~ubuntu-branches/ubuntu/hardy/postfix/hardy-security

Viewing changes to src/smtpd/smtpd_check.c

Committer: Bazaar Package Importer
Author(s): LaMont Jones
Date: 2007-01-05 19:31:31 UTC
mfrom: (1.1.10 upstream)
Revision ID: james.westby@ubuntu.com-20070105193131-vxoxyny6xci4z5b3

Tags: 2.3.6-1

http://bugs.debian.org/404132

http://bugs.debian.org/404573

http://bugs.debian.org/399916

http://bugs.debian.org/405320

* New upstream version
* French debconf template.  Closes: #404132
* Galician debconf template.  Closes: #404573
* fix typos in debconf messages.  Closes: #399916
* Catalan debconf template.  Closes: #405320

files modified:
HISTORY

README_FILES/FILTER_README

RELEASE_NOTES

debian/arch-version

debian/changelog

debian/po/ca.po

debian/po/cs.po

debian/po/de.po

debian/po/es.po

debian/po/fr.po

debian/po/gl.po

debian/po/it.po

debian/po/ja.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/ru.po

debian/po/sv.po

debian/po/templates.pot

debian/po/vi.po

debian/rules

debian/templates

html/FILTER_README.html

html/postconf.5.html

man/man5/postconf.5

proto/FILTER_README.html

proto/postconf.proto

src/cleanup/cleanup_milter.c

src/global/mail_version.h

src/milter/milter8.c

src/postconf/postconf.c

src/postqueue/postqueue.c

src/sendmail/sendmail.c

src/smtpd/smtpd_check.c

Show diffs side-by-side

added added

removed removed

src/smtpd/smtpd_check.c

1142

{

1143

const char *myname = "reject_unknown_hostname";

1144

int dns_status;

1145

DNS_RR *dummy;

1145

1146

1147

if (msg_verbose)

1147

1148

msg_info("%s: %s", myname, name);

1152

1153

#define RR_ADDR_TYPES T_A

1153

1154

#endif

1154

1155

dns_status = dns_lookup_l(name, 0, (DNS_RR **) 0, (VSTRING *) 0,

1156

dns_status = dns_lookup_l(name, 0, &dummy, (VSTRING *) 0,

1156

1157

(VSTRING *) 0, DNS_REQ_FLAG_STOP_OK,

1157

1158

RR_ADDR_TYPES, T_MX, 0);

1159

if (dummy)

1160

dns_rr_free(dummy);

1158

1161

if (dns_status != DNS_OK) { /* incl. DNS_INVAL */

1159

1162

if (dns_status != DNS_RETRY)

1160

1163

return (smtpd_check_reject(state, MAIL_ERROR_POLICY,

1161

1164

var_unk_name_code, "4.7.1",

1162

"<%s>: %s rejected: Host not found",

1163

reply_name, reply_class));

1165

"<%s>: %s rejected: %s",

1166

reply_name, reply_class,

1167

dns_status == DNS_INVAL ?

1168

"Malformed DNS server reply" :

1169

"Host not found"));

1164

1170

else

1165

1171

DEFER_IF_PERMIT2(state, MAIL_ERROR_POLICY,

1166

1172

450, "4.7.1",

1177

1183

{

1178

1184

const char *myname = "reject_unknown_mailhost";

1179

1185

int dns_status;

1186

DNS_RR *dummy;

1180

1187

1181

1188

if (msg_verbose)

1182

1189

msg_info("%s: %s", myname, name);

1183

1190

1184

1191

#define MAILHOST_LOOKUP_FLAGS (DNS_REQ_FLAG_STOP_OK | DNS_REQ_FLAG_STOP_INVAL)

1185

1192

1186

dns_status = dns_lookup_l(name, 0, (DNS_RR **) 0, (VSTRING *) 0,

1193

dns_status = dns_lookup_l(name, 0, &dummy, (VSTRING *) 0,

1187

1194

(VSTRING *) 0, MAILHOST_LOOKUP_FLAGS,

1188

1195

T_MX, RR_ADDR_TYPES, 0);

1196

if (dummy)

1197

dns_rr_free(dummy);

1189

1198

if (dns_status != DNS_OK) { /* incl. DNS_INVAL */

1190

1199

if (dns_status != DNS_RETRY)

1191

1200

return (smtpd_check_reject(state, MAIL_ERROR_POLICY,

1192

1201

var_unk_addr_code,

1193

1202

strcmp(reply_class, SMTPD_NAME_SENDER) == 0 ?

