« back to all changes in this revision
Viewing changes to src/postscreen/postscreen.c
- browse files at revision 36
- compare with another revision
- download diff
- download tarball
- view history from revision 36
- Committer: Bazaar Package Importer
- Author(s): LaMont Jones
- Date: 2011-02-22 11:20:43 UTC
- mfrom: (1.1.27 upstream)
- Revision ID: james.westby@ubuntu.com-20110222112043-c34ht219w3ybrilr
Tags: 2.8.0-2
* a little more lintian cleanup
* Fix missing format strings in smtp-sink.c
* Fix missing format strings in smtp-sink.c
- files added:
- README_FILES/POSTSCREEN_README
- debian/source
- src/dnsblog
- src/dnsblog/.indent.pro
- src/postscreen
- src/postscreen/.indent.pro
- src/tlsproxy
- src/tlsproxy/.indent.pro
- files removed:
- src/util/upass_connect.c
- files modified:
- .indent.pro
added
removed
src/postscreen/postscreen.c
1
/*++
2
/* NAME
3
/* postscreen 8
4
/* SUMMARY
5
/* Postfix zombie blocker
6
/* SYNOPSIS
7
/* \fBpostscreen\fR [generic Postfix daemon options]
8
/* DESCRIPTION
9
/* The Postfix \fBpostscreen\fR(8) server performs triage on
10
/* multiple inbound SMTP connections at the same time. While
11
/* a single \fBpostscreen\fR(8) process keeps spambots away
12
/* from Postfix SMTP server processes, more Postfix SMTP server
13
/* processes remain available for legitimate clients.
14
/*
15
/* This program should not be used on SMTP ports that receive
16
/* mail from end-user clients (MUAs). In a typical deployment,
17
/* \fBpostscreen\fR(8) is used on the "port 25" service, while
18
/* MUA clients submit mail via the \fBsubmission\fR service.
19
/*
20
/* \fBpostscreen\fR(8) maintains a temporary whitelist for
21
/* clients that have passed a number of tests. When an SMTP
22
/* client IP address is whitelisted, \fBpostscreen\fR(8) hands
23
/* off the connection immediately to a Postfix SMTP server
24
/* process. This minimizes the overhead for legitimate mail.
25
/*
26
/* By default, \fBpostscreen\fR(8) logs statistics and hands
27
/* off every connection to a Postfix SMTP server process, while
28
/* excluding clients in mynetworks from all tests (primarily,
29
/* to avoid problems with non-standard SMTP implementations
30
/* in network appliances). This mode is useful for non-destructive
31
/* testing.
32
/*
33
/* In a typical production setting, \fBpostscreen\fR(8) is
34
/* configured to reject mail from clients that fail one or
35
/* more tests. \fBpostscreen\fR(8) logs rejected mail with the
36
/* client address, helo, sender and recipient information.
37
/*
38
/* \fBpostscreen\fR(8) is not an SMTP proxy; this is intentional.
39
/* The purpose is to keep spambots away from Postfix SMTP
40
/* server processes, while minimizing overhead for legitimate
41
/* traffic.
42
/* SECURITY
43
/* .ad
44
/* .fi
45
/* The \fBpostscreen\fR(8) server is moderately security-sensitive.
46
/* It talks to untrusted clients on the network. The process
47
/* can be run chrooted at fixed low privilege.
48
/* STANDARDS
49
/* RFC 821 (SMTP protocol)
50
/* RFC 1123 (Host requirements)
51
/* RFC 1652 (8bit-MIME transport)
52
/* RFC 1869 (SMTP service extensions)
53
/* RFC 1870 (Message Size Declaration)
54
/* RFC 1985 (ETRN command)
55
/* RFC 2034 (SMTP Enhanced Status Codes)
56
/* RFC 2821 (SMTP protocol)
57
/* RFC 2920 (SMTP Pipelining)
58
/* RFC 3207 (STARTTLS command)
59
/* RFC 3461 (SMTP DSN Extension)
60
/* RFC 3463 (Enhanced Status Codes)
61
/* RFC 5321 (SMTP protocol, including multi-line 220 banners)
62
/* DIAGNOSTICS
63
/* Problems and transactions are logged to \fBsyslogd\fR(8).
64
/* BUGS
65
/* The \fBpostscreen\fR(8) built-in SMTP protocol engine
66
/* currently does not announce support for AUTH, XCLIENT or
67
/* XFORWARD.
