[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sender blocking policy problem



On Wed, Jun 18, 2003 at 06:57:38PM +0300, Andrey Blochintsev wrote:
... 
> Pseudocode for policy-test mail_from address:
> 
> if "rejectsource +" attribute found for user@do.main
> then
> 	 return "reject"
> else
> 	if "rejectsource +" attribute found for do.main
> 		return "reject"
> 	fi
> fi
> 
> "rejectsource" atribute can't be used to allow single email
> if all domain disabled.


  Yeah, that is true.   Reading   smtpserver/policytest.c's
  pt_mailfrom(),  it is clear that you can reject (or freeze)
  individual source address, but you can't allow it explicitely
  aside of what domain based testing reports.

  A bit of new code is needed, hmm...

  If there is "freezesource" or "rejectsource" attribute (with
  any value except "+"), the domain based testing will ignore
  those attributes ?   Thus  "rejectsource -" for explicite
  user@do.main would allow that address, while all "do.main"
  would be blocked.

  The code to make that behaviour is here:
  (copy&paste from xterm => TABs are scrambled, patch manually...)

--- smtpserver/policytest.c     14 May 2003 14:12:10 -0000      1.74
+++ smtpserver/policytest.c     18 Jun 2003 17:50:09 -0000
@@ -1395,6 +1395,7 @@
 const int len;
 {
     const char *at;
+    int requestmask = 0;
 
     state->rcpt_nocheck  = 0;
     state->sender_reject = 0;
@@ -1428,6 +1429,9 @@
        PICK_PA_MSG(P_A_FREEZESOURCE);
        return 1;
       }
+      if (state->values[P_A_FREEZESOURCE])
+       requestmask |= 1 << P_A_FREEZESOURCE;
+
       if (valueeq(state->values[P_A_REJECTSOURCE], "+")) {
        if (debug)
          type(NULL,0,NULL," mailfrom: 'rejectsource +'");
@@ -1435,6 +1439,8 @@
        PICK_PA_MSG(P_A_REJECTSOURCE);
        return -1;
       }
+      if (state->values[P_A_REJECTSOURCE])
+       requestmask |= 1 << P_A_REJECTSOURCE;
     }
 
     state->request = ( 1 << P_A_REJECTSOURCE  |
@@ -1443,7 +1449,7 @@
                       1 << P_A_RELAYCUSTOMER |
 #endif
                       1 << P_A_SENDERNoRelay |
-                      1 << P_A_SENDERokWithDNS );
+                      1 << P_A_SENDERokWithDNS ) & (~ requestmask);
 
     at = find_nonqchr(str, '@', len);
     if (at != NULL) {


-- 
/Matti Aarnio	<mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi