has a feature/bug that when feeding a message to it it will -# stop if a line contains only a '.'. This is suppressed in smtpfwdd -# by invoking sendmail with the "-oiTrue" option if the mail agent's -# name ends in the string "sendmail". If your "sendmail" isn't really -# sendmail, you may not need or want this. If so, change the SENDMAIL_OITRUE -# below to 0. -SENDMAIL_OITRUE = 1 - -# Sendmail can handle addresses quoted in <> on the command line. Some -# MTA's (like qmail) can't. set STRIP_QUOTES to 1 if you want smtpfwdd -# to peel off the <> from mail addresses on the command line when -# invoking the mta -STRIP_QUOTES = 0 - -# How many arguments can your execv() call take at once? This can be a -# conservative estimate. It determines the maximum number of -# recipients at a time that MAIL_AGENT will be invoked with by -# smtpfwdd. -# N.B. MAXARGS must be at least 6, or 5 if SENDMAIL_OITRUE (above) is 1. -# You may wish to change this to be 6 if you want your sendmail to be -# invoked separately for each receipient. -MAXARGS = 100 - -# How long (in seconds) should smtpd block on a read() call to a -# connected client before giving up on the connection? -READ_TIMEOUT = 600 - -# Should smtpd check hostnames and ip addresses of a connection -# against the DNS to verify consistency, and report any inconsistencies? -# Set to 0 for hostchecks, 1 for no hostchecks. Set this to 1 only if -# you don't want any name lookups done. -# NO_HOSTCHECKS = 1 -NO_HOSTCHECKS = 0 - -# Smtpd's default informational status messages in the smtp dialogue -# are somewhat unique and interesting (see smtpd.h). Normally these -# are only seen by people telnetting to your smtp port, or debugging -# mail. While the author has no shame and won't change the default -# It's understandable that they aren't everyone's cup of tea. Set -# VANILLA_MESSAGES below to 1 and smtp will use plain old politically -# correct Sendmail/RFC 821 style status messages. -VANILLA_MESSAGES = 1 # Boring.... -# VANILLA_MESSAGES = 0 - -# smtpd checks and clobbers and potentially "evil" characters in hostnames, -# and mail addresses received on FROM: and RCPT: lines. This clobbers things -# like a connection from hostname `/bin/rm -rf /`@evil.org, or mail to -# "| /bin/sh". It also clobbers things like 8bit chars in such things. -# smtpd always clobbers the characters it doesn't like, -# and syslogs a note of the fact. The options below determine whether or -# not smtpd will also drop the connection. -# -# Beware of setting this to 1 if your receive mail from sites where -# it's considered ok to put 8 bit ascii chars in message headers. -# -# If PARANOID_SMTP is 1, smtpd will close connection on any client -# that puts characters it thinks may be evil in the smtp dialogue, -# (HELO, FROM, RCPT), or in the message headers. -# When PARANOID_SMTP is 0, smtpd will replace the characters it thinks -# are evil and continue. -# PARANOID_SMTP = 1 -PARANOID_SMTP = 0 - -# -# If PARANOID_DNS is 1, smtpd will close connection on any client that -# has characters it thinks may be evil in it's hostname as found by DNS, -# or any client whose DNS forward and reverse mappings are inconsistent -# indicating a DNS spoof of misconfiguration. -# If PARANOID_DNS is 0, smtpd will replace any evil characters it sees -# continue. -# PARANOID_DNS = 1 -PARANOID_DNS = 0 - -# The check above will clobber stuff in the headers from some -# non north-american localizations. -# If your operating system has localization support -# you can define LOCALIZATION below to be your localization. -# For this to work, your operating system must support localization -# with setlocale, and you must copy the appropriate localization -# files into the right place in smtpd's chroot directory. -# The result of this is that smtpd will use a -# setlocale(LC_CTYPE, LOCALIZATION) to hopefully make sure -# your normal stuff won't get clobbered. -# Leave this set to 0 for no localization support. -# -# -# SET_LOCALE = 1 # Use a setlocale call to set localization -SET_LOCALE = 0 # don't include localization support at all -#LOCALIZATION = lt_LN.ISO_8859-1 -LOCALIZATION = C -#LOCALIZATION = POSIX -#LOCALIZATION = ISO-8859-1 -#LOCALIZATION = KOI-8 - -# Some sites may wish to ensure smtpd does *not* get run with command -# line options to affect the compiled-in behaviours. Set -# NO_COMMANDLINE_OPTIONS to 1 to make smtpd and smtpfwdd ignore any command -# line options. -#NO_COMMANDLINE_OPTIONS=1 -NO_COMMANDLINE_OPTIONS=0 - -# Smtpd does not support ESMTP's EHLO command normally, as it shouldn't -# need to. According to RFC, if the EHLO is unrecognized the connecting -# agent should drop back to a HELO on the second attempt (and then be -# talking vanilla smtp). Unfortunately Netscape Communicator betas seem -# seem to have a bug in which they simply try the EHLO again. Sigh. -# setting EHLO_KLUDGE to 1 will make smtpd accept a second EHLO as a helo, -# thereby kludging around this bug in Communicator. -#EHLO_KLUDGE=1 -EHLO_KLUDGE=0 - - -# smtpd can check FROM and RCPT addresses, along with the connecting -# host info using an address check file. This can be used to only -# allow certain mail addresses on a FROM:, or certain combinations of -# FROM: and RCPT from certain hosts. It can be used to prevent third -# party relays, enforce outgoing address conventions, prevent outgoing -# SPAM/obvious forgeries, or block incoming SPAM. Setting this to 0 will -# mean that none of the address checking functionality is compiled in at -# all. (meaning all of address_check.c is #ifdefed out). -CHECK_ADDRESS = 1 -# CHECK_ADDRESS = 0 - -# Set This to 1 if you are running smtpd on a Juniper firewall machine. -# This enables smtpd to use juniper's trusted/untrusted interface -# mechanism, allowing you to use the UNTRUSTED or TRUSTED specials -# in address check rules to match based on what kind of interface -# a connection arrived on. -# -# You must set this to 0 this on a non-juniper machine or smtpd will not -# build with CHECK_ADDRESS set to 1. You will get an error about -# juniper_firewall.h not existing if you forget this. -# -#JUNIPER_SUPPORT=1 -JUNIPER_SUPPORT=0 - -# Use regexp's in patterns? If you have a POSIX <regex.h> and friends, -# and you trust the regex lib enough for use, you can set USE_REGEX to -# 1, this allows you to specify a pattern enclosed in "/" as a regular -# POSIX/henry-spencer style extended regex for case insensitive matching -# (what's between the "/" gets fed to regcomp with -# REG_EXTENDED|REG_ICASE|REG_NOSUB options, then matched against) -# -# Note that older beasts (like SunOS 4.X) usually don't have a regex -# library, so if you're using something that doesn't you should set this -# to 0. -# -#USE_REGEX=0 -USE_REGEX=1 - -# Enable checking namservers? with NS_MATCH set to 1, patterns of the -# form NS=pattern can be used to match rules against the nameservers -# and MX records of originating connections or mail addresses, rather -# than the connection itself. This allows for small rules to block out -# whole blocks of bozos from rogue providers such as ispam.net should -# you choose to do so. i.e. -# -#noto_delay:NS=205.199.212.0/24 NS=205.199.2.0/24 NS=207.124.161.0/24:ALL:ALL -#noto_delay:ALL:NS=205.199.212.0/24 NS=205.199.2.0/24 NS=207.124.161.0/24:ALL -# -# would effectively block off anything originiating from, or with a FROM: -# address looking like any of it's nameservers are on one of cyberpromo.com's -# addresses. -# -# uncomment the LD_LIBS line as well if you enable NS_MATCH unless your -# resolver routines are in libc (like they are on some Linuxes) -# -# The NS_MATCH feature is lovingly dedicated by Bob Beck to Spamford -# Wallace and ispam.net -# -#NS_MATCH=0 -NS_MATCH=1 -LD_LIBS+=-lresolv # you may or may not need this. - -# The rules file for address checking, if enabled, remember this file -# will be in the chroot jail, so the line below probably means -# /usr/spool/smtpd/etc/smtpd_check_rules, unless you changed the -# chroot directory above. -CHECK_FILE = /etc/smtpd_check_rules - -# address checking rules may want user information, gotten from an RFC -# 931 style ident. This info may be passed in the environment to smtpd -# (from juniperd or the tcp wrapper), or smtpd will do the ident -# request itself if required. CHECK_IDENT determines the timeout (in -# seconds) on an ident request. if CHECK_IDENT is 0, no ident -# requests will be made by smtpd even if it sees a rule that would -# normally make it perform one. -# CHECK_IDENT = 0 -CHECK_IDENT = 10 - -# If you use the address checks to block incoming mail from certain -# spam sites, you can set NOTO_DELAY and DENY_DELAY below to specify -# the time in seconds smtpd will go to sleep for after matching a -# "noto_delay" or "deny_delay" rule. This makes your site a small -# headache to the spammer since they have to wait before being denied, -# instead of immediately knowing so, and proceeding on to their next -# victim. -# NOTO_DELAY = 0 -# DENY_DELAY = 0 -# NOTO_DELAY = 300 -# DENY_DELAY = 300 -NOTO_DELAY = 50 -DENY_DELAY = 50 - -# Because CHECK_ADDRESS above is meant to be used as a nuisance filter -# the default is to ALLOW on failure rather than deny service when no -# match is found, or if something happens while attempting to match a -# rule (such as a system call failure, or you make a syntax error in the -# rules file). Change -# CHECK_ADDRESS_DENY_ON_FAILURE to 1 to have smtpd not allow anything -# not explicitly allowed by the rules. -# CHECK_ADDRESS_DENY_ON_FAILURE = 1 -CHECK_ADDRESS_DENY_ON_FAILURE = 0 - - - -########################################################## -## End of compile time options. ########################## -########################################################## - -OPTIONS = -DMAIL_AGENT=\"$(MAIL_AGENT)\" -DSMTP_USER=\"$(SMTP_USER)\" \ - -DSMTP_GROUP=\"$(SMTP_GROUP)\" \ - -DLOG_FACILITY=$(LOG_FACILITY) -DVANILLA_MESSAGES=$(VANILLA_MESSAGES) \ - -DSPOOLDIR=\"$(SPOOLDIR)\" -DSPOOLSUBDIR=\"$(SPOOLSUBDIR)\" \ - -DPOLL_TIME=$(POLL_TIME) -DSENDMAIL_RETRY=$(SENDMAIL_RETRY) \ - -DSENDMAIL_OITRUE=$(SENDMAIL_OITRUE) -DSTRIP_QUOTES=$(STRIP_QUOTES) \ - -DMAXCHILDREN=$(MAXCHILDREN) -DMAXARGS=$(MAXARGS) \ - -DREAD_TIMEOUT=$(READ_TIMEOUT) -DNO_HOSTCHECKS=$(NO_HOSTCHECKS) \ - -DPARANOID_SMTP=$(PARANOID_SMTP) -DPARANOID_DNS=$(PARANOID_DNS) \ - -DNO_COMMANDLINE_OPTIONS=$(NO_COMMANDLINE_OPTIONS) \ - -DEHLO_KLUDGE=$(EHLO_KLUDGE) \ - -DCHECK_ADDRESS=$(CHECK_ADDRESS) -DCHECK_FILE=\"$(CHECK_FILE)\" \ - -DCHECK_ADDRESS_DENY_ON_FAILURE=$(CHECK_ADDRESS_DENY_ON_FAILURE) \ - -DCHECK_IDENT=$(CHECK_IDENT) \ - -DNOTO_DELAY=$(NOTO_DELAY) -DDENY_DELAY=$(DENY_DELAY) \ - -DSET_LOCALE=$(SET_LOCALE) -DLOCALIZATION=\"$(LOCALIZATION)\" \ - -DJUNIPER_SUPPORT=$(JUNIPER_SUPPORT) -DNS_MATCH=$(NS_MATCH) \ - -DUSE_REGEX=$(USE_REGEX) - -CFLAGS += -DUSE_FLOCK -DUSE_MKSTEMP $(OPTIONS) diff --git a/libexec/smtpd/smtpd/Makefile b/libexec/smtpd/smtpd/Makefile deleted file mode 100644 index 41b9de08586..00000000000 --- a/libexec/smtpd/smtpd/Makefile +++ /dev/null @@ -1,14 +0,0 @@ -# from: @(#)Makefile 8.1 (Berkeley) 6/6/93 -# $OpenBSD: Makefile,v 1.4 1998/06/03 08:56:56 beck Exp $ - -PROG= smtpd -CFLAGS+=-I${.CURDIR}/../src -SRCS= smtpd.c address_check.c accumlog.c -BINOWN= root -BINGRP= daemon -BINMODE=500 -BINDIR= /usr/libexec -MAN= smtpd.8 -.PATH: ${.CURDIR}/../src - -.include <bsd.prog.mk> diff --git a/libexec/smtpd/smtpd/smtpd.8 b/libexec/smtpd/smtpd/smtpd.8 deleted file mode 100644 index 9b186146ea2..00000000000 --- a/libexec/smtpd/smtpd/smtpd.8 +++ /dev/null @@ -1,185 +0,0 @@ -.\" $OpenBSD: smtpd.8,v 1.19 2001/08/20 06:09:32 mpech Exp $ -.Dd December 10, 1997 -.Dt SMTPD 8 -.Os -.Sh NAME -.Nm smtpd -.Nd Obtuse Systems SMTPD message storing daemon -.Sh SYNOPSIS -.Nm smtpd -.Op Fl HPDLq -.Op Fl c Ar chrootdir -.Op Fl d Ar spooldir -.Op Fl u Ar user -.Op Fl g Ar group -.Op Fl m Ar myname -.Op Fl s Ar maxsize -.Op Fl l Ar listenip -.Op Fl p Ar listenport -.Op Fl i Ar pidfile -.Sh DESCRIPTION -.Nm -talks the Simple Mail Transfer Protocol (SMTP) with -other SMTP daemons to receive mail from them and saves it into a spool -directory for later processing. -It is the store portion of an SMTP store and forward proxy. -The symbiotic companion program -.Xr smtpfwdd 8 -is used to forward the spooled mail on to its eventual destination. -.Nm -is normally invoked from a super-server such as -.Xr inetd 8 . -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl c Ar chrootdir -Specify a different -.Ar chrootdir -directory to chroot into on startup. -The default is -.Pa /var/spool/smtpd . -This directory should be readable and writable only to the user that -.Nm -runs as. -.It Fl d Ar spooldir -Specify a different spool directory within the chrooted subtree. -The default is -.Dq \&. , -making -.Nm -spool files to the directory it chroots itself to. -.It Fl D -Tells -.Nm -to run as a daemon, listening on port 25. -The default is not to run as a daemon. -.It Fl g Ar group -Specify a -.Ar group -to run as. -.It Fl H -Disable host checking against the DNS. -By default, -.Nm -checks and will complain in the syslogs if the DNS information for -a host seems to indicate a possible spoof or misconfiguration. -.It Fl i Ar pidfile -Specify a filename that -.Nm -should lock and write its PID to when running as a daemon. -Doesn't do anything if running from inetd. -Default PID file in daemon mode is -.Pa /var/run/smtpd.pid -on BSD systems, or -.Pa /usr/spool/smtpd/smtpd.pid -on non-BSD systems. -.It Fl l Ar listenip -Specify an IP address in dotted quad format for -.Nm -to accept connections to. -In daemon mode this limits the address that -.Nm -listens on. -In inetd mode, -.Nm smtpd -will issue a 521 error code and exit if connected to an address other than -the specified one. -By default, -.Nm -accepts a connection no matter what address it is connected to. -.It Fl L -Suppress children in daemon mode (above) from doing an -openlog() call. -This means your syslogs won't have PID -information, but is useful if you don't want to have to set up -your chroot jail for -.Nm -in a manner that an openlog() call will work in it. -.It Fl m Ar myname -Specify -.Ar myname , -the hostname the daemon should announce itself as. -The default is whatever -.Fn gethostname -returns. -.It Fl p Ar listenport -Specify a decimal port number for -.Nm -to listen when running as a daemon. -Doesn't do anything if running -from inetd. -.It Fl P -Enable paranoid mode of operation. -In this mode connections are dropped from any client feeding -.Nm -a suspicious hostname, FROM: or RCPT: lines containing characters -indicative of an attempt to do something evil, or any message headers -that aren't 8-bit clean. -The default is to log such occurrences and -substitute for the offending characters, but not drop the connection. -.It Fl q -Tell -.Nm -to be quieter. -By default, -.Nm -emits very verbose syslog messages. -With this option it will emit one line of log for each normal message exchange. -.It Fl s Ar maxsize -Specify -.Ar maxsize , -the maximum size (in bytes) of mail message the daemon should accept. -The default is not to have a maximum size. -.It Fl u Ar user -Specify a -.Ar user -to run as. -This user must not be root but -should be a user that is able to run sendmail and use the -.Fl f -option to specify the sender of a mail message. -.El -.Sh FILES -The address checking file is normally -.Pa etc/smtpd_check_rules , -within the chroot directory. -.Pp -The address check file, when enabled, is read for each RCPT line in the -SMTP dialogue. -Each rule is checked with the current source (SMTP client machine and -possibly user from ident) and the current -.Dq FROM: -and -.Dq RCPT: -addresses. -.Sh SEE ALSO -.Xr inetd 8 , -.Xr sendmail 8 , -.Xr smtpfwdd 8 -.Pp -.Pa /usr/share/smtpd -\- example configuration files. -.Pp -.Pa http://www.obtuse.com/smtpd.html -\- more examples and rules file details. -.Sh BUGS -Mistakes in -.Pa /etc/smtpd_check_rules -can discard legitimate mail and annoy -your users and other postmasters a very great deal! When -combined with custom return codes it is possible to write rules -that completely break the smtp protocol. -It is important to test your rules out and be absolutely sure they do -exactly what you want and no more. -.Pp -If -.Xr sendmail 8 -is not run as a daemon when using -.Nm -and -.Xr smtpfwdd 8 , -one must use cron to periodically invoke sendmail -q so that -queued messages are retried for eventual delivery. -Alternatively, -.Xr sendmail 8 -may be run as a daemon, but configured not to listen to the network. diff --git a/libexec/smtpd/smtpfwdd/Makefile b/libexec/smtpd/smtpfwdd/Makefile deleted file mode 100644 index f6bab7ebc76..00000000000 --- a/libexec/smtpd/smtpfwdd/Makefile +++ /dev/null @@ -1,14 +0,0 @@ -# from: @(#)Makefile 8.1 (Berkeley) 6/6/93 -# $OpenBSD: Makefile,v 1.4 1998/06/03 08:57:00 beck Exp $ - -PROG= smtpfwdd -CFLAGS+=-I${.CURDIR}/../src -SRCS= smtpfwdd.c accumlog.c -BINOWN= root -BINGRP= daemon -BINMODE=500 -BINDIR= /usr/libexec -MAN= smtpfwdd.8 -.PATH: ${.CURDIR}/../src - -.include <bsd.prog.mk> diff --git a/libexec/smtpd/smtpfwdd/smtpfwdd.8 b/libexec/smtpd/smtpfwdd/smtpfwdd.8 deleted file mode 100644 index a7f4ffa91bc..00000000000 --- a/libexec/smtpd/smtpfwdd/smtpfwdd.8 +++ /dev/null @@ -1,121 +0,0 @@ -.\" $OpenBSD: smtpfwdd.8,v 1.16 2002/10/01 02:34:07 deraadt Exp $ -.Dd December 10, 1997 -.Dt SMTPFWDD 8 -.Os -.Sh NAME -.Nm smtpfwdd -.Nd Obtuse Systems SMTPFWDD message forwarding daemon -.Sh SYNOPSIS -.Nm smtpfwdd -.Op Fl q -.Op Fl d Ar spooldir -.Op Fl u Ar user -.Op Fl g Ar group -.Op Fl s Ar mailprog -.Op Fl M Ar maxchildren -.Op Fl P Ar poll time -.Sh DESCRIPTION -The -.Nm -daemon forwards mail messages from a spool directory to -their eventual destinations. -It regularly scans the spool directory in -which its symbiotic companion program -.Xr smtpd 8 -stores messages and invokes -a mail program (such as -.Xr sendmail 8 ) -to forward them. -It is the forward portion of an SMTP store and forward proxy. -.Nm -is a standalone daemon, usually invoked at system startup. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl d -Specify a different spool -.Ar directory . -This should be the same directory in which -.Xr smtpd 8 -is spooling files (usually -.Pa /var/spool/smtpd ) -.It Fl g -Specify a -.Ar group -to run as. -Same as user above. -.It Fl M -Specifies -.Ar maxchildren -as the maximum number of children -.Nm -should be allowed to spawn at once when delivering mail. -Default is 10. -.It Fl P -specifies a polling interval of -.Ar polltime -seconds indicating how often the master -.Nm -process should wake up and check the spool directory for new mail -to forward. -Default is 10 seconds. -.It Fl q -Tell -.Nm -to be quieter. -By default, -.Nm -emits very verbose syslog messages. -With -this option it will emit one line of log for each normal message exchange. -.It Fl s -Specify a different mail program to use to forward mail. -The default is -.Pa /usr/sbin/sendmail -Any replacement must be able to be invoked in the same manner as sendmail -with a -f fromaddress, followed by one or more destination addresses -on the command line. -.It Fl u -Specify a -.Ar user -to run as. -This user must not be root but should normally be a user that is able to run -.Xr sendmail 8 -and use the -.Fl f -option to specify the sender of a mail message. -.El -.Sh SEE ALSO -.Xr inetd 8 , -.Xr sendmail 8 , -.Xr smtpd 8 -.Sh BUGS -Since -.Xr sendmail 8 -is not normally running as a daemon when using -.Xr smtpd 8 -and -.Xr smtpfwdd 8 , -one must use cron to periodically invoke sendmail -q so that -queued messages are retried for eventual delivery, alternatively sendmail -may be run standalone, but not listening to the network if your version -of sendmail supports doing this correctly. -.Pp -There are many different variations of sendmail. -.Nm -will check -and pay attention to the exit status of the sendmail processes it -invokes, possibly retrying an invocation of sendmail. -If you aren't using real unadulterated Berkeley sendmail or a recent -vintage, you may need to disable the exit status checking at compile time. -.Pp -.Xr sendmail 8 -can't handle a -.Ql \&. -on one line in a message body. -This problem is bypassed in -.Nm -by giving sendmail the option -.Fl oitrue . -Again, if you aren't using genuine sendmail, you may need to disable this at -compile time. diff --git a/libexec/smtpd/src/CREDITS b/libexec/smtpd/src/CREDITS deleted file mode 100644 index c45b9b6ff7a..00000000000 --- a/libexec/smtpd/src/CREDITS +++ /dev/null @@ -1,129 +0,0 @@ - - The following people have contributed to smtpd/smtpfwdd. - It is meant to cover anyone who has provided patches/suggestions - criticisms that we have incorporated into the code. - - It isn't our intention to steal anyone's thunder or forget - anyone. Please let us know if you aren't on here and you feel - you deserve to be. -Bob Beck <beck@obtuse.com> - ------------------------------------------------------------------------- - -Who: Julian Assange, proff@suburbia.net -What: Nice fix to make smtpd check the message headers for long lines or - unprintables, umask sanity setting at start. - -Who: matt@uts.edu.au -What: Catch dumb Voyager-esque parenthesis placement bug, thereby fixing - the possiblilty of a lockf() call failing unnoticed in smtpd. - -Who: Bill Warner, lww@ictech.com -What: Noticed, and let us fix the pathological cases of: - 1) smtpd being blasted in mid-message by a machine reboot leaving - perpetually incomplete spool files in the directory. - 2) smtpd used to send the "250 ok" message to the remote client - *before* successfully closing the spool file, so the message - could fail even though the client was told it worked. - -Who: Bill Warner, lww@ictech.com -What: Fix body detection in message header check. Smtpd was checking message - entire message body for long lines. - -Who: Andre Albsmeier, Andre.Albsmeier@mchp.siemens.de -What: Notice that the Makefile and code incorrectly enforced that - MAXARGSS had to be at least 6, when it really only needed to be - at least 5. Also submitted the smtpfilter.c filter in the - contrib directory. - -Who: Andre Albsmeier, Andre.Albsmeier@mchp.siemens.de -What: Fix optarg/optind declaration for SunOS. Take note of EX_NOUSER - case as more banal than other sendmail failure modes. - -Who: Brett Hawn, blh@draconia.com -What: Noticed Netscape Communicator EHLO braindeath and some characters - like "+" which smtp_cleanitup was munching in addresses that it - really shouldn't. - -Who: Marcus Schwartz, marcus@schwartz.org -What: The SPOOLDIR makefile options to allow for creating the spool - dir away from the top level chroot. Also the NO_COMMAND_LINE_OPTIONS - in case you want to ensure smtpd is always run with the options - you compiled into it. - -Who: Brett Hawn and Marcus Schwartz -What: Submitting patches for several different forms of address checking - that never made it in, but served to convince me that people might - actually need or want the type of address checking functionality - now going in to 2.0. - -Who: Eduardo Egues <eddie@mail.infocom.etecsa.cu> -What: Bug fix (broken check rules) in smtpd-2.0b2 - -Who: Pedro Vazquez <vazquez@IQM.Unicamp.BR> -What: Testing and suggesting Localization stuff, Much good e-mail - discussion, suggesting Paranoid mode split into PARANOID_DNS - and PARANOID_SMTP - -Who: Spamford Wallace <wallace@cyberpromo.com> -What: SPAM Ticking me off enough to make me write the NS=stuff so I didn't - have to maintain a huge list of all his domains/customers. Also - provides nice "Subscribe Me to get more spam NOW" button on web - site. Very convenient for testing. - -Who: Andreas Borchert <borchert@mathematik.uni-ulm.de> -What: Noticed the forward/reverse name comparison in smtpd was incorrect - in smtpd 2.0b6 (and previous). Changed to use strcasecmp to compare - case insensitively as it should be. - -Who: Andrew Foster <adf@fl.net.au> -What: Suggestion for regular expresssions and configurable messages. - and testing of the same. - -Who: Matthew Tolle <matt@primenet.com> -What: Caught bug in 2.0 beta 6 - smtpd would SEGV if you were using the - USER special and the connecting host didn't do ident! - -Who: Terry Echiverri (terry@nol.net) -What: smtpfwdd not using LOG_FACILITY from makefile in beta 7. Much - helpful discussion. - -Who: Pauline van Winsen <Pauline.van.Winsen@uniq.com.au> -What: Caught Bug where smtpd would treat dn_expand failure in expanding - an NS or MX record too seriously - as a syscall failure allowing message. - -Who D'Arcy J.M. Cain <darcy@druid.net> -What: bug where KNOWN hosts weren't being matched. Noticed problem with - daemon mode children re-opening logs inside chroot, were logs might - not work depending on how we have set up the chroot hole. gave me - most of the -L option to allow people to bypass this problem. - -Who: Cy Schubert <cschuber@uumail.gov.bc.ca> -What: Add -P option to smtpfwdd to change the poll time on the command line. - -Who: D'Arcy J.M. Cain <darcy@druid.net> -What: Add "debug" rule to rules file, useful for debugging expermental rules. - -Who: Henning P. Schmiedehausen <hps@tanstaafl.de> -What: Caught bug: was missing the skipover of the priority - in grokking MX records. - -Who: Peter Marelas <maral@phase-one.com.au> -What: Caught bug, smtpd leaked fd's from address_check.c - could run out - of fd's on a message with lots of recipients. - -Who: Simon J. Gerraty <sjg@quick.com.au> -What: Noticed sendmail needing -oiTrue to handle lonesome "." on line by - itself properly. Sigh. - -Who: Mark Seiden <mis@seiden.com> -What: Bug where smtpd wouldn't catch sigpipe if client goes away while - sending message body - could make smtpd exit and leave an incomplete - spool file sitting in the spool dir. - -Who: Simon J. Gerraty <sjg@quick.com.au> -What: Contributed new -q logging format and fixes for spaces within - quoted local-part so smtpd doesn't smack X400 messages. - -Who: Henning P. Schmiedehausen <hps@tanstaafl.de> -What: Contributed -l option to allow for smtpd to be restricted to - answering on only one address on a box with many addresses. diff --git a/libexec/smtpd/src/INSTALL b/libexec/smtpd/src/INSTALL deleted file mode 100644 index 0a6296b88d4..00000000000 --- a/libexec/smtpd/src/INSTALL +++ /dev/null @@ -1,109 +0,0 @@ -Installation: - -1) Pick a user and group that smtpd/smtpfwdd will run as. These -MUST NOT BE ROOT, but should be specified as a user that can run -"sendmail -f" to specify the sender of a mail message. "uucp" or "daemon" -might be a good choice. If you are running sendmail, check the /etc/sendmail.cf -file for a section like: --------------------------8<-------------------------------------- -##################### -# Trusted users # -##################### - -Troot -Tdaemon -Tuucp -Tmajordom --------------------------8<-------------------------------------- - Be sure your user is one of those trusted by sendmail. Add the user -to the cf file if they aren't there. - -2) Pick a directory where smtpd will store incoming mail before -forwarding it. The default location is "/usr/spool/smtpd". Create this -directory, and change it so that it is owned by the user you chose, and -is readable, writable and accessable ONLY to that user (i.e. mode 700). - -3) Edit the makefile to reflect your choices for the user and -directory above, as well as anything else that tickles your fancy, -such as the install location, rules checking, etc. - -***IMPORTANT*** If you *DO NOT* have the Juniper firewall toolkit -installed, you must change JUNIPER_SUPPORT=1 to JUNIPER_SUPPORT=0 -in the makefile or smtpd probably won't build. - -***IMPORTANT*** be sure to uncomment your choice of operating system -at the bottom of the makefile. - -4) Type "make" to build the daemons. - -5) Type "make install" to install them. This will barf horribly -if you're on a machine with a broken (i.e. System V :) "install" program. -If it does, install by hand, or get a copy of gnu install. - -6) Make an "etc" directory in /usr/spool/smtpd (or whatever you picked). -and copy your /etc/resolv.conf file to /usr/spool/smtpd/etc/resolv.conf. You -will need this since smtpd checks hostnames while being chrooted to the spool -directory, so it needs a copy of /etc/resolv.conf to find your nameserver. -On Solaris you need other stuff too. It's detailed in the file INSTALL.SOLARIS - -7) Make a copy of your timezone configuration file to the appropriate -place under /usr/spool/smtpd (or whatever you picked). i.e. if your -file is /etc/localtime, copy it to /usr/spool/smtpd/etc/localtime. if -it is /usr/lib/timezone/localtime, copy to -/usr/spool/smtpd/usr/lib/timezone/localtime, etc. The location of these -files will vary by OS. (Or even from distribution to distribution in the -case of Linux) -Again, since smtpd is chrooted to this directory, you need a copy of the -timezone file, or your syslog messages will show up in GMT time. (If they -do, you didn't get the right file :-) - -8) Kill off your old mail transport daemon if you are running one. -9) Edit /etc/inetd.conf and add a line like: - -smtp stream tcp nowait root /usr/local/sbin/smtpd smptd - - Or, if you're using juniper, edit /etc/juniperd.conf and - make sure you have a definition like: - -proxy smtpd tcp - port smtp - username root - options trusted-ident untrusted-ident acct - captured-proxy NONE - trusted-daemon /usr/local/sbin/smtpd smtpd - untrusted-daemon /usr/local/sbin/smtpd smtpd -end-proxy - - -10) For inetd, restart inetd, (usually with a "kill -HUP"), for juniper, - restart with "/usr/local/juniper/bin/jc restart". - -11) Start the forwarding daemon. (As root, run /usr/local/sbin/smtpfwdd) - -12) Edit your system startup files so that smtpfwdd is started - INSTEAD of sendmail, or anything you were running before. - -13) Check your /etc/syslog.conf file. Many systems (such as many linux - distribs) come with notoriously lame /etc/syslog.conf setups. - smtpd generates lots of logs which will be onerous if you don't - have your syslogs set up nice. I personally prefer a line such as - -mail.debug /var/log/mail.log - - to catch all smtpd/smtpfwdd/sendmail logs to one file, which I - then rotate frequently, but your mileage may vary depending on - your system and your preferences. - -14) If you are using sendmail, you may need to ensure sendmail gets - invoked to process any queued messages periodically. You can do this - with a cron job that runs "sendmail -q" periodically (such as - every 20 minutes or so). I.E. (in root's crontab): - -# Flush sendmail queues every 20 mins -14,34,54 * * * * /usr/sbin/sendmail -q - - Sendmail also has an option that will allow it to run - persistently, checking the queue periodically but not listening on - the network. You may choose to use this instead of a cron job, - but beware that this feature was broken until recent sendmail - releases. diff --git a/libexec/smtpd/src/INSTALL.SOLARIS b/libexec/smtpd/src/INSTALL.SOLARIS deleted file mode 100644 index 2bb0a06186b..00000000000 --- a/libexec/smtpd/src/INSTALL.SOLARIS +++ /dev/null @@ -1,79 +0,0 @@ - - First, read the file INSTALL. This file gives details of what -needs to be in the chroot jail for smtpd to work properly on a SunOS -5.5.1 machine. - - The basics are, you need /etc/netconfig, /etc/resolv.conf and -/etc/nsswitch.conf, as well as /dev/udp. the nsswitch.conf file must -have "files" only for everything except hosts which should be "files -dns". you'll need to do a mknod to make a /dev/udp in the chroot, major -11, minor 41. An ls -lR, and the etc/nsswitch.conf file used are below. -(This machine is in the Canada/Mountain timezone, so your timezone files -will be different most likely). - ----------ls -lR--------- -/usr/spool/smtpd: -total 6 -drwxr-xr-x 2 root other 512 Jul 28 16:26 dev -drwxr-xr-x 2 root other 512 Aug 4 14:26 etc -drwxr-xr-x 3 root other 512 Jul 23 10:54 usr - -/usr/spool/smtpd/dev: -total 0 -crw-rw-rw- 1 root other 11, 41 Jul 28 16:26 udp - -/usr/spool/smtpd/etc: -total 28 --r-xr-xr-x 1 root other 467 Jul 23 10:53 TIMEZONE --r--r--r-- 1 root other 1064 Jul 28 16:08 netconfig --rw-r--r-- 1 root other 690 Jul 23 10:46 nsswitch.conf --rw-r--r-- 1 root other 2535 Aug 7 20:06 smtpd_check_rules - -/usr/spool/smtpd/usr: -total 2 -drwxr-xr-x 3 root other 512 Jul 23 10:54 share - -/usr/spool/smtpd/usr/share: -total 2 -drwxr-xr-x 3 root other 512 Jul 23 10:54 lib - -/usr/spool/smtpd/usr/share/lib: -total 2 -drwxr-xr-x 3 root other 512 Jul 23 10:54 zoneinfo - -/usr/spool/smtpd/usr/share/lib/zoneinfo: -total 2 -drwxr-xr-x 2 root other 512 Jul 23 10:55 Canada - -/usr/spool/smtpd/usr/share/lib/zoneinfo/Canada: -total 2 --rw-r--r-- 1 root other 842 Jul 23 10:55 Mountain - - -------------8< /usr/spool/smtpd/etc/nsswitch.conf 8<------------- -# -# /etc/nsswitch.files: -# -# An example file that could be copied over to /etc/nsswitch.conf; it -# does not use any naming service. -# -# "hosts:" and "services:" in this file are used only if the -# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports. - -passwd: files -group: files -hosts: files dns -networks: files -protocols: files -rpc: files -ethers: files -netmasks: files -bootparams: files -publickey: files -# At present there isn't a 'files' backend for netgroup; the system will -# figure it out pretty quickly, and won't use netgroups at all. -netgroup: files -automount: files -aliases: files -services: files -sendmailvars: files diff --git a/libexec/smtpd/src/LICENSE b/libexec/smtpd/src/LICENSE deleted file mode 100644 index 0bc33f347c8..00000000000 --- a/libexec/smtpd/src/LICENSE +++ /dev/null @@ -1,30 +0,0 @@ -Copyright (c) 1996, 1997 Obtuse Systems Corporation. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - This product includes software developed by Obtuse Systems - Corporation and its contributors. -4. Neither the name of the Obtuse Systems Corporation nor the names - of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY OBTUSE SYSTEMS CORPORATION AND -CONTRIBUTORS ``AS IS''AND ANY EXPRESS OR IMPLIED WARRANTIES, -INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -IN NO EVENT SHALL OBTUSE SYSTEMS CORPORATION OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN -IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/libexec/smtpd/src/Makefile b/libexec/smtpd/src/Makefile deleted file mode 100644 index 02cdf8c6a64..00000000000 --- a/libexec/smtpd/src/Makefile +++ /dev/null @@ -1,378 +0,0 @@ -# $OpenBSD: Makefile,v 1.5 2001/08/23 14:17:08 aaron Exp $ - -########################################################## -## Where do I get installed? ############################# -########################################################## -INSTALL_PREFIX = /usr/local/ -INSTALL_BIN = sbin/ -INSTALL_MAN = man/ - -########################################################## -## Compile time options, These set defaults ############## -########################################################## -# What mail agent should smtpfwdd use? -# This must take arguments of the form: -# "mailprog -f fromaddr toaddr toaddr ..." -# to deliver mail. -MAIL_AGENT = /usr/sbin/sendmail -#MAIL_AGENT = /usr/lib/sendmail - -# What user and group should smtpfwdd and smtpd run as? -# This MUST NOT be root, and must be a user that is "trusted" by -# sendmail or whatever you are using as MAIL_AGENT above so that the user -# may use the "-f" flag to specify the sender of a mail message. -SMTP_USER = uucp -SMTP_GROUP = uucp - -# smtpd and smtpfwdd generate lots of syslogs, by design. -# -# What log facility should smtpd and smtpfwdd use for syslogs? The -# default is LOG_MAIL, which is also used by critters like sendmail. -# if you don't like this and want the logs going elsewhere for easy -# perusal change this to something else (like LOG_LOCAL5) and adjust -# your /etc/syslog.conf file to deal with it to your liking. -# -# LOG_FACILITY=LOG_LOCAL5 -LOG_FACILITY = LOG_MAIL - - -# Where is the spool directory located? -# This is the directory used by smtpd to chroot to and store -# messages. It is the directory watched for messages by smtpfwdd. This -# directory should be readable and writable only to the user specified -# in SMTP_USER above. -# -# The chroot directory -SPOOLDIR = /usr/spool/smtpd -# Where to store messages, relative to SPOOLDIR above. -SPOOLSUBDIR = . -#Use below instead of above if you don't want smtpd to chroot. This -#isn't normally a good idea if security is your main goal. A nice -#chroot jail may be a pain to build but should give you enough of a -#warm fuzzy to make it worth your while. -#SPOOLDIR = / -#SPOOLSUBDIR = usr/spool/smtpd - -# How frequently (in seconds) should smtpfwdd wake up to check the -# spool directory for new mail? -POLL_TIME = 10 - -# What is the maximum number of children smtpfwdd should spawn at one time -# when delivering messages before waiting for some to complete? This ensures -# the arrival of hundreds of mail messages doesn't run you out of processes. -MAXCHILDREN = 10 - -# Should smtpfwdd check the exit code of sendmail? smtpfwdd checks any -# non-zero exit status from sendmail to see if it indicates that -# sendmail thinks the message might be deliverable later. Normally -# this should not be a problem, however if you are not running -# sendmail as your delivery agent, or if your sendmail is broken, the -# exit codes may not mean much. In such a case you may not want -# smtpfwdd to retry message delivery when the mta exits indicating a -# failure. Setting SENDMAIL_RETRY to 0 below will make sure smtpfwdd -# never retries delivery if the MTA returns a non-zero exit -# status. You probably shouldn't change this unless you are sure you -# know what you are doing. -SENDMAIL_RETRY = 1 - -# Sendmail has a feature/bug that when feeding a message to it it will -# stop if a line contains only a '.'. This is suppressed in smtpfwdd -# by invoking sendmail with the "-oiTrue" option if the mail agent's -# name ends in the string "sendmail". If your "sendmail" isn't really -# sendmail, you may not need or want this. If so, change the SENDMAIL_OITRUE -# below to 0. -SENDMAIL_OITRUE = 1 - -# Sendmail can handle addresses quoted in <> on the command line. Some -# MTA's (like qmail) can't. set STRIP_QUOTES to 1 if you want smtpfwdd -# to peel off the <> from mail addresses on the command line when -# invoking the mta -STRIP_QUOTES = 0 - -# How many arguments can your execv() call take at once? This can be a -# conservative estimate. It determines the maximum number of -# recipients at a time that MAIL_AGENT will be invoked with by -# smtpfwdd. -# N.B. MAXARGS must be at least 6, or 5 if SENDMAIL_OITRUE (above) is 1. -# You may wish to change this to be 6 if you want your sendmail to be -# invoked separately for each receipient. -MAXARGS = 100 - -# How long (in seconds) should smtpd block on a read() call to a -# connected client before giving up on the connection? -READ_TIMEOUT = 600 - -# Should smtpd check hostnames and ip addresses of a connection -# against the DNS to verify consistency, and report any inconsistencies? -# Set to 0 for hostchecks, 1 for no hostchecks. Set this to 1 only if -# you don't want any name lookups done. -# NO_HOSTCHECKS = 1 -NO_HOSTCHECKS = 0 - -# Smtpd's default informational status messages in the smtp dialogue -# are somewhat unique and interesting (see smtpd.h). Normally these -# are only seen by people telnetting to your smtp port, or debugging -# mail. While the author has no shame and won't change the default -# It's understandable that they aren't everyone's cup of tea. Set -# VANILLA_MESSAGES below to 1 and smtp will use plain old politically -# correct Sendmail/RFC 821 style status messages. -# VANILLA_MESSAGES = 1 # Boring.... -VANILLA_MESSAGES = 0 - -# smtpd checks and clobbers and potentially "evil" characters in hostnames, -# and mail addresses received on FROM: and RCPT: lines. This clobbers things -# like a connection from hostname `/bin/rm -rf /`@evil.org, or mail to -# "| /bin/sh". It also clobbers things like 8bit chars in such things. -# smtpd always clobbers the characters it doesn't like, -# and syslogs a note of the fact. The options below determine whether or -# not smtpd will also drop the connection. -# -# Beware of setting this to 1 if your receive mail from sites where -# it's considered ok to put 8 bit ascii chars in message headers. -# -# If PARANOID_SMTP is 1, smtpd will close connection on any client -# that puts characters it thinks may be evil in the smtp dialogue, -# (HELO, FROM, RCPT), or in the message headers. -# When PARANOID_SMTP is 0, smtpd will replace the characters it thinks -# are evil and continue. -# PARANOID_SMTP = 1 -PARANOID_SMTP = 0 - -# -# If PARANOID_DNS is 1, smtpd will close connection on any client that -# has characters it thinks may be evil in it's hostname as found by DNS, -# or any client whose DNS forward and reverse mappings are inconsistent -# indicating a DNS spoof of misconfiguration. -# If PARANOID_DNS is 0, smtpd will replace any evil characters it sees -# continue. -# PARANOID_DNS = 1 -PARANOID_DNS = 0 - -# The check above will clobber stuff in the headers from some -# non north-american localizations. -# If your operating system has localization support -# you can define LOCALIZATION below to be your localization. -# For this to work, your operating system must support localization -# with setlocale, and you must copy the appropriate localization -# files into the right place in smtpd's chroot directory. -# The result of this is that smtpd will use a -# setlocale(LC_CTYPE, LOCALIZATION) to hopefully make sure -# your normal stuff won't get clobbered. -# Leave this set to 0 for no localization support. -# -# -# SET_LOCALE = 1 # Use a setlocale call to set localization -SET_LOCALE = 0 # don't include localization support at all -#LOCALIZATION = lt_LN.ISO_8859-1 -LOCALIZATION = C -#LOCALIZATION = POSIX -#LOCALIZATION = ISO-8859-1 -#LOCALIZATION = KOI-8 - -# Some sites may wish to ensure smtpd does *not* get run with command -# line options to affect the compiled-in behaviours. Set -# NO_COMMANDLINE_OPTIONS to 1 to make smtpd and smtpfwdd ignore any command -# line options. -#NO_COMMANDLINE_OPTIONS=1 -NO_COMMANDLINE_OPTIONS=0 - -# Smtpd does not support ESMTP's EHLO command normally, as it shouldn't -# need to. According to RFC, if the EHLO is unrecognized the connecting -# agent should drop back to a HELO on the second attempt (and then be -# talking vanilla smtp). Unfortunately Netscape Communicator betas seem -# seem to have a bug in which they simply try the EHLO again. Sigh. -# setting EHLO_KLUDGE to 1 will make smtpd accept a second EHLO as a helo, -# thereby kludging around this bug in Communicator. -#EHLO_KLUDGE=1 -EHLO_KLUDGE=0 - - -# smtpd can check FROM and RCPT addresses, along with the connecting -# host info using an address check file. This can be used to only -# allow certain mail addresses on a FROM:, or certain combinations of -# FROM: and RCPT from certain hosts. It can be used to prevent third -# party relays, enforce outgoing address conventions, prevent outgoing -# SPAM/obvious forgeries, or block incoming SPAM. Setting this to 0 will -# mean that none of the address checking functionality is compiled in at -# all. (meaning all of address_check.c is #ifdefed out). -CHECK_ADDRESS = 1 -# CHECK_ADDRESS = 0 - -# Set This to 1 if you are running smtpd on a Juniper firewall machine. -# This enables smtpd to use juniper's trusted/untrusted interface -# mechanism, allowing you to use the UNTRUSTED or TRUSTED specials -# in address check rules to match based on what kind of interface -# a connection arrived on. -# -# You must set this to 0 this on a non-juniper machine or smtpd will not -# build with CHECK_ADDRESS set to 1. You will get an error about -# juniper_firewall.h not existing if you forget this. -# -JUNIPER_SUPPORT=1 -#JUNIPER_SUPPORT=0 - -# Use regexp's in patterns? If you have a POSIX <regex.h> and friends, -# and you trust the regex lib enough for use, you can set USE_REGEX to -# 1, this allows you to specify a pattern enclosed in "/" as a regular -# POSIX/henry-spencer style extended regex for case insensitive matching -# (what's between the "/" gets fed to regcomp with -# REG_EXTENDED|REG_ICASE|REG_NOSUB options, then matched against) -# -# Note that older beasts (like SunOS 4.X) usually don't have a regex -# library, so if you're using something that doesn't you should set this -# to 0. -# -#USE_REGEX=0 -USE_REGEX=1 - -# Enable checking namservers? with NS_MATCH set to 1, patterns of the -# form NS=pattern can be used to match rules against the nameservers -# and MX records of originating connections or mail addresses, rather -# than the connection itself. This allows for small rules to block out -# whole blocks of bozos from rogue providers such as ispam.net should -# you choose to do so. i.e. -# -#noto_delay:NS=205.199.212.0/24 NS=205.199.2.0/24 NS=207.124.161.0/24:ALL:ALL -#noto_delay:ALL:NS=205.199.212.0/24 NS=205.199.2.0/24 NS=207.124.161.0/24:ALL -# -# would effectively block off anything originiating from, or with a FROM: -# address looking like any of it's nameservers are on one of cyberpromo.com's -# addresses. -# -# uncomment the LD_LIBS line as well if you enable NS_MATCH unless your -# resolver routines are in libc (like they are on some Linuxes) -# -# The NS_MATCH feature is lovingly dedicated by Bob Beck to Spamford -# Wallace and ispam.net -# -#NS_MATCH=0 -NS_MATCH=1 -LD_LIBS=-lresolv # you may or may not need this. - -# The rules file for address checking, if enabled, remember this file -# will be in the chroot jail, so the line below probably means -# /usr/spool/smtpd/etc/smtpd_check_rules, unless you changed the -# chroot directory above. -CHECK_FILE = /etc/smtpd_check_rules - -# address checking rules may want user information, gotten from an RFC -# 931 style ident. This info may be passed in the environment to smtpd -# (from juniperd or the tcp wrapper), or smtpd will do the ident -# request itself if required. CHECK_IDENT determines the timeout (in -# seconds) on an ident request. if CHECK_IDENT is 0, no ident -# requests will be made by smtpd even if it sees a rule that would -# normally make it perform one. -# CHECK_IDENT = 0 -CHECK_IDENT = 10 - -# If you use the address checks to block incoming mail from certain -# spam sites, you can set NOTO_DELAY and DENY_DELAY below to specify -# the time in seconds smtpd will go to sleep for after matching a -# "noto_delay" or "deny_delay" rule. This makes your site a small -# headache to the spammer since they have to wait before being denied, -# instead of immediately knowing so, and proceeding on to their next -# victim. -# NOTO_DELAY = 0 -# DENY_DELAY = 0 -# NOTO_DELAY = 300 -# DENY_DELAY = 300 -NOTO_DELAY = 50 -DENY_DELAY = 50 - -# Because CHECK_ADDRESS above is meant to be used as a nuisance filter -# the default is to ALLOW on failure rather than deny service when no -# match is found, or if something happens while attempting to match a -# rule (such as a system call failure, or you make a syntax error in the -# rules file). Change -# CHECK_ADDRESS_DENY_ON_FAILURE to 1 to have smtpd not allow anything -# not explicitly allowed by the rules. -# CHECK_ADDRESS_DENY_ON_FAILURE = 1 -CHECK_ADDRESS_DENY_ON_FAILURE = 0 - - -# Options to pass to indent when tidying up the code. -INDENT_ARGS = -di0 -br -bad -bap -nbc -cdb -ce -i2 -lp -npro -npcs -psl - -########################################################## -## End of compile time options. ########################## -## Select your Operating system below this.. ############# -########################################################## - - -OPTIONS = -DMAIL_AGENT=\"$(MAIL_AGENT)\" -DSMTP_USER=\"$(SMTP_USER)\" \ - -DSMTP_GROUP=\"$(SMTP_GROUP)\" \ - -DLOG_FACILITY=$(LOG_FACILITY) -DVANILLA_MESSAGES=$(VANILLA_MESSAGES) \ - -DSPOOLDIR=\"$(SPOOLDIR)\" -DSPOOLSUBDIR=\"$(SPOOLSUBDIR)\" \ - -DPOLL_TIME=$(POLL_TIME) -DSENDMAIL_RETRY=$(SENDMAIL_RETRY) \ - -DSENDMAIL_OITRUE=$(SENDMAIL_OITRUE) -DSTRIP_QUOTES=$(STRIP_QUOTES) \ - -DMAXCHILDREN=$(MAXCHILDREN) -DMAXARGS=$(MAXARGS) \ - -DREAD_TIMEOUT=$(READ_TIMEOUT) -DNO_HOSTCHECKS=$(NO_HOSTCHECKS) \ - -DPARANOID_SMTP=$(PARANOID_SMTP) -DPARANOID_DNS=$(PARANOID_DNS) \ - -DNO_COMMANDLINE_OPTIONS=$(NO_COMMANDLINE_OPTIONS) \ - -DEHLO_KLUDGE=$(EHLO_KLUDGE) \ - -DCHECK_ADDRESS=$(CHECK_ADDRESS) -DCHECK_FILE=\"$(CHECK_FILE)\" \ - -DCHECK_ADDRESS_DENY_ON_FAILURE=$(CHECK_ADDRESS_DENY_ON_FAILURE) \ - -DCHECK_IDENT=$(CHECK_IDENT) \ - -DNOTO_DELAY=$(NOTO_DELAY) -DDENY_DELAY=$(DENY_DELAY) \ - -DSET_LOCALE=$(SET_LOCALE) -DLOCALIZATION=\"$(LOCALIZATION)\" \ - -DJUNIPER_SUPPORT=$(JUNIPER_SUPPORT) -DNS_MATCH=$(NS_MATCH) \ - -DUSE_REGEX=$(USE_REGEX) - -## CC of choice. -#CC = cc -CC = gcc - -#################################################### -###### Uncomment your Operating System below ####### -#################################################### - -# The Source is with you (*BSD 4.4, Linux) -CFLAGS = -g -O -Wall -DUSE_FLOCK -DUSE_MKSTEMP $(OPTIONS) - - -#SunOS 5.X -#CFLAGS = -g -O -Wall -DUSE_LOCKF -DNEEDS_FCNTL_H -DNEEDS_STRINGS_H -DBROKEN_SUN_INCLUDES $(OPTIONS) -#LD_LIBS = -lsocket -lnsl -lresolv - -#SunOS 4.X. No regex lib here, so you will have to set USE_REGEX to 0 -#above unless you have built the regex lib separately. -#CFLAGS = -g -O -DUSE_FLOCK -DNO_MEMMOVE -DBSD_SIGNAL -DSUNOS_GETOPT $(OPTIONS) - -#Irix -#(gcc doesn't like -g here) -#CFLAGS = -Wall -O -DGETOPT_EOF -DUSE_FLOCK -DNEEDS_FCNTL_H -DNEEDS_BSTRING_H -DIRIX_BROKEN_INCLUDES $(OPTIONS) - -#AIX -#CFLAGS = -g -O -Wall -DGETOPT_EOF -DUSE_LOCKF -DNEEDS_FCNTL_H -DNEEDS_LOCKF_H -DNEEDS_STRINGS_H -DNEEDS_SELECT_H $(OPTIONS) - - -all: smtpd smtpfwdd - -smtpd: smtpd.o address_check.o accumlog.o - $(CC) -o smtpd smtpd.o address_check.o $(LD_LIBS) - -smtpfwdd: smtpfwdd.o accumlog.o - $(CC) -o smtpfwdd smtpfwdd.o $(LD_LIBS) - -smtpd.o: smtpd.c smtpd.h smtp.h - -smtpfwdd.o: smtpfwdd.c smtp.h - -accumlog.o: accumlog.c - -indent: - indent $(INDENT_ARGS) smtpd.c - indent $(INDENT_ARGS) smtpfwdd.c - indent $(INDENT_ARGS) address_check.c - -install: smtpd smtpfwdd - install -m 500 smtpd $(INSTALL_PREFIX)$(INSTALL_BIN)smtpd - install -m 500 smtpfwdd $(INSTALL_PREFIX)$(INSTALL_BIN)smtpfwdd - -clean: - /bin/rm -f *.o - -clobber: - /bin/rm -f smtpd smtpfwdd *.o - - diff --git a/libexec/smtpd/src/Makefile.default b/libexec/smtpd/src/Makefile.default deleted file mode 100644 index cf38f0a9133..00000000000 --- a/libexec/smtpd/src/Makefile.default +++ /dev/null @@ -1,376 +0,0 @@ -# $OpenBSD: Makefile.default,v 1.4 2001/08/23 14:17:08 aaron Exp $ - -########################################################## -## Where do I get installed? ############################# -########################################################## -INSTALL_PREFIX = /usr/local/ -INSTALL_BIN = sbin/ -INSTALL_MAN = man/ - -########################################################## -## Compile time options, These set defaults ############## -########################################################## -# What mail agent should smtpfwdd use? -# This must take arguments of the form: -# "mailprog -f fromaddr toaddr toaddr ..." -# to deliver mail. -MAIL_AGENT = /usr/sbin/sendmail -#MAIL_AGENT = /usr/lib/sendmail - -# What user and group should smtpfwdd and smtpd run as? -# This MUST NOT be root, and must be a user that is "trusted" by -# sendmail or whatever you are using as MAIL_AGENT above so that the user -# may use the "-f" flag to specify the sender of a mail message. -SMTP_USER = uucp -SMTP_GROUP = uucp - -# smtpd and smtpfwdd generate lots of syslogs, by design. -# -# What log facility should smtpd and smtpfwdd use for syslogs? The -# default is LOG_MAIL, which is also used by critters like sendmail. -# if you don't like this and want the logs going elsewhere for easy -# perusal change this to something else (like LOG_LOCAL5) and adjust -# your /etc/syslog.conf file to deal with it to your liking. -# -# LOG_FACILITY=LOG_LOCAL5 -LOG_FACILITY = LOG_MAIL - - -# Where is the spool directory located? -# This is the directory used by smtpd to chroot to and store -# messages. It is the directory watched for messages by smtpfwdd. This -# directory should be readable and writable only to the user specified -# in SMTP_USER above. -# -# The chroot directory -SPOOLDIR = /usr/spool/smtpd -# Where to store messages, relative to SPOOLDIR above. -SPOOLSUBDIR = . -#Use below instead of above if you don't want smtpd to chroot. This -#isn't normally a good idea if security is your main goal. A nice -#chroot jail may be a pain to build but should give you enough of a -#warm fuzzy to make it worth your while. -#SPOOLDIR = / -#SPOOLSUBDIR = usr/spool/smtpd - -# How frequently (in seconds) should smtpfwdd wake up to check the -# spool directory for new mail? -POLL_TIME = 10 - -# What is the maximum number of children smtpfwdd should spawn at one time -# when delivering messages before waiting for some to complete? This ensures -# the arrival of hundreds of mail messages doesn't run you out of processes. -MAXCHILDREN = 10 - -# Should smtpfwdd check the exit code of sendmail? smtpfwdd checks any -# non-zero exit status from sendmail to see if it indicates that -# sendmail thinks the message might be deliverable later. Normally -# this should not be a problem, however if you are not running -# sendmail as your delivery agent, or if your sendmail is broken, the -# exit codes may not mean much. In such a case you may not want -# smtpfwdd to retry message delivery when the mta exits indicating a -# failure. Setting SENDMAIL_RETRY to 0 below will make sure smtpfwdd -# never retries delivery if the MTA returns a non-zero exit -# status. You probably shouldn't change this unless you are sure you -# know what you are doing. -SENDMAIL_RETRY = 1 - -# Sendmail has a feature/bug that when feeding a message to it it will -# stop if a line contains only a '.'. This is suppressed in smtpfwdd -# by invoking sendmail with the "-oiTrue" option if the mail agent's -# name ends in the string "sendmail". If your "sendmail" isn't really -# sendmail, you may not need or want this. If so, change the SENDMAIL_OITRUE -# below to 0. -SENDMAIL_OITRUE = 1 - -# Sendmail can handle addresses quoted in <> on the command line. Some -# MTA's (like qmail) can't. set STRIP_QUOTES to 1 if you want smtpfwdd -# to peel off the <> from mail addresses on the command line when -# invoking the mta -STRIP_QUOTES = 0 - -# How many arguments can your execv() call take at once? This can be a -# conservative estimate. It determines the maximum number of -# recipients at a time that MAIL_AGENT will be invoked with by -# smtpfwdd. -# N.B. MAXARGS must be at least 6, or 5 if SENDMAIL_OITRUE (above) is 1. -# You may wish to change this to be 6 if you want your sendmail to be -# invoked separately for each receipient. -MAXARGS = 100 - -# How long (in seconds) should smtpd block on a read() call to a -# connected client before giving up on the connection? -READ_TIMEOUT = 600 - -# Should smtpd check hostnames and ip addresses of a connection -# against the DNS to verify consistency, and report any inconsistencies? -# Set to 0 for hostchecks, 1 for no hostchecks. Set this to 1 only if -# you don't want any name lookups done. -# NO_HOSTCHECKS = 1 -NO_HOSTCHECKS = 0 - -# Smtpd's default informational status messages in the smtp dialogue -# are somewhat unique and interesting (see smtpd.h). Normally these -# are only seen by people telnetting to your smtp port, or debugging -# mail. While the author has no shame and won't change the default -# It's understandable that they aren't everyone's cup of tea. Set -# VANILLA_MESSAGES below to 1 and smtp will use plain old politically -# correct Sendmail/RFC 821 style status messages. -# VANILLA_MESSAGES = 1 # Boring.... -VANILLA_MESSAGES = 0 - -# smtpd checks and clobbers and potentially "evil" characters in hostnames, -# and mail addresses received on FROM: and RCPT: lines. This clobbers things -# like a connection from hostname `/bin/rm -rf /`@evil.org, or mail to -# "| /bin/sh". It also clobbers things like 8bit chars in such things. -# smtpd always clobbers the characters it doesn't like, -# and syslogs a note of the fact. The options below determine whether or -# not smtpd will also drop the connection. -# -# Beware of setting this to 1 if your receive mail from sites where -# it's considered ok to put 8 bit ascii chars in message headers. -# -# If PARANOID_SMTP is 1, smtpd will close connection on any client -# that puts characters it thinks may be evil in the smtp dialogue, -# (HELO, FROM, RCPT), or in the message headers. -# When PARANOID_SMTP is 0, smtpd will replace the characters it thinks -# are evil and continue. -# PARANOID_SMTP = 1 -PARANOID_SMTP = 0 - -# -# If PARANOID_DNS is 1, smtpd will close connection on any client that -# has characters it thinks may be evil in it's hostname as found by DNS, -# or any client whose DNS forward and reverse mappings are inconsistent -# indicating a DNS spoof of misconfiguration. -# If PARANOID_DNS is 0, smtpd will replace any evil characters it sees -# continue. -# PARANOID_DNS = 1 -PARANOID_DNS = 0 - -# The check above will clobber stuff in the headers from some -# non north-american localizations. -# If your operating system has localization support -# you can define LOCALIZATION below to be your localization. -# For this to work, your operating system must support localization -# with setlocale, and you must copy the appropriate localization -# files into the right place in smtpd's chroot directory. -# The result of this is that smtpd will use a -# setlocale(LC_CTYPE, LOCALIZATION) to hopefully make sure -# your normal stuff won't get clobbered. -# Leave this set to 0 for no localization support. -# -# -# SET_LOCALE = 1 # Use a setlocale call to set localization -SET_LOCALE = 0 # don't include localization support at all -#LOCALIZATION = lt_LN.ISO_8859-1 -LOCALIZATION = C -#LOCALIZATION = POSIX -#LOCALIZATION = ISO-8859-1 -#LOCALIZATION = KOI-8 - -# Some sites may wish to ensure smtpd does *not* get run with command -# line options to affect the compiled-in behaviours. Set -# NO_COMMANDLINE_OPTIONS to 1 to make smtpd and smtpfwdd ignore any command -# line options. -#NO_COMMANDLINE_OPTIONS=1 -NO_COMMANDLINE_OPTIONS=0 - -# Smtpd does not support ESMTP's EHLO command normally, as it shouldn't -# need to. According to RFC, if the EHLO is unrecognized the connecting -# agent should drop back to a HELO on the second attempt (and then be -# talking vanilla smtp). Unfortunately Netscape Communicator betas seem -# seem to have a bug in which they simply try the EHLO again. Sigh. -# setting EHLO_KLUDGE to 1 will make smtpd accept a second EHLO as a helo, -# thereby kludging around this bug in Communicator. -#EHLO_KLUDGE=1 -EHLO_KLUDGE=0 - - -# smtpd can check FROM and RCPT addresses, along with the connecting -# host info using an address check file. This can be used to only -# allow certain mail addresses on a FROM:, or certain combinations of -# FROM: and RCPT from certain hosts. It can be used to prevent third -# party relays, enforce outgoing address conventions, prevent outgoing -# SPAM/obvious forgeries, or block incoming SPAM. Setting this to 0 will -# mean that none of the address checking functionality is compiled in at -# all. (meaning all of address_check.c is #ifdefed out). -CHECK_ADDRESS = 1 -# CHECK_ADDRESS = 0 - -# Set This to 1 if you are running smtpd on a Juniper firewall machine. -# This enables smtpd to use juniper's trusted/untrusted interface -# mechanism, allowing you to use the UNTRUSTED or TRUSTED specials -# in address check rules to match based on what kind of interface -# a connection arrived on. -# -# You must set this to 0 this on a non-juniper machine or smtpd will not -# build with CHECK_ADDRESS set to 1. You will get an error about -# juniper_firewall.h not existing if you forget this. -# -JUNIPER_SUPPORT=1 -#JUNIPER_SUPPORT=0 - -# Use regexp's in patterns? If you have a POSIX <regex.h> and friends, -# and you trust the regex lib enough for use, you can set USE_REGEX to -# 1, this allows you to specify a pattern enclosed in "/" as a regular -# POSIX/henry-spencer style extended regex for case insensitive matching -# (what's between the "/" gets fed to regcomp with -# REG_EXTENDED|REG_ICASE|REG_NOSUB options, then matched against) -# -# Note that older beasts (like SunOS 4.X) usually don't have a regex -# library, so if you're using something that doesn't you should set this -# to 0. -# -#USE_REGEX=0 -USE_REGEX=1 - -# Enable checking namservers? with NS_MATCH set to 1, patterns of the -# form NS=pattern can be used to match rules against the nameservers -# and MX records of originating connections or mail addresses, rather -# than the connection itself. This allows for small rules to block out -# whole blocks of bozos from rogue providers such as ispam.net should -# you choose to do so. i.e. -# -#noto_delay:NS=205.199.212.0/24 NS=205.199.2.0/24 NS=207.124.161.0/24:ALL:ALL -#noto_delay:ALL:NS=205.199.212.0/24 NS=205.199.2.0/24 NS=207.124.161.0/24:ALL -# -# would effectively block off anything originiating from, or with a FROM: -# address looking like any of it's nameservers are on one of cyberpromo.com's -# addresses. -# -# uncomment the LD_LIBS line as well if you enable NS_MATCH unless your -# resolver routines are in libc (like they are on some Linuxes) -# -# The NS_MATCH feature is lovingly dedicated by Bob Beck to Spamford -# Wallace and ispam.net -# -#NS_MATCH=0 -NS_MATCH=1 -LD_LIBS=-lresolv # you may or may not need this. - -# The rules file for address checking, if enabled, remember this file -# will be in the chroot jail, so the line below probably means -# /usr/spool/smtpd/etc/smtpd_check_rules, unless you changed the -# chroot directory above. -CHECK_FILE = /etc/smtpd_check_rules - -# address checking rules may want user information, gotten from an RFC -# 931 style ident. This info may be passed in the environment to smtpd -# (from juniperd or the tcp wrapper), or smtpd will do the ident -# request itself if required. CHECK_IDENT determines the timeout (in -# seconds) on an ident request. if CHECK_IDENT is 0, no ident -# requests will be made by smtpd even if it sees a rule that would -# normally make it perform one. -# CHECK_IDENT = 0 -CHECK_IDENT = 10 - -# If you use the address checks to block incoming mail from certain -# spam sites, you can set NOTO_DELAY and DENY_DELAY below to specify -# the time in seconds smtpd will go to sleep for after matching a -# "noto_delay" or "deny_delay" rule. This makes your site a small -# headache to the spammer since they have to wait before being denied, -# instead of immediately knowing so, and proceeding on to their next -# victim. -# NOTO_DELAY = 0 -# DENY_DELAY = 0 -# NOTO_DELAY = 300 -# DENY_DELAY = 300 -NOTO_DELAY = 50 -DENY_DELAY = 50 - -# Because CHECK_ADDRESS above is meant to be used as a nuisance filter -# the default is to ALLOW on failure rather than deny service when no -# match is found, or if something happens while attempting to match a -# rule (such as a system call failure, or you make a syntax error in the -# rules file). Change -# CHECK_ADDRESS_DENY_ON_FAILURE to 1 to have smtpd not allow anything -# not explicitly allowed by the rules. -# CHECK_ADDRESS_DENY_ON_FAILURE = 1 -CHECK_ADDRESS_DENY_ON_FAILURE = 0 - - -# Options to pass to indent when tidying up the code. -INDENT_ARGS = -di0 -br -bad -bap -nbc -cdb -ce -i2 -lp -npro -npcs -psl - -########################################################## -## End of compile time options. ########################## -## Select your Operating system below this.. ############# -########################################################## - - -OPTIONS = -DMAIL_AGENT=\"$(MAIL_AGENT)\" -DSMTP_USER=\"$(SMTP_USER)\" \ - -DSMTP_GROUP=\"$(SMTP_GROUP)\" \ - -DLOG_FACILITY=$(LOG_FACILITY) -DVANILLA_MESSAGES=$(VANILLA_MESSAGES) \ - -DSPOOLDIR=\"$(SPOOLDIR)\" -DSPOOLSUBDIR=\"$(SPOOLSUBDIR)\" \ - -DPOLL_TIME=$(POLL_TIME) -DSENDMAIL_RETRY=$(SENDMAIL_RETRY) \ - -DSENDMAIL_OITRUE=$(SENDMAIL_OITRUE) -DSTRIP_QUOTES=$(STRIP_QUOTES) \ - -DMAXCHILDREN=$(MAXCHILDREN) -DMAXARGS=$(MAXARGS) \ - -DREAD_TIMEOUT=$(READ_TIMEOUT) -DNO_HOSTCHECKS=$(NO_HOSTCHECKS) \ - -DPARANOID_SMTP=$(PARANOID_SMTP) -DPARANOID_DNS=$(PARANOID_DNS) \ - -DNO_COMMANDLINE_OPTIONS=$(NO_COMMANDLINE_OPTIONS) \ - -DEHLO_KLUDGE=$(EHLO_KLUDGE) \ - -DCHECK_ADDRESS=$(CHECK_ADDRESS) -DCHECK_FILE=\"$(CHECK_FILE)\" \ - -DCHECK_ADDRESS_DENY_ON_FAILURE=$(CHECK_ADDRESS_DENY_ON_FAILURE) \ - -DCHECK_IDENT=$(CHECK_IDENT) \ - -DNOTO_DELAY=$(NOTO_DELAY) -DDENY_DELAY=$(DENY_DELAY) \ - -DSET_LOCALE=$(SET_LOCALE) -DLOCALIZATION=\"$(LOCALIZATION)\" \ - -DJUNIPER_SUPPORT=$(JUNIPER_SUPPORT) -DNS_MATCH=$(NS_MATCH) \ - -DUSE_REGEX=$(USE_REGEX) - -## CC of choice. -#CC = cc -CC = gcc - -#################################################### -###### Uncomment your Operating System below ####### -#################################################### - -# The Source is with you (*BSD 4.4, Linux) -CFLAGS = -g -O -Wall -DUSE_FLOCK -DUSE_MKSTEMP $(OPTIONS) - - -#SunOS 5.X -#CFLAGS = -g -O -Wall -DUSE_LOCKF -DNEEDS_FCNTL_H -DNEEDS_STRINGS_H -DBROKEN_SUN_INCLUDES $(OPTIONS) -#LD_LIBS = -lsocket -lnsl -lresolv - -#SunOS 4.X. No regex lib here, so you will have to set USE_REGEX to 0 -#above unless you have built the regex lib separately. -#CFLAGS = -g -O -DUSE_FLOCK -DNO_MEMMOVE -DSUNOS_GETOPT $(OPTIONS) - -#Irix -#(gcc doesn't like -g here) -#CFLAGS = -Wall -O -DGETOPT_EOF -DUSE_FLOCK -DNEEDS_FCNTL_H -DNEEDS_BSTRING_H -DIRIX_BROKEN_INCLUDES $(OPTIONS) - -#AIX -#CFLAGS = -g -O -Wall -DGETOPT_EOF -DUSE_LOCKF -DNEEDS_FCNTL_H -DNEEDS_LOCKF_H -DNEEDS_STRINGS_H -DNEEDS_SELECT_H $(OPTIONS) - - -all: smtpd smtpfwdd - -smtpd: smtpd.o address_check.o - $(CC) -o smtpd smtpd.o address_check.o $(LD_LIBS) - -smtpfwdd: smtpfwdd.o - $(CC) -o smtpfwdd smtpfwdd.o $(LD_LIBS) - -smtpd.o: smtpd.c smtpd.h smtp.h - -smtpfwdd.o: smtpfwdd.c smtp.h - -indent: - indent $(INDENT_ARGS) smtpd.c - indent $(INDENT_ARGS) smtpfwdd.c - indent $(INDENT_ARGS) address_check.c - -install: smtpd smtpfwdd - install -m 500 smtpd $(INSTALL_PREFIX)$(INSTALL_BIN)smtpd - install -m 500 smtpfwdd $(INSTALL_PREFIX)$(INSTALL_BIN)smtpfwdd - -clean: - /bin/rm -f *.o - -clobber: - /bin/rm -f smtpd smtpfwdd *.o - - diff --git a/libexec/smtpd/src/Makefile.minimal b/libexec/smtpd/src/Makefile.minimal deleted file mode 100644 index 84f5e96e7ab..00000000000 --- a/libexec/smtpd/src/Makefile.minimal +++ /dev/null @@ -1,382 +0,0 @@ -# $OpenBSD: Makefile.minimal,v 1.4 2001/08/23 14:17:08 aaron Exp $ - -####### -# Makefile.minimal -# Make a completely minimal smtpd. Doesn't do reverse dns lookups on -# connections, and doesn't do any address checking. Only passes mail. -# - -########################################################## -## Where do I get installed? ############################# -########################################################## -INSTALL_PREFIX = /usr/local/ -INSTALL_BIN = sbin/ -INSTALL_MAN = man/ - -########################################################## -## Compile time options, These set defaults ############## -########################################################## -# What mail agent should smtpfwdd use? -# This must take arguments of the form: -# "mailprog -f fromaddr toaddr toaddr ..." -# to deliver mail. -MAIL_AGENT = /usr/sbin/sendmail -#MAIL_AGENT = /usr/lib/sendmail - -# What user and group should smtpfwdd and smtpd run as? -# This MUST NOT be root, and must be a user that is "trusted" by -# sendmail or whatever you are using as MAIL_AGENT above so that the user -# may use the "-f" flag to specify the sender of a mail message. -SMTP_USER = uucp -SMTP_GROUP = uucp - -# smtpd and smtpfwdd generate lots of syslogs, by design. -# -# What log facility should smtpd and smtpfwdd use for syslogs? The -# default is LOG_MAIL, which is also used by critters like sendmail. -# if you don't like this and want the logs going elsewhere for easy -# perusal change this to something else (like LOG_LOCAL5) and adjust -# your /etc/syslog.conf file to deal with it to your liking. -# -# LOG_FACILITY=LOG_LOCAL5 -LOG_FACILITY = LOG_MAIL - - -# Where is the spool directory located? -# This is the directory used by smtpd to chroot to and store -# messages. It is the directory watched for messages by smtpfwdd. This -# directory should be readable and writable only to the user specified -# in SMTP_USER above. -# -# The chroot directory -SPOOLDIR = /usr/spool/smtpd -# Where to store messages, relative to SPOOLDIR above. -SPOOLSUBDIR = . -#Use below instead of above if you don't want smtpd to chroot. This -#isn't normally a good idea if security is your main goal. A nice -#chroot jail may be a pain to build but should give you enough of a -#warm fuzzy to make it worth your while. -#SPOOLDIR = / -#SPOOLSUBDIR = usr/spool/smtpd - -# How frequently (in seconds) should smtpfwdd wake up to check the -# spool directory for new mail? -POLL_TIME = 10 - -# What is the maximum number of children smtpfwdd should spawn at one time -# when delivering messages before waiting for some to complete? This ensures -# the arrival of hundreds of mail messages doesn't run you out of processes. -MAXCHILDREN = 10 - -# Should smtpfwdd check the exit code of sendmail? smtpfwdd checks any -# non-zero exit status from sendmail to see if it indicates that -# sendmail thinks the message might be deliverable later. Normally -# this should not be a problem, however if you are not running -# sendmail as your delivery agent, or if your sendmail is broken, the -# exit codes may not mean much. In such a case you may not want -# smtpfwdd to retry message delivery when the mta exits indicating a -# failure. Setting SENDMAIL_RETRY to 0 below will make sure smtpfwdd -# never retries delivery if the MTA returns a non-zero exit -# status. You probably shouldn't change this unless you are sure you -# know what you are doing. -SENDMAIL_RETRY = 1 - -# Sendmail has a feature/bug that when feeding a message to it it will -# stop if a line contains only a '.'