68
/* Support for AUTH may be added in the future.
69
/* In the mean time, if you need to make these services available
70
/* on port 25, then do not enable the optional "after 220
71
/* server greeting" tests.
72
/*
73
/* The optional "after 220 server greeting" tests involve
74
/* \fBpostscreen\fR(8)'s built-in SMTP protocol engine. When
75
/* these tests succeed, \fBpostscreen\fR(8) adds the client
76
/* to the temporary whitelist but it cannot not hand off the
77
/* "live" connection to a Postfix SMTP server process in the
78
/* middle of a session. Instead, \fBpostscreen\fR(8) defers
79
/* attempts to deliver mail with a 4XX status, and waits for
80
/* the client to disconnect. The next time a good client
81
/* connects, it will be allowed to talk to a Postfix SMTP
82
/* server process to deliver mail. \fBpostscreen\fR(8) mitigates
83
/* the impact of this limitation by giving such tests a long
84
/* expiration time.
85
/* CONFIGURATION PARAMETERS
86
/* .ad
87
/* .fi
88
/* Changes to main.cf are not picked up automatically, as
89
/* \fBpostscreen\fR(8) processes may run for several hours.
90
/* Use the command "postfix reload" after a configuration
91
/* change.
92
/*
93
/* The text below provides only a parameter summary. See
94
/* \fBpostconf\fR(5) for more details including examples.
95
/*
96
/* NOTE: Some \fBpostscreen\fR(8) parameters implement
97
/* stress-dependent behavior. This is supported only when the
98
/* default parameter value is stress-dependent (that is, it
99
/* looks like ${stress?X}${stress:Y}, or it is the $\fIname\fR
100
/* of an smtpd parameter with a stress-dependent default).
101
/* Other parameters always evaluate as if the \fBstress\fR
102
/* parameter value is the empty string.
103
/* COMPATIBILITY CONTROLS
104
/* .ad
105
/* .fi
106
/* .IP "\fBpostscreen_command_filter ($smtpd_command_filter)\fR"
107
/* A mechanism to transform commands from remote SMTP clients.
108
/* .IP "\fBpostscreen_discard_ehlo_keyword_address_maps ($smtpd_discard_ehlo_keyword_address_maps)\fR"
109
/* Lookup tables, indexed by the remote SMTP client address, with
110
/* case insensitive lists of EHLO keywords (pipelining, starttls, auth,
111
/* etc.) that the \fBpostscreen\fR(8) server will not send in the EHLO response
112
/* to a remote SMTP client.
113
/* .IP "\fBpostscreen_discard_ehlo_keywords ($smtpd_discard_ehlo_keywords)\fR"
114
/* A case insensitive list of EHLO keywords (pipelining, starttls,
115
/* auth, etc.) that the \fBpostscreen\fR(8) server will not send in the EHLO
116
/* response to a remote SMTP client.
117
/* TROUBLE SHOOTING CONTROLS
118
/* .ad
119
/* .fi
120
/* .IP "\fBpostscreen_expansion_filter (see 'postconf -d' output)\fR"
121
/* List of characters that are permitted in postscreen_reject_footer
122
/* attribute expansions.
123
/* .IP "\fBpostscreen_reject_footer ($smtpd_reject_footer)\fR"
124
/* Optional information that is appended after a 4XX or 5XX server
125
/* response.
126
/* .IP "\fBsoft_bounce (no)\fR"
127
/* Safety net to keep mail queued that would otherwise be returned to
128
/* the sender.
129
/* PERMANENT WHITE/BLACKLIST TEST
130
/* .ad
131
/* .fi
132
/* This test is executed immediately after a remote SMTP client
133
/* connects. If a client is permanently whitelisted, the client
134
/* will be handed off immediately to a Postfix SMTP server
135
/* process.
136
/* .IP "\fBpostscreen_access_list (permit_mynetworks)\fR"
137
/* Permanent white/blacklist for remote SMTP client IP addresses.
138
/* .IP "\fBpostscreen_blacklist_action (ignore)\fR"
139
/* The action that \fBpostscreen\fR(8) takes when an SMTP client is
140
/* permanently blacklisted with the postscreen_access_list parameter.
141
/* BEFORE-GREETING TESTS
142
/* .ad
143
/* .fi
144
/* These tests are executed before the remote SMTP client
145
/* receives the "220 servername" greeting. If no tests remain
146
/* after the successful completion of this phase, the client
147
/* will be handed off immediately to a Postfix SMTP server
148
/* process.
