1152
1153
#define RR_ADDR_TYPES T_A
1155
dns_status = dns_lookup_l(name, 0, (DNS_RR **) 0, (VSTRING *) 0,
1156
dns_status = dns_lookup_l(name, 0, &dummy, (VSTRING *) 0,
1156
1157
(VSTRING *) 0, DNS_REQ_FLAG_STOP_OK,
1157
1158
RR_ADDR_TYPES, T_MX, 0);
1158
1161
if (dns_status != DNS_OK) { /* incl. DNS_INVAL */
1159
1162
if (dns_status != DNS_RETRY)
1160
1163
return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
1161
1164
var_unk_name_code, "4.7.1",
1162
"<%s>: %s rejected: Host not found",
1163
reply_name, reply_class));
1165
"<%s>: %s rejected: %s",
1166
reply_name, reply_class,
1167
dns_status == DNS_INVAL ?
1168
"Malformed DNS server reply" :
1165
1171
DEFER_IF_PERMIT2(state, MAIL_ERROR_POLICY,
1178
1184
const char *myname = "reject_unknown_mailhost";
1179
1185
int dns_status;
1181
1188
if (msg_verbose)
1182
1189
msg_info("%s: %s", myname, name);
1184
1191
#define MAILHOST_LOOKUP_FLAGS (DNS_REQ_FLAG_STOP_OK | DNS_REQ_FLAG_STOP_INVAL)
1186
dns_status = dns_lookup_l(name, 0, (DNS_RR **) 0, (VSTRING *) 0,
1193
dns_status = dns_lookup_l(name, 0, &dummy, (VSTRING *) 0,
1187
1194
(VSTRING *) 0, MAILHOST_LOOKUP_FLAGS,
1188
1195
T_MX, RR_ADDR_TYPES, 0);
1189
1198
if (dns_status != DNS_OK) { /* incl. DNS_INVAL */
1190
1199
if (dns_status != DNS_RETRY)
1191
1200
return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
1192
1201
var_unk_addr_code,
1193
1202
strcmp(reply_class, SMTPD_NAME_SENDER) == 0 ?
1194
1203
"4.1.8" : "4.1.2",
1195
"<%s>: %s rejected: Domain not found",
1196
reply_name, reply_class));
1204
"<%s>: %s rejected: %s",
1205
reply_name, reply_class,
1206
dns_status == DNS_INVAL ?
1207
"Malformed DNS server reply" :
1208
"Domain not found"));
1198
1210
DEFER_IF_PERMIT2(state, MAIL_ERROR_POLICY,
1199
1211
450, strcmp(reply_class, SMTPD_NAME_SENDER) == 0 ?
1221
1233
msg_info("Relaying allowed for all verified client certificates");
1222
1234
return (SMTPD_CHECK_OK);
1224
if (state->tls_context->peer_verified
1225
&& state->tls_context->peer_fingerprint) {
1238
* When directly checking the fingerprint, it is OK if the issuing CA is
1241
if (state->tls_context->peer_fingerprint) {
1226
1242
found = maps_find(relay_ccerts, state->tls_context->peer_fingerprint,
1227
1243
DICT_FLAG_NONE);
2578
2594
if (!state->tls_context)
2579
2595
return SMTPD_CHECK_DUNNO;
2581
if (state->tls_context->peer_verified
2582
&& state->tls_context->peer_fingerprint) {
2598
* When directly checking the fingerprint, it is OK if the issuing CA is
2601
if (state->tls_context->peer_fingerprint) {
2583
2602
if (msg_verbose)
2584
2603
msg_info("%s: %s", myname, state->tls_context->peer_fingerprint);
3335
3354
#define IF_VERIFIED(x) \
3336
3355
((state->tls_context && \
3337
3356
state->tls_context->peer_verified && ((x) != 0)) ? (x) : "")
3338
ATTR_TYPE_STR, MAIL_ATTR_CCERT_SUBJECT, subject,
3339
ATTR_TYPE_STR, MAIL_ATTR_CCERT_ISSUER, issuer,
3357
#define IF_ENCRYPTED(x, y) ((state->tls_context && ((x) != 0)) ? (x) : (y))
3358
ATTR_TYPE_STR, MAIL_ATTR_CCERT_SUBJECT,
3359
IF_VERIFIED(subject),
3360
ATTR_TYPE_STR, MAIL_ATTR_CCERT_ISSUER,
3361
IF_VERIFIED(issuer),
3364
* When directly checking the fingerprint, it is OK if the issuing CA is
3340
3367
ATTR_TYPE_STR, MAIL_ATTR_CCERT_FINGERPRINT,
3341
IF_VERIFIED(state->tls_context->peer_fingerprint),
3342
#define IF_ENCRYPTED(x, y) ((state->tls_context && ((x) != 0)) ? (x) : (y))
3368
IF_ENCRYPTED(state->tls_context->peer_fingerprint, ""),
3343
3369
ATTR_TYPE_STR, MAIL_ATTR_CRYPTO_PROTOCOL,
3344
3370
IF_ENCRYPTED(state->tls_context->protocol, ""),
3345
3371
ATTR_TYPE_STR, MAIL_ATTR_CRYPTO_CIPHER,