. This is suppressed in smtpfwdd -# by invoking sendmail with the "-oiTrue" option if the mail agent's -# name ends in the string "sendmail". If your "sendmail" isn't really -# sendmail, you may not need or want this. If so, change the SENDMAIL_OITRUE -# below to 0. -SENDMAIL_OITRUE = 1 - -# Sendmail can handle addresses quoted in <> on the command line. Some -# MTA's (like qmail) can't. set STRIP_QUOTES to 1 if you want smtpfwdd -# to peel off the <> from mail addresses on the command line when -# invoking the mta -STRIP_QUOTES = 0 - -# How many arguments can your execv() call take at once? This can be a -# conservative estimate. It determines the maximum number of -# recipients at a time that MAIL_AGENT will be invoked with by -# smtpfwdd. -# N.B. MAXARGS must be at least 6, or 5 if SENDMAIL_OITRUE (above) is 1. -# You may wish to change this to be 6 if you want your sendmail to be -# invoked separately for each receipient. -MAXARGS = 100 - -# How long (in seconds) should smtpd block on a read() call to a -# connected client before giving up on the connection? -READ_TIMEOUT = 600 - -# Should smtpd check hostnames and ip addresses of a connection -# against the DNS to verify consistency, and report any inconsistencies? -# Set to 0 for hostchecks, 1 for no hostchecks. Set this to 1 only if -# you don't want any name lookups done. -NO_HOSTCHECKS = 1 -# NO_HOSTCHECKS = 0 - -# Smtpd's default informational status messages in the smtp dialogue -# are somewhat unique and interesting (see smtpd.h). Normally these -# are only seen by people telnetting to your smtp port, or debugging -# mail. While the author has no shame and won't change the default -# It's understandable that they aren't everyone's cup of tea. Set -# VANILLA_MESSAGES below to 1 and smtp will use plain old politically -# correct Sendmail/RFC 821 style status messages. -# VANILLA_MESSAGES = 1 # Boring.... -VANILLA_MESSAGES = 0 - -# smtpd checks and clobbers and potentially "evil" characters in hostnames, -# and mail addresses received on FROM: and RCPT: lines. This clobbers things -# like a connection from hostname `/bin/rm -rf /`@evil.org, or mail to -# "| /bin/sh". It also clobbers things like 8bit chars in such things. -# smtpd always clobbers the characters it doesn't like, -# and syslogs a note of the fact. The options below determine whether or -# not smtpd will also drop the connection. -# -# Beware of setting this to 1 if your receive mail from sites where -# it's considered ok to put 8 bit ascii chars in message headers. -# -# If PARANOID_SMTP is 1, smtpd will close connection on any client -# that puts characters it thinks may be evil in the smtp dialogue, -# (HELO, FROM, RCPT), or in the message headers. -# When PARANOID_SMTP is 0, smtpd will replace the characters it thinks -# are evil and continue. -# PARANOID_SMTP = 1 -PARANOID_SMTP = 0 - -# -# If PARANOID_DNS is 1, smtpd will close connection on any client that -# has characters it thinks may be evil in it's hostname as found by DNS, -# or any client whose DNS forward and reverse mappings are inconsistent -# indicating a DNS spoof of misconfiguration. -# If PARANOID_DNS is 0, smtpd will replace any evil characters it sees -# continue. -# PARANOID_DNS = 1 -PARANOID_DNS = 0 - -# The check above will clobber stuff in the headers from some -# non north-american localizations. -# If your operating system has localization support -# you can define LOCALIZATION below to be your localization. -# For this to work, your operating system must support localization -# with setlocale, and you must copy the appropriate localization -# files into the right place in smtpd's chroot directory. -# The result of this is that smtpd will use a -# setlocale(LC_CTYPE, LOCALIZATION) to hopefully make sure -# your normal stuff won't get clobbered. -# Leave this set to 0 for no localization support. -# -# -# SET_LOCALE = 1 # Use a setlocale call to set localization -SET_LOCALE = 0 # don't include localization support at all -#LOCALIZATION = lt_LN.ISO_8859-1 -LOCALIZATION = C -#LOCALIZATION = POSIX -#LOCALIZATION = ISO-8859-1 -#LOCALIZATION = KOI-8 - -# Some sites may wish to ensure smtpd does *not* get run with command -# line options to affect the compiled-in behaviours. Set -# NO_COMMANDLINE_OPTIONS to 1 to make smtpd and smtpfwdd ignore any command -# line options. -#NO_COMMANDLINE_OPTIONS=1 -NO_COMMANDLINE_OPTIONS=0 - -# Smtpd does not support ESMTP's EHLO command normally, as it shouldn't -# need to. According to RFC, if the EHLO is unrecognized the connecting -# agent should drop back to a HELO on the second attempt (and then be -# talking vanilla smtp). Unfortunately Netscape Communicator betas seem -# seem to have a bug in which they simply try the EHLO again. Sigh. -# setting EHLO_KLUDGE to 1 will make smtpd accept a second EHLO as a helo, -# thereby kludging around this bug in Communicator. -#EHLO_KLUDGE=1 -EHLO_KLUDGE=0 - - -# smtpd can check FROM and RCPT addresses, along with the connecting -# host info using an address check file. This can be used to only -# allow certain mail addresses on a FROM:, or certain combinations of -# FROM: and RCPT from certain hosts. It can be used to prevent third -# party relays, enforce outgoing address conventions, prevent outgoing -# SPAM/obvious forgeries, or block incoming SPAM. Setting this to 0 will -# mean that none of the address checking functionality is compiled in at -# all. (meaning all of address_check.c is #ifdefed out). -# CHECK_ADDRESS = 1 -CHECK_ADDRESS = 0 - -# Set This to 1 if you are running smtpd on a Juniper firewall machine. -# This enables smtpd to use juniper's trusted/untrusted interface -# mechanism, allowing you to use the UNTRUSTED or TRUSTED specials -# in address check rules to match based on what kind of interface -# a connection arrived on. -# -# You must set this to 0 this on a non-juniper machine or smtpd will not -# build with CHECK_ADDRESS set to 1. You will get an error about -# juniper_firewall.h not existing if you forget this. -# -# JUNIPER_SUPPORT=1 -JUNIPER_SUPPORT=0 - -# Use regexp's in patterns? If you have a POSIX <regex.h> and friends, -# and you trust the regex lib enough for use, you can set USE_REGEX to -# 1, this allows you to specify a pattern enclosed in "/" as a regular -# POSIX/henry-spencer style extended regex for case insensitive matching -# (what's between the "/" gets fed to regcomp with -# REG_EXTENDED|REG_ICASE|REG_NOSUB options, then matched against) -# -# Note that older beasts (like SunOS 4.X) usually don't have a regex -# library, so if you're using something that doesn't you should set this -# to 0. -# -USE_REGEX=0 -#USE_REGEX=1 - -# Enable checking namservers? with NS_MATCH set to 1, patterns of the -# form NS=pattern can be used to match rules against the nameservers -# and MX records of originating connections or mail addresses, rather -# than the connection itself. This allows for small rules to block out -# whole blocks of bozos from rogue providers such as ispam.net should -# you choose to do so. i.e. -# -#noto_delay:NS=205.199.212.0/24 NS=205.199.2.0/24 NS=207.124.161.0/24:ALL:ALL -#noto_delay:ALL:NS=205.199.212.0/24 NS=205.199.2.0/24 NS=207.124.161.0/24:ALL -# -# would effectively block off anything originiating from, or with a FROM: -# address looking like any of it's nameservers are on one of cyberpromo.com's -# addresses. -# -# uncomment the LD_LIBS line as well if you enable NS_MATCH unless your -# resolver routines are in libc (like they are on some Linuxes) -# -# The NS_MATCH feature is lovingly dedicated by Bob Beck to Spamford -# Wallace and ispam.net -# -NS_MATCH=0 -#NS_MATCH=1 -#LD_LIBS=-lresolv # you may or may not need this. - -# The rules file for address checking, if enabled, remember this file -# will be in the chroot jail, so the line below probably means -# /usr/spool/smtpd/etc/smtpd_check_rules, unless you changed the -# chroot directory above. -CHECK_FILE = /etc/smtpd_check_rules - -# address checking rules may want user information, gotten from an RFC -# 931 style ident. This info may be passed in the environment to smtpd -# (from juniperd or the tcp wrapper), or smtpd will do the ident -# request itself if required. CHECK_IDENT determines the timeout (in -# seconds) on an ident request. if CHECK_IDENT is 0, no ident -# requests will be made by smtpd even if it sees a rule that would -# normally make it perform one. -CHECK_IDENT = 0 -# CHECK_IDENT = 10 - -# If you use the address checks to block incoming mail from certain -# spam sites, you can set NOTO_DELAY and DENY_DELAY below to specify -# the time in seconds smtpd will go to sleep for after matching a -# "noto_delay" or "deny_delay" rule. This makes your site a small -# headache to the spammer since they have to wait before being denied, -# instead of immediately knowing so, and proceeding on to their next -# victim. -NOTO_DELAY = 0 -DENY_DELAY = 0 -# NOTO_DELAY = 300 -# DENY_DELAY = 300 -#NOTO_DELAY = 50 -#DENY_DELAY = 50 - -# Because CHECK_ADDRESS above is meant to be used as a nuisance filter -# the default is to ALLOW on failure rather than deny service when no -# match is found, or if something happens while attempting to match a -# rule (such as a system call failure, or you make a syntax error in the -# rules file). Change -# CHECK_ADDRESS_DENY_ON_FAILURE to 1 to have smtpd not allow anything -# not explicitly allowed by the rules. -# CHECK_ADDRESS_DENY_ON_FAILURE = 1 -CHECK_ADDRESS_DENY_ON_FAILURE = 0 - - -# Options to pass to indent when tidying up the code. -INDENT_ARGS = -di0 -br -bad -bap -nbc -cdb -ce -i2 -lp -npro -npcs -psl - -########################################################## -## End of compile time options. ########################## -## Select your Operating system below this.. ############# -########################################################## - - -OPTIONS = -DMAIL_AGENT=\"$(MAIL_AGENT)\" -DSMTP_USER=\"$(SMTP_USER)\" \ - -DSMTP_GROUP=\"$(SMTP_GROUP)\" \ - -DLOG_FACILITY=$(LOG_FACILITY) -DVANILLA_MESSAGES=$(VANILLA_MESSAGES) \ - -DSPOOLDIR=\"$(SPOOLDIR)\" -DSPOOLSUBDIR=\"$(SPOOLSUBDIR)\" \ - -DPOLL_TIME=$(POLL_TIME) -DSENDMAIL_RETRY=$(SENDMAIL_RETRY) \ - -DSENDMAIL_OITRUE=$(SENDMAIL_OITRUE) -DSTRIP_QUOTES=$(STRIP_QUOTES) \ - -DMAXCHILDREN=$(MAXCHILDREN) -DMAXARGS=$(MAXARGS) \ - -DREAD_TIMEOUT=$(READ_TIMEOUT) -DNO_HOSTCHECKS=$(NO_HOSTCHECKS) \ - -DPARANOID_SMTP=$(PARANOID_SMTP) -DPARANOID_DNS=$(PARANOID_DNS) \ - -DNO_COMMANDLINE_OPTIONS=$(NO_COMMANDLINE_OPTIONS) \ - -DEHLO_KLUDGE=$(EHLO_KLUDGE) \ - -DCHECK_ADDRESS=$(CHECK_ADDRESS) -DCHECK_FILE=\"$(CHECK_FILE)\" \ - -DCHECK_ADDRESS_DENY_ON_FAILURE=$(CHECK_ADDRESS_DENY_ON_FAILURE) \ - -DCHECK_IDENT=$(CHECK_IDENT) \ - -DNOTO_DELAY=$(NOTO_DELAY) -DDENY_DELAY=$(DENY_DELAY) \ - -DSET_LOCALE=$(SET_LOCALE) -DLOCALIZATION=\"$(LOCALIZATION)\" \ - -DJUNIPER_SUPPORT=$(JUNIPER_SUPPORT) -DNS_MATCH=$(NS_MATCH) \ - -DUSE_REGEX=$(USE_REGEX) - -## CC of choice. -#CC = cc -CC = gcc - -#################################################### -###### Uncomment your Operating System below ####### -#################################################### - -# The Source is with you (*BSD 4.4, Linux) -CFLAGS = -g -O -Wall -DUSE_FLOCK -DUSE_MKSTEMP $(OPTIONS) - - -#SunOS 5.X -#CFLAGS = -g -O -Wall -DUSE_LOCKF -DNEEDS_FCNTL_H -DNEEDS_STRINGS_H -DBROKEN_SUN_INCLUDES $(OPTIONS) -#LD_LIBS = -lsocket -lnsl -lresolv - -#SunOS 4.X. No regex lib here, so you will have to set USE_REGEX to 0 -#above unless you have built the regex lib separately. -#CFLAGS = -g -O -DUSE_FLOCK -DNO_MEMMOVE -DSUNOS_GETOPT $(OPTIONS) - -#Irix -#(gcc doesn't like -g here) -#CFLAGS = -Wall -O -DGETOPT_EOF -DUSE_FLOCK -DNEEDS_FCNTL_H -DNEEDS_BSTRING_H -DIRIX_BROKEN_INCLUDES $(OPTIONS) - -#AIX -#CFLAGS = -g -O -Wall -DGETOPT_EOF -DUSE_LOCKF -DNEEDS_FCNTL_H -DNEEDS_LOCKF_H -DNEEDS_STRINGS_H -DNEEDS_SELECT_H $(OPTIONS) - - -all: smtpd smtpfwdd - -smtpd: smtpd.o address_check.o - $(CC) -o smtpd smtpd.o address_check.o $(LD_LIBS) - -smtpfwdd: smtpfwdd.o - $(CC) -o smtpfwdd smtpfwdd.o $(LD_LIBS) - -smtpd.o: smtpd.c smtpd.h smtp.h - -smtpfwdd.o: smtpfwdd.c smtp.h - -indent: - indent $(INDENT_ARGS) smtpd.c - indent $(INDENT_ARGS) smtpfwdd.c - indent $(INDENT_ARGS) address_check.c - -install: smtpd smtpfwdd - install -m 500 smtpd $(INSTALL_PREFIX)$(INSTALL_BIN)smtpd - install -m 500 smtpfwdd $(INSTALL_PREFIX)$(INSTALL_BIN)smtpfwdd - -clean: - /bin/rm -f *.o - -clobber: - /bin/rm -f smtpd smtpfwdd *.o - - diff --git a/libexec/smtpd/src/Makefile.nochecks b/libexec/smtpd/src/Makefile.nochecks deleted file mode 100644 index bcc07f99adc..00000000000 --- a/libexec/smtpd/src/Makefile.nochecks +++ /dev/null @@ -1,380 +0,0 @@ -# $OpenBSD: Makefile.nochecks,v 1.4 2001/08/23 14:17:08 aaron Exp $ - -###### -#Makefile.nochecks - set to build smtpd WITHOUT the address checking -#functionality in address_check.c. - -########################################################## -## Where do I get installed? ############################# -########################################################## -INSTALL_PREFIX = /usr/local/ -INSTALL_BIN = sbin/ -INSTALL_MAN = man/ - -########################################################## -## Compile time options, These set defaults ############## -########################################################## -# What mail agent should smtpfwdd use? -# This must take arguments of the form: -# "mailprog -f fromaddr toaddr toaddr ..." -# to deliver mail. -MAIL_AGENT = /usr/sbin/sendmail -#MAIL_AGENT = /usr/lib/sendmail - -# What user and group should smtpfwdd and smtpd run as? -# This MUST NOT be root, and must be a user that is "trusted" by -# sendmail or whatever you are using as MAIL_AGENT above so that the user -# may use the "-f" flag to specify the sender of a mail message. -SMTP_USER = uucp -SMTP_GROUP = uucp - -# smtpd and smtpfwdd generate lots of syslogs, by design. -# -# What log facility should smtpd and smtpfwdd use for syslogs? The -# default is LOG_MAIL, which is also used by critters like sendmail. -# if you don't like this and want the logs going elsewhere for easy -# perusal change this to something else (like LOG_LOCAL5) and adjust -# your /etc/syslog.conf file to deal with it to your liking. -# -# LOG_FACILITY=LOG_LOCAL5 -LOG_FACILITY = LOG_MAIL - - -# Where is the spool directory located? -# This is the directory used by smtpd to chroot to and store -# messages. It is the directory watched for messages by smtpfwdd. This -# directory should be readable and writable only to the user specified -# in SMTP_USER above. -# -# The chroot directory -SPOOLDIR = /usr/spool/smtpd -# Where to store messages, relative to SPOOLDIR above. -SPOOLSUBDIR = . -#Use below instead of above if you don't want smtpd to chroot. This -#isn't normally a good idea if security is your main goal. A nice -#chroot jail may be a pain to build but should give you enough of a -#warm fuzzy to make it worth your while. -#SPOOLDIR = / -#SPOOLSUBDIR = usr/spool/smtpd - -# How frequently (in seconds) should smtpfwdd wake up to check the -# spool directory for new mail? -POLL_TIME = 10 - -# What is the maximum number of children smtpfwdd should spawn at one time -# when delivering messages before waiting for some to complete? This ensures -# the arrival of hundreds of mail messages doesn't run you out of processes. -MAXCHILDREN = 10 - -# Should smtpfwdd check the exit code of sendmail? smtpfwdd checks any -# non-zero exit status from sendmail to see if it indicates that -# sendmail thinks the message might be deliverable later. Normally -# this should not be a problem, however if you are not running -# sendmail as your delivery agent, or if your sendmail is broken, the -# exit codes may not mean much. In such a case you may not want -# smtpfwdd to retry message delivery when the mta exits indicating a -# failure. Setting SENDMAIL_RETRY to 0 below will make sure smtpfwdd -# never retries delivery if the MTA returns a non-zero exit -# status. You probably shouldn't change this unless you are sure you -# know what you are doing. -SENDMAIL_RETRY = 1 - -# Sendmail has a feature/bug that when feeding a message to it it will -# stop if a line contains only a '.'. This is suppressed in smtpfwdd -# by invoking sendmail with the "-oiTrue" option if the mail agent's -# name ends in the string "sendmail". If your "sendmail" isn't really -# sendmail, you may not need or want this. If so, change the SENDMAIL_OITRUE -# below to 0. -SENDMAIL_OITRUE = 1 - -# Sendmail can handle addresses quoted in <> on the command line. Some -# MTA's (like qmail) can't. set STRIP_QUOTES to 1 if you want smtpfwdd -# to peel off the <> from mail addresses on the command line when -# invoking the mta -STRIP_QUOTES = 0 - -# How many arguments can your execv() call take at once? This can be a -# conservative estimate. It determines the maximum number of -# recipients at a time that MAIL_AGENT will be invoked with by -# smtpfwdd. -# N.B. MAXARGS must be at least 6, or 5 if SENDMAIL_OITRUE (above) is 1. -# You may wish to change this to be 6 if you want your sendmail to be -# invoked separately for each receipient. -MAXARGS = 100 - -# How long (in seconds) should smtpd block on a read() call to a -# connected client before giving up on the connection? -READ_TIMEOUT = 600 - -# Should smtpd check hostnames and ip addresses of a connection -# against the DNS to verify consistency, and report any inconsistencies? -# Set to 0 for hostchecks, 1 for no hostchecks. Set this to 1 only if -# you don't want any name lookups done. -# NO_HOSTCHECKS = 1 -NO_HOSTCHECKS = 0 - -# Smtpd's default informational status messages in the smtp dialogue -# are somewhat unique and interesting (see smtpd.h). Normally these -# are only seen by people telnetting to your smtp port, or debugging -# mail. While the author has no shame and won't change the default -# It's understandable that they aren't everyone's cup of tea. Set -# VANILLA_MESSAGES below to 1 and smtp will use plain old politically -# correct Sendmail/RFC 821 style status messages. -# VANILLA_MESSAGES = 1 # Boring.... -VANILLA_MESSAGES = 0 - -# smtpd checks and clobbers and potentially "evil" characters in hostnames, -# and mail addresses received on FROM: and RCPT: lines. This clobbers things -# like a connection from hostname `/bin/rm -rf /`@evil.org, or mail to -# "| /bin/sh". It also clobbers things like 8bit chars in such things. -# smtpd always clobbers the characters it doesn't like, -# and syslogs a note of the fact. The options below determine whether or -# not smtpd will also drop the connection. -# -# Beware of setting this to 1 if your receive mail from sites where -# it's considered ok to put 8 bit ascii chars in message headers. -# -# If PARANOID_SMTP is 1, smtpd will close connection on any client -# that puts characters it thinks may be evil in the smtp dialogue, -# (HELO, FROM, RCPT), or in the message headers. -# When PARANOID_SMTP is 0, smtpd will replace the characters it thinks -# are evil and continue. -# PARANOID_SMTP = 1 -PARANOID_SMTP = 0 - -# -# If PARANOID_DNS is 1, smtpd will close connection on any client that -# has characters it thinks may be evil in it's hostname as found by DNS, -# or any client whose DNS forward and reverse mappings are inconsistent -# indicating a DNS spoof of misconfiguration. -# If PARANOID_DNS is 0, smtpd will replace any evil characters it sees -# continue. -# PARANOID_DNS = 1 -PARANOID_DNS = 0 - -# The check above will clobber stuff in the headers from some -# non north-american localizations. -# If your operating system has localization support -# you can define LOCALIZATION below to be your localization. -# For this to work, your operating system must support localization -# with setlocale, and you must copy the appropriate localization -# files into the right place in smtpd's chroot directory. -# The result of this is that smtpd will use a -# setlocale(LC_CTYPE, LOCALIZATION) to hopefully make sure -# your normal stuff won't get clobbered. -# Leave this set to 0 for no localization support. -# -# -# SET_LOCALE = 1 # Use a setlocale call to set localization -SET_LOCALE = 0 # don't include localization support at all -#LOCALIZATION = lt_LN.ISO_8859-1 -LOCALIZATION = C -#LOCALIZATION = POSIX -#LOCALIZATION = ISO-8859-1 -#LOCALIZATION = KOI-8 - -# Some sites may wish to ensure smtpd does *not* get run with command -# line options to affect the compiled-in behaviours. Set -# NO_COMMANDLINE_OPTIONS to 1 to make smtpd and smtpfwdd ignore any command -# line options. -#NO_COMMANDLINE_OPTIONS=1 -NO_COMMANDLINE_OPTIONS=0 - -# Smtpd does not support ESMTP's EHLO command normally, as it shouldn't -# need to. According to RFC, if the EHLO is unrecognized the connecting -# agent should drop back to a HELO on the second attempt (and then be -# talking vanilla smtp). Unfortunately Netscape Communicator betas seem -# seem to have a bug in which they simply try the EHLO again. Sigh. -# setting EHLO_KLUDGE to 1 will make smtpd accept a second EHLO as a helo, -# thereby kludging around this bug in Communicator. -#EHLO_KLUDGE=1 -EHLO_KLUDGE=0 - - -# smtpd can check FROM and RCPT addresses, along with the connecting -# host info using an address check file. This can be used to only -# allow certain mail addresses on a FROM:, or certain combinations of -# FROM: and RCPT from certain hosts. It can be used to prevent third -# party relays, enforce outgoing address conventions, prevent outgoing -# SPAM/obvious forgeries, or block incoming SPAM. Setting this to 0 will -# mean that none of the address checking functionality is compiled in at -# all. (meaning all of address_check.c is #ifdefed out). -#CHECK_ADDRESS = 1 -CHECK_ADDRESS = 0 - -# Set This to 1 if you are running smtpd on a Juniper firewall machine. -# This enables smtpd to use juniper's trusted/untrusted interface -# mechanism, allowing you to use the UNTRUSTED or TRUSTED specials -# in address check rules to match based on what kind of interface -# a connection arrived on. -# -# You must set this to 0 this on a non-juniper machine or smtpd will not -# build with CHECK_ADDRESS set to 1. You will get an error about -# juniper_firewall.h not existing if you forget this. -# -#JUNIPER_SUPPORT=1 -JUNIPER_SUPPORT=0 - -# Use regexp's in patterns? If you have a POSIX <regex.h> and friends, -# and you trust the regex lib enough for use, you can set USE_REGEX to -# 1, this allows you to specify a pattern enclosed in "/" as a regular -# POSIX/henry-spencer style extended regex for case insensitive matching -# (what's between the "/" gets fed to regcomp with -# REG_EXTENDED|REG_ICASE|REG_NOSUB options, then matched against) -# -# Note that older beasts (like SunOS 4.X) usually don't have a regex -# library, so if you're using something that doesn't you should set this -# to 0. -# -USE_REGEX=0 -#USE_REGEX=1 - -# Enable checking namservers? with NS_MATCH set to 1, patterns of the -# form NS=pattern can be used to match rules against the nameservers -# and MX records of originating connections or mail addresses, rather -# than the connection itself. This allows for small rules to block out -# whole blocks of bozos from rogue providers such as ispam.net should -# you choose to do so. i.e. -# -#noto_delay:NS=205.199.212.0/24 NS=205.199.2.0/24 NS=207.124.161.0/24:ALL:ALL -#noto_delay:ALL:NS=205.199.212.0/24 NS=205.199.2.0/24 NS=207.124.161.0/24:ALL -# -# would effectively block off anything originiating from, or with a FROM: -# address looking like any of it's nameservers are on one of cyberpromo.com's -# addresses. -# -# uncomment the LD_LIBS line as well if you enable NS_MATCH unless your -# resolver routines are in libc (like they are on some Linuxes) -# -# The NS_MATCH feature is lovingly dedicated by Bob Beck to Spamford -# Wallace and ispam.net -# -NS_MATCH=0 -#NS_MATCH=1 -#LD_LIBS=-lresolv # you may or may not need this. - -# The rules file for address checking, if enabled, remember this file -# will be in the chroot jail, so the line below probably means -# /usr/spool/smtpd/etc/smtpd_check_rules, unless you changed the -# chroot directory above. -CHECK_FILE = /etc/smtpd_check_rules - -# address checking rules may want user information, gotten from an RFC -# 931 style ident. This info may be passed in the environment to smtpd -# (from juniperd or the tcp wrapper), or smtpd will do the ident -# request itself if required. CHECK_IDENT determines the timeout (in -# seconds) on an ident request. if CHECK_IDENT is 0, no ident -# requests will be made by smtpd even if it sees a rule that would -# normally make it perform one. -CHECK_IDENT = 0 -#CHECK_IDENT = 10 - -# If you use the address checks to block incoming mail from certain -# spam sites, you can set NOTO_DELAY and DENY_DELAY below to specify -# the time in seconds smtpd will go to sleep for after matching a -# "noto_delay" or "deny_delay" rule. This makes your site a small -# headache to the spammer since they have to wait before being denied, -# instead of immediately knowing so, and proceeding on to their next -# victim. -NOTO_DELAY = 0 -DENY_DELAY = 0 -# NOTO_DELAY = 300 -# DENY_DELAY = 300 -# NOTO_DELAY = 50 -# DENY_DELAY = 50 - -# Because CHECK_ADDRESS above is meant to be used as a nuisance filter -# the default is to ALLOW on failure rather than deny service when no -# match is found, or if something happens while attempting to match a -# rule (such as a system call failure, or you make a syntax error in the -# rules file). Change -# CHECK_ADDRESS_DENY_ON_FAILURE to 1 to have smtpd not allow anything -# not explicitly allowed by the rules. -# CHECK_ADDRESS_DENY_ON_FAILURE = 1 -CHECK_ADDRESS_DENY_ON_FAILURE = 0 - - -# Options to pass to indent when tidying up the code. -INDENT_ARGS = -di0 -br -bad -bap -nbc -cdb -ce -i2 -lp -npro -npcs -psl - -########################################################## -## End of compile time options. ########################## -## Select your Operating system below this.. ############# -########################################################## - - -OPTIONS = -DMAIL_AGENT=\"$(MAIL_AGENT)\" -DSMTP_USER=\"$(SMTP_USER)\" \ - -DSMTP_GROUP=\"$(SMTP_GROUP)\" \ - -DLOG_FACILITY=$(LOG_FACILITY) -DVANILLA_MESSAGES=$(VANILLA_MESSAGES) \ - -DSPOOLDIR=\"$(SPOOLDIR)\" -DSPOOLSUBDIR=\"$(SPOOLSUBDIR)\" \ - -DPOLL_TIME=$(POLL_TIME) -DSENDMAIL_RETRY=$(SENDMAIL_RETRY) \ - -DSENDMAIL_OITRUE=$(SENDMAIL_OITRUE) -DSTRIP_QUOTES=$(STRIP_QUOTES) \ - -DMAXCHILDREN=$(MAXCHILDREN) -DMAXARGS=$(MAXARGS) \ - -DREAD_TIMEOUT=$(READ_TIMEOUT) -DNO_HOSTCHECKS=$(NO_HOSTCHECKS) \ - -DPARANOID_SMTP=$(PARANOID_SMTP) -DPARANOID_DNS=$(PARANOID_DNS) \ - -DNO_COMMANDLINE_OPTIONS=$(NO_COMMANDLINE_OPTIONS) \ - -DEHLO_KLUDGE=$(EHLO_KLUDGE) \ - -DCHECK_ADDRESS=$(CHECK_ADDRESS) -DCHECK_FILE=\"$(CHECK_FILE)\" \ - -DCHECK_ADDRESS_DENY_ON_FAILURE=$(CHECK_ADDRESS_DENY_ON_FAILURE) \ - -DCHECK_IDENT=$(CHECK_IDENT) \ - -DNOTO_DELAY=$(NOTO_DELAY) -DDENY_DELAY=$(DENY_DELAY) \ - -DSET_LOCALE=$(SET_LOCALE) -DLOCALIZATION=\"$(LOCALIZATION)\" \ - -DJUNIPER_SUPPORT=$(JUNIPER_SUPPORT) -DNS_MATCH=$(NS_MATCH) \ - -DUSE_REGEX=$(USE_REGEX) - -## CC of choice. -#CC = cc -CC = gcc - -#################################################### -###### Uncomment your Operating System below ####### -#################################################### - -# The Source is with you (*BSD 4.4, Linux) -CFLAGS = -g -O -Wall -DUSE_FLOCK -DUSE_MKSTEMP $(OPTIONS) - - -#SunOS 5.X -#CFLAGS = -g -O -Wall -DUSE_LOCKF -DNEEDS_FCNTL_H -DNEEDS_STRINGS_H -DBROKEN_SUN_INCLUDES $(OPTIONS) -#LD_LIBS = -lsocket -lnsl -lresolv - -#SunOS 4.X. No regex lib here, so you will have to set USE_REGEX to 0 -#above unless you have built the regex lib separately. -#CFLAGS = -g -O -DUSE_FLOCK -DNO_MEMMOVE -DSUNOS_GETOPT $(OPTIONS) - -#Irix -#(gcc doesn't like -g here) -#CFLAGS = -Wall -O -DGETOPT_EOF -DUSE_FLOCK -DNEEDS_FCNTL_H -DNEEDS_BSTRING_H -DIRIX_BROKEN_INCLUDES $(OPTIONS) - -#AIX -#CFLAGS = -g -O -Wall -DGETOPT_EOF -DUSE_LOCKF -DNEEDS_FCNTL_H -DNEEDS_LOCKF_H -DNEEDS_STRINGS_H -DNEEDS_SELECT_H $(OPTIONS) - - -all: smtpd smtpfwdd - -smtpd: smtpd.o address_check.o - $(CC) -o smtpd smtpd.o address_check.o $(LD_LIBS) - -smtpfwdd: smtpfwdd.o - $(CC) -o smtpfwdd smtpfwdd.o $(LD_LIBS) - -smtpd.o: smtpd.c smtpd.h smtp.h - -smtpfwdd.o: smtpfwdd.c smtp.h - -indent: - indent $(INDENT_ARGS) smtpd.c - indent $(INDENT_ARGS) smtpfwdd.c - indent $(INDENT_ARGS) address_check.c - -install: smtpd smtpfwdd - install -m 500 smtpd $(INSTALL_PREFIX)$(INSTALL_BIN)smtpd - install -m 500 smtpfwdd $(INSTALL_PREFIX)$(INSTALL_BIN)smtpfwdd - -clean: - /bin/rm -f *.o - -clobber: - /bin/rm -f smtpd smtpfwdd *.o - - diff --git a/libexec/smtpd/src/README b/libexec/smtpd/src/README deleted file mode 100644 index 72edcf0810e..00000000000 --- a/libexec/smtpd/src/README +++ /dev/null @@ -1,44 +0,0 @@ - Obtuse smtpd/smtpfwdd - - This is the Obtuse smtpd/smtpfwdd SMTP store and forward -proxy. It can be used to pass SMTP mail across a dual-homed bastion host -(such as in a firewall) with minimal danger. It can also be used if -you simply don't want your big complicated mail agent (such as sendmail) -establishing direct contact with the outside world. It is useful for -people who wish to practice "Safe Sendmail" :-) - - These programs are documented at http://www.obtuse.com/juniper-docs/ -Please consult the web site for the man pages. - - http://www.obtuse.com/smtpd.html is a top level page for smtpd -that should get you started. - - smtpd implements a minimal subset of the Simple Mail Transfer -Protocol as specified in RFC 821. This daemon is used to talk to other smtp -mailers on the internet so that the host may receive mail. This is the -storing daemon. smtpd agressively checks the originating host and logs -anything it knows about it. it also imposes the RFC mandated limits on the -length of command lines, and checks the hostnames and mailnames given by the -remote client for anything suspicious. smtpd now checks the message headers -for unprintable characters, or excessively long (>255) lines. It can (at -your option) drop the connection on seeing anything suspicious. -smtpd runs as a non-privileged user inside a chroot to it's spooling directory. - - smtpfwdd is the forwarding daemon. It scans the directory used -by smtpd for completed mail messages. Upon seeing one, it forwards it -to it's intended destination by using sendmail or a similar mailer. You -may at your option, tell smtpfwdd to use a wrapper for sendmail which -checks the message body for anything you don't like instead of the -real thing. That is currently the best way to impose additional checking -on the content of a mail message. You may use any mailer to forward mail that -takes arguments of the form: - -mailer -f fromaddr toaddr toaddr1 toaddr2 .... -smtpfwdd also runs as a non-privileged user. - -For installation notes please see the file INSTALL. The default Makefile -(also in Makefile.default) builds the daemon with all features enabled. -Makefile.nochecks can be used to build the daemon with no address checking -(nothing from address_check.c) enabled, and Makefile.minimal can be used -to build a minimal daemon that won't even do reverse dns lookups. - diff --git a/libexec/smtpd/src/accumlog.c b/libexec/smtpd/src/accumlog.c deleted file mode 100644 index 216d615b93e..00000000000 --- a/libexec/smtpd/src/accumlog.c +++ /dev/null @@ -1,168 +0,0 @@ -/* $OpenBSD: accumlog.c,v 1.3 2002/02/19 19:39:38 millert Exp $*/ - -/* - * - * Copyright (c) 1998 Obtuse Systems Corporation <info@obtuse.com> - * Copyright (c) 1998 Simon J. Gerraty <sjg@quick.com.au> - * From: accumlog.c,v 1.1 1998/03/29 07:47:02 sjg - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Obtuse Systems - * Corporation and its contributors. - * 4. Neither the name of the Obtuse Systems Corporation nor the names - * of its contributors may be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY OBTUSE SYSTEMS CORPORATION AND - * CONTRIBUTORS ``AS IS''AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL OBTUSE SYSTEMS CORPORATION OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN - * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/* - * NAME: - * accumlog - append info to log entry - * - * SYNOPSIS: - * int accumlog(level, fmt, ...) - * - * DESCRIPTION: - * If "fmt" is null we flush any accumulated log - * to syslog otherwise we just append it to an existing entry. - * - * AUTHOR: - * Simon J. Gerraty <sjg@quick.com.au> - */ - -/* - * @(#)Copyright (c) 1998 Simon J. Gerraty. - * - * This is free software. It comes with NO WARRANTY. - * Permission to use, modify and distribute this source code - * is granted subject to the following conditions. - * 1/ that the above copyright notice and this notice - * are preserved in all copies and that due credit be given - * to the author. - * 2/ that any changes to this code are clearly commented - * as such so that the author does not get blamed for bugs - * other than his own. - * - * Please send copies of changes and bug-fixes to: - * sjg@quick.com.au - */ - -#ifdef HAVE_CONFIG_H -# include "config.h" -#endif - -#include <stdio.h> -#include <stdarg.h> -#include <syslog.h> -#include <sys/types.h> -#include <string.h> -#include <sysexits.h> /* exit codes so smtpd/smtpfwdd can exit properly -BB */ -#ifdef HAVE_MALLOC_H -# include <malloc.h> -#else -extern char *malloc(), *realloc(); -#endif - -#ifdef MAIN -# define LOG_HUNK 10 -#endif - -#ifndef LOG_HUNK -# define LOG_HUNK 128 -#endif -#ifndef MAX -# define MAX(a, b) (((a) < (b)) ? (b) : (a)) -#endif - -int -accumlog(int level, const char *fmt, ...) -{ - va_list va; - static char *log = 0; - static int lsz = 0; - static int lx = 0; - int i, x, space = 0; - - va_start(va, fmt); - if (log == 0) { - lsz = 2 * LOG_HUNK; - if ((log = (char *) malloc(lsz)) == 0) { - syslog(LOG_ERR, "accumlog: malloc(%d): %m", lsz); - exit(EX_OSERR); - } - } - if (fmt == 0) { - if (lx > 0) { - syslog(level, "%s", log); - space = lx; - lx = 0; - } - va_end(va); - return space; /* how much logged */ - } - do { - space = lsz - lx; - x = vsnprintf(&log[lx], space, fmt, va); - if (x < 0) { - syslog(LOG_ERR, "accumlog: vsnprintf(\"%s\", ...): %m", fmt); - lx = 0; /* lose */ - } - if (x > 0 && (i = x + (LOG_HUNK / 2)) > space) { - lsz += MAX(i, LOG_HUNK); - if ((log = realloc(log, lsz)) == 0) { - syslog(LOG_ERR, "accumlog: realloc(%d): %m", lsz); - exit(EX_OSERR); - } - - } - } while (x > 0 && x > space) ; - - if (x > 0) { - lx += x; - if (log[lx - 1] == '\n') - lx--; - } - - va_end(va); - return lx; -} - -#ifdef MAIN -int -main(argc, argv) - int argc; - char **argv; -{ - int i; - - openlog("accumlog", 0, LOG_LOCAL0); - accumlog(LOG_INFO, "PID=%d\n", getpid()); /* should lose the \n */ - - for (i = 1; i < argc; i++) - accumlog(LOG_INFO, ", argv[%d]='%s'", i, argv[i]); - accumlog(LOG_INFO, 0); - exit(EX_OK); -} -#endif diff --git a/libexec/smtpd/src/address_check.c b/libexec/smtpd/src/address_check.c deleted file mode 100644 index 64bedfdbbe4..00000000000 --- a/libexec/smtpd/src/address_check.c +++ /dev/null @@ -1,1656 +0,0 @@ -/* $OpenBSD: address_check.c,v 1.4 2001/01/28 19:34:34 niklas Exp $ */ - -/* - * - * Copyright (c) 1996, 1997 Obtuse Systems Corporation. All rights - * reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Obtuse Systems - * Corporation and its contributors. - * 4. Neither the name of the Obtuse Systems Corporation nor the names - * of its contributors may be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY OBTUSE SYSTEMS CORPORATION AND - * CONTRIBUTORS ``AS IS''AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL OBTUSE SYSTEMS CORPORATION OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN - * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * Address checking functionality for Obtuse smtpd. - * main routine is smtp_check_addr, which checks a from and to address - * along with the source of the smtp connection to see if the message - * should be allowed or denied. - * - * Reads an address check file of the format: - * - * allow|deny|noto:SOURCEPAT [SOURCEPAT ...]:FROM [FROM ...]:TO [TO ..] - * - * all matches done in lower case. All patterns must be Lower case except - * for specials. - * - * No code from this file is used unless the daemon is - * compiled with CHECK_ADDRESS set to 1. - * - * **VERY IMPORTANT** - Unlike the rest of smtpd, these routines by - * default *DO NOT DENY SERVICE ON FAILURE* in other words, if - * something happens in the course of checking a mail address so that - * the address can not be checked, the default is to *ALLOW* on - * failure rather than the normal firewall-parnoid mode of *DENY* on - * failure. This is because I do not see these routines as something - * which normally is used to increase external security, they should - * be used mainly for nuisance prevention (Making it more difficult - * for internal users to spam/get spammed, forge mail, etc.) - * - * This behaviour is changable by setting - * CHECK_ADDRESS_DENY_ON_FAILURE at compile time in which case the - * routines will deny on failure, including the case of when there is - * no match for a message in the checking file. - */ - -#ifndef CHECK_ADDRESS -#define CHECK_ADDRESS 0 -#endif - -#if CHECK_ADDRESS /* this encases everything */ -#include <stdarg.h> -#include <stdlib.h> -#include <stdio.h> -#include <signal.h> -#include <sys/time.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/param.h> -#include <sys/file.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <netdb.h> -#include <arpa/inet.h> -#include <arpa/nameser.h> -#ifdef NS_MATCH -#include <resolv.h> -#endif -#include <unistd.h> -#include <syslog.h> -#include <errno.h> -#include <limits.h> -/* #include <sys/utsname.h> */ -#include <string.h> -#include <ctype.h> -#include <setjmp.h> -#ifdef NEEDS_STRINGS_H -#include <strings.h> -#endif -#ifdef NEEDS_FCNTL_H -#include <fcntl.h> -#endif -#ifdef NEEDS_BSTRING_H -#include <bstring.h> -#endif -#ifdef NEEDS_SELECT_H -#include <sys/select.h> -#endif - -#include "smtpd.h" -#if JUNIPER_SUPPORT -#ifdef __linux__ -#include <linux/juniper_firewall.h> -#else -#include <netinet/juniper_firewall.h> -#endif -#endif -#if USE_REGEX -#include<regex.h> -#endif - -#if CHECK_ADDRESS_DENY_ON_FAILURE -#define CHECK_FAILURE 0 -#else -#define CHECK_FAILURE 1 -#endif - -#ifndef CHECK_IDENT -#define CHECK_IDENT 10 -#endif - -#ifndef NOTO_DELAY -#define NOT0_DELAY 0 -#endif - -#ifndef DENY_DELAY -#define DENY_DELAY 0 -#endif - -#ifndef NS_MATCH -#define NS_MATCH 0 -#endif - -#define SPANBLANK(p) while (isspace(*p)) p += 1 - -/* set by parsing routines in case malloc barfs. */ -int Failure = 0; -int line = 0; -extern char *victim; - -#if NS_MATCH -#define NSLIMIT 100 -#define NSIPLIMIT 500 -struct ns_match { - char *string; /* the string that gave us this */ - int count; /*how many nameservers */ - char **servers; /* names of servers */ - int ip_count; /* count of server ip's */ - char **serv_ip; /* ip of servers in dotted decimal */ - int crop; /* exact match == 0, >0 number of .'s moved right to find match */ -}; - -#endif - -#if JUNIPER_SUPPORT -/* Is connection from a trusted interface? */ -int connection_trusted(void) { - int session_kind, session_kind_size; - /* - * What kind of session is this? - */ - - session_kind_size = sizeof(session_kind); - if ( getsockopt( 0, IPPROTO_TCP, TCP_JUNIPER_SESSION_KIND, - &session_kind, &session_kind_size ) != 0 ) { - syslog(LOG_CRIT,"CRITICAL - can't get session kind flags (%m) on connected session"); - Failure = 1; - return(0); - } - /* connection kinds that aren't untrusted have come in on a trusted - * interface - i.e. captured sessions - */ - return(session_kind != JUNIPER_UNTRUSTED_SESSION); -} -#endif - -/* - * Handle ident timeouts - */ - -static jmp_buf timeout_jmpbuf; -static int do_ident=0; /* should we do an ident? */ - -static void alarm_hdlr(int s) { - longjmp(timeout_jmpbuf, s); /* sigh. must be a better way */ -} - -/* - * Zap our peer with an ident request and see what happens - */ - -int -rfc931_ident(struct peer_info *pi, int ident) -{ - struct sockaddr_in my_query_sa, peer_query_sa; - int fd, i; - char tbuf[1024]; - char tbuf2[1024]; - char *cp; - unsigned int peer_port, my_port; - - /* Vanna, Vanna, pick me a socket.. */ - - if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - return(0); - } - my_query_sa = *(pi->my_sa); - peer_query_sa = *(pi->peer_sa); - my_query_sa.sin_port = htons(0); - peer_query_sa.sin_port = htons(113); - - if (setjmp(timeout_jmpbuf) == 0) { - signal(SIGALRM, alarm_hdlr); - alarm(ident); - - if (bind(fd, (struct sockaddr *) &my_query_sa, - sizeof(my_query_sa)) < 0) { - alarm(0); - signal(SIGALRM, SIG_DFL); - close(fd); - return(0); - } - - if (connect(fd, (struct sockaddr *) &peer_query_sa, - sizeof(peer_query_sa)) < 0) { - alarm(0); - signal(SIGALRM, SIG_DFL); - close(fd); - return(0); - } - - sprintf(tbuf, "%u,%u\r\n", ntohs(pi->peer_sa->sin_port), - ntohs(pi->my_sa->sin_port)); - i=0; - while (i < strlen(tbuf)) { - int j; - j=write(fd, tbuf+i, (strlen(tbuf+i))); - if (j < 0) { - syslog(LOG_DEBUG, "write error sending ident request (%m)"); - alarm(0); - signal(SIGALRM, SIG_DFL); - close(fd); - return(0); - } - else if (j > 0){ - i+=j; - } - } - - /* read the answer back */ - - i = 0; - bzero(tbuf, sizeof(tbuf)); - while((cp = strchr(tbuf, '\n')) == NULL && i < sizeof(tbuf) - 1) { - int j; - j = read(fd, tbuf+i, (sizeof(tbuf) - 1) - i); - if (j < 0) { - alarm(0); - signal(SIGALRM, SIG_DFL); - close(fd); - return(0); - } - i+=j; - } - tbuf[i]='\0'; /* Guaranteed to be room for the '\0' */ - - /* RFC or no RFC, there is absolutely no excuse - * for a >80 char ident. - */ - - peer_port = my_port = 0; - - if (((sscanf(tbuf,"%u , %u : USERID :%*[^:]:%80s", - &peer_port, &my_port, tbuf2)) != 3) || - (ntohs(pi->peer_sa->sin_port) != peer_port) || - (ntohs(pi->my_sa->sin_port) != my_port)) { - pi->peer_dirty_ident = NULL; - alarm(0); - signal(SIGALRM, SIG_DFL); - close(fd); - return(0); - } - if ((cp = strchr(tbuf2, '\r')) != NULL) { - *cp = '\0'; - } - - pi->peer_dirty_ident = strdup(tbuf2); - if ( pi->peer_dirty_ident == NULL ) { - Failure = 1; - alarm(0); - signal(SIGALRM, SIG_DFL); - close(fd); - return(0); - } - - /* sanitize what we got from the peer, caller can check - * differences from original if they care. - */ - - pi->peer_clean_ident = strdup( cleanitup(pi->peer_dirty_ident) ); - if (pi->peer_clean_ident == NULL) { - Failure = 1; - free(pi->peer_dirty_ident); - pi->peer_dirty_ident = NULL; - alarm(0); - signal(SIGALRM, SIG_DFL); - close(fd); - return(0); - } - - /* Normal return */ - - alarm(0); - signal(SIGALRM, SIG_DFL); - close(fd); - return(1); - - } else { - - /* Timeout */ - alarm(0); - signal(SIGALRM, SIG_DFL); - close(fd); - return(0); - - } - -} - -/* case insensitive pattern match, "pat" is assumed to - * be lower case (to avoid matching uppercase specials) - */ -int match_case_pattern(char *pat, char *string) { - char c; - - while (1) { - c = *pat; - pat++; - switch(c) { - case '\0' : - return(*string == '\0'); - case '*' : - c=*pat; - while (c == '*') { - pat++; - c = *pat; - } - if (c == '\0') { - return(1); - } - while (*string != '\0') { - if (match_case_pattern(pat, string)) { - return(1); - } - string++; - } - return(0); - default: - if (tolower(c) != tolower(*string)) { - return(0); - } - string++; - break; - } - } -} - - -#if USE_REGEX -void regex_error(int code, const regex_t *preg) { - - char msgbuf[161]; - int i; - - msgbuf[0]='\0'; - i=regerror(code, preg, msgbuf, 160); - msgbuf[160]='\0'; - - syslog(LOG_ERR, "regex: %s%s (line %d of check_rules)", - (i>160)?"":"(truncated) ", msgbuf, line); - if (i > 160) { - syslog(LOG_ERR, "regex: previous error message truncated by %d bytes", - i - 160); - } -} - - -static int match_regex(const char *rstring, char *string) { - /* match a regular expression in rstring against string. */ - int r; - regex_t reg, *preg; - - preg = ® - - r=regcomp(preg, rstring, REG_EXTENDED|REG_ICASE|REG_NOSUB); - if (r != 0) { - regex_error(r, preg); - regfree(preg); - Failure = 1; - return(0); - } - r = regexec(preg, string, 0, NULL, 0); - switch (r) { - case 0: - regfree(preg); - return(1); - break; - case REG_NOMATCH: - regfree(preg); - return(0); - break; - default: - regex_error(r, preg); - regfree(preg); - Failure = 1; - return(0); - break; - } -} -#endif - -/* Cribbed and modified from logdaemon5.6 by Wieste Venema*/ -static int string_match(char *tok, char *string) -{ - if (tok == NULL) { - return(0); - } - /* - * If the token has the magic value "ALL" the match always succeeds. - * Otherwise, return 1 if the token fully matches the string. - */ - if (strcmp(tok, "ALL") == 0) { /* all: always matches */ - return (1); - } - if (string == NULL ) { - /* normal case, had no response on gethostbyname(), ident, etc. */ - return(0); - } - else { -#if USE_REGEX - if ( (tok[0] == '/') && (tok[strlen(tok) - 1] == '/') ) { - /* match as a regex */ - char * rstring; - rstring = strdup(tok); - if (rstring == NULL) { - syslog(LOG_ERR, "malloc failed"); - Failure = 1; - return(0); - } - else { - rstring[strlen(rstring) - 1] = '\0'; - if (match_regex(rstring+1, string)) { - free(rstring); - return(1); - } - else { - free(rstring); - return(0); - } - } - } -#endif - return(match_case_pattern(tok, string)); - } - return(0); -} - - -int masked_ip_match(char *tok, char *string) -{ - /* see if token looks like an masked ip address (a.b.c.d/bits), - * if so, match it against the ip address in dotted - * decimal form in string. If it doesn't look like a masked ip, - * of form a.b.c.d/bits, match it against the string as a - * regular pattern. This allows for things patterns like: - * 192.168.20.0/24 == class C 192.168.20.0 - * 192.168.20.* == same thing. - */ - - char *p, *tbuf; - int period_cnt, non_digit; - in_addr_t adt, mat, madt; - in_addr_t *addr, *mask; - - mat=INADDR_BROADCAST; - addr=&adt; - mask=&mat; - - if (tok==NULL) { - return(0); - } - - period_cnt = 0; - non_digit = 0; - for ( p = tok; *p != '\0' && *p != '/'; p += 1 ) { - if ( *p == '.' ) { - if ( p > tok && *(p-1) == '.' ) { - return(match_case_pattern(tok, string)); - } - period_cnt += 1; - } else if ( !isdigit(*p) ) { - return(match_case_pattern(tok, string)); - } - } - - tbuf = malloc(p - tok + 1); - if (tbuf == NULL) { - syslog(LOG_ERR, "masked_ip_match: malloc failed"); - Failure = 1; - return(0); - } - strncpy(tbuf,tok,p-tok); - tbuf[p-tok] = '\0'; - - if ( period_cnt == 3 ) { - int a1, a2, a3, a4; - - sscanf(tbuf,"%u.%u.%u.%u",&a1,&a2,&a3,&a4); - if ( a1 > 255 || a2 > 255 || a3 > 255 || a4 > 255 ) { - return(0); - } - - ((char *)addr)[0] = a1; - ((char *)addr)[1] = a2; - ((char *)addr)[2] = a3; - ((char *)addr)[3] = a4; - - } else if ( strcmp(tbuf,"0") == 0 ) { - - ((char *)addr)[0] = 0; - ((char *)addr)[1] = 0; - ((char *)addr)[2] = 0; - ((char *)addr)[3] = 0; - - } else { - /* not a masked address */ - return(match_case_pattern(tok, string)); - } - - free(tbuf); - if (*p == '/'){ - long bits; - char *end; - - p += 1; - if ( *p == '\0' ) { - return(0); - } else if ( !isdigit(*p) ) { - /* no number for mask */ - return(0); - } - - bits = strtol(p,&end,10); - if ( *end != '\0' ) { - /* junk at end */ - return(0); - } - - if ( bits < 0 || bits > 32 ) { - /* out of range */ - return(0); - } - - if ( bits == 0 ) { /* left shifts of 32 aren't defined */ - mat = 0; - } else { - ((char *)mask)[0] = (-1 << (32 - bits)) >> 24; - ((char *)mask)[1] = (-1 << (32 - bits)) >> 16; - ((char *)mask)[2] = (-1 << (32 - bits)) >> 8; - ((char *)mask)[3] = (-1 << (32 - bits)) >> 0; - } - } - - /* mask off values */ - adt &= mat; - - /* convert string to ipaddr */ - madt=inet_addr(string); - if (madt == -1) { - return(0); - } - - /* mask off connecting address */ - madt &= mat; - - /* for all the marbles */ - return(madt == adt); -} - -/* do a Vixie style rbl lookup for dotquad addr in rbl domain - * rbl_domain. - */ -int vixie_rbl_lookup(char * rbl_domain, char * addr) { - char *t, *d, *a; - t = strdup(addr); - if (t==NULL) { - syslog(LOG_ERR, "Malloc failed!"); - Failure = 1; - return(0); - } - d = (char *) malloc(strlen(t)+strlen(rbl_domain)+1); - if (d==NULL) { - syslog(LOG_ERR, "Malloc failed!"); - free(t); - Failure = 1; - return(0); - } - *d='\0'; - while((a = strrchr(t, '.'))) { - strcat(d, a+1); - strcat(d, "."); - *a='\0'; - } - strcat(d, t); - strcat(d, rbl_domain); - if (gethostbyname(d) != NULL) { - free(t); free(d); - return(1); - } - free(t); free(d); - return(0); -} - -static int ip_match(char *tok, char *string) -{ - /* - * If the token has the magic value "ALL" the match always succeeds. - * Otherwise, return 1 if the token matches the dotted decimal ip - * address in string. - */ - if (strcmp(tok, "ALL") == 0) { /* all: always matches */ - return (1); - } - else if ((string == NULL)) { - return(0); - } - else if (strncmp(tok, "RBL.", 4) == 0) { - /* do an rbl style lookup on the IP address in string usind - * rbl domain of whatever followed RBL in tok - */ - return(vixie_rbl_lookup(tok+3, string)); - } - else { - return(masked_ip_match(tok, string)); - } - return(0); -} - - -#if NS_MATCH -/* Routines for looking up and matching nameservers. - * These routines are based on the soa lookup program from - * the O'reilly "DNS and BIND" nutshell handbook by Paul Ablitz - * and Cricket Liu (page 300). - */ - -int -skipName(startOfMsg, cp, endOfMsg) -u_char *startOfMsg; -u_char *cp; -u_char *endOfMsg; -{ - char buf[MAXDNAME]; /* buffer to expand name into */ - int n; /* number of bytes in compressed name */ - - if((n = dn_expand(startOfMsg, endOfMsg, cp, - buf, MAXDNAME)) < 0){ - syslog (LOG_ERR, "dn_expand failed in skipName"); - Failure = 1; - return(0); - } - return(n); -} - -/**************************************************************** - * skipToData -- This routine advances the cp pointer to the * - * start of the resource record data portion. On the way, * - * it fills in the type, class, ttl, and data length * - ****************************************************************/ -int -skipToData(startOfMsg, cp, type, class, ttl, dlen, endOfMsg) -u_char *startOfMsg; -u_char *cp; -u_short *type; -u_short *class; -u_int *ttl; -u_short *dlen; -u_char *endOfMsg; -{ - u_char *tmp_cp = cp; /* temporary version of cp */ - - /* Skip the domain name; it matches the name we looked up */ - tmp_cp += skipName(startOfMsg, tmp_cp, endOfMsg); - - /* - * Grab the type, class, and ttl. GETSHORT and GETLONG - * are macros defined in arpa/nameser.h. - */ - GETSHORT(*type, tmp_cp); - GETSHORT(*class, tmp_cp); - GETLONG(*ttl, tmp_cp); - GETSHORT(*dlen, tmp_cp); - - return(tmp_cp - cp); -} - - -/**************************************************************** - * findNameServers -- find all of the name servers and MX records for - * the given string and store their names and ip addresses. chop off - * lhs parts of the string untill we find a match. store results in - * the nameservers structure passed in. don't redo lookups if the - * nameservers structure already contains what we want from a previous - * call. - ****************************************************************/ - -void findNameServers(char * string, struct ns_match *nameservers) { - union { - HEADER hdr; /* defined in resolv.h */ - u_char buf[PACKETSZ]; /* defined in arpa/nameser.h */ - } response; /* response buffers */ - int responseLen; /* buffer length */ - - u_char *cp; /* character pointer to parse DNS packet */ - u_char *endOfMsg; /* need to know the end of the message */ - u_short class; /* classes defined in arpa/nameser.h */ - u_short type; /* types defined in arpa/nameser.h */ - u_int ttl; /* resource record time to live */ - u_short dlen; /* size of resource record data */ - - int i, count, dup; /* misc variables */ - - char *next = NULL; - - /* - * Look up the NS records for the given string. We expect the string - * to be a hostname, the rhs of an e-mail address, or - * xx.xx.xx.xx.in-addr.arpa. - */ - - - if (nameservers->string != NULL) { - if (strcmp(nameservers->string, string) == 0) { - /* This structure already contains what we want, just return */ - return; - } - else { - /* This structure contains old data. free it */ - int i; - free(nameservers->string); - for (i=0; i<nameservers->count; i++) { - free(nameservers->servers[i]); - } - nameservers->count = 0; - for (i=0; i<nameservers->ip_count; i++) { - free(nameservers->serv_ip[i]); - } - nameservers->ip_count = 0; - /* put our new string in the top. */ - nameservers->string = strdup(string); - if (nameservers->string == NULL) { - syslog(LOG_ERR, "malloc failed"); - Failure = 1; - return; - } - nameservers->crop = 0; - } - } - else { - /* allocate space in the structure */ - nameservers->string = strdup(string); - if (nameservers->string == NULL) { - syslog(LOG_ERR, "malloc failed"); - Failure = 1; - return; - } - nameservers->servers = (char **) malloc(NSLIMIT * sizeof(char *)); - if (nameservers->servers == NULL) { - syslog(LOG_ERR, "malloc failed"); - Failure = 1; - return; - } - nameservers->serv_ip = (char **) malloc(NSIPLIMIT * sizeof(char *)); - if (nameservers->serv_ip == NULL) { - syslog(LOG_ERR, "malloc failed"); - Failure = 1; - return; - } - } - cp = nameservers->string; - while ((responseLen = - res_query(cp, /* the domain we care about */ - C_IN, /* Internet class records */ - T_ANY, /* pah, give me anything, I'll find NS. */ - (u_char *)&response, /*response buffer*/ - sizeof(response))) /*buffer size */ - < 0){ /*If negative */ - - /* - * move ahead to the next thing after a "." in our string. - * see if we can find something for that. Don't look up stuff when - * no "." is left, so we don't look up top-level domains. - */ - cp = (next == NULL)?strchr(cp, '.'):next; - if (cp == NULL) { - return; - } - cp++; - next = strchr(cp, '.'); - if (next == NULL) { - return; - } - nameservers->crop++; /* keep track of how many pieces we lopped off */ - } - - /* - * Keep track of the end of the message so we don't - * pass it while parsing the response. responseLen is - * the value returned by res_query. - */ - endOfMsg = response.buf + responseLen; - - /* - * Set a pointer to the start of the question section, - * which begins immediately AFTER the header. - */ - cp = response.buf + sizeof(HEADER); - - /* - * Skip over the whole question section. The question - * section is comprised of a name, a type, and a class. - * QFIXEDSZ (defined in arpa/nameser.h) is the size of - * the type and class portions, which is fixed. Therefore, - * we can skip the question section by skipping the - * name (at the beginning) and then advancing QFIXEDSZ. - * After this calculation, cp points to the start of the - * answer section, which is a list of NS records. - */ - cp += skipName(response.buf, cp, endOfMsg) + QFIXEDSZ; - - /* - * Create a list of name servers from the response. - * NS records may be in the answer section and/or in the - * authority section depending on the DNS implementation. - * Walk through both. The name server addresses may be in - * the additional records section, but we will ignore them - * since it is much easier to call gethostbyname() later - * than to parse and store the addresses here. - */ - count = ntohs(response.hdr.ancount) + - ntohs(response.hdr.nscount); - while ( (--count >= 0) /* still more records */ - && (cp < endOfMsg) /* still inside the packet*/ - && (nameservers->count < NSLIMIT)) { /* still under our limit */ - - if (nameservers->count == (NSLIMIT / 4)) { - syslog(LOG_INFO, "%d distinct answers and counting for nameserver info from %s. Possibly very bogus.", nameservers->count, string); - } - - /* Skip to the data portion of the resource record */ - cp += skipToData(response.buf, cp, &type, &class, &ttl, - &dlen, endOfMsg); - - if (type == T_NS || type == T_MX) { /* look for Nameserver OR MX */ - - u_char tmp_buf[MAXDNAME]; - - /* Don't forget to skip over the MX priority! - * Thanks hps@tanstaafl.de. - */ - if(type == T_MX) - { - u_short mx; - - GETSHORT(mx, cp); - dlen -= 2; - } - - /* Expand the name server's name */ - if (dn_expand(response.buf, /* Start of the packet */ - endOfMsg, /* End of the packet */ - cp, /* Position in the packet*/ - tmp_buf, /* Result */ - MAXDNAME) /* size of tmp_buf buffer */ - < 0) { /* Negative: error */ - - /* unfortunately people use lame records that - * dn_expand fails on! sigh, A dns server is only as - * good as the weakest link of the code running on it and - * the maintainer of it. So (barring the DN_EXPAND_NAME_FAIL - * being defined) we'll just ignore these failures, and - * treat them like the record didn't exist. This - * mimics sendmail's behaviour in the same instances - * (see sendmail domain.c) -BB - */ - -#ifdef DN_EXPAND_NAME_FAIL - syslog (LOG_ERR, "dn_expand failed to expand %s record in findNameServers",(type == T_NS)?"NS":"MX" ); - Failure = 1; - return; -#else - syslog (LOG_DEBUG, "dn_expand failed to expand %s record in findNameServers - ignored record", (type == T_NS)?"NS":"MX" ); -#endif - } - else { /* dn_expand ok */ - - /* clean up the answer, in case someone's got something - * hostile or lame in their DNS. - */ - - if ((nameservers->servers[nameservers->count]= - strdup(cleanitup(tmp_buf))) == NULL) { - Failure = 1; - syslog(LOG_ERR, "malloc failed"); - return; - } - - /* - * Check the name we've just unpacked and add it to - * the list of servers if it is not a duplicate. - * If it is a duplicate, just ignore it. - */ - for(i = 0, dup=0; (i < nameservers->count) && !dup; i++) - dup = !strcasecmp(nameservers->servers[i], nameservers->servers[nameservers->count]); - if(dup) - free(nameservers->servers[nameservers->count]); - else { - (nameservers->count)++; - } - } - } - - /* Advance the pointer over the resource record data */ - cp += dlen; - - } /* end of while */ - - /* We should now have the nameserver names in the severs list. - * we now need to get all their IP's. We want to be able to - * compare IP's to allow for matching anything NS'ed by anything - * in a rogue provider's block. - */ - for (i=0; i<nameservers->count; i++) { - struct hostent *host; - char **pp; - host = gethostbyname(nameservers->servers[i]); - if (host != NULL) { - for (pp=host->h_addr_list; *pp != NULL; pp += 1) { - nameservers->serv_ip[nameservers->ip_count]= - strdup(inet_ntoa(*((struct in_addr *) *pp))); - if (nameservers->serv_ip[nameservers->ip_count] == NULL){ - syslog(LOG_ERR, "Malloc failed"); - (nameservers->ip_count)--; - Failure = 1; - return; - } - (nameservers->ip_count)++; - } - } - if (nameservers->ip_count == (NSIPLIMIT / 4)) { - syslog(LOG_INFO, "%d ip addresses and counting for nameserver info from %s. Possibly very bogus.", nameservers->ip_count, string); - } - if (nameservers->ip_count == NSIPLIMIT) { - syslog(LOG_ERR, "Got %d ip addresses for nameserver infor from %s. I've stopped looking for more.", NSIPLIMIT, string); - break; - } - } - if (nameservers->count == NSLIMIT) { - syslog(LOG_ERR, "Got %d distinct answers for nameserver info from %s. I've stopped looking for more.", nameservers->count, string); - } - -} - - -static int nameserver_match(char *pat, char *match_string, - struct ns_match *nameservers) - -{ /* match a pattern against the namserver for match_string */ - - struct hostent *host; - findNameServers(match_string, nameservers); - - if (strcmp(pat, "UNKNOWN") == 0) { - /* return a match if the string doesn't resolve as a hostname, and - * we didn't find a nameserver, or we had to lop off bogus parts - * of the string to find one. - */ - - host = gethostbyname(match_string); - if ((host == NULL) - && (nameservers->count == 0 || nameservers->crop > 0)) { - syslog (LOG_DEBUG, "Matched %s UNKNOWN to name service", - match_string); - return(1); - } - else { - return(0); - } - } - - else if (strcmp(pat, "KNOWN") == 0) { - /* return a match if the string does resolve as a hostname, or - * we did find a nameserver without lopping off bogus parts - * of the string to find one. - */ - - host = gethostbyname(match_string); - if ((host != NULL) - || (nameservers->count > 0 && nameservers->crop == 0)) { - syslog (LOG_DEBUG, "Matched %s KNOWN to name service (%s)", - match_string, - (host != NULL)?"resolves as hostname":"has NS or MX record" - ); - return(1); - } - else { - return(0); - } - } - - else { - int i; - /* check against each nameserver IP */ - for (i=0; i<nameservers->ip_count; i++) { - if (ip_match(pat, nameservers->serv_ip[i])) { - syslog (LOG_DEBUG, "Matched nameserver ip of %s", - nameservers->serv_ip[i]); - return(1); - } - } - /* check against each nameserver name */ - for (i=0; i<nameservers->count; i++) { - if (string_match(pat, nameservers->servers[i])) { - syslog (LOG_DEBUG, "Matched nameserver hostname of %s", - nameservers->servers[i]); - return(1); - } - } - } - return(0); -} -#endif - -static int address_match(char *pat, - const char *match_string, - char * user -#if NS_MATCH - , struct ns_match * ns -#endif - ) { - /* match an address against a pattern for one. To us an - * address is a right and left part, deliniated by the - * rightmost "@" in the string. - */ - char *at, *string, *ostring; - char *rightp, *leftp; - char *lefts, *rights; - int rval = 0; - - string=strdup(match_string); - if (string == NULL) { - syslog (LOG_ERR, "Malloc failed"); - Failure = 1; - return(0); - } - ostring = string; - - /* an address may be (probably is) enclosed in <>. If it is, - * strip them out before the match - */ - if ((string[0] == '<') && (string[strlen(string) - 1] == '>')) { - string[strlen(string) - 1] = '\0'; - string++; - SPANBLANK(string); - } - - /* if an address is all regex, don't split it, just use regex - * on the whole thing - * N.B. this means that you can't use two regex in a pattern i.e. - * /regex/@bar will work, - * foo@/regex/ will work, but - * /regex/@/regex/ won't work - */ -#if USE_REGEX - if ( (pat[0] == '/') && (pat[strlen(pat) - 1] == '/') ) { - if (string_match(pat, string)) { - free(ostring); - return(1); - } - free(ostring); - return(0); - } -#endif - - /* split the pattern */ - leftp = pat; - at = strrchr(pat, '@'); - if (at != NULL) { - *at = '\0'; - rightp = at+1; - } - else { -#if NS_MATCH - /* pattern has no @ could be an NS= */ - if (strncmp (pat, "NS=", 3) == 0) { - pat+=3; - /* ok, we want Nameserver, which means the nameserver for - * whatever's on the right of the @ in the string. - */ - at = strrchr(string, '@'); - at = (at == NULL)?string:at+1; - rval = nameserver_match(pat, at, ns); - free(ostring); - return(rval); - } -#endif - rval = string_match(pat, string); - free(ostring); - return(rval); - } - - - lefts = string; - at = strrchr(string, '@'); - if (at != NULL) { - *at = '\0'; - rights = at+1; - } - else { - rights=NULL; - } - - if (strcmp(leftp, "USER") == 0) { - /* for special USER, we replace left side with the username - * from the source, for purposes of the match. Username - * should have already been forced to lowercase by our caller. - * - * This is used mostly to check the ident of the smtp connection, - * and in cases where the ident reply can be trusted, force the - * lhs of the email address to match the username returned by ident. - */ - if ((user != NULL) && (strrchr(user, '*') == NULL)) { - leftp=user; - } - else { - leftp = NULL; - } - } - - if ( ((rightp == NULL) && (rights != NULL)) || - ((rights == NULL) && (rightp != NULL)) ) { - /* if pattern has rhs and string doesn't or vice versa, no go */ - free(ostring); - return (0); - } - - if ( string_match(leftp, lefts) ) { - if ( rights != NULL ) { -#if NS_MATCH - /* RHS an NS= */ - if (strncmp (rightp, "NS=", 3) == 0) { - rightp+=3; - rval = nameserver_match(rightp, rights, ns); - free(ostring); - return(rval); - } -#endif - rval = (string_match(rightp, rights)); - free(ostring); - return(rval); - } - free(ostring); - return(1); - } - free(ostring); - return (0); -} - -static int match_host(char * pat, char *host, char * ip) { - /* match a pattern against a hostname or ip address */ -#if NS_MATCH - static struct ns_match nserv = {NULL, 0, NULL, 0, NULL, 0}; -#endif - - /* avoid bozos registering a hostname to look like an address */ - if ((host != NULL) && (inet_addr(host) != -1)) { - syslog(LOG_ALERT, "ALERT - hostname \"%s\" looks like an IP address. possible subversion attempt!", host); - return(ip_match(pat, ip)); - } - else if (strcmp(pat,"KNOWN") == 0) { - /* KNOWN == Fully registered.. */ - return((host != NULL) && (strcmp(host, "UNKNOWN") != 0)); - } - else if (strcmp(pat,"UNKNOWN") == 0) { - /* UNKNOWN == Not Fully registered.. */ - return((host == NULL) || (strcmp(host, "UNKNOWN") == 0)); - } -#if JUNIPER_SUPPORT - else if (strcmp(pat,"TRUSTED") == 0) { - /* connection on trusted interface */ - return(connection_trusted()); - } - else if (strcmp(pat,"UNTRUSTED") == 0) { - /* connection on untrusted interface */ - return(!connection_trusted()); - } -#endif -#if NS_MATCH - else if (strncmp(pat,"NS=", 3) == 0) { - /* we want to match the nameserver for the host, not the host - * itself. - */ - pat += 3; - /* we'll try looking up to find NS using the hostname if we have it, - * otherwise, we use the reverse lookup on the IP. - */ - if (host != NULL && (strcmp(host, "UNKNOWN") != 0)) { - return(nameserver_match(pat, host, &nserv)); - } - else { - /* - * phrob ip string into xx.xx.xx.xx.in-addr.arpa. - */ - - char *t, *d, *a; - t = strdup(ip); - if (t==NULL) { - syslog(LOG_ERR, "Malloc failed!"); - Failure = 1; - return(0); - } - d = (char *) malloc(strlen(t)+16); - if (d==NULL) { - syslog(LOG_ERR, "Malloc failed!"); - free(t); - Failure = 1; - return(0); - } - *d='\0'; - while((a = strrchr(t, '.'))) { - strcat(d, a+1); - strcat(d, "."); - *a='\0'; - } - strcat(d, t); - strcat(d, ".in-addr.arpa."); - if (nameserver_match(pat, d, &nserv)) { - free(t); free(d); - return(1); - } - free(t); free(d); - return(0); - } - } -#endif - else { - return(string_match(pat, host) || ip_match(pat, ip)); - } -} - -static int source_match(char *pat, struct peer_info *pi) { - - /* - * match a source against a pattern for one. - */ - - char *pa; - - /* if pattern doesn't have a user part (i.e. is just a host or ip) - * we don't match the user, it's assumed we don't care. - */ - - if ( ((pa = strrchr(pat, '@')) == NULL) -#if USE_REGEX - || ((pat[0]=='/') && (pat[strlen(pat)-1] == '/')) -#endif - ) { - return (match_host(pat, pi->peer_clean_reverse_name, pi->peer_ok_addr)); - } - else { - *pa = '\0'; - /* if the pattern has a user part, we need user information. If it - * hasn't been provided to us, try to get it by zapping our peer - * with an ident request - */ - if (do_ident) { - if (CHECK_IDENT > 0) { - (void) rfc931_ident(pi, CHECK_IDENT); - if (pi->peer_clean_ident != NULL) { - int i; - /* force to lower case */ - for (i=0; i < strlen(pi->peer_clean_ident); i++) { - pi->peer_clean_ident[i]=tolower(pi->peer_clean_ident[i]); - } - } - } - do_ident = 0; - } - if (((strcmp(pat, "KNOWN") == 0) && (pi->peer_clean_ident != NULL)) || - (string_match(pat, pi->peer_clean_ident)) - ) { - if (match_host(pa+1, pi->peer_clean_reverse_name, pi->peer_ok_addr)) { - return(1); - } - } - } - return(0); -} - -/* Cribbed and modified from logdaemon5.6 by Wieste Venema */ -static int address_list_match(char *list, - const char *item, - char * user -#if NS_MATCH - , struct ns_match *ns -#endif - ) -{ - char *tok; - int match = 0; - char *sep = ", \t"; - - /* - * Process tokens one at a time. We have exhausted all possible matches - * when we reach an "EXCEPT" token or the end of the list. If we do find - * a match, look for an "EXCEPT" list and recurse to determine whether - * the match is affected by any exceptions. - */ - - for (tok = strtok(list, sep); tok != 0; tok = strtok((char *) 0, sep)) { - if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */ - break; -#if NS_MATCH - if ((match = address_match(tok, item, user, ns))) /* YES */ -#else - if ((match = address_match(tok, item, user))) /* YES */ -#endif - break; - } - /* Process exceptions to matches. */ - - if (match != 0) { - while ((tok = strtok((char *) 0, sep)) && strcasecmp(tok, "EXCEPT")) - /* VOID */ ; -#if NS_MATCH - if (tok == 0 || address_list_match((char *) 0, item, user, ns) == 0) -#else - if (tok == 0 || address_list_match((char *) 0, item, user) == 0) -#endif - return (match); - } - return (0); -} - -/* check a source against a list of sources */ -static int source_list_match(char *list, struct peer_info *pi) -{ - char *tok; - int match = 0; - char *sep = ", \t"; - - /* - * Process tokens one at a time. We have exhausted all possible matches - * when we reach an "EXCEPT" token or the end of the list. If we do find - * a match, look for an "EXCEPT" list and recurse to determine whether - * the match is affected by any exceptions. - */ - - for (tok = strtok(list, sep); tok != 0; tok = strtok((char *) 0, sep)) { - if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */ - break; - if ((match = (source_match(tok, pi)))) /* YES */ - break; - } - /* Process exceptions to matches. */ - - if (match != 0) { - while ((tok = strtok((char *) 0, sep)) && strcasecmp(tok, "EXCEPT")) - /* VOID */ ; - if (tok == 0 || source_list_match((char *) 0, pi) == 0) - return (match); - } - return (0); -} - -/* Parse an address check file to see if a particular message from - * "fromaddr" to "toaddr" is allowed from a particular peer. Minimally, - * pi must have filled in pi->my_sa, pi->peer_sa, and pi->peer_ok_addr. - * When used, this gets from smtpd for each recipient of a message. - */ - -int smtpd_addr_check(const char * checkfname, - struct peer_info *pi, - const char * from, - const char * to, - char ** return_message) { - FILE *fp; - char buf[1024]; - char *action, *sourcepat, *fromaddrpat, *toaddrpat, *junk; - char *sep = ":"; -#if NS_MATCH - static struct ns_match NS_from = { NULL, 0, NULL, 0, NULL, 0 }; - static struct ns_match NS_rcpt = { NULL, 0, NULL, 0, NULL, 0 }; -#endif - - line=0; - - /* force user ident (if supplied) to lower case. */ - if (pi->peer_clean_ident != NULL) { - int i; - /* force to lower case */ - for (i=0; i < strlen(pi->peer_clean_ident); i++) { - pi->peer_clean_ident[i]=tolower(pi->peer_clean_ident[i]); - } - do_ident = 0; - } - else { - do_ident = 1; - } - - if ((fp = fopen(checkfname, "r")) != 0) { - while(fgets(buf, sizeof(buf) - 1, fp) != NULL) { - buf[sizeof(buf) - 1]='\0'; - line++; - if (buf[0]=='\0') { - /* some nob put a null byte in the file */ - syslog(LOG_ALERT, "Null byte in file %s!", checkfname); - } - if (buf[strlen(buf) - 1] != '\n') { - syslog (LOG_ALERT, - "Line %d too long in file %s! Can not check address!", - line, checkfname); - fclose(fp); - return(CHECK_FAILURE); - } - - if ((buf[0] == '#') || (buf[0] == '\n')) { - continue; /* ignore comments and blank lines */ - } - - buf[strlen(buf) - 1] = '\0'; - - /* parse out fields in line */ - if (!(action = strtok(buf, sep)) - ||!(sourcepat = strtok(NULL, sep)) - ||!(fromaddrpat = strtok(NULL, sep)) - ||!(toaddrpat = strtok(NULL, sep))) { - syslog (LOG_ERR, "%s: line %d, bad field count", checkfname, line); - fclose(fp); - return(CHECK_FAILURE); - } - if ((junk=strtok(NULL, sep))) { - SPANBLANK(junk); - if (junk[0] != '#') { - /* must be a message */ - if (*return_message != NULL) { - free(*return_message); - } - *return_message = strdup(junk); - if (*return_message == NULL) { - syslog (LOG_ERR, "Malloc failed!"); - fclose(fp); - return(CHECK_FAILURE); - } - if ((junk=strtok(NULL, sep))) { - SPANBLANK(junk); - if (junk[0] != '#') { - syslog (LOG_ERR, "%s: line %d, junk at end of line \"%s\"", - checkfname, line, junk); - fclose(fp); - return(CHECK_FAILURE); - } - } - } - else { - if (*return_message != NULL) { - free(*return_message); - *return_message=NULL; - } - } - } - else { - if (*return_message != NULL) { - free(*return_message); - *return_message=NULL; - } - } - - /* is this line applicable to our source */ - if ( source_list_match(sourcepat, pi) - - /* yes it is. does the from address match? */ - && ( address_list_match(fromaddrpat, - from, - pi->peer_clean_ident -#if NS_MATCH - , &NS_from -#endif - ) ) - - /* yep. How about the to address ? */ - && ( address_list_match(toaddrpat, - to, - pi->peer_clean_ident -#if NS_MATCH - , &NS_rcpt -#endif - ) ) - - ) { - - if (Failure) { - /* Something died while parsing */ - syslog (LOG_ERR, "Returning default of %d due to previous failure", CHECK_FAILURE); - fclose(fp); - return(CHECK_FAILURE); - } - /* we've matched this rule. is it an allow or deny? */ - if (strcmp(action, "allow") == 0) { - /* allows succeed silently */ - syslog(LOG_DEBUG, "smtp connection from %s@%s(%s) MAIL FROM: %s RCPT TO: %s, allowed by line %d of %s", - (pi->peer_clean_ident != NULL)? - pi->peer_clean_ident:"UNKNOWN", - (pi->peer_clean_reverse_name != NULL)? - pi->peer_clean_reverse_name:"UNKNOWN", - pi->peer_ok_addr, from, to, line, checkfname); - fclose(fp); - return (1); - } - else if (strcmp(action, "noto") == 0) { - /* notos generate a log message */ - syslog(LOG_INFO, "smtp connection from %s@%s(%s) attempted MAIL FROM: %s RCPT TO: %s, noto by line %d of %s", - (pi->peer_clean_ident != NULL)? - pi->peer_clean_ident:"UNKNOWN", - (pi->peer_clean_reverse_name != NULL)? - pi->peer_clean_reverse_name:"UNKNOWN", - pi->peer_ok_addr, from, to, line, checkfname); - fclose(fp); - return (-1); - } - else if (strcmp(action, "deny") == 0) { - /* denys generate a log message */ - syslog(LOG_INFO, "smtp connection from %s@%s(%s) attempted MAIL FROM: %s RCPT TO: %s, denied by line %d of %s", - (pi->peer_clean_ident != NULL)? - pi->peer_clean_ident:"UNKNOWN", - (pi->peer_clean_reverse_name != NULL)? - pi->peer_clean_reverse_name:"UNKNOWN", - pi->peer_ok_addr, from, to, line, checkfname); - fclose(fp); - return (0); - } - - /* noto_delay and deny_delay. Ok, I admit they aren't very - * nice, but I like to be able to do the same thing to - * spammers that I do to phone telemarketers (Feign interest, - * saying you'll be right back with some convincing excuse, - * then put the phone down until they get bored and hang up). - * I figure it's my duty protecting the next victim on the - * list for however long it takes them, and costing the caller - * however many minutes in unproductive time. - * - * I used to do this by having my packet filter drop TCP SYN's - * to port 25 from their sites to make them TCP timout ( which - * is also effective :), but it can make for a long packet - * filter list in the kernel. - * - * - Bob's Evil Twin. - */ - - else if (strcmp(action, "deny_delay") == 0) { - /* denys generate a log message */ - syslog(LOG_INFO, "smtp connection from %s@%s(%s) attempted MAIL FROM: %s RCPT TO: %s, denied with delay by line %d of %s", - (pi->peer_clean_ident != NULL)? - pi->peer_clean_ident:"UNKNOWN", - (pi->peer_clean_reverse_name != NULL)? - pi->peer_clean_reverse_name:"UNKNOWN", - pi->peer_ok_addr, from, to, line, checkfname); - syslog(LOG_INFO, "Sleeping for a deny_delay of %d seconds", DENY_DELAY); - sleep(DENY_DELAY); - fclose(fp); - return (0); - } - else if (strcmp(action, "noto_delay") == 0) { - /* notos generate a log message */ - syslog(LOG_INFO, "smtp connection from %s@%s(%s) attempted MAIL FROM: %s RCPT TO: %s, noto with delay by line %d of %s", - (pi->peer_clean_ident != NULL)? - pi->peer_clean_ident:"UNKNOWN", - (pi->peer_clean_reverse_name != NULL)? - pi->peer_clean_reverse_name:"UNKNOWN", - pi->peer_ok_addr, from, to, line, checkfname); - syslog(LOG_INFO, "Sleeping for a noto_delay of %d seconds", NOTO_DELAY); - sleep(NOTO_DELAY); - fclose(fp); - return (-1); - } - else if (strcmp(action, "debug") == 0) { - syslog (LOG_INFO, "DEBUG: Matched line %d, connection from %s@%s(%s) MAIL FROM: %s RCPT TO: %s, continuing.", - line, - (pi->peer_clean_ident != NULL)? - pi->peer_clean_ident:"UNKNOWN", - (pi->peer_clean_reverse_name != NULL)? - pi->peer_clean_reverse_name:"UNKNOWN", - pi->peer_ok_addr, from, to); - } - else { - /* bogus action - fail */ - syslog (LOG_ERR, "Unknown action \"%s\" in rule at line %d of file %s", action, line, checkfname); - fclose(fp); - return(CHECK_FAILURE); - } - } - - /* This is currently unneccessary, as it gets checked above and we don't - * call anything in here that will set Failure. It is left here in case - * of future modifications - */ - if (Failure) { - /* Something died while parsing */ - syslog (LOG_ERR, "Returning default of %d due to previous failure", CHECK_FAILURE); - fclose(fp); - return(CHECK_FAILURE); - } - } - /* we've parsed the whole file, and no match. as such we return - * CHECK_FAILURE, our choice of fail-on behaviour at compile time - * determining if this is an allowed or denied message. - */ - syslog(LOG_DEBUG, "smtp connection from %s@%s(%s) MAIL FROM: %s RCPT TO: %s, default action, reached end of %s", - (pi->peer_clean_ident != NULL)? - pi->peer_clean_ident:"UNKNOWN", - (pi->peer_clean_reverse_name != NULL)? - pi->peer_clean_reverse_name:"UNKNOWN", - pi->peer_ok_addr, from, to, checkfname); - fclose(fp); - return (CHECK_FAILURE); - } - else { - /* fopen() coughed up a lung */ - syslog(LOG_ERR, "Can not open from address check file %s (%m)!", checkfname); - return(CHECK_FAILURE); - } -} - -#endif /* CHECK_ADDRESS */ - diff --git a/libexec/smtpd/src/antirelay_check_rules_example b/libexec/smtpd/src/antirelay_check_rules_example deleted file mode 100644 index 0bf790b8f71..00000000000 --- a/libexec/smtpd/src/antirelay_check_rules_example +++ /dev/null @@ -1,38 +0,0 @@ -# $OpenBSD: antirelay_check_rules_example,v 1.2 2001/01/28 19:34:34 niklas Exp $ - -# A simple anti-relay only example. Make sure you don't get used as a third -# party relay to spam other unfortunate people and grind your server -# to a halt dealing with the complaints. - -# assumes we are "my.domain". - edit for your own use. - -# If we have JUNIPER_SUPPORT, we can allow through stuff based on -# what sort of interface it arrived on. This says we will relay -# for any connection on a trusted interface. -#allow:TRUSTED:ALL:ALL - -# Don't allow people to %hack relay off of me. -noto:ALL:ALL:*%*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. -noto:ALL:ALL:*!*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. -noto:ALL:ALL:*@*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. - -# If we have NS_MATCH=1 compiled in, we can do it this way, by allowing -# the relay mail outbound from hosts that have dns.my.domain as one of -# their nameservers. this might be useful if we sit in front of a -# lot of domains. -allow:NS=dns.my.domain:ALL:ALL -# alternatively, if we don't want to use NS_MATCH, we can simply allow -# all hosts ending in my.domain to relay through me. -allow:*my.domain:ALL:ALL - -# If we have NS_MATCH=1 compiled in, we can again, match on the nameserver -# accepting mail for any address where the RHS uses us as a nameserver. -allow:ALL:ALL:NS=dns.my.domain -# alternatively, allow anything ending in my.domain. -allow:ALL:ALL:*my.domain - -# -# punt anything else, we won't relay for people we don't know. -# -noto:ALL:ALL:ALL:551 Sorry %H(%I), I don't allow unauthorized relaying. Please -use another SMTP host to mail from %F to %T diff --git a/libexec/smtpd/src/antispam_check_rules.example b/libexec/smtpd/src/antispam_check_rules.example deleted file mode 100644 index 3111500613c..00000000000 --- a/libexec/smtpd/src/antispam_check_rules.example +++ /dev/null @@ -1,221 +0,0 @@ -# $OpenBSD: antispam_check_rules.example,v 1.4 2002/06/14 21:34:58 todd Exp $ - -# -# example smtpd_check_rules file. If you compiled smtpd with -# CHECK_ADDRESS=1, this file goes in etc/smtpd_check_rules in your -# smtpd chroot directory. This DOES NOT GET USED unless you compile -# with CHECK_ADDRESS=1. -# -# example antispam file. Modify to suit your needs. -# This example assumes NS_MATCH and USE_REGEX were both set to 1 when -# smtpd was built, to allow for matching by nameserver, and using -# regular expressions. -# -# This example does two things: 1, it prevents unauthorized relaying, -# 2), it blocks incoming SPAM from the major SPAM domains. To keep -# an eye on the current worst offenders, check out http://spam.abuse.net/ -# -# If you really dislike SPAM, you can try compiling with NOTO_DELAY -# set to some (relatively small) value, and changing the "noto" rules -# in this file to "noto_delay" rules. -# -# This file assumes that our domains are "mydomain.com" and "otherdomain.com". -# assumes our dns servers are "dns1.mydomain.com", etc. etc. -# you will need to edit this file for your own use. - -# First, allow us to relay outgoing mail from our hosts. If we have -# JUINPER_SUPPORT, we'd probably do it like this: -#allow:TRUSTED:ALL:ALL -# otherwise, we'd do it like this: -allow:*mydomain.com *otherdomain.com:ALL - -# don't allow people to use %hack to relay off of me. -noto:ALL:ALL:*%*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. -noto:ALL:ALL:*!*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. -noto:ALL:ALL:*@*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. - -# First, the exceptions. -# "I'll have your spam dear, I love it!" -# -# These people love spam. They love Spamford Wallace. -# They have requested that all mail be let through to them with no -# filtering for SPAM, and we accommodate them here. -# -allow:ALL:ALL:ALL@hormel.mydomain.com spamboy@otherdomain.com - - -# Block any connections from host in the MAPS rbl at rbl.maps.vix.com -# Beware that this can throw the baby out with the bathwater. -noto:RBL.rbl.maps.vix.com:ALL:ALL:550 Mail refused from host %I in MAPS RBL, see http%C//maps.vix.com/rbl/ - -# Block any connections from a host or connecting address who uses a -# nameserver for which the address is in the MAPS rbl at rbl.maps.vix.com. -# Note that this can *really* throw the baby out with the bathwater, -# be sure you understand the implications before using the two below. -noto:NS=RBL.rbl.maps.vix.com:ALL:ALL:550 Mail refused due to nameserver for %H(%I) in MAPS RBL, see http%C//maps.vix.com/rbl/ -noto:ALL:NS=RBL.rbl.maps.vix.com:ALL:550 Mail refused due to nameserver for %F in MAPS RBL, see http%C//maps.vix.com/rbl/ - - -# block anyone who uses a major SPAM provider as a nameserver or MX. either -# on a connection from one of their hosts, a connection from a host they act -# as a nameserver for, or a connection with a FROM: address that uses -# a nameserver or MX from a them. - -#cyberpromo.com -noto:205.199.212.0/24 205.199.2.0/24 207.124.161.0/24 204.137.221.0/24:ALL:ALL -noto:ALL:NS=205.199.212.0/24 NS=205.199.2.0/24 NS=207.124.161.0/24 NS=204.137.221.0/24:ALL -noto:NS=205.199.212.0/24 NS=205.199.2.0/24 NS=207.124.161.0/24 NS=204.137.221.0/24:ALL:ALL -#erosnet -noto:205.82.252.0/24 205.134.162.2 205.134.162.209 205.134.190.4:ALL:ALL -noto:ALL:NS=205.82.252.0/24 NS=205.134.162.2 NS=205.134.162.209 NS=205.134.190.4:ALL -noto:NS=205.82.252.0/24 NS=205.134.162.2 NS=205.134.162.209 NS=205.134.190.4:ALL:ALL -#prime data worldnet systems -noto:ALL:NS=207.15.68.253 NS=207.15.68.251:ALL -noto:NS=207.15.68.253 NS=207.15.68.251:ALL:ALL -#nancynet -noto:205.199.4.0/24:ALL:ALL -noto:ALL:NS=205.199.4.0/24:ALL -noto:NS=205.199.4.0/24:ALL:ALL -# quantcom.com, iemmc -noto:204.213.176.0/24:ALL:ALL -noto:ALL:NS=204.213.176.0/24:ALL -noto:NS=204.213.176.0/24:ALL:ALL -# gatewayfin.com, globalfn.com - "Global Financial Services" -noto:ALL:NS=206.31.38.79 NS=204.137.161.89:ALL -noto:NS=206.31.38.79 NS=204.137.161.89:ALL:ALL -#mailermachine.com -noto:208.144.211.131/25:ALL:ALL -noto:ALL:NS=208.144.211.131/25:ALL -noto:NS=208.144.211.131/25:ALL:ALL -#all-domains.net -noto:204.157.168.0/24:ALL:ALL -noto:NS=204.157.168.0/24:ALL:ALL -noto:ALL:NS=204.157.168.0/24:ALL -#onlinebiz.net - another agis spamhaus from the look of it -noto:205.164.68.0/24:ALL:ALL -noto:NS=205.164.68.0/24:ALL:ALL -noto:ALL:NS=205.164.68.0/24:ALL -#llv.com - login las vegas - yaash (yet another agis spamhaus) -noto:205.254.164.0/24:ALL:ALL -noto:ALL:NS=205.254.164.0/24:ALL -noto:NS=205.254.164.0/24:ALL:ALL -#cscent.net - yaash -noto:206.85.231.0/24:ALL:ALL -noto:NS=206.85.231.0/24:ALL:ALL -noto:ALL:NS=206.85.231.0/24:ALL -#tnlb.com - "the national letter bureau" and "mako marketing" - yeesh.. -noto:206.101.40.0/24 206.101.58.0/24 208.230.127.0/24:ALL:ALL -noto:NS=206.101.40.0/24 NS=206.101.58.0/24 NS=208.230.127.0/24:ALL:ALL -noto:ALL:NS=206.101.40.0/24 NS=206.101.58.0/24 NS=208.230.127.0/24:ALL -#c-flash.net - yaash -noto:205.199.166.0/24:ALL:ALL -noto:NS=205.199.166.0/24:ALL:ALL -noto:ALL:NS=205.199.166.0/24:ALL -#directsend.com - Former Nancynet customer, now yaash -noto:206.84.21.0/24 207.201.213.0/24:ALL:ALL -noto:NS=206.84.21.0/24 NS=207.201.213.0/24:ALL:ALL -noto:ALL:NS=206.84.21.0/24 NS=207.201.213.0/24:ALL -noto:206.84.21.0/24:ALL:ALL -noto:NS=206.84.21.0/24:ALL:ALL -noto:ALL:NS=206.84.21.0/24:ALL -#we-deliver.net - yaash -noto:206.62.151.0/24:ALL:ALL -noto:NS=206.62.151.0/24:ALL:ALL -noto:ALL:NS=206.62.151.0/24:ALL -#savoynet.com - yaash -noto:204.157.255.0/24:ALL:ALL -noto:NS=204.157.255.0/24:ALL:ALL -noto:ALL:NS=204.157.255.0/24:ALL -#taizen.com - "grandbikes.com" and other spammers. No response to complaints. -noto:208.219.218.0/24:ALL:ALL -noto:NS=208.219.218.0/24:ALL:ALL -noto:ALL:NS=208.219.218.0/24:ALL -#edgetone.com and cyberserverscentral.com -noto:208.223.114.0/24 208.223.112.0/24 204.178.73.192/25:ALL:ALL -noto:NS=208.223.114.0/24 NS=208.223.112.0/24 NS=204.178.73.192/25:ALL:ALL -noto:ALL:NS=208.223.114.0/24 NS=208.223.112.0/24 NS=204.178.73.192/25:ALL -#icsinc.net and money-group.net -noto:151.201.64.0/24:ALL:ALL -noto:NS=151.201.64.0/24:ALL:ALL -noto:ALL:NS=151.201.64.0/24:ALL -#gil.net and firstgear.com -noto:207.100.79.0/24:ALL:ALL -noto:NS=207.100.79.0/24:ALL:ALL -noto:ALL:NS=207.100.79.0/24:ALL -#ultramax.net and friends -noto:207.201.213.0/24:ALL:ALL -noto:NS=207.201.213.0/24:ALL:ALL -noto:ALL:NS=207.201.213.0/24:ALL -#t-1net.com -noto:208.21.213.0/24:ALL:ALL -noto:NS=208.21.213.0/24:ALL:ALL -noto:ALL:NS=208.21.213.0/24:ALL -#ezmoney.com and pals -noto:204.212.245.0/24:ALL:ALL -noto:NS=204.212.245.0/24:ALL:ALL -noto:ALL:NS=204.212.245.0/24:ALL -#mail-response, hitrus, etc. -noto:209.136.134.0/24:ALL:ALL -noto:NS=209.136.134.0/24:ALL:ALL -noto:ALL:NS=209.136.134.0/24:ALL -#nevwest - the next generation, via ACSI. -noto:209.12.111.0/23:ALL:ALL -noto:NS=209.12.111.0/23:ALL:ALL -noto:ALL:NS=209.12.111.0/23:ALL -#gtwinc, gmds.com - spamhaus -noto:207.201.213.0/24 206.98.109.0/24:ALL:ALL -noto:NS=207.201.213.0/24 NS=206.98.109.0/24:ALL:ALL -noto:ALL:NS=207.201.213.0/24 NS=206.98.109.0/24:ALL -#goplay.com, mpx.com - many, many spams -noto:199.74.206.0/24:ALL:ALL -noto:NS=199.74.206.0/24:ALL:ALL -noto:ALL:NS=199.74.206.0/24:ALL -#silkspin.com spamhaus -noto:151.196.90.0/24 151.196.69.0/24:ALL:ALL -noto:NS=151.196.90.0/24 NS=151.196.69.0/24:ALL:ALL -noto:ALL:NS=151.196.90.0/24 NS=151.196.69.0/24:ALL -#uplinkpro.com -noto:206.30.95.0/24:ALL:ALL -noto:NS=206.30.95.0/24:ALL:ALL -noto:ALL:NS=206.30.95.0/24:ALL -#excite.com mailexcite.com -noto:198.3.102.0/24 198.3.98.0/24:ALL:ALL -noto:NS=198.3.102.0/24 NS=198.3.98.0/24:ALL:ALL -noto:ALL:NS=198.3.102.0/24 NS=198.3.98.0/24:ALL - - - -# dump things with a bogus rhs to a FROM: addresses. usually spammers -# This drops any message where the FROM: address is given as -# anything@bogus, where "bogus" is -# 1) not resolvable as a hostname. -# 2) not resolvable as an NS or MX record -# In other words, this basically tosses anything that gives a FROM address -# in the smtp dialogue that you would probably have no hope of replying -# to via smtp. -# You can use a 450 (which invites the sender to retry) rather than a 550 -# that won't in order not to lose real mail that has no resolution due to -# temporary DNS problems. However be warned that if you do lots of -# SPAM may get retried a lot. I've had varying success with using 450 -# depending on how busy the site is. -noto:ALL:NS=UNKNOWN:ALL:550 Your FROM address (%F) doesn't seem to resolve to a host, domain, or MX record. Please mail to %T from a valid e-mail address. - -# dump bozos with all digit addresses. usually spammers -noto:ALL:/^[0-9]+@.*$/:ALL - -############################################## -# otherwise, allow untrusted connections with mail to anywhere we MX -# this should do it nicely: -allow:ALL:ALL:NS=dns*.mydomain.com -# An alternative is to allow by domain, below -allow:ALL:ALL:*mydomain.com *otherdomain.com - -############################################## -# don't relay mail to other places from other connections, so -# we don't get used as a spam relay -noto:ALL:ALL:ALL:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. - - - - - diff --git a/libexec/smtpd/src/contrib/README b/libexec/smtpd/src/contrib/README deleted file mode 100644 index 9078abc43f8..00000000000 --- a/libexec/smtpd/src/contrib/README +++ /dev/null @@ -1,12 +0,0 @@ - - - This directory contains unsuppored contributions -to smtpd that people have found useful. - - smtpfilter.c outgoing filter used to remove internal header - lines from messages. You must set MAXARGS in the - makefile to 5 to use this, as this is intended to - be invoked per-recipient. Written by Andre Albsmeier - (Andre.Albsmeier@mchp.siemens.de). - - diff --git a/libexec/smtpd/src/contrib/smtpfilter.c b/libexec/smtpd/src/contrib/smtpfilter.c deleted file mode 100644 index 6a6cac32e92..00000000000 --- a/libexec/smtpd/src/contrib/smtpfilter.c +++ /dev/null @@ -1,201 +0,0 @@ -/* $OpenBSD: smtpfilter.c,v 1.4 2002/06/09 01:25:01 deraadt Exp $*/ - -/* - * smtpfilter, Filter for filtering headers during forwarding them between - * smtpfwdd and sendmail. Also logs size of message to syslog; may only - * be invoked with one recipient. - * - * OriginalId: smtpfilter.c,v 1.00 1997/3/28 11:04:08 andre Exp $ - */ - -#define MAX_LINE 1024 -#define MY_OUTSIDE_NAME "curry.mchp.siemens.de" /* my firewall name outside */ -#define MY_INSIDE_DOMAIN ".tld" /* my illegal domain inside */ - -#include <stdio.h> -#include <unistd.h> -#include <syslog.h> -#include <sysexits.h> -#include <sys/wait.h> -#include <string.h> -#include <ctype.h> - -typedef unsigned long int ULONG; -typedef signed long int LONG; -typedef unsigned short int UWORD; -typedef signed short int WORD; -typedef unsigned char UBYTE; -typedef signed char BYTE; - -char* strtrim( char* const str ); -WORD check( const char* const r, const char* const d ); - - -int main( int argc, const char* const argv[] ) -{ - char tmp_line[ MAX_LINE + sizeof(MY_INSIDE_DOMAIN) ]; - char line[ MAX_LINE ]; - FILE* fp; - char* sender; - char* recipient; - char* cp; - char* cp2; - size_t len = 0; - int state = 0; - - - openlog( "smtpfilter", LOG_PID | LOG_NDELAY, LOG_MAIL); - - - /* - * grab arguments - */ - - if( argc != 4 ) { - fprintf( stderr, "usage: smtpfilter -f sender recipient\n"); - exit( EX_USAGE ); - } - - if( strcmp( argv[1], "-f" ) ) { - fprintf( stderr, "usage: smtpfilter -f sender recipient\n"); - exit( EX_USAGE ); - } - - sender = strtrim( strdup( argv[2] ) ); - recipient = strtrim( strdup( argv[3] ) ); - - - /* - * If the recipient is internal don't filter - */ - - if( check( recipient, MY_OUTSIDE_NAME ) - || check( recipient, MY_INSIDE_DOMAIN ) - || strchr( recipient, '@' ) == NULL ) - - state = 2; - - - /* - * Open the pipe to sendmail. - */ - - sprintf( line, "/usr/lib/sendmail -f \\<%s\\> \\<%s\\>", sender, recipient ); - if( (fp = popen( line, "w" )) == NULL ) { - syslog( LOG_ERR, "Could not open pipe to sendmail (%m)" ); - exit( EX_TEMPFAIL ); - } - - - /* - * Filter message - * state == 0: start - * state == 1: Within Received: line - * state == 2: don't filter anymore - */ - - while( fgets( line, sizeof(line), stdin ) != NULL ) { - - line[ MAX_LINE - 1 ] = '\0'; - len += strlen( line ); /* sum up bytes */ - - if( state < 2 ) { /* Still in header */ - - if( state == 1 && isspace( *line ) ) /* Received: continuation */ - continue; - - state = strncmp( line, "Received:", 9 ) == 0 ? 1 : 0; - if( state == 1 ) - continue; - - cp = &line[0]; /* find empty line */ - while( isspace( *cp ) ) - cp++; - if( *cp == '\n' || *cp == '\0' ) /* found, end of header */ - state = 2; - - else if( strstr( line, MY_INSIDE_DOMAIN ) != NULL - && strncmp( line, "From: ", 6 ) != 0 ) - - if( strncmp( line, "To: ", 4 ) == 0 - || strstr( line, "Message-ID:" ) != NULL - || strstr( line, "Message-Id:" ) != NULL - || strstr( line, "X-Sender:" ) != NULL ) - - while( (cp = cp2 = strstr( line, MY_INSIDE_DOMAIN )) != NULL ) { - - while( cp > line ) { - char c; - c = *(cp-1); - if( ! isalnum( c ) && c != '.' && c != '-' ) - break; - cp--; - } - - while( isalnum( *cp2 ) || *cp2 == '.' || *cp2 == '-' ) - cp2++; - - *cp = '\0'; - strcpy( tmp_line, line ); - strcat( tmp_line, MY_OUTSIDE_NAME ); - strcat( tmp_line, cp2 ); - - if( strlen( tmp_line ) > MAX_LINE - 1 ) - syslog( LOG_CRIT, "line to long (possible attack ?), reads: %s", tmp_line ); - - strncpy( line, tmp_line, MAX_LINE - 1 ); - } - - else - syslog( LOG_ERR, "unknown line containing %s: %s", MY_INSIDE_DOMAIN, line ); - } - - if( fputs( line, fp ) == EOF ) { - syslog( LOG_ERR, "write failed to pipe (%m)" ); - pclose( fp ); - exit( EX_TEMPFAIL ); - } - } - - syslog( LOG_NOTICE, "%s %s %lu", sender, recipient, len ); - - state = pclose( fp ); - - if( (! WIFEXITED( state )) || WEXITSTATUS( state ) != 0 ) - state = WEXITSTATUS( state ); - - if( state != 0 && state != EX_NOUSER ) - syslog( LOG_ERR, "sendmail exited with status %d", state ); - - return( state ); -} - - -char* strtrim( char* str ) -{ - char* cp; - - while( (cp = strpbrk( str, "<>" )) != NULL ) - *cp = ' '; - - while( isspace( *str ) ) - str++; - - cp = &str[ strlen( str ) - 1 ]; - while( isspace( *cp ) ) - *cp-- = '\0'; - - return( str ); -} - - -WORD check( const char* const r, const char* const d ) -{ - size_t dl; - - if( strlen( r ) < (dl = strlen( d )) ) - return 0; - - return( strcasecmp( &r[ strlen( r ) - dl ], d ) == 0 ); -} - diff --git a/libexec/smtpd/src/smtp.h b/libexec/smtpd/src/smtp.h deleted file mode 100644 index 255462bc014..00000000000 --- a/libexec/smtpd/src/smtp.h +++ /dev/null @@ -1,91 +0,0 @@ -/* $OpenBSD: smtp.h,v 1.3 2001/01/28 19:34:34 niklas Exp $ */ - -/* - * Obtuse smtp store/forward daemon include file - * - * - * Copyright (c) 1996, 1997 Obtuse Systems Corporation. All rights - * reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Obtuse Systems - * Corporation and its contributors. - * 4. Neither the name of the Obtuse Systems Corporation nor the names - * of its contributors may be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY OBTUSE SYSTEMS CORPORATION AND - * CONTRIBUTORS ``AS IS''AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL OBTUSE SYSTEMS CORPORATION OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN - * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#include<arpa/nameser.h> -#include<sys/time.h> -#include<sys/types.h> -#include<unistd.h> - - -#ifndef USE_LOCKF - #ifndef USE_FLOCK - #define USE_FLOCK - #endif -#endif - -#ifndef SPOOLDIR -#define SPOOLDIR "/usr/spool/smtpd" -#endif - -#ifndef SMTP_USER -#define SMTP_USER "uucp" -#endif - -#ifndef SMTP_GROUP -#define SMTP_GROUP "uucp" -#endif - -#ifndef EX_CONFIG -#define EX_CONFIG 78 -#endif - -/* How big can a fully qualified hostname be? */ -#define SMTP_MAXFQNAME (MAXHOSTNAMELEN + MAXDNAME + 1) /* leave room for . */ - -/* According to rfc 821, the maxiumum length of a command line including - * crlf is 512 characters. - */ -#define SMTP_MAX_CMD_LINE (512+1) - -/* according to rfc 821, the maxiumum length of a mail path is - * is 256 characters. Ick. We'll take a fully qualified hostname + 80 - * for the user name. any more and we complain. - */ - -#define SMTP_MAX_MAILPATH (SMTP_MAXFQNAME + 80) - -struct smtp_victim { - char *name; /* mailname of recipient */ - long location; /* start of RCPT line in spoolfile */ - struct smtp_victim * next; -}; - -extern int accumlog(int level, const char *fmt, ...); diff --git a/libexec/smtpd/src/smtpd.c b/libexec/smtpd/src/smtpd.c deleted file mode 100644 index eeaf68c1214..00000000000 --- a/libexec/smtpd/src/smtpd.c +++ /dev/null @@ -1,2897 +0,0 @@ -/* $OpenBSD: smtpd.c,v 1.13 2002/06/09 01:24:59 deraadt Exp $*/ - -/* - * smtpd, Obtuse SMTP daemon, storing agent. does simple collection of - * mail messages, for later forwarding by smtpfwdd. - * - * - * Copyright (c) 1996, 1997 Obtuse Systems Corporation. All rights - * reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Obtuse Systems - * Corporation and its contributors. - * 4. Neither the name of the Obtuse Systems Corporation nor the names - * of its contributors may be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY OBTUSE SYSTEMS CORPORATION AND - * CONTRIBUTORS ``AS IS''AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL OBTUSE SYSTEMS CORPORATION OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN - * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -char *obtuse_copyright = -"Copyright 1996 - Obtuse Systems Corporation - All rights reserved."; -char *obtuse_rcsid = "$OpenBSD: smtpd.c,v 1.13 2002/06/09 01:24:59 deraadt Exp $"; - -#include <stdarg.h> -#include <stdlib.h> -#include <stdio.h> -#include <signal.h> -#include <pwd.h> -#include <grp.h> -#include <sys/time.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/param.h> -#include <sys/file.h> -#include <sys/socket.h> -#include <arpa/nameser.h> -#include <sys/wait.h> -#include <unistd.h> -#ifdef IRIX_BROKEN_INCLUDES -/* IRIX 5.3 defines EX_OK (see sysexits.h) as something very strange in unistd.h :-) */ -#ifdef EX_OK -#undef EX_OK -#endif -#endif -#include <syslog.h> -#include <errno.h> -#include <limits.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <netdb.h> -#include <sys/utsname.h> -#include <string.h> -#include <sysexits.h> -#include <ctype.h> -#ifdef NEEDS_STRINGS_H -#include <strings.h> -#endif -#ifdef NEEDS_FCNTL_H -#include <fcntl.h> -#endif -#ifdef NEEDS_LOCKF_H -#include <sys/lockf.h> -#endif -#ifdef NEEDS_BSTRING_H -#include <bstring.h> -#endif -#ifdef NEEDS_SELECT_H -#include <sys/select.h> -#endif - -#include "smtp.h" -#include "smtpd.h" -#ifdef BROKEN_SUN_INCLUDES -/* SunOS 5.5 doesn't seem to want to prototype this anywhere - Sigh */ -extern int gethostname(char *name, int len); -#endif - -#ifndef READ_TIMEOUT -#define READ_TIMEOUT 600 -#endif - -#ifndef NO_HOSTCHECKS -#define NO_HOSTCHECKS 0 -#endif - -#ifndef PARANOID_SMTP -#define PARANOID_SMTP 0 -#endif - -#ifndef PARANOID_DNS -#define PARANOID_DNS 0 -#endif - -#ifndef SPOOLSUBDIR -#define SPOOLSUBDIR "." -#endif - -#ifndef LOG_FACILITY -#define LOG_FACILITY LOG_MAIL -#endif - -#ifndef CHECK_FILE -#define CHECK_FILE "/etc/smtpd_check_rules" -#endif - -#if SET_LOCALE -#include <locale.h> -#endif - -#define SPANBLANK(p) while (isspace(*p)) p += 1 - -struct peer_info peerinfo; -struct sockaddr_in peer_sa; -struct sockaddr_in my_sa; - -char *my_name = NULL; -char *current_from_mailpath = NULL; -char *client_claimed_name = "UNKNOWN"; -char *spoolfile = NULL; -char *spooldir = SPOOLSUBDIR; /* this is relative to our chroot. */ -int read_timeout = READ_TIMEOUT; -long maxsize = 0; -int outfd, replyfd; -#ifdef SUNOS_GETOPT -extern char *optarg; -extern int optind; -#else -char *optarg; -int optind; -#endif -struct smtp_mbuf *input_buf, *output_buf, *reply_buf; -int NoHostChecks = NO_HOSTCHECKS; -int Paranoid_Smtp = PARANOID_SMTP; -int Paranoid_Dns = PARANOID_DNS; -int exiting = 0; -int VerboseSyslog = 1; - -#ifndef SMTPD_PID_DIR -#if defined(OpenBSD) || defined(FreeBSD) || defined(NetBSD) -# define SMTPD_PID_DIR "/var/run" -#else -# define SMTPD_PID_DIR SPOOLDIR -#endif -#endif - -#ifndef SMTPD_PID_FILENAME -#define SMTPD_PID_FILENAME "smtpd.pid" -#endif - - -/* - * Generate the usual cryptic usage statement - */ - - -void -show_usage() -{ -#if NO_COMMANDLINE_OPTIONS - fprintf(stderr, "this version of smtpd was compiled without command line option support\n"); -#else - fprintf(stderr, "usage: smtpd [-c chrootdir] [-d spooldir] [-u user] [-g group]\n"); - fprintf(stderr, " [-m maxsize] [-H] [-P] [-D]\n"); -#endif /* NO_LINE_OPTIONS */ -} - -#if CHECK_ADDRESS -char * make_check_fail_reply(char *user, char *host, char *hostIP, - char *from, char *to, char *msg) -{ - static char replybuf[512]; /* static buffer that returns reply */ - char *c; - int i = 0; - int bogus = 0; - - if (user == NULL) { - user = "UNKNOWN"; - } - if (host == NULL) { - host = "UNKNOWN"; - } - if (msg == NULL) { - msg = "550 Mail from %F to %T prohibited from your location (%U@%H ip=%I)"; - } - c = msg; - if (!isdigit(*c)) { - /* do some very rudimentary checking. beyond this hope they - * know what they're doing - */ - syslog(LOG_ERR, "Reply message doesn't start with numeric code" ); - bogus = 1; - } - - while (*c != '\0' && !bogus && i<512) { - if (*c != '%') { - replybuf[i]=*c; - c++; - i++; - } - else { - char *add; - int len; - c++; - switch (*c) { - case '%': - add = "%"; - break; - case 'C': - add = ":"; - break; - case 'F': - add = from; - break; - case 'T': - add = to; - break; - case 'H': - add = host; - break; - case 'I': - add = hostIP; - break; - case 'U': - add = user; - break; - default: - syslog(LOG_ERR, "Unknown code %%%c in reply message", *c); - add = ""; - bogus = 1; - break; - } - len = strlen(add); - if (len > 128) { - syslog(LOG_NOTICE, "Very long (%d bytes) value obtained for %%%c in reply message", len, *c); - } - if (len+i >= 512) { - syslog(LOG_ERR, "reply message too long - truncating at 512 bytes"); - } - strncpy(replybuf+i, add, 511 - i); - replybuf[511]='\0'; - i = strlen(replybuf); - c++; - } - } - if (!bogus) { - replybuf[(i<512)?i:511] = '\0'; - return(replybuf); - } - else { - msg = "550 Recipient not allowed"; - return(msg); - } -} -#endif - - -/* - * Signal handler that shuts us down if a read on the socket times out - */ - -static -void -read_alarm_timeout(int s) -{ - if (s != SIGALRM) { - syslog(LOG_CRIT, "Read timeout alarm handler called with signal %d!, (not SIGALRM!) - Aborting!", s); - abort(); - } - syslog(LOG_ERR, "Timeout on read (more than %d seconds) - Abandoning session", read_timeout); - smtp_exit(EX_OSERR); -} - -#ifdef NO_MEMMOVE -/* - * Use bcopy on platforms that don't support the newer memmove function - */ - -void -memmove(void *to, void *from, int len) -{ - bcopy(from, to, len); -} - -#endif - -/* - * Return to the initial state - */ - -void -reset_state(smtp_state state) -{ - if (test_state(OK_HELO, state)) { - zap_state(state); - set_state(OK_HELO, state); - } else { - zap_state(state); - } - - /* - * we must throw away anything in the output buffer - */ - output_buf->tail = output_buf->data; - output_buf->offset = 0; -} - -/* - * returns the index of the start of the first end-of-command token * - * in buf. returns len if it couldn't find one. - */ - -int -crlf_left(unsigned char *buf, size_t len) -{ - int i; - - i = 0; - while (i < len) { -#ifdef CRLF_PEDANTIC - /* - * This is how the RFC says the world should work. - * Unfortunately, it doesn't. - */ - if (buf[i] == CR) - if (i < (len - 1)) - if (buf[i + 1] == LF) - return (i); -#else - /* - * The world works like this. - */ - if (buf[i] == LF) { - if (i > 0 && buf[i - 1] == CR) { - return (i - 1); - } else { - return (i); - } - } -#endif - i++; - } -/* - * couldn't find one - */ - return (len); -} - -/* - * find next crlf in buf, starting at offset. On finding one, replaces - * the first byte of crlf with \0, sets offset to first byte after end - * of crlf, and returns start of string if we don't find one we return - * NULL - */ - -char * -smtp_get_line(struct smtp_mbuf *mbuf, size_t * offset) -{ - int i; - size_t len; - unsigned char *buf; - - buf = mbuf->data + *offset; - len = mbuf->offset - *offset; - - if (len == 0) { - return (NULL); - } - i = crlf_left(buf, len); - if (i < (len)) { - buf[i] = '\0'; - /* - * jump over end of line token - */ - i++; - - if ((i < len) && (buf[i] == LF)) { - i++; - } - *offset += i; - - return (buf); - } - return (NULL); -} - -/* - * flush len bytes of an mbuf to file descriptor fd. - */ - -void -flush_smtp_mbuf(struct smtp_mbuf *buf, int fd, int len) -{ - int foo = 0; - static int deaththroes=0; - - - if (deaththroes) { - return; /* We've already had a write barf. Don't try again */ - } - if (len <= buf->offset) { - while (foo < len) { - int i; - - i = write(fd, (buf->data) + foo, len); - if (i < 0) { - syslog(LOG_INFO, "write failed: (%m)"); - deaththroes=1; - smtp_exit(EX_OSERR); - } - foo += i; - - /* - * ok. reset the mbuf. - */ - if (foo == buf->offset) { - buf->offset = 0; - buf->tail = buf->data; - } else { - clean_smtp_mbuf(buf, foo); - } - } - } else { - syslog(LOG_CRIT, "You can't write %d bytes from a buffer with only %d in it!", len, (int) buf->offset); - } -} - -/* - * Strip some data out of an smtp_mbuf - */ - -void -clean_smtp_mbuf(struct smtp_mbuf *buf, int len) -{ - if (len > buf->offset) { - abort(); - } - if (len < buf->offset) { - memmove(buf->data, (buf->data) + len, (buf->offset) - len); - buf->offset = buf->offset - len; - buf->tail = (buf->data) + (buf->offset); - } else { - buf->offset = 0; - buf->tail = buf->data; - } -} - -/* - * Allocate and initialize an smtp_mbuf - */ - -struct smtp_mbuf * -alloc_smtp_mbuf(size_t size) -{ - struct smtp_mbuf *newbuf; - newbuf = (struct smtp_mbuf *) malloc(sizeof(struct smtp_mbuf)); - - if (newbuf == NULL) { - return (NULL); - } - newbuf->data = (unsigned char *) malloc(sizeof(unsigned char) * size); - - if (newbuf->data == NULL) { - free(newbuf); - return (NULL); - } - newbuf->size = size; - newbuf->offset = 0; - newbuf->tail = newbuf->data; - return (newbuf); -} - -/* - * Grow data area by "bloat" preserving everything else - */ - -int -grow_smtp_mbuf(struct smtp_mbuf *tiny, size_t bloat) -{ - unsigned char *newdata; - - newdata = (unsigned char *) malloc(tiny->size + bloat); - if (newdata == NULL) - return (0); - memcpy((void *) newdata, (void *) tiny->data, tiny->offset); - free(tiny->data); - tiny->data = newdata; - tiny->size += bloat; - tiny->tail = tiny->data + tiny->offset; - return (1); -} - -/* - * write len bytes from data into buffer mbuf. growing if necessary. - * return 1 if successful, 0 for failure. - */ - -int -write_smtp_mbuf(struct smtp_mbuf *mbuf, - unsigned char *data, - size_t len) -{ - if (len > (mbuf->size - mbuf->offset)) { - /* - * we need a bigger buffer - */ - if (!(grow_smtp_mbuf(mbuf, ((len / 1024) + 1) * 1024))) { - /* - * let's hope there is enough to syslog :-) - */ - syslog(LOG_CRIT, "malloc said no to a %d byte buffer!", - (int)(mbuf->size + len + 1024)); - return (0); - } - } - - /* - * buffer is now big enough - */ - memcpy((void *) mbuf->tail, (void *) (data), len); - mbuf->tail += len; - mbuf->offset += len; - return (1); -} - -/* - * read up to len bytes from fd into buffer mbuf. growing if - * neccessary. - * return amount read if successful. - * set errno and return -1 for failure. - */ -int -read_smtp_mbuf(struct smtp_mbuf *mbuf, - int fd, - size_t len) -{ - int howmany; - - if (len > (mbuf->size - mbuf->offset)) { - /* - * we need a bigger buffer - */ - if (!(grow_smtp_mbuf(mbuf, ((len / 1024) + 1) * 1024))) { - /* - * let's hope there is enough to syslog :-) - */ - syslog(LOG_ERR, "malloc said no to a %d byte buffer!", - (int)(mbuf->size + len + 1024)); - errno = ENOMEM; - return (-1); - } - } - /* - * buffer is now big enough - */ - - fflush(NULL); - signal(SIGALRM, read_alarm_timeout); - alarm(read_timeout); - howmany = read(fd, mbuf->tail, len); - alarm(0); - signal(SIGALRM, SIG_DFL); - if (howmany > 0) { - mbuf->tail += howmany; - mbuf->offset += howmany; - } - return (howmany); -} - -/* - * Write a possibly multi-segement reply into mbuf "outbuf" - */ -int -writereply(struct smtp_mbuf *outbuf, - int code, - int more, - ...) -{ - int ok; - char message[5]; - va_list ap; - char *msg; - - va_start(ap, more); - sprintf(message, "%3d%s", code, (more) ? "-" : " "); - ok = write_smtp_mbuf(outbuf, message, strlen(message)); - while (ok && (msg = va_arg(ap, char *)) != NULL) { - ok = write_smtp_mbuf(outbuf, msg, strlen(msg)); - } - if (ok) { - ok = write_smtp_mbuf(outbuf, CRLF, 2); - } - va_end(ap); - return (ok); -} - -/* - * open a new spoolfile with appropriate lock and permissions - */ -int -smtp_open_spoolfile() -{ - int fd; - - if (spoolfile != NULL) { - syslog(LOG_CRIT, "Attempt to open new spoolfile with %s already open - aborting", - spoolfile); - abort(); - } - putenv(strdup("TMPDIR=/")); /* - * Linux's tempnam() requires this kludge - * or we have to make a /tmp in our - * chrootdir. In it's wisdom it decides - * that if /tmp doesn't exist we can't - * have a tmpname anywhere.. Grumble.. - */ - -#if USE_MKSTEMP - /* If someone does manage to misconfigure us so people have - * access to the spool dir they probably have worse things to - * worry about than the race condition but.. Oh well, keeps gcc - * from complaining. - */ - spoolfile= (char *) malloc(strlen(spooldir)+13); - if (spoolfile == NULL) { - syslog(LOG_CRIT, "Couldn't make a unique filename for spooling!"); - smtp_exit(EX_CONFIG); - } - strcpy(spoolfile, spooldir); - strncat(spoolfile, "/smtpdXXXXXX", 12); - if ((fd = mkstemp(spoolfile)) < 0) { - syslog(LOG_CRIT, "Couldn't create spool file %s!", spoolfile); - free(spoolfile); - spoolfile=NULL; - smtp_exit(EX_CONFIG); - } -#else /* USE_MKSTEMP */ - /* gcc will bitch about this. There's nothing wrong with it where - * we are using it (not in /tmp). There shouldn't be a race condition - * since nothing other than smtpd should be using this spool dir, or - * have access to it if it is permitted correctly. - */ - { - char *cp; - cp=tempnam(spooldir, "smtpd"); - if (cp == NULL) { - syslog(LOG_CRIT, "Couldn't make a unique filename for spooling!"); - smtp_exit(EX_CONFIG); - } - - spoolfile=(char *) malloc((strlen(spooldir)+strlen(cp)+1) * sizeof(char)); - if (spoolfile == NULL) { - syslog(LOG_CRIT, "Malloc failed"); - smtp_exit(EX_TEMPFAIL); - } - spoolfile[0]='\0'; - - /* - * some versions of tempnam() with a spooldir give you a "/" in - * front of the filename, that you can append to the directory for - * a full path. Others like to give you the full path back. This - * difference really sucks. Use mkstemp (above) if you can. otherwise, - * this kludge avoids the problem. - */ - - if (strncmp(cp, spooldir, strlen(spooldir)) != 0) { - /* looks like we don't have the spool directory on the front */ - strcpy(spoolfile, spooldir); - } - strcat(spoolfile, cp); - free(cp); - } - if ((fd = open(spoolfile, O_CREAT | O_WRONLY, 0600)) < 0) { - syslog(LOG_CRIT, "Couldn't create spool file %s!", spoolfile); - smtp_exit(EX_CONFIG); - } -#endif /* USE_MKSTEMP */ - -#ifdef USE_LOCKF - if (lockf(fd, F_LOCK, 0) != 0) { - syslog(LOG_ERR, "Couldn't lock spool file %s using lockf!", spoolfile); - smtp_exit(EX_TEMPFAIL); - } -#endif -#ifdef USE_FLOCK - if (flock(fd, LOCK_EX) != 0) { - syslog(LOG_ERR, "Couldn't lock spool file %s using flock!", spoolfile); - smtp_exit(EX_TEMPFAIL); - } -#endif - return (fd); -} - -/* - * close spoolfile, unlock, and open permissions - */ -void -smtp_close_spoolfile(int fd) -{ - if (spoolfile == NULL) { - syslog(LOG_CRIT, "Attempt to close NULL spoolfile!"); - smtp_exit(EX_CONFIG); - } -#ifdef USE_LOCKF - if (lockf(fd, F_TLOCK, 0) == 0) - if (lockf(fd, F_ULOCK, 0) != 0) { - syslog(LOG_CRIT, "Couldn't unlock spool file %s using lockf!", spoolfile); - smtp_exit(EX_OSERR); - } -#endif -#ifdef USE_FLOCK - if (flock(fd, LOCK_EX | LOCK_NB) == 0) - if (flock(fd, LOCK_UN) != 0) { - syslog(LOG_CRIT, "Couldn't unlock spool file %s using flock!", spoolfile); - smtp_exit(EX_OSERR); - } -#endif - close(fd); - chmod(spoolfile, 0750); /* - * Mark file as 'complete' - */ -#if 0 - syslog(LOG_DEBUG, "Marking file %s as complete", spoolfile); -#endif - free(spoolfile); - spoolfile = NULL; -} - -/* - * unlock spoolfile and remove it - */ -void -smtp_nuke_spoolfile(int fd) -{ - if (spoolfile == NULL) { - syslog(LOG_CRIT, "Attempt to remove NULL spoolfile!"); - smtp_exit(EX_SOFTWARE); - } - if (unlink(spoolfile) != 0) { - syslog(LOG_CRIT, "Couldn't remove spool file %s! (%m)", spoolfile); - free(spoolfile); - spoolfile = NULL; - smtp_exit(EX_CONFIG); - } -#ifdef USE_LOCKF - if (lockf(fd, F_TLOCK, 0) == 0) - if (lockf(fd, F_ULOCK, 0) != 0) { - syslog(LOG_CRIT, "Couldn't unlock spool file %s using lockf! (%m)", spoolfile); - free(spoolfile); - spoolfile = NULL; - smtp_exit(EX_OSERR); - } -#endif -#ifdef USE_FLOCK - if (flock(fd, LOCK_EX | LOCK_NB) == 0) - if (flock(fd, LOCK_UN) != 0) { - syslog(LOG_CRIT, "Couldn't unlock spool file %s using flock! (%m)", spoolfile); - free(spoolfile); - spoolfile = NULL; - smtp_exit(EX_OSERR); - } -#endif - close(fd); - free(spoolfile); - spoolfile = NULL; -} - -/* - * Try to say something meaningful to our client and then exit. - */ - -void -smtp_exit(int val) -{ - if (val != 0) { - /* - * we're leaving the client hanging. attempt to tell them we're - * going away - */ - if (exiting++<1) { - writereply(reply_buf, 421, 0, m421msg, NULL); - } - - /* - * if we have an open spool file that's unclosed, blast it out of - * existence - */ - if (exiting++<2) { - if (spoolfile != NULL) { - smtp_nuke_spoolfile(outfd); - } - } - } else { - if (exiting++<1) { - if (spoolfile != NULL) { - smtp_close_spoolfile(outfd); - exiting++; - } - } - } - if (exiting++<3) { - flush_smtp_mbuf(reply_buf, replyfd, reply_buf->offset); - } - - if (!VerboseSyslog) { - accumlog(LOG_INFO, 0); /* flush? */ - } - - exit(val); -} - -/* - * clean up things (mostly hostnames) that will go into the syslogs - */ - -unsigned char * -cleanitup(const unsigned char *s) -{ - static unsigned char *bufs[20]; - static int first = 1, next_buffer; - unsigned char *dst, *buffer_addr; - const unsigned char *src; - int saw_weird_char, saw_bad_char, saw_high_bit = 0; - - if (first) { - int i; - - for (i = 0; i < 20; i += 1) { - bufs[i] = malloc(1024); - if (bufs[i] == NULL) { - syslog(LOG_CRIT, "CRITICAL - malloc (1024 bytes) failed in cleanitup"); - abort(); - } - } - first = 0; - } - src = s; - dst = bufs[(next_buffer++) % 20]; - buffer_addr = dst; - saw_weird_char = 0; - saw_bad_char = 0; - saw_high_bit = 0; - - while (*src != '\0') { - unsigned char xch, ch; - - xch = *src++; - ch = xch & 0x7f; - - if (ch != xch) { - saw_high_bit = 1; - *dst++ = '^'; - *dst++ = '='; - } - if (isalnum(ch) || strchr(" -/:=.