149
/* .IP "\fBdnsblog_service_name (dnsblog)\fR"
150
/* The name of the \fBdnsblog\fR(8) service entry in master.cf.
151
/* .IP "\fBpostscreen_dnsbl_action (ignore)\fR"
152
/* The action that \fBpostscreen\fR(8) takes when an SMTP client's combined
153
/* DNSBL score is equal to or greater than a threshold (as defined
154
/* with the postscreen_dnsbl_sites and postscreen_dnsbl_threshold
155
/* parameters).
156
/* .IP "\fBpostscreen_dnsbl_reply_map (empty)\fR"
157
/* A mapping from actual DNSBL domain name which includes a secret
158
/* password, to the DNSBL domain name that postscreen will reply with
159
/* when it rejects mail.
160
/* .IP "\fBpostscreen_dnsbl_sites (empty)\fR"
161
/* Optional list of DNS white/blacklist domains, filters and weight
162
/* factors.
163
/* .IP "\fBpostscreen_dnsbl_threshold (1)\fR"
164
/* The inclusive lower bound for blocking an SMTP client, based on
165
/* its combined DNSBL score as defined with the postscreen_dnsbl_sites
166
/* parameter.
167
/* .IP "\fBpostscreen_greet_action (ignore)\fR"
168
/* The action that \fBpostscreen\fR(8) takes when an SMTP client speaks
169
/* before its turn within the time specified with the postscreen_greet_wait
170
/* parameter.
171
/* .IP "\fBpostscreen_greet_banner ($smtpd_banner)\fR"
172
/* The \fItext\fR in the optional "220-\fItext\fR..." server
173
/* response that
174
/* \fBpostscreen\fR(8) sends ahead of the real Postfix SMTP server's "220
175
/* text..." response, in an attempt to confuse bad SMTP clients so
176
/* that they speak before their turn (pre-greet).
177
/* .IP "\fBpostscreen_greet_wait (${stress?2}${stress:6}s)\fR"
178
/* The amount of time that \fBpostscreen\fR(8) will wait for an SMTP
179
/* client to send a command before its turn, and for DNS blocklist
180
/* lookup results to arrive (default: up to 2 seconds under stress,
181
/* up to 6 seconds otherwise).
182
/* .IP "\fBsmtpd_service_name (smtpd)\fR"
183
/* The internal service that \fBpostscreen\fR(8) forwards allowed
184
/* connections to.
185
/* AFTER-GREETING TESTS
186
/* .ad
187
/* .fi
188
/* These tests are executed after the remote SMTP client
189
/* receives the "220 servername" greeting. If a client passes
190
/* all tests during this phase, it will receive a 4XX response
191
/* to RCPT TO commands until the client hangs up. After this,
192
/* the client will be allowed to talk directly to a Postfix
193
/* SMTP server process.
194
/* .IP "\fBpostscreen_bare_newline_action (ignore)\fR"
195
/* The action that \fBpostscreen\fR(8) takes when an SMTP client sends
196
/* a bare newline character, that is, a newline not preceded by carriage
197
/* return.
198
/* .IP "\fBpostscreen_bare_newline_enable (no)\fR"
199
/* Enable "bare newline" SMTP protocol tests in the \fBpostscreen\fR(8)
200
/* server.
201
/* .IP "\fBpostscreen_disable_vrfy_command ($disable_vrfy_command)\fR"
202
/* Disable the SMTP VRFY command in the \fBpostscreen\fR(8) daemon.
203
/* .IP "\fBpostscreen_forbidden_commands ($smtpd_forbidden_commands)\fR"
204
/* List of commands that the \fBpostscreen\fR(8) server considers in
205
/* violation of the SMTP protocol.
206
/* .IP "\fBpostscreen_helo_required ($smtpd_helo_required)\fR"
207
/* Require that a remote SMTP client sends HELO or EHLO before
208
/* commencing a MAIL transaction.
209
/* .IP "\fBpostscreen_non_smtp_command_action (drop)\fR"
210
/* The action that \fBpostscreen\fR(8) takes when an SMTP client sends
211
/* non-SMTP commands as specified with the postscreen_forbidden_commands
212
/* parameter.
213
/* .IP "\fBpostscreen_non_smtp_command_enable (no)\fR"
214
/* Enable "non-SMTP command" tests in the \fBpostscreen\fR(8) server.
