[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: fix for policy checking prob.
> Matti,
>
> I made a change that seems reasonably sane: when checking validity of
> domains, *do* check validity of [1.2.3.4] format recipient domains, but
> *do not* check validity of [1.2.3.4] format originator domains.
> I think that there may be a better way, but I think that for now this
> will do. It does not seem to be harmful anyway. Please consider
> including it into the mainstream.
I did inject it, and then try, and finally removed.
Here is a better one. Essentially it does RBL analysis
of the address literals at MAIL FROM, and RCPT TO, while
it does full rule analysis at connection time.
> Eugene
/Matti Aarnio
Index: policytest.c
===================================================================
RCS file: /home/mea/src/CVSROOT/zmailer/smtpserver/policytest.c,v
retrieving revision 1.25
diff -u -r1.25 policytest.c
--- policytest.c 1999/03/08 10:16:14 1.25
+++ policytest.c 1999/04/05 15:20:00
@@ -643,10 +643,13 @@
}
-static int _addrtest_(rel, state, pbuf)
+static int _addrtest_ __((struct policytest *rel, struct policystate *state, const char *pbuf, int sourceaddr));
+
+static int _addrtest_(rel, state, pbuf, sourceaddr)
struct policytest *rel;
struct policystate *state;
const char *pbuf;
+int sourceaddr;
{
u_char ipv4addr[4];
@@ -672,6 +675,9 @@
if (checkaddr(rel, state, pbuf) != 0)
return 0; /* Nothing found */
+ if (!sourceaddr)
+ goto just_rbl_checks;
+
#if 0
/* if (IP address of SMTP client has 'rejectnet +' attribute) then
any further conversation refused
@@ -742,6 +748,8 @@
if (state->trust_recipients || state->full_trust || state->always_accept)
return 0;
+ just_rbl_checks:;
+
if (state->values[P_A_TestDnsRBL] &&
!valueeq(state->values[P_A_TestDnsRBL], "-") &&
pbuf[1] == P_K_IPv4) {
@@ -826,7 +834,7 @@
return -2;
}
- return _addrtest_(rel, state, pbuf);
+ return _addrtest_(rel, state, pbuf, 1);
}
@@ -889,7 +897,7 @@
pbuf[1] = P_K_IPv4;
pbuf[6] = 32;
}
- return _addrtest_(rel,state,pbuf);
+ return _addrtest_(rel,state,pbuf, 0);
}
plen = addr_len;