@_[]", ch) != NULL) { - - *dst++ = ch; - - } else if (strchr("\\`$|;()*", ch) != NULL) { - - saw_bad_char = 1; - - *dst++ = '^'; - *dst++ = 'x'; - *dst++ = "0123456789abcdef"[(xch >> 4) & 0xf]; - *dst++ = "0123456789abcdef"[(xch) & 0xf]; - - } else { - - saw_weird_char = 1; - - switch (ch) { - case '\n': - *dst++ = '^'; - *dst++ = 'n'; - break; - case '\r': - *dst++ = '^'; - *dst++ = 'r'; - break; - case '\t': - *dst++ = '^'; - *dst++ = 't'; - break; - case '\b': - *dst++ = '^'; - *dst++ = 'b'; - break; - case '^': - *dst++ = '^'; - *dst++ = '^'; - break; - default: - *dst++ = '^'; - *dst++ = 'x'; - *dst++ = "0123456789abcdef"[(xch >> 4) & 0xf]; - *dst++ = "0123456789abcdef"[(xch) & 0xf]; - } - - } - - if (dst - buffer_addr > 1024 - 10) { - syslog(LOG_INFO, "INFO(cleanitup) - buffer overflow - chopping"); - break; - } - } - - *dst = '\0'; - - - if (saw_bad_char) { - syslog(LOG_ALERT, "ALERT(cleanitup) - saw VERY unusual character (cleaned string is \"%s\")", buffer_addr); - } - if (saw_weird_char) { - syslog(LOG_INFO, "INFO(cleanitup) - saw unusual character (cleaned string is \"%s\")", buffer_addr); - } - if (saw_high_bit) { - syslog(LOG_INFO, "INFO(cleanitup) - saw character with high bit set (cleaned string is \"%s\")", buffer_addr); - } - return (buffer_addr); -} - -/* - * less paranoid version of cleanitup that tries to handle mail addresses - * without mangling them. - */ -unsigned char * -smtp_cleanitup(const unsigned char *s) -{ - static unsigned char *bufs[20]; - static int first = 1, next_buffer; - unsigned char *dst, *buffer_addr; - const unsigned char *src; - int firstone, arg_attempt, saw_weird_char, saw_bad_char, saw_high_bit = 0; - - if (first) { - int i; - - for (i = 0; i < 20; i += 1) { - bufs[i] = malloc(1024); - if (bufs[i] == NULL) { - syslog(LOG_CRIT, "CRITICAL - malloc (1024 bytes) failed in smtp_cleanitup"); - abort(); - } - } - first = 0; - } - src = s; - dst = bufs[(next_buffer++) % 20]; - buffer_addr = dst; - saw_weird_char = 0; - saw_bad_char = 0; - saw_high_bit = 0; - arg_attempt = 0; - - firstone = 1; - while (*src != '\0') { - unsigned char xch, ch; - - xch = *src++; - ch = xch & 0x7f; - - if (ch != xch) { - saw_high_bit = 1; - *dst++ = '^'; - *dst++ = '='; - } - /* - * <sjg> RFC822 allows both ' and " in local-part. - * " is infact _required_ if local-part contains spaces as is - * common in x400 (yuk). - */ - if (isalnum(ch) || strchr(" -,:=.@_!<>()[]/+%'\"", ch) != NULL) { - if (firstone && (ch == '-')) { - arg_attempt = 1; - *dst++ = '^'; - *dst++ = '-'; - } else { - *dst++ = ch; - } - - } else if (strchr("\\`$|*;", ch) != NULL) { - - saw_bad_char = 1; - - *dst++ = '^'; - *dst++ = 'x'; - *dst++ = "0123456789abcdef"[(xch >> 4) & 0xf]; - *dst++ = "0123456789abcdef"[(xch) & 0xf]; - - } else { - - saw_weird_char = 1; - - switch (ch) { - case '\n': - *dst++ = '^'; - *dst++ = 'n'; - break; - case '\r': - *dst++ = '^'; - *dst++ = 'r'; - break; - case '\t': - *dst++ = '^'; - *dst++ = 't'; - break; - case '\b': - *dst++ = '^'; - *dst++ = 'b'; - break; - case '^': - *dst++ = '^'; - *dst++ = '^'; - break; - default: - *dst++ = '^'; - *dst++ = 'x'; - *dst++ = "0123456789abcdef"[(xch >> 4) & 0xf]; - *dst++ = "0123456789abcdef"[(xch) & 0xf]; - } - - } - - if (dst - buffer_addr > 1024 - 10) { - syslog(LOG_INFO, "INFO(smtp_cleanitup) - buffer overflow - chopping"); - break; - } - firstone = 0; - } - - - *dst = '\0'; - - if (arg_attempt) { - syslog(LOG_ALERT, "ALERT(smtp_cleanitup) - '-' as first character in address (cleaned string is \"%s\")", buffer_addr); - } - if (saw_bad_char) { - syslog(LOG_ALERT, "ALERT(smtp_cleanitup) - saw VERY unusual character (cleaned string is \"%s\")", buffer_addr); - } - if (saw_weird_char) { - syslog(LOG_DEBUG, "INFO(smtp_cleanitup) - saw unusual character (cleaned string is \"%s\")", buffer_addr); - } - if (saw_high_bit) { - syslog(LOG_DEBUG, "INFO(smtp_cleanitup) - saw character with high bit set cleaned string is \"%s\")", buffer_addr); - } - return (buffer_addr); -} - - -/* - * is smtp command "cmd" legal in state "state" - */ -int -cmd_ok(int cmd, smtp_state state) -{ - if (sane_state(state)) { - switch (cmd) { - case HELO: - return (!(test_state(OK_HELO, state))); -#if EHLO_KLUDGE - case EHLO: - return(test_state(OK_EHLO, state)); -#endif - case MAIL: - if (test_state(OK_HELO, state) && (!test_state(OK_MAIL, state))) - return (1); - else - return (0); - case RCPT: - if (test_state(OK_MAIL, state) && (!test_state(SNARF_DATA, state))) - return (1); - else - return (0); - case DATA: - if (test_state(OK_RCPT, state)) - return (1); - else - return (0); - default: - return (1); - } - } - return (0); -} - -/* - * is this state legal? returns 1 if so, 0 if not - */ -int -sane_state(smtp_state state) -{ - if (test_state(OK_MAIL, state) && !test_state(OK_HELO, state)) { - syslog(LOG_DEBUG, "Bad state. can't be OK_MAIL and not OK_HELO"); - return (0); - } - if (test_state(OK_RCPT, state) && !test_state(OK_MAIL, state)) { - syslog(LOG_DEBUG, "Bad state. can't be OK_RCPT and not OK_MAIL"); - return (0); - } - if (test_state(SNARF_DATA, state) && !test_state(OK_RCPT, state)) { - syslog(LOG_DEBUG, "Bad state. can't be SNARF_DATA and not OK_RCPT"); - return (0); - } - return (1); -} - -/* - * state change engine. given "state", change state after processing * - * command "cmd" with status "status", - */ -void -state_change(smtp_state state, int cmd, int status) -{ - /* - * basic state sanity checks - */ - - if (!sane_state(state)) { - reset_state(state); - return; - } - switch (cmd) { - case HELO: - switch (status) { - case SUCCESS: - set_state(OK_HELO, state); /* - * we got a helo - */ - return; - case ERROR: - clear_state(OK_HELO, state); - return; - case FAILURE: - reset_state(state); - return; - - default: - syslog(LOG_CRIT, "Hey, I shouldn't be here (Bad HELO status in change_state)!"); - abort(); - } -#if EHLO_KLUDGE - case EHLO: - switch (status) { - case SUCCESS: - set_state(OK_EHLO, state); /* - * we got a ehlo - */ - return; - case ERROR: - clear_state(OK_EHLO, state); - return; - case FAILURE: - reset_state(state); - return; - - default: - syslog(LOG_CRIT, "Hey, I shouldn't be here (Bad EHLO status in change_state)!"); - abort(); - } -#endif - case MAIL: - switch (status) { - case SUCCESS: - set_state(OK_MAIL, state); - return; - case ERROR: - /* - * no state change - */ - return; - case FAILURE: - reset_state(state); - return; - default: - syslog(LOG_CRIT, "Hey, I shouldn't be here (Bad MAIL status in change_state)!"); - abort(); - } - case RCPT: - switch (status) { - case SUCCESS: - set_state(OK_RCPT, state); - return; - case ERROR: - /* - * no state change - */ - return; - case FAILURE: - reset_state(state); - return; - default: - syslog(LOG_CRIT, "Hey, I shouldn't be here (Bad RCPT status in change_state)!"); - abort(); - } - case NOOP: - switch (status) { - case SUCCESS: - return; - default: - syslog(LOG_CRIT, "Hey, I shouldn't be here (Bad NOOP status in change_state)!"); - abort(); - } - case DATA: - switch (status) { - case SUCCESS: - set_state(SNARF_DATA, state); - return; - case ERROR: - /* - * hmm. hard to do this - */ - return; - case FAILURE: - reset_state(state); - return; - default: - syslog(LOG_CRIT, "Hey, I shouldn't be here (Bad DATA status in change_state)!"); - abort(); - } - case UNKNOWN: - switch (status) { - case SUCCESS: - return; - case ERROR: - return; - case FAILURE: - reset_state(state); - return; - default: - syslog(LOG_CRIT, "Hey, I shouldn't be here (Bad UNKNOWN status in change_state)!"); - abort(); - } - case QUIT: - /* - * one can always quit - */ - smtp_exit(EX_OK); - break; - case RSET: - /* - * one can always reset - */ - reset_state(state); - break; - default: - /* - * shouldn't get here on valid input. - */ - syslog(LOG_CRIT, "Hey, I shouldn't be here (end of change_state)!"); - abort(); - } -} - -/* - * parse a single smtp command in inbuf. - * - * PRE: "inbuf" contains one read line, \0 terminated without CRLF - * at the end, and a non-whitespace character at the start. initial - * state pointer passed in as "state". "outbuf" is our buffer for output - * we're keeping, "replybuf" is our buffer for replies to the client. - * - * POST: any output from the command is output to the end of outbuf, - * any replys to the client are output to the end of replybuf. - * state is changed accordingly. - * - */ - -void -smtp_parse_cmd(unsigned char *inbuf, - struct smtp_mbuf *outbuf, - struct smtp_mbuf *replybuf, - smtp_state state) -{ - unsigned char *buf, *cp; - size_t ilen; - unsigned char verb[5]; - - ilen = strlen(inbuf); - if (ilen < 4) { - if (ilen == 3) { - memcpy(verb, inbuf, 3); - verb[3] = '\0'; - if (strcasecmp(verb, "WIZ") == 0) { - syslog(LOG_ALERT, - "Wizard command attempted from address %s(%s), name %s", - peerinfo.peer_ok_addr, peerinfo.peer_clean_reverse_name, client_claimed_name); - writereply(replybuf, 250, 0, m250msg, NULL); - state_change(state, NOOP, SUCCESS); - return; - } - } else { - /* - * we need at least one complete verb. - */ - writereply(replybuf, 500, 0, m500msg, NULL); - state_change(state, UNKNOWN, ERROR); - return; - } - } - memcpy(verb, inbuf, 4); - verb[4] = '\0'; - buf = inbuf + 4; - - /* The basic vanilla SMTP commands, minimum as specified in RFC 821; - * HELO, MAIL, RCPT, DATA, RSET, NOOP, QUIT. Added minimal VRFY - * after rumors (never substantiated) that some mail agents might - * try it thanks to RFC 1123. We don't bother checking address - * <domain> parameter syntax rigidly like RFC 1123 says we should, - * leaving that up to the MTA invoked at the end. I don't believe - * the added code complexity is worth any practical benefit here - * when we are invoking the MTA after. Feel free to convince me - * otherwise. - */ - - /* - * HELO - */ - -#if EHLO_KLUDGE - if ((strcasecmp(verb, "HELO") == 0) || - (cmd_ok(EHLO, state) && (strcasecmp(verb, "EHLO") == 0))) { -#else - if (strcasecmp(verb, "HELO") == 0) { -#endif - - /* - * Hello hello.. a-la RFC 821 - */ - if (!cmd_ok(HELO, state)) { - writereply(replybuf, 503, 0, m503msg, NULL); - state_change(state, HELO, FAILURE); - return; - } - /* - * at this point I shouldn't have anything bigger than a hostname - * left. - */ - SPANBLANK(buf); - if (strlen(buf) > SMTP_MAXFQNAME) { - /* - * someone gave us a *big* name for themselves. draw them to - * our attention, and fail. - */ - syslog(LOG_ALERT, - "More than %d bytes on HELO from %s(%s).", - SMTP_MAXFQNAME, peerinfo.peer_clean_reverse_name, peerinfo.peer_ok_addr); - state_change(state, HELO, FAILURE); - return; - } - client_claimed_name = strdup(cleanitup(buf)); - if (client_claimed_name == NULL) { - syslog(LOG_ERR, "Malloc failed, abandoning session."); - smtp_exit(EX_OSERR); - } - if (strcmp(buf, client_claimed_name) != 0) { - syslog(LOG_ALERT, "Suspicious characters in HELO: hostname from host %s(%s), cleaned to %s", - peerinfo.peer_clean_reverse_name, peerinfo.peer_ok_addr, client_claimed_name); - if (Paranoid_Smtp) { - syslog(LOG_CRIT, "Abandoning session from %s(%s) due to suspicious HELO: hostname", - peerinfo.peer_clean_reverse_name, peerinfo.peer_ok_addr); - smtp_exit(EX_PROTOCOL); - } - } - writereply(replybuf, 250, 0, - peerinfo.my_clean_reverse_name, - " ", - m250helook, - " ", - client_claimed_name, - NULL); - /* - * log the connection - */ - if (VerboseSyslog) { - syslog(LOG_INFO, "SMTP HELO from %s(%s) as \"%s\"", - peerinfo.peer_clean_reverse_name, - peerinfo.peer_ok_addr, client_claimed_name); - } - else { - accumlog(LOG_INFO, 0); /* flush anything left */ - accumlog(LOG_INFO, "relay=%s/%s", - peerinfo.peer_clean_reverse_name, peerinfo.peer_ok_addr); - if (strcasecmp(peerinfo.peer_clean_reverse_name, client_claimed_name)) - accumlog(LOG_INFO, " as \"%s\"", client_claimed_name); - } - state_change(state, HELO, SUCCESS); - } else if (strcasecmp(verb, "MAIL") == 0) { - if (!cmd_ok(MAIL, state)) { - writereply(replybuf, 554, 0, m554msg, NULL); - state_change(state, MAIL, ERROR); - return; - } - /* - * at this point I shouldn't have anything bigger than a return * - * address and a FROM: left. - */ - if (strlen(buf) > SMTP_MAX_MAILPATH + 7) { - /* - * someone gave us a *big* name * for themselves. draw them to - * our attention, and fail. - */ - syslog(LOG_ALERT, - "More than %d bytes on MAIL from address %s(%s).", - SMTP_MAX_MAILPATH, peerinfo.peer_clean_reverse_name, peerinfo.peer_ok_addr); - state_change(state, MAIL, FAILURE); - return; - } - SPANBLANK(buf); - if (strncasecmp(buf, "FROM:", 5) != 0) { - writereply(replybuf, 501, 0, m501msg, NULL); - state_change(state, MAIL, ERROR); - return; - } - buf += 5; - SPANBLANK(buf); - /* - * <sjg> if local-part contains ", then spaces are allowed - */ - cp = NULL; - if (buf[0] == '"' || buf[1] == '"') - cp = strrchr(buf, '"'); /* REVISIT: find last " */ - if (cp == NULL) - cp = buf+1; - cp = strchr(cp+1, ' '); - if (cp != NULL) { - /* stuff on the end */ - *cp = '\0'; - cp++; - SPANBLANK(cp); - if (*cp != '\0') { - /* We could deal with ESMTP SIZE here. If so it's either - * OK or bogus, in which we have to return 555. - * - * Without ESMTP. this is crud on the end, and we give 501 - */ - writereply(replybuf, 501, 0, m501msg, NULL); - state_change(state, MAIL, ERROR); - return; - } - } - current_from_mailpath = strdup(smtp_cleanitup(buf)); - if (current_from_mailpath == NULL) { - /* - * doh! malloc has failed us. - */ - syslog(LOG_ERR, "Malloc failed, abandoning session."); - smtp_exit(EX_OSERR); - } - - if (strcmp(buf, current_from_mailpath) != 0) { - syslog(LOG_ALERT, "Suspicious characters in FROM: address from host %s(%s), cleaned to %s", - peerinfo.peer_clean_reverse_name, peerinfo.peer_ok_addr, current_from_mailpath); - if (Paranoid_Smtp) { - syslog(LOG_CRIT, "Abandoning session from %s(%s) due to suspicious FROM: address", - peerinfo.peer_clean_reverse_name, peerinfo.peer_ok_addr); - smtp_exit(EX_PROTOCOL); - } - } - writereply(replybuf, 250, 0, - "sender is ", - current_from_mailpath, - ", ", - m250fromok, - NULL); - - /* - * log the connection - */ - if (VerboseSyslog) { - syslog(LOG_INFO, "mail from %s", current_from_mailpath); - } else { - accumlog(LOG_INFO, " from=%s", current_from_mailpath); - } - - /* - * put our output in the outbuf - */ - if (write_smtp_mbuf(outbuf, "FROM ", strlen("FROM ")) && - write_smtp_mbuf(outbuf, current_from_mailpath, - strlen(current_from_mailpath)) && - write_smtp_mbuf(outbuf, "\n", 1)) { - state_change(state, MAIL, SUCCESS); - } else { - state_change(state, MAIL, FAILURE); - } - } else if (strcasecmp(verb, "RCPT") == 0) { - char *victim; - int badrcpt=0; - - if (!cmd_ok(RCPT, state)) { - writereply(replybuf, 554, 0, m554nofrom, NULL); - state_change(state, RCPT, ERROR); - return; - } - /* - * at this point I shouldn't have anything bigger than a return * - * address and a RCPT: left. - */ - if (strlen(buf) > SMTP_MAX_MAILPATH + 1) { - /* - * someone gave us a *big* name for themselves. * draw them to - * our attention, and fail. - */ - syslog(LOG_ALERT, - "More than %d bytes on RCPT from address %s(%s).", - SMTP_MAX_MAILPATH, peerinfo.peer_clean_reverse_name, peerinfo.peer_ok_addr); - state_change(state, RCPT, FAILURE); - return; - } - SPANBLANK(buf); - if ((strlen(buf) < 3) || strncasecmp(buf, "TO:", 3) != 0) { - writereply(replybuf, 501, 0, m501msg, NULL); - state_change(state, RCPT, ERROR); - return; - } - buf += 3; - SPANBLANK(buf); - /* - * <sjg> if local-part contains ", then spaces are allowed - */ - cp = NULL; - if (buf[0] == '"' || buf[1] == '"') - cp = strrchr(buf, '"'); /* REVISIT: find last " */ - if (cp == NULL) - cp = buf; - cp = strchr(cp+1, ' '); - if (cp != NULL) { - /* stuff on the end */ - *cp = '\0'; - cp++; - SPANBLANK(cp); - if (*cp != '\0') { - /* - * Without ESMTP. this is crud on the end, and we give 501 - */ - writereply(replybuf, 501, 0, m501msg, NULL); - state_change(state, RCPT, ERROR); - return; - } - } - victim = strdup(smtp_cleanitup(buf)); - if (victim == NULL) { - syslog(LOG_ERR, "Malloc failed, abandoning connection."); - smtp_exit(EX_OSERR); - } - if (strcmp(buf, victim) != 0) { - syslog(LOG_ALERT, "Suspicious characters in RCPT: address from host %s(%s), cleaned to %s", - peerinfo.peer_clean_reverse_name, peerinfo.peer_ok_addr, victim); - if (Paranoid_Smtp) { - syslog(LOG_CRIT, "Abandoning session from %s(%s) due to suspicious RCPT: address", - peerinfo.peer_clean_reverse_name, peerinfo.peer_ok_addr); - smtp_exit(EX_PROTOCOL); - } - } -#if CHECK_ADDRESS - /* - * check and see if we are allowed to send mail from our FROM to - * our RCPT on a connection from the client we're talking to. - */ - - { - char *deathmsg = NULL; - if (NoHostChecks) { - /* It's just possible that someone will be trying to do this - * without having the DNS lookup checks on. Sigh.. - * As a minimum for the lookups we need to know who we are - * and who is at the other end. meaning we must have - * peerinfo.my_sa, peerinfo.peer_sa and peerinfo.peer_ok_addr - * filled in. otherwise we have nothing to check against. - */ - int slen; - slen = sizeof(my_sa); - if (getsockname(0, (struct sockaddr *) &my_sa, &slen) - != 0) { - syslog(LOG_ERR, "ERROR - getsockname failed (%m) Who am i?"); - exit(EX_OSERR); - } - peerinfo.my_sa = &my_sa; - slen = sizeof(peer_sa); - if (getpeername(0, (struct sockaddr *) &peer_sa, &slen) - != 0) { - syslog(LOG_ERR, "ERROR - getpeername failed (%m)"); - exit(EX_OSERR); - } - peerinfo.peer_ok_addr = strdup(inet_ntoa(peer_sa.sin_addr)); - peerinfo.peer_sa = &peer_sa; - if (peerinfo.peer_ok_addr == NULL) { - syslog(LOG_ERR, "Malloc failed during initialization - bye!"); - exit(EX_CONFIG); - } - } - - /* We may have a username passed down in the environment from - * our caller if they did an ident. Juniperd in particular may - * pass a JUNIPER_IDENT, which will have been cleaned by - * the cleanitup() routine, and will be "UNKNOWN" if no value - * was obtained. - */ - - - peerinfo.peer_clean_ident = getenv("JUNIPER_IDENT"); - - if (peerinfo.peer_clean_ident != NULL) { - if (strcmp(peerinfo.peer_clean_ident, "UNKNOWN") == 0) { - peerinfo.peer_clean_ident = NULL; - } - peerinfo.peer_dirty_ident = peerinfo.peer_clean_ident; - } - - /* otherwise, allow our invoker to pass us in an ident value in the - * environment as SMTPD_IDENT. (for people who do this with the tcp - * wrapper.)We must however, clean the string. - */ - - if (peerinfo.peer_clean_ident == NULL) { - peerinfo.peer_dirty_ident = getenv("SMTPD_IDENT"); - if (peerinfo.peer_dirty_ident != NULL) { - if (strcmp(peerinfo.peer_dirty_ident, "UNKNOWN") == 0) { - peerinfo.peer_dirty_ident = NULL; - } - else { - peerinfo.peer_clean_ident = - strdup(cleanitup(peerinfo.peer_dirty_ident)); - if (peerinfo.peer_clean_ident == NULL) { - syslog(LOG_ERR, "ERROR - Malloc failed"); - exit(EX_OSERR); - } - } - } - } - switch (smtpd_addr_check( CHECK_FILE, - &peerinfo, - current_from_mailpath, - victim, - &deathmsg) ) { - case 1: - /* we matched an "allow" rule - continue */ - break; - case 0: - /* we matched a "deny" rule. syslog and send back failure message */ - if (VerboseSyslog) { - syslog(LOG_INFO, "Forbidden FROM or RCPT for host %s(%s) - Abandoning session", - peerinfo.peer_clean_reverse_name, peerinfo.peer_ok_addr); - } - else { - accumlog(LOG_INFO, " forbidden FROM or RCPT"); - accumlog(LOG_INFO, 0); /* flush it */ - } - { - char *c; - c = make_check_fail_reply(peerinfo.peer_clean_ident, - peerinfo.peer_clean_reverse_name, - peerinfo.peer_ok_addr, - current_from_mailpath, - victim, - deathmsg); - if (write_smtp_mbuf(replybuf, c, strlen(c))) { - write_smtp_mbuf(replybuf, CRLF, 2); - } - } - smtp_exit(EX_PROTOCOL); - break;; /* notreached */ - - case -1: - /* we matched a "noto" rule. send message, and set state */ - { - char *c; - c = make_check_fail_reply(peerinfo.peer_clean_ident, - peerinfo.peer_clean_reverse_name, - peerinfo.peer_ok_addr, - current_from_mailpath, - victim, - deathmsg); - if (write_smtp_mbuf(replybuf, c, strlen(c))) { - write_smtp_mbuf(replybuf, CRLF, 2); - } - } - badrcpt = 1; - - if (VerboseSyslog) { - syslog(LOG_INFO, "Discarded bad recipient %s", victim); - } else { - accumlog(LOG_INFO, " discarded bad recipient=%s", victim); - } - state_change(state, RCPT, ERROR); - break; - - default: - syslog(LOG_CRIT, "Aieee! smtpd_check_address returned bogus value! *SHOULD NOT HAPPEN*"); - abort(); - } - } -#endif /* CHECK_ADDRESS */ - if (!badrcpt) { - writereply(replybuf, 250, 0, - "recipient ", - victim, - ", ", - m250rcptok, - NULL); - - /* - * log the recipient. - */ - if (VerboseSyslog) { - syslog(LOG_INFO, "Recipient %s", victim); - } else { - accumlog(LOG_INFO, " to=%s", victim); - } - if (write_smtp_mbuf(outbuf, "RCPT ", strlen("RCPT ")) && - write_smtp_mbuf(outbuf, victim, strlen(victim)) && - write_smtp_mbuf(outbuf, "\n", 1)) { - state_change(state, RCPT, SUCCESS); - } else { - state_change(state, RCPT, FAILURE); - } - } - free(victim); - } else if (strcasecmp(verb, "NOOP") == 0) { - writereply(replybuf, 250, 0, m250msg, NULL); - state_change(state, NOOP, SUCCESS); - } else if (strcasecmp(verb, "VRFY") == 0) { - writereply(replybuf, 252, 0, m252msg, NULL); - state_change(state, NOOP, SUCCESS); - } else if (strcasecmp(verb, "DEBU") == 0) { - syslog(LOG_ALERT, - "Debug command attempted from %s(%s), name %s", - peerinfo.peer_clean_reverse_name, peerinfo.peer_ok_addr, client_claimed_name); - writereply(replybuf, 250, 0, m250msg, NULL); - state_change(state, NOOP, SUCCESS); - } else if (strcasecmp(verb, "RSET") == 0) { - writereply(replybuf, 250, 0, m250msg, NULL); - state_change(state, RSET, SUCCESS); - } else if (strcasecmp(verb, "QUIT") == 0) { - writereply(replybuf, 221, 0, m221msg, NULL); - state_change(state, QUIT, SUCCESS); - } else if (strcasecmp(verb, "DATA") == 0) { - if (cmd_ok(DATA, state)) { - writereply(replybuf, 354, 0, m354msg, NULL); - state_change(state, SNARF_DATA, SUCCESS); - } else { - writereply(replybuf, 554, 0, m554norcpt, NULL); - state_change(state, SNARF_DATA, ERROR); - } -#if EHLO_KLUDGE - } else if (strcasecmp(verb, "EHLO") == 0) { - writereply(replybuf, 500, 0, m500msg, NULL); - state_change(state, EHLO, SUCCESS); -#endif - } else { - /* - * if we get here our verb don't look like a verb. this means that - * we should fire off a syntax error to the client - */ - writereply(replybuf, 500, 0, m500msg, NULL); - state_change(state, UNKNOWN, ERROR); - } - return; -} - -/* - * Read a message body. - * return values: * 1 - everything OK * 2 - read failed or connection - * died before we got it all * 3 - size exceeded * 4 - no space on - * write device * 5 - not enough memory - */ - -int -snarfdata(int in, int out, long *size, int bin) -{ - struct smtp_mbuf *buf; - struct smtp_mbuf *outbuf; - int snarfed; - int dot = 0; - int i; - long max, outbytes; - int body = 0; - - /* - * initial message size - */ - max = (*size ? *size : LONG_MAX); - - - /* - * Initialize the smtp_mbuf's. - * We start of with absurdly small sizes in order to ensure that the - * code which grows an mbuf gets exercised (i.e. if it is broken then - * the program will probably die and the bug will (hopefully) get fixed). - */ - - buf = alloc_smtp_mbuf(1024); - if (buf == NULL) { - syslog(LOG_DEBUG, "Couldn't allocate input buffer for data command"); - return (5); - } - outbuf = alloc_smtp_mbuf(1024); - if (outbuf == NULL) { - syslog(LOG_DEBUG, "Couldn't allocate output buffer for data command"); - return (5); - } - outbytes = 0; - while (1) { - int linestart; - int lineend; - - linestart = lineend = 0; - - snarfed = read_smtp_mbuf(buf, in, 1024); - if (snarfed < 0) { - if (VerboseSyslog) { - syslog(LOG_INFO, "read error receiving message body: %m"); - } else { - accumlog(LOG_INFO, " read error receiving message body: %s", - strerror(errno)); - } - return (2); - } - if (snarfed == 0) { - if (VerboseSyslog) { - syslog(LOG_INFO, "EOF while receiving message body"); - } else { - accumlog(LOG_INFO, " EOF while receiving message body"); - } - return (2); - } - if (outbuf->size < buf->size) { - if (grow_smtp_mbuf(outbuf, (buf->size - outbuf->size)) == 0) { - syslog(LOG_INFO, "Couldn't grow #1"); - return (5); - } - } - for (i = 0; i < buf->offset; i++) { - switch (buf->data[i]) { - case LF: - /* - * we got an LF - */ - if (dot == 1) { - /* - * Lonesome Dot sings: "We're done!" - */ - *size = outbytes; - return (1); - break; - } else { - /* - * write out from linestart to lineend (inclusive) - */ - buf->data[lineend] = LF; /* - * I must at least write - * out this LF - */ - /* - * check for unusual headers. - * these form the basis of a number of more interesting attacks - * - Julian Assange <proff@suburbia.net> - */ - if (!body) { - if (buf->data[linestart] == LF || - (buf->data[linestart] == '\r' && buf->data[linestart+1] == LF)) - { - body = 1; - } else - { - char *p; - int off=0; - int unprintable = 0; - for (p=buf->data+linestart; *p != LF; p++) - { - /* add isalpha(), to allow for non - * conventional locales. where - * isalpha != isprint. - */ - if (!isalpha(*p) && !isprint(*p) && - !isspace(*p)) - { - syslog(LOG_DEBUG, "Unprintable character value=%d in message header at offset %d", (int)*p, off); - *p='?'; - unprintable++; - } - off++; - } - if (unprintable) - { - buf->data[lineend]='\0'; - syslog(LOG_ALERT, "%d unprintable characters in \"%.255s\"", unprintable, buf->data+linestart); - buf->data[lineend]=LF; - if (Paranoid_Smtp) { - syslog(LOG_CRIT, "Abandoning session from %s(%s) due to unprintable message header", - peerinfo.peer_clean_reverse_name, peerinfo.peer_ok_addr); - smtp_exit(EX_PROTOCOL); - } - } - if (lineend - linestart > 255) { - syslog(LOG_ALERT, "unusually long header (trucated) [%d bytes] = \"%.255s\"...", lineend-linestart, buf->data+linestart); - buf->data[linestart+255]=LF; - lineend = linestart + 255; - } - } - } - while (linestart <= lineend) { - int j; - j = write(out, (buf->data) + linestart, - ((lineend - linestart) + 1)); - if (j < 0) { - /* - * we can't write to the out fd. return - * indicating that. - */ - syslog(LOG_ERR, "Write failed to spoolfile! (%m)"); - return (4); - } else if (j == 0) { - syslog(LOG_CRIT, "zero length write to file - bye!"); - exit(EX_CONFIG); - } - outbytes += j; - linestart += j; - if (outbytes >= max) { - /* - * we've blown over our maxsize limit. - */ - syslog(LOG_ERR, - "Message body exceeds maximum size of %ld", max); - return (3); - } - } - } - dot = 0; - linestart = i + 1; - lineend = i + 1; - break; - case CR: - /* - * we got a CR. if it's at the end of a line, (right - * before an LF), we ignore it, and it goes away. Any - * other character will advance lineend past it, meaning - * it gets picked up as data. Dot is also unchanged - * since this could be the start of a crlf after we saw - * a first character dot. The next character will bring - * enlightenment. - */ - break; - case '.': - if (i == (linestart)) { - if (dot == 0) { - /* - * this is a dot at start of line. It could mean - * we're finished. We're either finished, or we - * do not replicate this first dot in the output. - * (RFC 821, 4.5.2) - */ - dot = 1; - /* - * if we aren't finished, then this dot can't - * appear, so increment linestart by one - */ - linestart++; - } else { - /* - * this is a second dot, after we saw one last - * time and moved linestart. This one stays, and - * this ain't Lonsesome Dot - */ - dot = 0; - } - } else { - /* - * this is a plain ordinary dot with no pretensions, - * it's like any other character. Clear dot in order - * to properly handle ".\r." case at the start of a - * line (i.e ".