215
/* .IP "\fBpostscreen_pipelining_action (enforce)\fR"
216
/* The action that \fBpostscreen\fR(8) takes when an SMTP client sends
217
/* multiple commands instead of sending one command and waiting for
218
/* the server to respond.
219
/* .IP "\fBpostscreen_pipelining_enable (no)\fR"
220
/* Enable "pipelining" SMTP protocol tests in the \fBpostscreen\fR(8)
221
/* server.
222
/* CACHE CONTROLS
223
/* .ad
224
/* .fi
225
/* .IP "\fBpostscreen_cache_cleanup_interval (12h)\fR"
226
/* The amount of time between \fBpostscreen\fR(8) cache cleanup runs.
227
/* .IP "\fBpostscreen_cache_map (btree:$data_directory/postscreen_cache)\fR"
228
/* Persistent storage for the \fBpostscreen\fR(8) server decisions.
229
/* .IP "\fBpostscreen_cache_retention_time (7d)\fR"
230
/* The amount of time that \fBpostscreen\fR(8) will cache an expired
231
/* temporary whitelist entry before it is removed.
232
/* .IP "\fBpostscreen_bare_newline_ttl (30d)\fR"
233
/* The amount of time that \fBpostscreen\fR(8) will use the result from
234
/* a successful "bare newline" SMTP protocol test.
235
/* .IP "\fBpostscreen_dnsbl_ttl (1h)\fR"
236
/* The amount of time that \fBpostscreen\fR(8) will use the result from
237
/* a successful DNS blocklist test.
238
/* .IP "\fBpostscreen_greet_ttl (1d)\fR"
239
/* The amount of time that \fBpostscreen\fR(8) will use the result from
240
/* a successful PREGREET test.
241
/* .IP "\fBpostscreen_non_smtp_command_ttl (30d)\fR"
242
/* The amount of time that \fBpostscreen\fR(8) will use the result from
243
/* a successful "non_smtp_command" SMTP protocol test.
244
/* .IP "\fBpostscreen_pipelining_ttl (30d)\fR"
245
/* The amount of time that \fBpostscreen\fR(8) will use the result from
246
/* a successful "pipelining" SMTP protocol test.
247
/* RESOURCE CONTROLS
248
/* .ad
249
/* .fi
250
/* .IP "\fBline_length_limit (2048)\fR"
251
/* Upon input, long lines are chopped up into pieces of at most
252
/* this length; upon delivery, long lines are reconstructed.
253
/* .IP "\fBpostscreen_client_connection_count_limit ($smtpd_client_connection_count_limit)\fR"
254
/* How many simultaneous connections any client is allowed to have
255
/* with the \fBpostscreen\fR(8) daemon.
256
/* .IP "\fBpostscreen_command_count_limit (20)\fR"
257
/* The limit on the total number of commands per SMTP session for
258
/* \fBpostscreen\fR(8)'s built-in SMTP protocol engine.
259
/* .IP "\fBpostscreen_command_time_limit (${stress?10}${stress:300}s)\fR"
260
/* The time limit to read an entire command line with \fBpostscreen\fR(8)'s
261
/* built-in SMTP protocol engine.
262
/* .IP "\fBpostscreen_post_queue_limit ($default_process_limit)\fR"
263
/* The number of clients that can be waiting for service from a
264
/* real SMTP server process.
265
/* .IP "\fBpostscreen_pre_queue_limit ($default_process_limit)\fR"
266
/* The number of non-whitelisted clients that can be waiting for
267
/* a decision whether they will receive service from a real SMTP server
268
/* process.
269
/* .IP "\fBpostscreen_watchdog_timeout (10s)\fR"
270
/* How much time a \fBpostscreen\fR(8) process may take to respond to
271
/* an SMTP client command or to perform a cache operation before it
272
/* is terminated by a built-in watchdog timer.
273
/* STARTTLS CONTROLS
274
/* .ad
275
/* .fi
276
/* .IP "\fBpostscreen_tls_security_level ($smtpd_tls_security_level)\fR"
277
/* The SMTP TLS security level for the \fBpostscreen\fR(8) server; when
278
/* a non-empty value is specified, this overrides the obsolete parameters
279
/* postscreen_use_tls and postscreen_enforce_tls.