1194

1203

"4.1.8" : "4.1.2",

1195

"<%s>: %s rejected: Domain not found",

1196

reply_name, reply_class));

1204

"<%s>: %s rejected: %s",

1205

reply_name, reply_class,

1206

dns_status == DNS_INVAL ?

1207

"Malformed DNS server reply" :

1208

"Domain not found"));

1197

1209

else

1198

1210

DEFER_IF_PERMIT2(state, MAIL_ERROR_POLICY,

1199

1211

450, strcmp(reply_class, SMTPD_NAME_SENDER) == 0 ?

1221

1233

msg_info("Relaying allowed for all verified client certificates");

1222

1234

return (SMTPD_CHECK_OK);

1223

1235

}

1224

if (state->tls_context->peer_verified

1225

&& state->tls_context->peer_fingerprint) {

1236

1237

1238

* When directly checking the fingerprint, it is OK if the issuing CA is

1239

* not trusted.

1240

1241

if (state->tls_context->peer_fingerprint) {

1226

1242

found = maps_find(relay_ccerts, state->tls_context->peer_fingerprint,

1227

1243

DICT_FLAG_NONE);

1228

1244

if (found) {

2578

2594

if (!state->tls_context)

2579

2595

return SMTPD_CHECK_DUNNO;

2580

2596

2581

if (state->tls_context->peer_verified

2582

&& state->tls_context->peer_fingerprint) {

2597

2598

* When directly checking the fingerprint, it is OK if the issuing CA is

2599

* not trusted.

2600

2601

if (state->tls_context->peer_fingerprint) {

2583

2602

if (msg_verbose)

2584

2603

msg_info("%s: %s", myname, state->tls_context->peer_fingerprint);

2585

2604

3335

3354

#define IF_VERIFIED(x) \

3336

3355

((state->tls_context && \

3337

3356

state->tls_context->peer_verified && ((x) != 0)) ? (x) : "")

3338

ATTR_TYPE_STR, MAIL_ATTR_CCERT_SUBJECT, subject,

3339

ATTR_TYPE_STR, MAIL_ATTR_CCERT_ISSUER, issuer,

3357

#define IF_ENCRYPTED(x, y) ((state->tls_context && ((x) != 0)) ? (x) : (y))

3358

ATTR_TYPE_STR, MAIL_ATTR_CCERT_SUBJECT,

3359

IF_VERIFIED(subject),

3360

ATTR_TYPE_STR, MAIL_ATTR_CCERT_ISSUER,

3361

IF_VERIFIED(issuer),

3362

3363

3364

* When directly checking the fingerprint, it is OK if the issuing CA is

3365

* not trusted.

3366

3340

3367

ATTR_TYPE_STR, MAIL_ATTR_CCERT_FINGERPRINT,

3341

IF_VERIFIED(state->tls_context->peer_fingerprint),

3342

#define IF_ENCRYPTED(x, y) ((state->tls_context && ((x) != 0)) ? (x) : (y))

3368

IF_ENCRYPTED(state->tls_context->peer_fingerprint, ""),

3343

3369

ATTR_TYPE_STR, MAIL_ATTR_CRYPTO_PROTOCOL,

3344

3370

IF_ENCRYPTED(state->tls_context->protocol, ""),

3345

3371

ATTR_TYPE_STR, MAIL_ATTR_CRYPTO_CIPHER,

Older »