\r." is NOT the same as ".." even if - * it appears at the start of a line). - */ - dot = 0; - } - lineend = i + 1; - break; - default: - dot = 0; - lineend = i + 1; - break; - } - } - /* - * we had part of a line left in the buffer. Keep it and throw - * away the rest. - */ - clean_smtp_mbuf(buf, linestart); - } -} - -/* - * The brains of this operation - */ - -int -main(int argc, char **argv) -{ - int opt; - long smtp_port = 25; - char *optstring = "l:p:d:u:s:g:m:i:c:HPDLq"; - int i, k; - smtp_state_set last_state_s, current_state_s; /* The real state vector. */ - smtp_state last_state, current_state; /* Pointers to the state vector. */ - - char *chrootdir = SPOOLDIR; - char *username = SMTP_USER; - char *groupname = SMTP_GROUP; - struct passwd *user = NULL; - struct group *group = NULL; - struct sigaction new_sa; - int daemon_mode = 0; - int listen_fd = -1; /* make gcc be quiet */ - int pid_fd = -1; - char *pid_fname = NULL; - struct in_addr listen_addr; - int child_no_openlog = 0; /* don't openlog() in children - use inherited - * parent fd - */ - - bzero(&peerinfo, sizeof(struct peer_info)); - peerinfo.peer_clean_forward_name = "UNKNOWN"; - peerinfo.peer_clean_reverse_name = "UNKNOWN"; - peerinfo.peer_ok_addr = ""; - - umask (077); - - openlog("smtpd", LOG_PID | LOG_NDELAY, LOG_FACILITY); - listen_addr.s_addr = INADDR_ANY; - -#if SET_LOCALE - /* try to set our localization to the one specified */ - (void) setlocale(LC_CTYPE, LOCALIZATION); -#endif - -#if NO_COMMANDLINE_OPTIONS - if (argc > 1) { - syslog(LOG_ALERT, "Attempt to start smtpd with command line options"); - show_usage(); - exit(EX_USAGE); - } -#else -#ifdef GETOPT_EOF - while ((opt = getopt(argc, argv, optstring)) != EOF) { -#else - while ((opt = getopt(argc, argv, optstring)) != -1) { -#endif - switch (opt) { - case 'p': - { - char *foo; - smtp_port = strtol(optarg, &foo, 10); - if (*foo != '\0') { - /* this doesn't smell like a number. Bail */ - syslog(LOG_ERR, "Invalid port argument for the \"-p\" option"); - show_usage(); - exit(EX_USAGE); - } - } - break; - case 'l': - listen_addr.s_addr = inet_addr(optarg); - if (listen_addr.s_addr == htonl(INADDR_NONE)) { - syslog(LOG_ERR, "Invalid ip address given for the \"-l\" option"); - show_usage(); - exit(EX_USAGE); - } - break; - case 'i': - if (optarg[0] != '/') { - syslog(LOG_ERR, "The \"-i\" option requires an absolute pathname argument"); - show_usage(); - exit(EX_USAGE); - } - pid_fname = optarg; - break; - case 'q': - VerboseSyslog = 0; - break; - case 'c': - if (optarg[0] != '/') { - syslog(LOG_ERR, "The \"-c\" option requires an absolute pathname argument"); - show_usage(); - exit(EX_USAGE); - } - chrootdir = optarg; - break; - case 'D': - daemon_mode = 1; - break; - case 'L': - child_no_openlog = 1; - break; - case 'm': - peerinfo.my_clean_reverse_name = optarg; - break; - case 'H': - NoHostChecks = 1; - syslog(LOG_INFO, "smtpd Host/Address checking disabled by \"-H\" option"); - break; - case 'P': - Paranoid_Smtp = 1; - Paranoid_Dns = 1; - syslog(LOG_INFO, "smtpd running in Paranoid mode"); - break; - case 'd': - if (optarg[0] != '/') { - syslog(LOG_ERR, "%s, The \"-d\" option requires an absolute pathname argument", optarg); - show_usage(); - exit(EX_USAGE); - } - spooldir = optarg; - break; - case 'u': - { - long userid; - char *foo; - - userid = strtol(optarg, &foo, 10); - if (*foo == '\0') { - /* - * looks like we got something that looks like a - * number try to find user by uid - */ - user = getpwuid((uid_t) userid); - if (user == NULL) { - syslog(LOG_ERR, "Invalid uid argument for the \"-u\" option, no user found for uid %s", optarg); - show_usage(); - exit(EX_USAGE); - } - username = user->pw_name; - } else { - /* - * optarg didn't look like a number, so try looking it - * up as a * username. - */ - user = getpwnam(optarg); - if (user == NULL) { - syslog(LOG_ERR, "Invalid username argument for the \"-u\" option, no user found for name %s", optarg); - show_usage(); - exit(EX_USAGE); - } - username = user->pw_name; - } - } - break; - case 'g': - { - long grpid; - char *foo; - - grpid = strtol(optarg, &foo, 10); - if (*foo == '\0') { - /* - * looks like we got something that looks like a - * number, try to find user by uid - */ - group = getgrgid((gid_t) grpid); - if (group == NULL) { - syslog(LOG_ERR, "Invalid gid argument for the \"-g\" option, no group found for gid %s", optarg); - show_usage(); - exit(EX_USAGE); - } - groupname = group->gr_name; - } else { - /* - * optarg didn't look like a number, so try looking it - * up as a groupname. - */ - group = getgrnam(optarg); - if (group == NULL) { - syslog(LOG_ERR, "Invalid groupname argument for the \"-g\" option, no group found for name %s", optarg); - show_usage(); - exit(EX_USAGE); - } - groupname = group->gr_name; - } - } - break; - case 's': - { - char *foo; - - maxsize = strtol(optarg, &foo, 10); - if (*foo != '\0') { - syslog(LOG_ERR, "The \"-s\" option requires a size argument"); - show_usage(); - exit(EX_USAGE); - } - if (maxsize <= 0) { - syslog(LOG_ERR, "\"-s\" argument must be positive!"); - show_usage(); - exit(EX_USAGE); - } - } - break; - default: - syslog(LOG_ERR, "Unknown option \"-%c\"", opt); - show_usage(); - exit(EX_USAGE); - break; - } - } -#endif /* NO_COMMANDLINE_OPTIONS */ - - /* - * OK, got my options, now change uid/gid - */ - if (user == NULL) { - /* - * none provided, use the default - */ - long userid; - char *foo; - - userid = strtol(username, &foo, 10); - if (*foo == '\0') { - /* - * looks like we got something that looks like a number, try - * to find user by uid - */ - user = getpwuid((uid_t) userid); - if (user == NULL) { - syslog(LOG_ERR, "Eeek! I was compiled to run as uid %s, but no user found for uid %s", username, username); - syslog(LOG_ERR, "Please recompile me to use a valid user, or specify one with the \"-u\" option."); - exit(EX_CONFIG); - } - username = user->pw_name; - } else { - /* - * username didn't look like a number, so try looking it up as - * a username. - */ - user = getpwnam(username); - if (user == NULL) { - syslog(LOG_ERR, "Eeek! I was compiled to run as user \"%s\", but no user found for username \"%s\"", username, username); - syslog(LOG_ERR, "Please recompile me to use a valid user, or specify one with the \"-u\" option."); - exit(EX_CONFIG); - } - username = user->pw_name; - } - } - if (group == NULL) { - /* - * didn't get a group, use the default - */ - long grpid; - char *foo; - - grpid = strtol(groupname, &foo, 10); - if (*foo == '\0') { - /* - * looks like we got something that looks like a number, try - * to find group by gid - */ - group = getgrgid((gid_t) grpid); - if (group == NULL) { - syslog(LOG_ERR, "Eeek! I was compiled to run as gid %s, but no group found for gid %s", groupname, groupname); - syslog(LOG_ERR, "Please recompile me to use a valid group, or specify one with the \"-g\" option."); - exit(EX_CONFIG); - } - groupname = group->gr_name; - } else { - /* - * groupname didn't look like a number, so try looking it up - * as a groupname. - */ - group = getgrnam(groupname); - if (group == NULL) { - syslog(LOG_ERR, "Eeek! I was compiled to run as group \"%s\", but no group found for groupname \"%s\"", groupname, groupname); - syslog(LOG_ERR, "Please recompile me to use a valid group, or specify one with the \"-g\" option."); - exit(EX_CONFIG); - } - groupname = group->gr_name; - } - } - /* - * If we're here, we have a valid user and group to run as - */ - if (group == NULL || user == NULL) { - syslog(LOG_CRIT, "Didn't find a user or group, (Shouldn't happen)"); - abort(); - } - if (user->pw_uid == 0) { - syslog(LOG_CRIT, "Sorry, I don't want to run as root! It's a bad idea!"); - syslog(LOG_CRIT, "Please recompile me to use a valid user, or specify one with the \"-u\" option."); - exit(EX_CONFIG); - } - if (group->gr_gid == 0) { - syslog(LOG_CRIT, "Sorry, I don't want to run as group 0. It's a bad idea!"); - syslog(LOG_CRIT, "Please recompile me to use a valid group, or specify one with the \"-g\" option."); - exit(EX_CONFIG); - } - if ( daemon_mode ) { - struct sockaddr_in sa; - - listen_fd = socket(AF_INET,SOCK_STREAM,0); - if ( listen_fd < 0 ) { - syslog(LOG_ERR, "Can't get a listen socket for daemon mode (%m)"); - exit(EX_OSERR); - } - - memset(&sa, 0, sizeof(sa)); - sa.sin_family = AF_INET; - sa.sin_port = htons(smtp_port); - sa.sin_addr.s_addr = listen_addr.s_addr; - - /* Need to do this while we're still root */ - - if ( bind(listen_fd, (struct sockaddr *)&sa, sizeof(sa)) < 0 ) { - syslog(LOG_ERR, "Can't bind listen socket to port %ld in daemon mode (%m)" - , smtp_port); - exit(EX_OSERR); - } - - } - /* we may have requested that children do not re-open syslogs in case - * we haven't set up the chroot for dealing with them. in this case, - * reopen the logs as the master to not show process id, (as to not - * be misleading when child processes use the open fd for syslog). - */ - if (child_no_openlog) { - syslog(LOG_INFO, "Child process openlog() suppressed with -L option"); - syslog(LOG_INFO, "Re-opening syslog without PID information"); - closelog(); - openlog("smtpd", LOG_NDELAY, LOG_FACILITY); - syslog(LOG_INFO, "Log reopened."); - } - - if (daemon_mode) { - /* open pid file fd while we're still root. */ - - if ( (pid_fname == NULL) && - (((pid_fname = malloc(sizeof(SMTPD_PID_DIR) - + sizeof(SMTPD_PID_FILENAME) + 2))) - != NULL ) ) { - (void) sprintf(pid_fname, "%s/%s", SMTPD_PID_DIR, SMTPD_PID_FILENAME); - } - if (pid_fname != NULL) { - if ((pid_fd = open(pid_fname, O_CREAT | O_WRONLY, 0644)) < 0) { - syslog(LOG_ERR, "Couldn't create pid file %s: %m", pid_fname); - exit(EX_CONFIG); - } - } - } - - if (chrootdir != NULL) { - if (chroot(chrootdir) != 0) { - syslog(LOG_CRIT, "Couldn't chroot to directory %s! (%m)", - chrootdir); - exit(EX_CONFIG); - } - if (chdir("/") != 0) { - syslog(LOG_CRIT, "Couldn't chdir! (%m)"); - exit(EX_CONFIG); - } - } else { - syslog(LOG_CRIT, "No chroot directory specified! Aborting."); - abort(); - } - - if (spooldir == NULL) { - syslog(LOG_CRIT, "NULL spool directory! Aborting."); - abort(); - } - - if (setgid(group->gr_gid) != 0) { - syslog(LOG_ERR, "I can't change groups! Setgid failed! (%m)"); - syslog(LOG_ERR, "Exiting due to setgid failure"); - exit(EX_OSERR); - } - if (setuid(user->pw_uid) != 0) { - syslog(LOG_ERR, "I can't change groups! Setgid failed! (%m)"); - syslog(LOG_ERR, "Exiting due to setuid failure"); - exit(EX_OSERR); - } - /* - * Ok, the world seems good. Should we run as a daemon? - */ - - if ( daemon_mode ) { - int failures; - int rval; - - rval = fork(); - if ( rval > 0 ) { - /* Parent - just exit */ - exit(EX_OK); - } else if ( rval < 0 ) { - syslog(LOG_ERR, "Can't do first fork in daemon mode (%m)"); - exit(EX_OSERR); - } - setsid(); - - /* write our pid into the (inherited) pid_fd */ - - if (pid_fd >= 0) { - char buf[80]; -#ifdef USE_FLOCK - if (lockf(pid_fd, F_TLOCK, 0) != 0) -#else - if (flock(pid_fd, LOCK_EX|LOCK_NB) != 0) -#endif - { - syslog(LOG_ERR, - "Couldn't get lock on pid file %s! Am I already running?", pid_fname); - exit(1); - } - sprintf(buf, "%d\n", getpid()); - write(pid_fd, buf, strlen(buf)); - /* do not close - leave this fd open to keep lock */ - } - - - if ( listen(listen_fd,10) < 0 ) { - syslog(LOG_ERR, "Can't listen on socket in daemon mode (%m)"); - exit(EX_OSERR); - } - - failures = 0; - syslog(LOG_INFO,"smtpd running in daemon mode - ready to accept connections"); - - - while (1) { - int fd; - int slen; - struct sockaddr_in peer; - int status; - - while ( waitpid(0,&status,WNOHANG) > 0 ) - ; - - slen = sizeof(peer); - fd = accept(listen_fd, (struct sockaddr *)&peer, &slen); - if ( fd < 0 ) { - if ( failures++ < 10 ) { - syslog(LOG_INFO,"accept call failed in daemon mode (%m) - continuing"); - } else { - syslog(LOG_ERR,"too many consecutive accept call failures in daemon mode (%m)"); - exit(EX_OSERR); - } - } else { - int rval; - - failures = 0; - - rval = fork(); - if ( rval > 0 ) { - - /* - * Parent - close the accepted fd and continue the loop - */ - - close(fd); - - } else if ( rval == 0 ) { - - /* - * Child - make ourselves look like an inetd child - * and break out of the loop to allow the regular inetd-style - * processing to occur. - */ - close(pid_fd); /* we don't need this anymore */ - - dup2(fd,0); - dup2(fd,1); - close(fd); - if (!child_no_openlog) { - closelog(); - openlog("smtpd", LOG_PID | LOG_NDELAY, LOG_FACILITY); - } - break; - - } else { - - close(fd); - syslog(LOG_INFO, "Can't fork child in daemon mode (%m)"); - exit(EX_OSERR); - - } - - } - - } - - } - - /* We need to ignore SIGPIPE */ -#ifdef BSD_SIGNAL - signal(SIGPIPE, SIG_IGN); -#else - memset(&new_sa, 0, sizeof(new_sa)); - new_sa.sa_handler = SIG_IGN; - (void)sigemptyset(&new_sa.sa_mask); - new_sa.sa_flags = SA_RESTART; - if ( sigaction( SIGPIPE, &new_sa, NULL ) != 0 ) { - syslog(LOG_CRIT,"CRITICAL - sigaction failed (%m)"); - exit(EX_OSERR); - } -#endif - - /* - * Who's on the other end of this line? - */ - - if (!NoHostChecks) { - int slen; - struct hostent *tmp_he; - int ok; - char **pp; - - /* - * set who we are in case our caller didn't tell us to be someone - * else - */ - - slen = sizeof(my_sa); - if (getsockname(0, (struct sockaddr *) &my_sa, &slen) - != 0) { - syslog(LOG_ERR, "ERROR - getsockname failed (%m) Who am i?"); - exit(EX_OSERR); - } - peerinfo.my_sa = &my_sa; - if (peerinfo.my_clean_reverse_name == NULL) { - tmp_he = gethostbyaddr((char *) &(my_sa.sin_addr.s_addr), - sizeof(my_sa.sin_addr.s_addr), - AF_INET); - if (tmp_he != NULL) { - peerinfo.my_clean_reverse_name = strdup(cleanitup(tmp_he->h_name)); - if (peerinfo.my_clean_reverse_name == NULL) { - syslog(LOG_ERR, "Malloc failed during initialization - bye!"); - exit(EX_CONFIG); - } - if (strcmp(tmp_he->h_name, peerinfo.my_clean_reverse_name) != 0) { - syslog(LOG_CRIT, "CRITICAL - Suspicious characters in MY hostname! (for ip=%s) cleaned to %s.", peerinfo.peer_ok_addr, peerinfo.my_clean_reverse_name); - syslog(LOG_CRIT, "CRITICAL - YOUR DNS IS EITHER COMPROMISED OR MISCONFIGURED! INVESTIGATE!"); - smtp_exit(EX_CONFIG); - } - } - } - slen = sizeof(peer_sa); - if (getpeername(0, (struct sockaddr *) &peer_sa, &slen) - != 0) { - syslog(LOG_ERR, "ERROR - getpeername failed (%m)"); - exit(EX_OSERR); - } - peerinfo.peer_ok_addr = strdup(inet_ntoa(peer_sa.sin_addr)); - peerinfo.peer_sa = &peer_sa; - if (peerinfo.peer_ok_addr == NULL) { - syslog(LOG_ERR, "Malloc failed during initialization - bye!"); - exit(EX_CONFIG); - } - /* - * get reverse name - */ - - tmp_he = gethostbyaddr((char *) &(peer_sa.sin_addr.s_addr), - sizeof(peer_sa.sin_addr.s_addr), - AF_INET); - if (tmp_he != NULL) { - peerinfo.peer_dirty_reverse_name = strdup((tmp_he->h_name)); - if (peerinfo.peer_dirty_reverse_name == NULL) { - syslog(LOG_ERR, "Malloc failed during initialization - bye!"); - exit(EX_CONFIG); - } - } else { - syslog(LOG_INFO, "No reverse mapping for address %s (%d)", - peerinfo.peer_ok_addr, h_errno); - peerinfo.peer_dirty_reverse_name = "UNKNOWN"; - } - - peerinfo.peer_clean_reverse_name = strdup(cleanitup(peerinfo.peer_dirty_reverse_name)); - if (peerinfo.peer_clean_reverse_name == NULL) { - syslog(LOG_ERR, "Malloc failed during initialization - bye!"); - exit(EX_CONFIG); - } - if (strcmp(peerinfo.peer_clean_reverse_name, peerinfo.peer_dirty_reverse_name) != 0) { - syslog(LOG_ALERT, "Suspicious characters in hostname for address %s, cleaned to %s", - peerinfo.peer_ok_addr, peerinfo.peer_clean_reverse_name); - if (Paranoid_Dns) { - syslog(LOG_CRIT, "Abandoning session from %s due to suspicious hostname", - peerinfo.peer_ok_addr); - smtp_exit(EX_PROTOCOL); - } - } - /* - * get forward name - */ - - ok = 0; - tmp_he = gethostbyname(peerinfo.peer_dirty_reverse_name); - if (tmp_he != NULL) { - peerinfo.peer_dirty_forward_name = strdup(tmp_he->h_name); - if (peerinfo.peer_dirty_forward_name != NULL) { - for (pp = tmp_he->h_addr_list; *pp != NULL; pp += 1) { - if (bcmp(((struct in_addr *) *pp), - (struct in_addr *) &(peer_sa.sin_addr.s_addr), - sizeof(struct in_addr)) == 0) { - ok = 1; - break; - } - } - } else { - peerinfo.peer_dirty_forward_name = "UNKNOWN"; - } - } else { - peerinfo.peer_dirty_forward_name = "UNKNOWN"; - } - - peerinfo.peer_clean_forward_name = strdup(cleanitup(peerinfo.peer_dirty_forward_name)); - if (peerinfo.peer_clean_forward_name == NULL) { - syslog(LOG_ERR, "Malloc failed during initialization - bye!"); - exit(EX_CONFIG); - } - if (strcmp(peerinfo.peer_clean_forward_name, peerinfo.peer_dirty_forward_name) != 0) { - syslog(LOG_ALERT, "Suspicious characters in hostname for address %s, cleaned to %s", - peerinfo.peer_ok_addr, peerinfo.peer_clean_forward_name); - if (Paranoid_Dns) { - syslog(LOG_CRIT, "Abandoning session from %s due to suspicious hostname", - peerinfo.peer_ok_addr); - smtp_exit(EX_PROTOCOL); - } - } - /* - * If we got a forward name and it doesn't match the reverse name - * then grumble (and exit if paranoid mode is set). - */ - - /* Andreas Borchert <borchert@mathematik.uni-ulm.de> noticed - * That I was using strcmp here instead of strcasecmp. The match - * should be made case-insensitevly according to rfc 1033 - */ - - if (ok && (strcasecmp(peerinfo.peer_clean_forward_name, peerinfo.peer_clean_reverse_name) != 0) - && *peerinfo.peer_clean_forward_name != '\0') { - syslog(LOG_ALERT, "Probable DNS spoof/misconfiguration from ip=%s, claiming to be host %s", peerinfo.peer_ok_addr, peerinfo.peer_clean_reverse_name); - if (Paranoid_Dns) { - syslog(LOG_CRIT, "Abandoning session from ip=%s due to DNS inconsistency", peerinfo.peer_ok_addr); - exit(EX_PROTOCOL); - } - } - } - if (peerinfo.my_clean_reverse_name == NULL) { - /* - * Our caller didn't say who we're gonna claim to be, and we - * didn't get one from a getsockname. get our hostname and use - * that. - */ - char hname[MAXHOSTNAMELEN]; - struct hostent *hp; - - if (gethostname(hname, sizeof hname) != 0) { - syslog(LOG_ERR, "gethostname() call failed! (%m) Who am I?"); - exit(EX_OSERR); - } - if ((hp = gethostbyname(hname)) != NULL) { - peerinfo.my_clean_reverse_name = strdup(hp->h_name); - } else { - peerinfo.my_clean_reverse_name = strdup(hname); - } - if (peerinfo.my_clean_reverse_name == NULL) { - syslog(LOG_ERR, "Malloc failed, abandoning session."); - exit(EX_OSERR); - } - } - /* - * Allocate the mbuf's - start off small to ensure that 'grow mbuf' - * code gets exercised (detects bugs faster). - */ - input_buf = alloc_smtp_mbuf(64); - if (input_buf == NULL) { - syslog(LOG_ERR, "Malloc failed, abandoning session."); - exit(EX_OSERR); - } - output_buf = alloc_smtp_mbuf(64); - if (output_buf == NULL) { - syslog(LOG_ERR, "Malloc failed, abandoning session."); - exit(EX_OSERR); - } - reply_buf = alloc_smtp_mbuf(64); - if (reply_buf == NULL) { - syslog(LOG_ERR, "Malloc failed, abandoning session."); - exit(EX_OSERR); - } - last_state = &last_state_s; - current_state = ¤t_state_s; - - zap_state(current_state); - zap_state(last_state); - - if (!daemon_mode && listen_addr.s_addr != INADDR_ANY) { - /* Are we allowed to talk on the address we accepted this connection - * on? - check to see that we are the defined listening address, or - * the loopback. - */ - if ((listen_addr.s_addr != peerinfo.my_sa->sin_addr.s_addr) - && (listen_addr.s_addr != htonl(INADDR_LOOPBACK)) - ) - { - /* tell the client to go away - we're not allowed to talk. */ - writereply(reply_buf, 521, 0, - peerinfo.my_clean_reverse_name, - " ", - m521msg, - NULL); - flush_smtp_mbuf(reply_buf, replyfd, reply_buf->offset); - syslog(LOG_INFO, "Refused connection attempt from %s(%s) to %s(%s)", - peerinfo.peer_clean_reverse_name, peerinfo.peer_ok_addr, - peerinfo.my_clean_reverse_name, inet_ntoa(listen_addr)); - smtp_exit(EX_OK); - } - } - - - writereply(reply_buf, 220, 0, - peerinfo.my_clean_reverse_name, - " ", - m220msg, - NULL); - - replyfd = 1; - for (;;) { - char *line; - size_t offset; - time_t tt; - - flush_smtp_mbuf(reply_buf, replyfd, reply_buf->offset); - k = read_smtp_mbuf(input_buf, 0, 1024); - if (k < 0) { - syslog(LOG_ERR, "Read failed from client fd (%m) - Abandoning session"); - smtp_exit(EX_OSERR); - } else if (k == 0) { - /* - * eof - */ - if (VerboseSyslog) { - syslog(LOG_INFO, "EOF on client fd. At least they could say goodbye!"); - } else { - accumlog(LOG_INFO, "EOF on client fd."); - } - smtp_exit(EX_OSERR); - } - offset = 0; - line = smtp_get_line(input_buf, &offset); - while (line != NULL) { - clean_smtp_mbuf(input_buf, offset); - offset = 0; - memcpy(last_state, current_state, sizeof(smtp_state_set)); - smtp_parse_cmd(line, output_buf, reply_buf, current_state); - flush_smtp_mbuf(reply_buf, replyfd, reply_buf->offset); - if (sane_state(current_state)) { - if ((!test_state(SNARF_DATA, last_state)) && - (test_state(SNARF_DATA, current_state))) { - char head[512]; - char *foo; - long msize; - - memset(head, 0, sizeof(head)); - - outfd = smtp_open_spoolfile(); - time(&tt); - strcpy(head, "BODY\nReceived: from "); - strncat(head, peerinfo.peer_clean_reverse_name, 65); - strcat(head, "("); - strncat(head, peerinfo.peer_ok_addr, 65); - if (strcasecmp(peerinfo.peer_clean_reverse_name, client_claimed_name) == 0) { - strcat(head, ")"); - } else { - strcat(head, "), claiming to be \""); - strncat(head, client_claimed_name, 65); - strcat(head, "\""); - } - strcat(head, "\n via SMTP by "); - strncat(head, peerinfo.my_clean_reverse_name, 65); - strcat(head, ", id "); - if ((foo = strrchr(spoolfile, '/')) != NULL) { - strncat(head, foo + 1, 65); - } else { - strncat(head, spoolfile, 65); - } - strcat(head, "; "); - strncat(head, ctime(&tt), 65); - if (!write_smtp_mbuf(output_buf, head, strlen(head))) { - syslog(LOG_ERR, "Couldn't write to output buffer, abandoning session"); - smtp_exit(EX_OSERR); - } - flush_smtp_mbuf(output_buf, outfd, output_buf->offset); - msize = maxsize; - i = snarfdata(0, outfd, &msize, 0); - switch (i) { - case 1: - /* - * success - */ - smtp_close_spoolfile(outfd); - writereply(reply_buf, 250, 0, m250gotit, NULL); - flush_smtp_mbuf(reply_buf, replyfd, reply_buf->offset); - if (VerboseSyslog) { - syslog(LOG_INFO, "Received %ld bytes of message body from %s(%s)", - msize, peerinfo.peer_clean_reverse_name, - peerinfo.peer_ok_addr); - } else { - accumlog(LOG_INFO, " bytes=%ld", msize); - accumlog(LOG_INFO, 0); /* flush */ - } - clear_state(SNARF_DATA, current_state); - clear_state(OK_RCPT, current_state); - clear_state(OK_MAIL, current_state); - break; - case 2: - /* - * read failure on input, or something horrific - */ - writereply(reply_buf, 554, 0, m554msg, NULL); - flush_smtp_mbuf(reply_buf, replyfd, reply_buf->offset); - smtp_nuke_spoolfile(outfd); - clear_state(SNARF_DATA, current_state); - clear_state(OK_RCPT, current_state); - clear_state(OK_MAIL, current_state); - break; - case 3: - /* - * maxsize exceeded - */ - writereply(reply_buf, 552, 0, m552msg, NULL); - flush_smtp_mbuf(reply_buf, replyfd, reply_buf->offset); - smtp_nuke_spoolfile(outfd); - clear_state(SNARF_DATA, current_state); - clear_state(OK_RCPT, current_state); - clear_state(OK_MAIL, current_state); - break; - case 4: - /* - * No room on spool device - */ - writereply(reply_buf, 452, 0, m452msg, NULL); - flush_smtp_mbuf(reply_buf, replyfd, reply_buf->offset); - smtp_nuke_spoolfile(outfd); - clear_state(SNARF_DATA, current_state); - clear_state(OK_RCPT, current_state); - clear_state(OK_MAIL, current_state); - break; - case 5: - /* - * malloc barfed - */ - writereply(reply_buf, 452, 0, m452msg, NULL); - flush_smtp_mbuf(reply_buf, replyfd, reply_buf->offset); - smtp_nuke_spoolfile(outfd); - clear_state(SNARF_DATA, current_state); - clear_state(OK_RCPT, current_state); - clear_state(OK_MAIL, current_state); - break; - default: - /* - * muy trabajo - */ - writereply(reply_buf, 451, 0, m451msg, NULL); - flush_smtp_mbuf(reply_buf, replyfd, reply_buf->offset); - smtp_nuke_spoolfile(outfd); - smtp_exit(EX_SOFTWARE); - } - } - } else { - /* - * evil state. - */ - syslog(LOG_CRIT, "CRITICAL - bad state, aborting"); - abort(); - } - line = smtp_get_line(input_buf, &offset); - } - } -} diff --git a/libexec/smtpd/src/smtpd.h b/libexec/smtpd/src/smtpd.h deleted file mode 100644 index 1df7ebc91a5..00000000000 --- a/libexec/smtpd/src/smtpd.h +++ /dev/null @@ -1,203 +0,0 @@ -/* $OpenBSD: smtpd.h,v 1.3 2001/01/28 19:34:34 niklas Exp $ */ - -/* Obtuse smtpd SMTP store daemon header file - * - * - * Copyright (c) 1996, 1997 Obtuse Systems Corporation. All rights - * reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Obtuse Systems - * Corporation and its contributors. - * 4. Neither the name of the Obtuse Systems Corporation nor the names - * of its contributors may be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY OBTUSE SYSTEMS CORPORATION AND - * CONTRIBUTORS ``AS IS''AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL OBTUSE SYSTEMS CORPORATION OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN - * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include<arpa/nameser.h> -#include<sys/time.h> -#include<sys/types.h> -#include<unistd.h> - -#define CR 13 -#define LF 10 - -#define WHITE " \t\n" -#define CRLF "\r\n" - - -/* codes for commands and things that affect states */ -#define UNKNOWN 0 -#define HELO 1 -#define MAIL 2 -#define RCPT 3 -#define NOOP 4 -#define DATA 5 -#define RSET 6 -#define QUIT 7 -#define VRFY 9 -#define EXPN 10 -#define EHLO 11 - -#define SUCCESS 1 /* Success condition. It worked */ -#define ERROR 0 /* Error condition. It didn't work, but I'll forgive you */ -#define FAILURE -1 /* Failure condition. Hasta la vista, Baby.. */ - -typedef fd_set smtp_state_set; -typedef fd_set * smtp_state; - -/* States we can be in */ - -#define DISCONNECTED 0 /* We ain't connected */ -#define OK_HELO 1 /* I've gotten a tcp connection */ -#define OK_EHLO 2 /* We've said hello and are talking about the weather */ -#define OK_MAIL 3 /* I've gotten a valid from */ -#define OK_RCPT 4 /* I've gotten a valid to */ -#define SNARF_DATA 5 /* I got a data command ok, and am reading data */ - -#define test_state(val, state) FD_ISSET(val, state) -#define clear_state(val, state) FD_CLR(val, state) -#define set_state(val, state) FD_SET(val, state) -#define state_changed(val, oldstate, newstate) (!(FD_ISSET(val, oldstate)) && (FD_ISSET(val, newstate))) -#define zap_state(state) FD_ZERO(state); - -struct smtp_mbuf { - unsigned char *data; /* start of data */ - size_t size; /* length of buffer */ - size_t offset; /* offset of first free byte */ - unsigned char *tail; /* pointer to first free byte */ -}; - -struct peer_info { - struct sockaddr_in *my_sa; /* me */ - char *my_dirty_reverse_name; /* my hostname */ - char *my_clean_reverse_name; /* sanitized my hostname */ - struct sockaddr_in *peer_sa; /* other end */ - char *peer_dirty_reverse_name; /* hostname of other end (via gethostbyaddr) */ - char *peer_clean_reverse_name; /* sanitized hostname of other end */ - char *peer_dirty_forward_name; /* official hostname of other end (via gethostbyname) */ - char *peer_clean_forward_name; /* sanitized official hostname of other end */ - char *peer_ok_addr; /* dotted IP addr, if matched both ways */ - char *peer_dirty_ident; /* ident reply from peer */ - char *peer_clean_ident; /* sanitized ident reply from peer */ -}; - - -extern void reset_state(smtp_state); -extern int sane_state(smtp_state); -extern struct smtp_mbuf * alloc_smtp_mbuf(size_t size); -extern char * smtp_get_line(struct smtp_mbuf * mbuf, size_t * offset); -extern void flush_smtp_mbuf(struct smtp_mbuf * mbuf, int fd, int len); -extern int grow_smtp_mbuf(struct smtp_mbuf *tiny, size_t bloat); -extern void smtp_exit(int val); -extern unsigned char * cleanitup(const unsigned char *s); -extern unsigned char * smtp_cleanitup(const unsigned char *s); -extern void clean_smtp_mbuf(struct smtp_mbuf *buf, int len); -#if CHECK_ADDRESS -extern int smtpd_addr_check(const char *, struct peer_info *, const char *, const char *, char **); -#endif - -/* - * Informational status messages. SMTP put these in for "human users". - * These days, many of these are kind of pointless, The only things that - * normally should talk smtp don't make syntax errors, and don't pay - * attention at all to anything beyond the error code. The only people - * seeing most of this are gnobs who telnet to port 25 to forge mail :-) - */ - -#ifndef VANILLA_MESSAGES -#define VANILLA_MESSAGES 0 -#endif - -#if !VANILLA_MESSAGES -#define m220msg "SMTP ready, Who are you gonna pretend to be today?" -#define m221msg "It's been real. Take off Eh!" -#define m250helook "Is thrilled beyond bladder control to meet" -#define m250ehlook "ESMTP" -#define m250fromok "(yeah sure, it's probably forged)" -#define m250rcptok "I know them! they'll just *LOVE* to hear from you!" -#define m250gotit "Whew! Done! Was it as good for you as it was for me?" -#define m250msg "So far, So good, (So what!)" -#define m252msg "Sorry, No joy for the VRFY police. (Been reading RFC's have we?)" -#define m354msg "OK, fire away. End with <CRLF>.<CRLF>" - -#define m421msg "Sorry, gotta run, I've got my head stuck in the cupboard" -/* this one can get seen in bounces */ -#define m452msg "Sorry, I couldn't take anything that big now!, maybe later." -#define m451msg "Sorry, my brain hurts" - -#define m500msg "Bloody Amateur! Proper forging of mail requires recognizable SMTP commands!" -#define m500dummy "Do I really look that stupid?" -#define m501msg "If you're gonna forge mail get the command parameters right! Kids these days!" -#define m502msg "Sorry, I'm too dumb to understand that one.." -#define m503msg "You can't do that here!" -#define m504msg "Sorry, that option is only available on later models" -#define m550msg "Your mother was a HAMSTER and your father smelt of ELDERBERRIES! " -#define m550frombad "Sorry, I know that one by reputation" -/* this one can get seen in normal bounces */ -#define m550tounkn "Doesn't sound like anyone I know." - -#define m550tobad "Sorry, I ran that one off a while back." -#define m552msg "Sorry, I could never handle anything that big!" -#define m554msg "This daemon finds you amusing.. Go read the forging FAQ.." -#define m554norcpt "I gotta know who gets this masterpiece of forgery!" -#define m554nofrom "Yeesh! Ya gotta give a FROM when forging mail, that's the whole point!" -#define m521msg "says \"Go away or I shall taunt you a second time you second-hand electric donkey-bottom biters..\"" -#else /* Boring sendmail/RFC821-ish messages */ -#define m220msg "Sendmail 4.1/SMI-4.1 ready." -#define m221msg "Closing connection" -#define m250helook "pleased to meet you," -#define m250fromok "sender OK" -#define m250rcptok "recipient OK" -#define m250gotit "Message accepted for delivery" -#define m250msg "OK" -#define m252msg "Can not VRFY user" - -#define m354msg "OK End with <CRLF>.<CRLF>" - -#define m421msg "Service not available, closing transmission channel" -/* this one can get seen in bounces */ -#define m452msg "Requested action not taken: insufficient system storage" -#define m451msg "Requested action not taken: local error in processing" - -#define m500msg "Syntax Error, command unrecognized" -#define m500dummy "Syntax Error, command unrecognized" -#define m501msg "Syntax Error in parameters or arguments" -#define m502msg "Command not implemented" -#define m503msg "Bad sequence of commands" -#define m504msg "Command parameter not implemented" -#define m550msg "Requested action not taken: mailbox unavailable" -#define m550frombad "Requested action not taken: mailbox unavailable" -/* this one can get seen in normal bounces */ -#define m550tounkn "Requested action not taken: mailbox unavailable" - -#define m550tobad "Requested action not taken: mailbox unavailable" -#define m552msg "Requested mail action aborted: exceeded storage allocation" -#define m554msg "Transaction failed" -#define m554norcpt "Transaction failed" -#define m554nofrom "Transaction failed" -#define m521msg "Doesn't talk SMTP, Sorry" -#endif diff --git a/libexec/smtpd/src/smtpd_check_rules.example b/libexec/smtpd/src/smtpd_check_rules.example deleted file mode 100644 index a1a01fc5d07..00000000000 --- a/libexec/smtpd/src/smtpd_check_rules.example +++ /dev/null @@ -1,65 +0,0 @@ -# $OpenBSD: smtpd_check_rules.example,v 1.2 2001/01/28 19:34:34 niklas Exp $ - -# -# example smtpd_check_rules file. If you compiled smtpd with -# CHECK_ADDRESS=1, this file goes in etc/smtpd_check_rules in your -# smtpd chroot directory. This DOES NOT GET USED unless you compile -# with CHECK_ADDRESS=1. -# -# Also note, this isn't real. It's chosen for illustrative purposes. -# not for practicality. -# -# Rule syntax [allow|deny]:SourceList:FromList:ToList -# - -# allow the users on the freenet host to send mail from their username -# (obtained by ident query to the box) and no other, except for -# "root" and "uucp", which MTA's on the machine may run as. -allow:root@freenet.my.domain uucp@freenet.my.domain:ALL:ALL -allow:ALL@freenet.my.domain:USER@freenet.my.domain:ALL -deny:freenet.my.domain:ALL:ALL - -# I'm in front of some other people's mail. Allow their mailhost -# to send mail out coming from themselves, but not from other addresses. -allow:mailhost.other1.org:ALL@other1.org ALL@mailhost.other1.org:ALL -deny:mailhost.other1.org:ALL:ALL -allow:mailhost.other2.org:ALL@other2.org ALL@mailhost.other2.org:ALL -deny:mailhost.other2.org:ALL:ALL -# Allow everything else inbound to them -allow:ALL:ALL:ALL@other2.org ALL@mailhost.other2.org -allow:ALL:ALL:ALL@other1.org ALL@mailhost.other1.org - - -# we had a problem with internal people subscribing to lists on -# xxx.com. As such we got a directive from on high that -# we really don't need our people to send any mail to that site. -deny:*.my.domain:ALL:ALL@xxx.com ALL@*.xxx.com - -# don't allow my users to subscribe to majordomo mailinglists except from -# certain machines, and then, only as themselves according to ident. -# except for "luser" who got caught trying to subscribe me to a bunch of -# mailing lists about therapy for control freaks. -allow:ALL@loginhost.my.domain ALL@otherhost.my.domain EXCEPT luser@*.my.domain:USER@my.domain:majordomo@ALL -deny:*.my.domain:ALL:majordomo@ALL - - - - -# allow sources in my domain to mail out with from addresses looking like they -# are from my domain's two allowed forms of email address. - -# If I'm running a Juniper firewall, (and have compiled with JUNIPER_SUPPORT) -# I'll probably do it like this: -allow:TRUSTED:ALL@my_domain ALL@mailhost.my.domain:ALL -# if not something like this: -allow:*.my.domain 192.168.20.* 192.168.30.*:ALL@my_domain ALL@mailhost.my.domain:ALL - -# relay incoming mail to my domain. -# with JUNIPER_SUPPORT -allow:UNTRUSTED:ALL:*my.domain -# without JUNIPER_SUPPORT -allow:ALL:ALL:*my.domain - -# don't relay anything else out (bogus FROM:, external spammer using us as a -# relay, etc). -deny:ALL:ALL:ALL diff --git a/libexec/smtpd/src/smtpfwdd.c b/libexec/smtpd/src/smtpfwdd.c deleted file mode 100644 index e038667fff3..00000000000 --- a/libexec/smtpd/src/smtpfwdd.c +++ /dev/null @@ -1,1165 +0,0 @@ -/* $OpenBSD: smtpfwdd.c,v 1.9 2002/06/09 01:24:59 deraadt Exp $*/ - -/* - * smtpfwdd, Obtuse SMTP forward daemon, master process watches spool - * directory for files spooled by smtpd. On seeing one, spawns a child - * to pick it up and invokes sendmail (or sendmail-like agent) to - * deliver it. - * - * - * Copyright (c) 1996, 1997 Obtuse Systems Corporation. All rights - * reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Obtuse Systems - * Corporation and its contributors. - * 4. Neither the name of the Obtuse Systems Corporation nor the names - * of its contributors may be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY OBTUSE SYSTEMS CORPORATION AND - * CONTRIBUTORS ``AS IS''AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL OBTUSE SYSTEMS CORPORATION OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN - * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ -char *obtuse_copyright = -"Copyright 1996 - Obtuse Systems Corporation - All rights reserved."; -char *obtuse_rcsid = "$OpenBSD: smtpfwdd.c,v 1.9 2002/06/09 01:24:59 deraadt Exp $"; - -#include <stdio.h> -#include <signal.h> -#include <dirent.h> -#include <pwd.h> -#include <grp.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/wait.h> -#include <sys/stat.h> -#include <sys/file.h> -#include <fcntl.h> -#include <syslog.h> -#include <unistd.h> -#ifdef IRIX_BROKEN_INCLUDES -/* IRIX 5.3 defines EX_OK (see sysexits.h) as something very strange in unistd.h :-) */ -#ifdef EX_OK -#undef EX_OK -#endif -#endif -#include <sysexits.h> -#include <stdlib.h> -#include <errno.h> -#include <string.h> -#include <utime.h> -#ifdef NEEDS_LOCKF_H -#include <sys/lockf.h> -#endif -#include "smtp.h" - -#ifndef MAIL_AGENT -#define MAIL_AGENT "/usr/sbin/sendmail" -#endif - -#ifndef LOG_FACILITY -#define LOG_FACILITY LOG_MAIL -#endif - -#ifndef MAXCHILDREN -#define MAXCHILDREN 10 -#endif - -#ifndef MAXARGS -#define MAXARGS 100 -#endif - -#if MAXARGS < 6 -%%%MAXARGS must be at least 6 %%% -#endif - -#ifndef POLL_TIME -#define POLL_TIME 10 -#endif - -#ifndef SENDMAIL_RETRY -#define SENDMAIL_RETRY 1 -#endif - -/* - * How long to wait before trying to re-process a file - */ - -#ifndef RETRY_DELAY_TIME -#define RETRY_DELAY_TIME 600 -#endif - -/* - * How long can a spool file be incomplete before I start - * yelling about it? - */ -#ifndef COMPLETION_WAIT -#define COMPLETION_WAIT 86400 -#endif - -char *spooldir = NULL; -char *mailagent = MAIL_AGENT; -int children = 0; -int maxchildren = MAXCHILDREN; -int poll_time = POLL_TIME; -int gc_int = COMPLETION_WAIT; -int VerboseSyslog = 1; - - -#ifdef SUNOS_GETOPT -extern char *optarg; -extern int optind; -#else -char *optarg; -int optind; -#endif - -/* - * zap spoolfile and leave - */ -void -fail_abort(FILE * f, char *fname) -{ - if (unlink(fname) != 0) { - /* we could be here after a sibling removed the file. If this is - * the case, no problem. Otherwise something's wrong with our - * setup. - */ - if (errno != ENOENT) { - syslog(LOG_CRIT, "Couldn't remove spool file %s! (%m)", fname); - exit(EX_CONFIG); - } - } -#ifdef USE_LOCKF - if (lockf(fileno(f), F_TLOCK, 0) == 0 && - lockf(fileno(f), F_ULOCK, 0) != 0) { - syslog(LOG_ERR, "Couldn't unlock spool file %s using lockf after removal (%m)!", fname); - exit(EX_CONFIG); - } -#endif -#ifdef USE_FLOCK - if (flock(fileno(f), LOCK_EX | LOCK_NB) == 0 && - flock(fileno(f), LOCK_UN) != 0) { - syslog(LOG_ERR, "Couldn't unlock spool file %s using flock after removal (%m)!", fname); - exit(EX_CONFIG); - } -#endif - fclose(f); - exit(EX_DATAERR); -} - -/* - * leave and unlock spoolfile for retry - */ -void -fail_retry(FILE * f, char *fname) -{ - struct utimbuf utb; - - /* - * first make sure the others x bit is on so we know this file has - * been tried. - */ - - if (chmod(fname, 0755) != 0) { - syslog(LOG_ERR, "Couldn't change mode of %s for retry (%m)! abandoning message!", fname); - fail_abort(f, fname); - } - /* - * touch the file, so we base the time of the next retry on the - * current time. - */ - utb.actime = utb.modtime = time(NULL); - if (utime(fname, &utb) != 0) { - syslog(LOG_ERR, "Couldn't set modification time of %s for retry (%m)! abandoning message!", fname); - fail_abort(f, fname); - } -#ifdef USE_LOCKF - if (lockf(fileno(f), F_TLOCK, 0) == 0) - if (lockf(fileno(f), F_ULOCK, 0) != 0) { - syslog(LOG_ERR, "Couldn't unlock spool file %s with lockf for retry (%m)!", fname); - exit(EX_CONFIG); - } -#endif -#ifdef USE_FLOCK - if (flock(fileno(f), LOCK_EX | LOCK_NB) == 0) - if (flock(fileno(f), LOCK_UN) != 0) { - syslog(LOG_ERR, "Couldn't unlock spool file %s with flock for retry (%m)!", fname); - exit(EX_CONFIG); - } -#endif - fclose(f); - exit(EX_TEMPFAIL); -} - -/* - * is spool file fname complete? it's complete if it's mode 750. - * This doesn't mean we can lock it, but means it's ok to try. - */ -int -smtp_spoolfile_complete(const char *fname) -{ - struct stat buf; - - if (stat(fname, &buf) != 0) { - /* - * If the file doesn't exist then some other child just finished - * processing it - not a problem! - * Anything else is a serious problem (OS is probably insane). - */ - if (errno != ENOENT) { - syslog(LOG_CRIT, "Can't stat %s (%m) - bye!", fname); - exit(EX_CONFIG); - } - return (0); - } - if (!