280
/* .IP "\fBtlsproxy_service_name (tlsproxy)\fR"
281
/* The name of the \fBtlsproxy\fR(8) service entry in master.cf.
282
/* OBSOLETE STARTTLS SUPPORT CONTROLS
283
/* .ad
284
/* .fi
285
/* These parameters are supported for compatibility with
286
/* \fBsmtpd\fR(8) legacy parameters.
287
/* .IP "\fBpostscreen_use_tls ($smtpd_use_tls)\fR"
288
/* Opportunistic TLS: announce STARTTLS support to SMTP clients,
289
/* but do not require that clients use TLS encryption.
290
/* .IP "\fBpostscreen_enforce_tls ($smtpd_enforce_tls)\fR"
291
/* Mandatory TLS: announce STARTTLS support to SMTP clients, and
292
/* require that clients use TLS encryption.
293
/* MISCELLANEOUS CONTROLS
294
/* .ad
295
/* .fi
296
/* .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
297
/* The default location of the Postfix main.cf and master.cf
298
/* configuration files.
299
/* .IP "\fBdelay_logging_resolution_limit (2)\fR"
300
/* The maximal number of digits after the decimal point when logging
301
/* sub-second delay values.
302
/* .IP "\fBcommand_directory (see 'postconf -d' output)\fR"
303
/* The location of all postfix administrative commands.
304
/* .IP "\fBmax_idle (100s)\fR"
305
/* The maximum amount of time that an idle Postfix daemon process waits
306
/* for an incoming connection before terminating voluntarily.
307
/* .IP "\fBprocess_id (read-only)\fR"
308
/* The process ID of a Postfix command or daemon process.
309
/* .IP "\fBprocess_name (read-only)\fR"
310
/* The process name of a Postfix command or daemon process.
311
/* .IP "\fBsyslog_facility (mail)\fR"
312
/* The syslog facility of Postfix logging.
313
/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
314
/* The mail system name that is prepended to the process name in syslog
315
/* records, so that "smtpd" becomes, for example, "postfix/smtpd".
316
/* SEE ALSO
317
/* smtpd(8), Postfix SMTP server
318
/* tlsproxy(8), Postfix TLS proxy server
319
/* dnsblog(8), DNS black/whitelist logger
320
/* syslogd(8), system logging
321
/* README FILES
322
/* .ad
323
/* .fi
324
/* Use "\fBpostconf readme_directory\fR" or "\fBpostconf
325
/* html_directory\fR" to locate this information.
326
/* .nf
327
/* .na
328
/* POSTSCREEN_README, Postfix Postscreen Howto
329
/* LICENSE
330
/* .ad
331
/* .fi
332
/* The Secure Mailer license must be distributed with this software.
333
/* HISTORY
334
/* .ad
335
/* .fi
336
/* This service was introduced with Postfix version 2.8.
337
/*
338
/* Many ideas in \fBpostscreen\fR(8) were explored in earlier
339
/* work by Michael Tokarev, in OpenBSD spamd, and in MailChannels
340
/* Traffic Control.
341
/* AUTHOR(S)
342
/* Wietse Venema
343
/* IBM T.J. Watson Research
344
/* P.O. Box 704
345
/* Yorktown Heights, NY 10598, USA
346
/*--*/
347
348
/* System library. */
349
350
#include <sys_defs.h>
351
#include <sys/stat.h>
352
#include <stdlib.h>
353
354
/* Utility library. */
355
356
#include <msg.h>
357
#include <mymalloc.h>
358
#include <events.h>
359
#include <myaddrinfo.h>
360
#include <dict_cache.h>
361
#include <set_eugid.h>
362
#include <vstream.h>
363
#include <name_code.h>
364
365
/* Global library. */
366
367
#include <mail_conf.h>
368
#include <mail_params.h>
369
#include <mail_version.h>
370
#include <mail_proto.h>
371
#include <data_redirect.h>
372
#include <string_list.h>
373
374
/* Master server protocols. */
375
376
#include <mail_server.h>
377
378
/* Application-specific. */
379
380
#include <postscreen.h>
381
382
/*
383
* Configuration parameters.