(S_ISREG(buf.st_mode))) { - syslog(LOG_CRIT, "Spool file %s isn't a regular file!", fname); - exit(EX_CONFIG); - } - if ((buf.st_mode & 0110) != 0110) { -#ifdef VERBOSE - syslog(LOG_DEBUG, "%s not complete now.", fname); -#endif - if (gc_int && (buf.st_mtime+gc_int <= time(NULL))) { - /* - * This file has been hanging around incomplete for more than - * gc_int, This could be due simply to a (really) slow connection/big - * message tying up an smtpd process for a long time, or it could - * be due to something like the machine being rebooted killing off - * an smtpd process that had started to receive a message before - * it was able to finish and mark this file as complete. - * - * Therefore we better let the appropriate authority know about this - * file. - */ - struct utimbuf utb; - utb.actime = utb.modtime = time(NULL); - if (utime(fname, &utb) != 0) { - syslog(LOG_ALERT, "utime() failed on spool file %s (%m)", fname); - } - syslog(LOG_ALERT, "Spool file %s has been incomplete since %s. Please investigate.", fname, ctime(&(buf.st_ctime))); - } - return (0); - } - if ((buf.st_mode & 0111) == 0111) { - /* - * if the others execute bit is ticked, then this file had been - * previously tried, and we got a temp. sendmail failure. We - * don't want to retry too often, so make sure the mtime is more - * than RETRY_DELAY_TIME seconds ago. - */ - if ((time(NULL) - buf.st_mtime) < RETRY_DELAY_TIME) { -#ifdef VERBOSE - syslog(LOG_DEBUG, "Skipping file %s, delivery last attempted at %s.", fname, ctime(&(buf.st_mtime))); -#endif - return (0); - } - else { - syslog(LOG_DEBUG, "Retrying delivery of file %s, last attempted at %s.", fname, ctime(&(buf.st_mtime))); - } - } - return (1); -} - -/* - * Generate obituaries for our dead children and keep track of how many - * of our kids are still alive. - */ - -void -reap_children(void) -{ - while (1) { - pid_t pid; - int status; - - pid = waitpid(-1, &status, WNOHANG); - - if (pid == 0) { - return; - } else if (pid == -1) { - if (errno != ECHILD) { - syslog(LOG_CRIT, "CRITICAL - waitpid failed (%m) - aborting"); - abort(); - } - return; - } - children--; - if ((!WIFEXITED(status)) || (WEXITSTATUS(status) != 0)) { - switch (WEXITSTATUS(status)) { - case EX_TEMPFAIL: - - /* - * normal retry case - */ - syslog(LOG_DEBUG, "Child process (%d) exited indicating retry", pid); - break; - case EX_CONFIG: - /* - * we only exit with this code if we know we've got - * configuration problems. If a child exits like this, - * we also should exit - */ - syslog(LOG_CRIT, "Child process (%d) failed due to configuration problems. Exiting", pid); - exit(EX_CONFIG); - break; - default: - /* - * permanent failure or something unusual - */ - syslog(LOG_DEBUG, "Child process (%d) failed - no retry", pid); - break; - } - } - } -} - -/* - * Say something vaguely useful - */ - -void -show_usage() -{ - fprintf(stderr, "usage: smtpdfwdd [-u user] [-g group] [-g spooldir] [-s sendmailprog]\n"); -} - -/* - * forward a mail message received by smtpd contained in file fname. - * file is expected to be as follows: - * ------------------- - * FROM addr - * RCPT addr (or SENT addr) - * ... - * BODY - * message body - * ... - * ------------------- - * - * The FROM line indicates who sent this message. - * The RCPT lines each indicate an intended recipient. - * Any SENT lines indicate recipients that this message has already been - * delivered to (these only happen if a message is partially processed - * before sendmail signals a temporary failure). - * - * Everything before "BODY" will have been sanitized by smtpd. It's up - * to us to do anything we want to the message body, as smtpd takes that - * in verbatim. - * - * A message is processed MAXARGS recipients at a time. As each batch - * is processed, the RCPT verbs for the batch are turned into SENT verbs. - * This prevents the message from being sent to the same people more than - * once if a subsequent batch fails with a retry-able error. It also - * limits the number of people who will get the message twice if the system - * crashes at a bad moment. - * - * We call MAIL_AGENT -f fromaddr toaddr toaddr toaddr ... - * to forward mail. I.E. MAIL_AGENT should be sendmail or something - * else that delivers mail and will take those arguments a-la sendmail. - * For filtering message bodies for unwanted things, one can call a filter - * program which checks the message body as or before passing it through - * to a delivery program. MAIL_AGENT needs to exit with sendmail-like - * exit codes. - * - * We exit with - * EX_TEMPFAIL - Retry later for whatever reason - * EX_CONFIG - Something's horribly wrong, and our parent should exit - * EX_OK - We have removed the spoolfile after success - * anything else - We have removed the spoolfile after failure (no retry) - */ - -void -forward(char *fname) -{ - FILE *f = NULL; - char line[SMTP_MAX_CMD_LINE]; - char *c, *from; - int sentout; - off_t body; - struct smtp_victim *victim, *victims; - - victim = (struct smtp_victim *) malloc(sizeof(struct smtp_victim)); - - victim->name = NULL; - victim->next = NULL; - victims = victim; - - if (victims == NULL) { - syslog(LOG_ERR, "Malloc failed, aborting delivery of %s", fname); - fail_abort(f, fname); - } - /* - * Step 1 - open the file for updating. exit silently if it fails, - * since that is most likely due to one of our siblings having dealt - * with it and removed it. - */ - - f = fopen(fname, "r+"); - if (f == NULL) { - syslog(LOG_CRIT, "Couldn't open spool file %s! (%m)", fname); - exit(EX_TEMPFAIL); - } - /* - * Step 2 - try to get a non-blocking exclusive lock on the file. - * Just exit (relatively) silently if it fails. This happens for a number - * of reasons: - * - * - one of our siblings has already got the file - * - smtpd isn't done with it yet - */ - -#ifdef USE_LOCKF - if (lockf(fileno(f), F_TLOCK, 0) != 0) { - syslog(LOG_DEBUG, "Couldn't lock spool file %s using lockf (%m)", fname); - exit(EX_TEMPFAIL); - } -#endif -#ifdef USE_FLOCK - if (flock(fileno(f), LOCK_EX | LOCK_NB) != 0) { - syslog(LOG_DEBUG, "Couldn't lock spool file %s using flock (%m)", fname); - exit(EX_TEMPFAIL); - } -#endif - - /* - * Step 3 - do a basic sanity test on the file - * - * We do the test using the file's name instead of the just opened - * file descriptor to avoid the following race condition: - * - * - we and one of our siblings both open the file successfully above - * - we're suspended while our sibling completely processes the file - * (including unlinking the file). - * - we finally get around to locking the file. Since our sibling is - * done, the lock attempt works. - * - we do the sanity test using the file descriptor (which is associated - * with a file that no longer has a name). - * - we process the file again. - * - * By doing the following sanity check using the file's name instead - * of the file descriptor, we avoid the race because, if the above sequence - * of events occurs, the file won't exist when we do the sanity test - * (which will cause the sanity test to fail). - * - */ - - if (!smtp_spoolfile_complete(fname)) { - /* - * smtpd hasn't finished with this one yet or the file is gone. - * Bail out. If the file still exists, it will get tried again later. - */ - - /* If we locked the file (above) and have discovered it isn't complete, - * be sure to unlock it. Sadly, some OS's seem to think that locks - * can stay after a process goes away. Sigh. -BB - */ - -#ifdef USE_LOCKF - if (lockf(fileno(f), F_TLOCK, 0) == 0) - if (lockf(fileno(f), F_ULOCK, 0) != 0) { - syslog(LOG_ERR, "Couldn't unlock incomplete spool file %s (%m)!", fname); - exit(EX_CONFIG); - } -#endif -#ifdef USE_FLOCK - if (flock(fileno(f), LOCK_EX | LOCK_NB) == 0) - if (flock(fileno(f), LOCK_UN) != 0) { - syslog(LOG_ERR, "Couldn't unlock incomplete spool file %s (%m)!", fname); - exit(EX_CONFIG); - } -#endif - - exit(EX_TEMPFAIL); - } - /* - * parse file - */ - - if (fgets(line, sizeof(line), f) == NULL) { - syslog(LOG_ERR, "read failed on spool file %s (%m) - message not forwarded", fname); - fail_abort(f, fname); - } - line[SMTP_MAX_CMD_LINE - 1] = '\0'; - - if (strncmp(line, "FROM ", 5) != 0) { - syslog(LOG_ERR, "File %s corrupt (no FROM line) - message not forwarded", fname); - fail_abort(f, fname); - } - c = strchr(line, '\n'); - if (c == NULL) { - syslog(LOG_ERR, "FROM line too long in %s - message not forwarded", fname); - fail_abort(f, fname); - } - *c = '\0'; - from = strdup(line + 5); - if (from == NULL) { - syslog(LOG_INFO, "Malloc failed - retrying later"); - fail_retry(f, fname); - } - -#if STRIP_QUOTES - /* remove <> quotes from sender, as some MTA's (like qmail) don't deal - * with it well. - */ - if ((from[0]=='<') && (from[strlen(from)-1]=='>')) { - from[strlen(from)-1]='\0'; - from++; - } -#endif - - for (;;) { - long vloc; - - vloc = ftell(f); - if (fgets(line, sizeof(line), f) == NULL) { - syslog(LOG_ERR, "read failed on spool file %s (%m) - message not forwarded", fname); - fail_abort(f, fname); - } - line[SMTP_MAX_CMD_LINE - 1] = '\0'; - if (strncmp(line, "SENT ", 5) == 0) { - /* - * we already sent it to this victim on a previous attempt. - */ - continue; - } - if (strncmp(line, "RCPT ", 5) != 0) { - break; - } - /* - * we have a RCPT - */ - if (victim->name != NULL) { - victim->next = (struct smtp_victim *) malloc(sizeof(struct smtp_victim)); - - victim = victim->next; - victim->name = NULL; - victim->next = NULL; - } - c = strchr(line, '\n'); - if (c == NULL) { - syslog(LOG_ERR, "RCPT line too long in %s - message not forwarded", fname); - fail_abort(f, fname); - } - *c = '\0'; - if ((victim->name = strdup(line + 5)) == NULL) { - syslog(LOG_INFO, "Malloc failed - retrying later"); - fail_retry(f, fname); - } -#if STRIP_QUOTES - /* again, strip <> if present in case MTA can't handle it */ - if ((victim->name[0]=='<') && (victim->name[strlen(victim->name)-1]=='>')) { - victim->name[strlen(victim->name)-1]='\0'; - (victim->name)++; - } -#endif - victim->location = vloc; - } - - c = strchr(line, '\n'); - if (c == NULL) { - syslog(LOG_ERR, "BODY line too long in %s - message not forwarded", fname); - fail_abort(f, fname); - } - *c = '\0'; - if (strcmp(line, "BODY") != 0) { - syslog(LOG_ERR, "File %s corrupt (no BODY after RCPT) - message not forwarded", fname); - fail_abort(f, fname); - } - /* - * We're now at the start of our message body with the list of - * recipients in "victims" and the sender in "from". fire off our - * mail program to send it out - */ - body = ftell(f); - victim = victims; - sentout = 0; - if (!VerboseSyslog) { - accumlog(LOG_INFO, "Forwading %s", fname); - } - while (victim != NULL) { - int status, pid, pidw, i, rstart; - struct smtp_victim *sv = victim; - char *av[MAXARGS]; - - i=0; - av[i++] = mailagent; -#if SENDMAIL_OITRUE - if (strstr(mailagent, "sendmail") != 0) { - /* - * Sendmail has a feature/bug that it will by default - * stop on a line with just a '.'. We need to - * tell sendmail to ignore a line that contains just a '.' - * otherwise it decides that it's the end of the message. - * We may not need this if "sendmail" isn't really sendmail. - * (for example, qmail's phony "sendmail" that calls qmail-inject - * doesn't need this). - */ - av[i++] = "-oiTrue"; - } -#endif - av[i++] = "-f"; - av[i++] = from; - rstart = i; - while (i < MAXARGS - 2) { - if (VerboseSyslog) { - syslog(LOG_INFO, "forwarding to recipient %s", victim->name); - } else { - accumlog(LOG_INFO, " to=%s", victim->name); - } - av[i++] = victim->name; - victim = victim->next; - if (victim == NULL) { - break; - } - } - av[i] = NULL; - - if ((pid = fork()) == 0) { - int xerrno; - - close(0); - close(1); - close(2); - if (dup(fileno(f)) != 0) { - syslog(LOG_ERR, "Couldn't dup open %s to stdin (%m)", fname); - exit(EX_OSERR); - } - - /* - * Open /dev/null as stdout and as stderr so sendmail 8.12.1 (and - * above ?) won't complain about missing file descriptors. - */ - if (open("/dev/null", O_WRONLY | O_APPEND) < 0) { - syslog(LOG_ERR, "Couldn't open /dev/null as stdout (%m)"); - exit (EX_OSERR); - } - if (open("/dev/null", O_RDWR | O_APPEND) < 0) { - syslog(LOG_ERR, "Couldn't open /dev/null as stderr (%m)"); - exit (EX_OSERR); - } - - fclose(f); - closelog(); - if (lseek(0, body, SEEK_SET) < 0) { - syslog(LOG_ERR, "Can't lseek spool file %s! (%m)", fname); - exit(EX_OSERR); - } - execv(av[0], av); - xerrno = errno; - openlog("smtpfwdd", LOG_PID | LOG_NDELAY, LOG_FACILITY); - errno = xerrno; - if (errno == ENOMEM) { - syslog(LOG_INFO, "exec of %s failed (%m) - retrying it later", av[0]); - fail_retry(fdopen(0, "r+"), fname); - } else { - syslog(LOG_CRIT, "exec of %s failed! (%m)", av[0]); - exit(EX_CONFIG); - } - } else if (pid < 0) { - syslog(LOG_INFO, "fork failed - retrying message later"); - fail_retry(f, fname); - } - do { - pidw = wait(&status); - } - while ((pidw != pid) && (pidw != -1)); - - if ((!WIFEXITED(status)) || (WEXITSTATUS(status) != 0)) { - /* - * Sendmail go boom. boo hoo. - */ - switch (WEXITSTATUS(status)) { -#if SENDMAIL_RETRY - case EX_OSERR: - case EX_OSFILE: - case EX_IOERR: - case EX_TEMPFAIL: - syslog(LOG_INFO, "Temporary sendmail failure (status %d), will retry later", status); - fail_retry(f, fname); - break; -#endif -#ifdef EX_NOUSER - case EX_NOUSER: - syslog(LOG_INFO, "Sendmail exited indicating one or more local recipients did not exist (no retry)"); - fail_abort(f, fname); -#endif - case EX_CONFIG: - syslog(LOG_CRIT, "Sendmail configuration error!"); - exit(EX_CONFIG); - default: - syslog(LOG_INFO, "Sendmail exited abnormally (status %d) - message not forwarded.", status); - fail_abort(f, fname); - } - } - /* - * yippee. so far so good - */ - sentout += (i - rstart); - - if (victim != NULL) { - - /* - * We got more, and have to do it all again. Before we do, - * tag the existing recipients who got sent out by changing - * RCPT to SENT in the spoolfile. In this way we avoid - * delivering this again if we have a temporary sendmail - * failure and retry after having sent it out to part of the - * recipients successfully. - */ - - - for (i = rstart; i < (MAXARGS - 2); i++) { - if (fseek(f, sv->location, SEEK_SET) != 0) { - syslog(LOG_ERR, "Couldn't fseek %s (%m) - message abandoned after delivery to first %d recipients", fname, sentout); - fail_abort(f, fname); - } - fprintf(f, "SENT"); - fflush(f); - sv = sv->next; - if (sv == NULL) { - break; - } - } - - - if (fseek(f, body, SEEK_SET) != 0) { - syslog(LOG_ERR, "Couldn't fseek %s (%m) - message abandoned after delivery to first %d recipients", fname, sentout); - fail_abort(f, fname); - } - } - } - - /* - * All seems to have worked - */ - if (VerboseSyslog) { - syslog(LOG_INFO, "%s forwarded to %d recipients", fname, sentout); - } else { - accumlog(LOG_INFO, ", forwarded to %d recipients", sentout); - accumlog(LOG_INFO, 0); /* flush */ - } - if (unlink(fname) != 0) { - syslog(LOG_CRIT, "Couldn't remove spool file %s! (%m)", fname); - exit(EX_CONFIG); - } -#ifdef USE_LOCKF - if (lockf(fileno(f), F_TLOCK, 0) == 0) - if (lockf(fileno(f), F_ULOCK, 0) != 0) { - syslog(LOG_ERR, "Couldn't unlock spool file %s using lockf after removal (%m)!", fname); - exit(EX_CONFIG); - } -#endif -#ifdef USE_FLOCK - if (flock(fileno(f), LOCK_EX | LOCK_NB) == 0) - if (flock(fileno(f), LOCK_UN) != 0) { - syslog(LOG_ERR, "Couldn't unlock spool file %s using flock after removal (%m)!", fname); - exit(EX_CONFIG); - } -#endif - - fclose(f); - exit(EX_OK); -} - -/* - * The brains of this operation - */ - -int -main(int argc, char **argv) -{ - int opt; - char *optstring = "qu:g:d:s:M:P:"; - int pid; - - char *username = SMTP_USER; - char *groupname = SMTP_GROUP; - struct passwd *user = NULL; - struct group *group = NULL; - - openlog("smtpfwdd", LOG_PID | LOG_NDELAY, LOG_FACILITY); - - /* - * grab arguments - */ -#ifdef GETOPT_EOF - while ((opt = getopt(argc, argv, optstring)) != EOF) { -#else - while ((opt = getopt(argc, argv, optstring)) != -1) { -#endif - switch (opt) { - case 'q': - VerboseSyslog = 0; - break; - case 'd': - if (optarg[0] != '/') { - fprintf(stderr, "The \"-d\" option requires an absolute pathname argument, \"%s\" is bogus\n", optarg); - show_usage(); - exit(EX_CONFIG); - } - spooldir = optarg; - break; - case 's': - if (optarg[0] != '/') { - fprintf(stderr, "The \"-s\" option requires an absolute pathname argument, \"%s\" is bogus\n", optarg); - show_usage(); - exit(EX_CONFIG); - } - mailagent = optarg; - break; - case 'M': - { - long newmax; - char *foo; - - newmax = strtol(optarg, &foo, 10); - if (*foo == '\0') { - if (newmax > 1000 || newmax < 1) { - fprintf(stderr, "Unreasonable (%ld) max children value\n", newmax); - show_usage(); - exit(EX_CONFIG); - } - maxchildren = newmax; - } else { - fprintf(stderr, "The \"-M\" option requires a positive integer argument, \"%s\" is bogus\n", optarg); - show_usage(); - exit(EX_CONFIG); - } - } - break; - case 'P': - { - long newpoll; - char *foo; - - newpoll = strtol(optarg, &foo, 10); - if (*foo == '\0') { - if (newpoll > 1000 || newpoll < 1) { - fprintf(stderr, "Unreasonable (%ld) max poll value\n", newpoll); - show_usage(); - exit(EX_CONFIG); - } - poll_time = newpoll; - } else { - fprintf(stderr, "The \"-P\" option requires a positive integer argument, \"%s\" is bogus\n", optarg); - show_usage(); - exit(EX_CONFIG); - } - } - break; - case 'u': - { - long userid; - char *foo; - - userid = strtol(optarg, &foo, 10); - if (*foo == '\0') { - /* - * looks like we got something that looks like a - * number, try to find user by uid - */ - user = getpwuid((uid_t) userid); - if (user == NULL) { - fprintf(stderr, "Invalid uid argument for the \"-u\" option, no user found for uid %s\n", optarg); - show_usage(); - exit(EX_CONFIG); - } - username = user->pw_name; - } else { - /* - * optarg didn't look like a number, so try looking it - * up as a username. - */ - user = getpwnam(optarg); - if (user == NULL) { - fprintf(stderr, "Invalid username argument for the \"-u\" option, no user found for name %s\n", optarg); - show_usage(); - exit(EX_CONFIG); - } - username = user->pw_name; - } - } - break; - case 'g': - { - long grpid; - char *foo; - - grpid = strtol(optarg, &foo, 10); - if (*foo == '\0') { - /* - * looks like we got something that looks like a - * number try to find user by uid - */ - group = getgrgid((gid_t) grpid); - if (group == NULL) { - fprintf(stderr, "Invalid gid argument for the \"-g\" option, no group found for gid %s\n", optarg); - show_usage(); - exit(EX_CONFIG); - } - groupname = group->gr_name; - } else { - /* - * optarg didn't look like a number, so try looking it - * up as a * groupname. - */ - group = getgrnam(optarg); - if (group == NULL) { - fprintf(stderr, "Invalid groupname argument for the \"-g\" option, no group found for name %s\n", optarg); - show_usage(); - exit(EX_CONFIG); - } - groupname = group->gr_name; - } - } - break; - default: - fprintf(stderr, "Unknown option \"-%c\"\n", opt); - show_usage(); - exit(EX_CONFIG); - break; - } - } - - /* - * OK, got my options, now change uid/gid - */ - if (user == NULL) { - /* - * none provided, use the default - */ - long userid; - char *foo; - - userid = strtol(username, &foo, 10); - if (*foo == '\0') { - /* - * looks like we got something that looks like a number * try - * to find user by uid - */ - user = getpwuid((uid_t) userid); - if (user == NULL) { - fprintf(stderr, "Eeek! I was compiled to run as uid %s, but no user found for uid %s\n", username, username); - fprintf(stderr, "Please recompile me to use a valid user, or specify one with the \"-u\" option.\n"); - exit(EX_CONFIG); - } - username = user->pw_name; - } else { - /* - * username didn't look like a number, so try looking it up as - * a username. - */ - user = getpwnam(username); - if (user == NULL) { - fprintf(stderr, "Eeek! I was compiled to run as user \"%s\", but no user found for username \"%s\"\n", username, username); - fprintf(stderr, "Please recompile me to use a valid user, or specify one with the \"-u\" option.\n"); - exit(EX_CONFIG); - } - username = user->pw_name; - } - } - if (group == NULL) { - /* - * didn't get a group, use the default - */ - long grpid; - char *foo; - - grpid = strtol(groupname, &foo, 10); - if (*foo == '\0') { - /* - * looks like we got something that looks like a number, try - * to find group by gid - */ - group = getgrgid((gid_t) grpid); - if (group == NULL) { - fprintf(stderr, "Eeek! I was compiled to run as gid %s, but no group found for gid %s\n", groupname, groupname); - fprintf(stderr, "Please recompile me to use a valid group, or specify one with the \"-g\" option.\n"); - exit(EX_CONFIG); - } - groupname = group->gr_name; - } else { - /* - * groupname didn't look like a number, so try looking it up - * as a groupname. - */ - group = getgrnam(groupname); - if (group == NULL) { - fprintf(stderr, "Eeek! I was compiled to run as group \"%s\", but no group found for groupname \"%s\"\n", groupname, groupname); - fprintf(stderr, "Please recompile me to use a valid group, or specify one with the \"-g\" option.\n"); - exit(EX_CONFIG); - } - groupname = group->gr_name; - } - } - /* - * If we're here, we have a valid user and group to run as - */ - if (group == NULL || user == NULL) { - fprintf(stderr, "Didn't find a user or group, (Shouldn't happen)\n"); - abort(); - } - if (user->pw_uid == 0) { - fprintf(stderr, "Sorry, I don't want to run as root! It's a bad idea!\n"); - fprintf(stderr, "Please recompile me to use a valid user, or specify one with the \"-u\" option.\n"); - exit(EX_CONFIG); - } - if (group->gr_gid == 0) { - fprintf(stderr, "Sorry, I don't want to run as group 0. It's a bad idea!\n"); - fprintf(stderr, "Please recompile me to use a valid group, or specify one with the \"-g\" option.\n"); - exit(EX_CONFIG); - } - if (setgid(group->gr_gid) != 0) { - perror("Setgid failed!"); - exit(EX_CONFIG); - } - if (setuid(user->pw_uid) != 0) { - perror("Setuid failed!"); - exit(EX_CONFIG); - } - - /* If we didn't get a spooldir, use the default SPOOLDIR.SPOOLSUBDIR */ - if (spooldir == NULL) { - spooldir = (char *) malloc((strlen(SPOOLDIR) + strlen(SPOOLSUBDIR) + 2) - * sizeof(char)); - if (spooldir == NULL) { - fprintf(stderr, "Malloc failed allocating room for spooldir filename! Can't continue, Sorry!\n"); - exit(EX_OSERR); - } - sprintf(spooldir, "%s/%s", SPOOLDIR, SPOOLSUBDIR); - } - - /* - * OK, we're now running as a non-root user and group, hopefully one - * that can run sendmail -f and have it work. - */ - - if (chdir(spooldir) != 0) { - perror("Chdir failed!"); - fprintf(stderr, "Can't change directory to spooldir %s\n", spooldir); - exit(EX_CONFIG); - } - if ((pid = fork()) != 0) { - if (pid < 0) { - syslog(LOG_CRIT, "fork failed (%m) while trying to become a daemon"); - } - exit(EX_OSERR); - } else { - DIR *dir; - - /* - * Try to get a semaphore file. Prevents multiple instances of - * smtpfwdd from running at once on the same spool directory. - */ - - { - int lfd; - char tbuf[100]; - - lfd = open(".smtpfwdd.lock", O_WRONLY | O_CREAT, 0644); - if (lfd < 0) { - syslog(LOG_CRIT, "can't open semaphore file in \"%s\" (%m) - bye!", spooldir); - exit(EX_CONFIG); - } -#ifdef USE_LOCKF - if (lockf(lfd, F_TLOCK, 0) != 0) { - syslog(LOG_ERR, "I'm already running in %s", spooldir); - exit(EX_CONFIG); - } -#endif -#ifdef USE_FLOCK - if (flock(lfd, LOCK_EX | LOCK_NB) != 0) { - syslog(LOG_ERR, "I'm already running in %s", spooldir); - exit(EX_CONFIG); - } -#endif - - /* - * Done - put our pid in the semaphore file. - * Note that we keep the semaphore file open but forget the file's fd. - */ - - sprintf(tbuf, "%7d\n", (int) getpid()); - write(lfd, tbuf, strlen(tbuf)); - } - - setsid(); - - signal(SIGCHLD, SIG_DFL); - - dir = opendir("."); - if (dir == NULL) { - syslog(LOG_CRIT, "Can't open directory %s (%m) - exiting", - spooldir); - exit(EX_CONFIG); - } - for (;;) { - struct dirent *direct; - int cpid; - - while ((direct = readdir(dir)) != NULL) { - int groks = 0; - - reap_children(); - while (children >= maxchildren) { - groks++; - if (groks == 60) { - syslog(LOG_ERR, "Too many children for last minute! Please investigate!"); - groks = 0; - } - sleep(1); - reap_children(); - } - if (!VerboseSyslog) { - /* should be empty - but just in case */ - accumlog(LOG_INFO, 0); - } - /* - * If we have a file with an appropriate name and it is - * complete then create a child which will try to forward the - * message. - */ - if (strncmp(direct->d_name, "smtpd", 5) == 0 - && smtp_spoolfile_complete(direct->d_name)) { - children++; - if ((cpid = fork()) == 0) { - forward(direct->d_name); - /* - * NOTREACHED - */ - syslog(LOG_CRIT, - "Returned from forward()! SHOULD NOT HAPPEN!"); - exit(EX_CONFIG); - } - if (cpid < 0) { - syslog(LOG_ERR, "Fork failed! (%m)"); - children--; - } - } - } - rewinddir(dir); - sleep(poll_time); - } - } -} diff --git a/share/Makefile b/share/Makefile index 26acf331c8b..4a8e257a76a 100644 --- a/share/Makefile +++ b/share/Makefile @@ -1,6 +1,6 @@ -# $OpenBSD: Makefile,v 1.9 2001/05/30 02:11:00 deraadt Exp $ +# $OpenBSD: Makefile,v 1.10 2002/10/04 23:16:41 deraadt Exp $ SUBDIR= dict doc ipsec lkm man misc mk tabset termtypes \ - tmac zoneinfo smtpd + tmac zoneinfo .include <bsd.subdir.mk> diff --git a/share/smtpd/Makefile b/share/smtpd/Makefile deleted file mode 100644 index 84f0ec6a332..00000000000 --- a/share/smtpd/Makefile +++ /dev/null @@ -1,13 +0,0 @@ -# $OpenBSD: Makefile,v 1.2 2000/03/02 14:46:52 todd Exp $ -# -# -FILES= example.* -NOOBJ= noobj - -all clean cleandir depend lint tags: - -install: - install -d ${DESTDIR}${BINDIR}/smtpd - install -c -m 0444 ${FILES} ${DESTDIR}${BINDIR}/smtpd - -.include <bsd.prog.mk> diff --git a/share/smtpd/README b/share/smtpd/README deleted file mode 100644 index aeaa9402a4c..00000000000 --- a/share/smtpd/README +++ /dev/null @@ -1,74 +0,0 @@ - - OpenBSD smtpd/smtpfwdd README - -WHAT IS IT?: - - smtpd and smtpfwdd are an implementation of a store and forward -smtp proxy. Smtpd is a daemon witch runs in a chrooted environment and -talks smtp in order to receive mail. It spools received mail to it's -chroot. Smtpfwdd is a daemon which periodically scans the smtpd chroot -directory and invokes sendmail to deliver the mail, either locally or -by forwarding it to its eventual destination. - -INSTALLATION: - - To use the smtpd and smtpfwdd distributed with OpenBSD you will -need to perform a couple of steps. - -1) edit /etc/rc.conf - change smtpfwdd_flags from NO to "". - change sendmail_flags to "-q30m". - -sendmail_flags="-q30m" # for 'normal' use: sendmail_flags="-bd -q30m" -smtpfwdd_flags="" # for 'normal' use: smtpfwdd_flags="", no -bd above. - - -2) edit /etc/inetd.conf - add a line : - -smtp stream tcp nowait root /usr/libexec/smtpd smtpd - -3) make the chroot needed by smtpd to run in: - - mkdir /var/spool/smtpd - chmod 700 /var/spool/smtpd - chown uucp.daemon /var/spool/smtpd - mkdir /var/spool/smtpd/etc - chmod 755 /var/spool/smtpd/etc - cp /etc/resolv.conf /var/spool/smtpd/etc/resolv.conf - chmod 644 /var/spool/smtpd/etc/resolv.conf - cp /etc/localtime /var/spool/smtpd/etc/localtime - chmod 644 /var/spool/smtpd/etc/localtime - touch /var/spool/smtpd/etc/smtpd_check_rules - chmod 644 /var/spool/smtpd/etc/smtpd_check_rules - -4) edit /var/spool/smtpd/etc/smtpd_check_rules appropriately for your - domain. A good starting point is the example.norelay in this directory, - although you will need to edit this file to use it. - -5) Now reboot, and you should be set up running smtpd. - -NOTES: - - If you intend to run smtpd on a dual homed bastion host type -firewall system as a store and forward smtp proxy, you will need to -play some minor DNS games. This is necessary to ensure that while -externally your mail is MXed to your firewall host, internally, your -mail is MX'ed to your real internal mailhost. Briefly, this is done as -follows: - - 1) Your internal DNS knows about everything in your domain, -(including extrenally visible hosts) and MX'es mail to the internal -mailhost. It uses your external DNS as a forwarder. (Note this means -that the external DNS must be accessible by the internal DNS - - 2) Your external DNS knows about only your externally visible -hosts, and MX's mail to your firewall bastion host. - - 3) Your firewall bastion host uses the internal DNS in it's -etc resolv.conf. - - You should refer to either the O'reilly "DNS and BIND" book by -Paul Ablitz and Cricket Liu, or "Building Internet Firewalls" by Brent -Chapman and Elizabeth Zwickery for details on this type of split DNS -setup. diff --git a/share/smtpd/example.antispam b/share/smtpd/example.antispam deleted file mode 100644 index c9c41f23882..00000000000 --- a/share/smtpd/example.antispam +++ /dev/null @@ -1,92 +0,0 @@ -# $OpenBSD: example.antispam,v 1.3 2002/06/14 21:34:58 todd Exp $ - -# example antispam file. Modify to suit your needs. -# -# This file goes in /var/spool/smtpd/etc/smtpd_check_rules -# once you have modified it appropriately for your site. -# -# This example does two things: 1, it prevents unauthorized relaying, -# 2), it blocks incoming SPAM from the major SPAM domains. To keep -# an eye on the current worst offenders, check out http://spam.abuse.net/ -# -# If you really dislike SPAM, you can try compiling with NOTO_DELAY -# set to some (relatively small) value, and changing the "noto" rules -# in this file to "noto_delay" rules. -# -# This file assumes that our domains are "mydomain.com" and "otherdomain.com". -# assumes our dns servers are "dns1.mydomain.com", etc. etc. -# you will need to edit this file for your own use. - -# First, allow us to relay outgoing mail from our hosts. -allow:*mydomain.com *otherdomain.com:ALL:ALL - -# don't allow people to use %hack to relay off of me. -noto:ALL:ALL:*%*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. -noto:ALL:ALL:*!*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. -noto:ALL:ALL:*@*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. - -# First, the exceptions. -# "I'll have your spam dear, I love it!" -# -# The people below have requested that all mail be let through to them -# with no filtering for SPAM, and we accommodate them here. -# -allow:ALL:ALL:ALL@hormel.mydomain.com spamboy@otherdomain.com - - -# Block any connections from host in the MAPS rbl at rbl.maps.vix.com -# Beware that this can throw the baby out with the bathwater. -# this one line will mimic the usual sendmail behaviour when using the MAPS RBL -noto:RBL.rbl.maps.vix.com:ALL:ALL:550 Mail refused from host %I in MAPS RBL, see http%C//maps.vix.com/rbl/ - -# Block any connections from a host or connecting address who uses a -# nameserver for which the address is in the MAPS rbl at rbl.maps.vix.com. -# Note that this can *really* throw the baby out with the bathwater, -# be sure you understand the implications before using the two below. -#noto:NS=RBL.rbl.maps.vix.com:ALL:ALL:550 Mail refused due to nameserver for %H(%I) in MAPS RBL, see http%C//maps.vix.com/rbl/ -#noto:ALL:NS=RBL.rbl.maps.vix.com:ALL:550 Mail refused due to nameserver for %F in MAPS RBL, see http%C//maps.vix.com/rbl/ - - -# block anyone who uses a major SPAM provider as a nameserver or MX. either -# on a connection from one of their hosts, a connection from a host they act -# as a nameserver for, or a connection with a FROM: address that uses -# a nameserver or MX from a them. As an example, we use the old cyberpromo -# netblocks below. You should not use a rule such as below unless you are -# sure the netblock *currently* belongs to a spamhaus. -#cyberpromo.com -#noto:205.199.212.0/24 205.199.2.0/24 207.124.161.0/24 204.137.221.0/24:ALL:ALL -#noto:ALL:NS=205.199.212.0/24 NS=205.199.2.0/24 NS=207.124.161.0/24 NS=204.137.221.0/24:ALL -#noto:NS=205.199.212.0/24 NS=205.199.2.0/24 NS=207.124.161.0/24 NS=204.137.221.0/24:ALL:ALL - - - -# dump things with a bogus rhs to a FROM: addresses. usually spammers -# This drops any message where the FROM: address is given as -# anything@bogus, where "bogus" is -# 1) not resolvable as a hostname. -# 2) not resolvable as an NS or MX record -# In other words, this basically tosses anything that gives a FROM address -# in the smtp dialogue that you would probably have no hope of replying -# to via smtp. - -# You can may wish to use a 450 (which invites the sender to retry) -# rather than a 550 that won't in order not to lose real mail that has -# no resolution due to temporary DNS problems. However be warned that -# if you do lots of SPAM may get retried a lot. I've had varying -# success with using 450 depending on how busy the site is. -noto:ALL:NS=UNKNOWN:ALL:550 Your FROM address (%F) doesn't seem to resolve to a host, domain, or MX record. Please mail to %T from a valid e-mail address. - -# dump bozos with all digit addresses. almost always spammers. -noto:ALL:/^[0-9]+@.*$/:ALL - -############################################## -# otherwise, allow untrusted connections with mail to anywhere we MX -# this should do it nicely: -allow:ALL:ALL:NS=dns*.mydomain.com -# An alternative is to allow by domain, below. -allow:ALL:ALL:*mydomain.com *otherdomain.com - -############################################## -# don't relay mail to other places from other connections, so -# we don't get used as a spam relay -noto:ALL:ALL:ALL:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. diff --git a/share/smtpd/example.features b/share/smtpd/example.features deleted file mode 100644 index 43759c10015..00000000000 --- a/share/smtpd/example.features +++ /dev/null @@ -1,50 +0,0 @@ -# $OpenBSD: example.features,v 1.2 2001/02/03 08:23:45 niklas Exp $ - -# -# example smtpd rules file. -# Also note, this isn't real. It's chosen for illustrative purposes. -# not for practicality. -# -# Rule syntax [allow|deny]:SourceList:FromList:ToList:[XXX message] -# - -# allow the users on the freenet host to send mail from their username -# (obtained by ident query to the box) and no other, except for -# "root" and "uucp", which MTA's on the machine may run as. -allow:root@freenet.my.domain uucp@freenet.my.domain:ALL:ALL -allow:ALL@freenet.my.domain:USER@freenet.my.domain:ALL -deny:freenet.my.domain:ALL:ALL - -# I'm in front of some other people's mail. Allow their mailhost -# to send mail out coming from themselves, but not from other addresses. -allow:mailhost.other1.org:ALL@other1.org ALL@mailhost.other1.org:ALL -deny:mailhost.other1.org:ALL:ALL -allow:mailhost.other2.org:ALL@other2.org ALL@mailhost.other2.org:ALL -deny:mailhost.other2.org:ALL:ALL -# Allow everything else inbound to them -allow:ALL:ALL:ALL@other2.org ALL@mailhost.other2.org -allow:ALL:ALL:ALL@other1.org ALL@mailhost.other1.org - - -# we had a problem with internal people subscribing to lists on -# xxx.com. As such we got a directive from on high that -# we really don't need our people to send any mail to that site. -deny:*.my.domain:ALL:ALL@xxx.com ALL@*.xxx.com - -# don't allow my users to subscribe to majordomo mailinglists except from -# certain machines, and then, only as themselves according to ident. -# except for "luser" who got caught trying to subscribe me to a bunch of -# mailing lists about therapy for control freaks. -allow:ALL@loginhost.my.domain ALL@otherhost.my.domain EXCEPT luser@*.my.domain:USER@my.domain:majordomo@ALL -deny:*.my.domain:ALL:majordomo@ALL - -# allow sources in my domain to mail out with from addresses looking like they -# are from my domain's two allowed forms of email address. -allow:*.my.domain 192.168.20.* 192.168.30.*:ALL@my_domain ALL@mailhost.my.domain:ALL - -# relay incoming mail to my domain. -allow:ALL:ALL:*my.domain - -# don't relay anything else out (bogus FROM:, external spammer using us as a -# relay, etc). -deny:ALL:ALL:ALL diff --git a/share/smtpd/example.norelay b/share/smtpd/example.norelay deleted file mode 100644 index 940588b5f8a..00000000000 --- a/share/smtpd/example.norelay +++ /dev/null @@ -1,36 +0,0 @@ -# $OpenBSD: example.norelay,v 1.2 2001/02/03 08:23:45 niklas Exp $ - -# A simple anti-relay only example. Make sure you don't get used as a third -# party relay to spam other unfortunate people and grind your server -# to a halt dealing with the complaints. - -# this file goes into /var/spool/smtpd/etc/smtpd_check_rules once you -# have made the appropriate modifications to it. - -# assumes we are "my.domain". - edit for your own use. - -# Don't allow people to %hack relay off of me. -noto:ALL:ALL:*%*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. -noto:ALL:ALL:*!*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. -noto:ALL:ALL:*@*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. - -# we can allow outbound mail from our own hosts by allowing -# outbound from hosts that have dns.my.domain as one of -# their nameservers. this might be useful if we sit in front of a -# lot of domains. but will be slower than below. -#allow:NS=dns.my.domain:ALL:ALL -# alternatively, if we don't want to bother with a name lookup, -# we can simply allow all hosts ending in my.domain to relay through me. -allow:*my.domain:ALL:ALL - -# Again, for inbound mail we can match on the nameserver -# accepting mail for any address where the RHS uses us as a nameserver. -#allow:ALL:ALL:NS=dns.my.domain -# alternatively, allow anything ending in my.domain. -allow:ALL:ALL:*my.domain - -# -# punt anything else, we won't relay for people we don't know. -# -noto:ALL:ALL:ALL:551 Sorry %H(%I), I don't allow unauthorized relaying. Please -use another SMTP host to mail from %F to %T |