384
*/
385
int var_proc_limit;
386
char *var_smtpd_service;
387
char *var_smtpd_banner;
388
bool var_disable_vrfy_cmd;
389
bool var_helo_required;
390
391
char *var_smtpd_cmd_filter;
392
char *var_psc_cmd_filter;
393
394
char *var_smtpd_forbid_cmds;
395
char *var_psc_forbid_cmds;
396
397
char *var_smtpd_ehlo_dis_words;
398
char *var_smtpd_ehlo_dis_maps;
399
char *var_psc_ehlo_dis_words;
400
char *var_psc_ehlo_dis_maps;
401
402
char *var_smtpd_tls_level;
403
bool var_smtpd_use_tls;
404
bool var_smtpd_enforce_tls;
405
char *var_psc_tls_level;
406
bool var_psc_use_tls;
407
bool var_psc_enforce_tls;
408
409
bool var_psc_disable_vrfy;
410
bool var_psc_helo_required;
411
412
char *var_psc_cache_map;
413
int var_psc_cache_scan;
414
int var_psc_cache_ret;
415
int var_psc_post_queue_limit;
416
int var_psc_pre_queue_limit;
417
int var_psc_watchdog;
418
419
#undef MIGRATION_WARNING
420
421
#ifdef MIGRATION_WARNING
422
char *var_psc_wlist_nets;
423
char *var_psc_blist_nets;
424
425
#endif
426
char *var_psc_acl;
427
char *var_psc_blist_action;
428
429
char *var_psc_greet_ttl;
430
int var_psc_greet_wait;
431
432
char *var_psc_pregr_banner;
433
char *var_psc_pregr_action;
434
int var_psc_pregr_ttl;
435
436
char *var_psc_dnsbl_sites;
437
char *var_psc_dnsbl_reply;
438
int var_psc_dnsbl_thresh;
439
char *var_psc_dnsbl_action;
440
int var_psc_dnsbl_ttl;
441
442
bool var_psc_pipel_enable;
443
char *var_psc_pipel_action;
444
int var_psc_pipel_ttl;
445
446
bool var_psc_nsmtp_enable;
447
char *var_psc_nsmtp_action;
448
int var_psc_nsmtp_ttl;
449
450
bool var_psc_barlf_enable;
451
char *var_psc_barlf_action;
452
int var_psc_barlf_ttl;
453
454
int var_psc_cmd_count;
455
char *var_psc_cmd_time;
456
457
char *var_dnsblog_service;
458
char *var_tlsproxy_service;
459
460
char *var_smtpd_rej_footer;
461
char *var_psc_rej_footer;
462
463
int var_smtpd_cconn_limit;
464
int var_psc_cconn_limit;
465
466
char *var_smtpd_exp_filter;
467
char *var_psc_exp_filter;
468
469
/*
470
* Global variables.
471
*/
472
int psc_check_queue_length; /* connections being checked */
473
int psc_post_queue_length; /* being sent to real SMTPD */
474
DICT_CACHE *psc_cache_map; /* cache table handle */
475
VSTRING *psc_temp; /* scratchpad */
476
char *psc_smtpd_service_name; /* path to real SMTPD */
477
int psc_pregr_action; /* PSC_ACT_DROP/ENFORCE/etc */
478
int psc_dnsbl_action; /* PSC_ACT_DROP/ENFORCE/etc */
479
int psc_pipel_action; /* PSC_ACT_DROP/ENFORCE/etc */
480
int psc_nsmtp_action; /* PSC_ACT_DROP/ENFORCE/etc */
481
int psc_barlf_action; /* PSC_ACT_DROP/ENFORCE/etc */
482
int psc_min_ttl; /* Update with new tests! */
483
int psc_max_ttl; /* Update with new tests! */
484
STRING_LIST *psc_forbid_cmds; /* CONNECT GET POST */
485
int psc_stress_greet_wait; /* stressed greet wait */
486
int psc_normal_greet_wait; /* stressed greet wait */
487
int psc_stress_cmd_time_limit; /* stressed command limit */
488
int psc_normal_cmd_time_limit; /* normal command time limit */
489
int psc_stress; /* stress level */
490
int psc_lowat_check_queue_length; /* stress low-water mark */
491
int psc_hiwat_check_queue_length; /* stress high-water mark */
492
DICT *psc_dnsbl_reply; /* DNSBL name mapper */
493
HTABLE *psc_client_concurrency; /* per-client concurrency */
494
495
/*
496
* Local variables.
497
*/
498
#ifdef MIGRATION_WARNING
499
static ADDR_MATCH_LIST *psc_wlist_nets; /* permanently whitelisted networks */
500
static ADDR_MATCH_LIST *psc_blist_nets; /* permanently blacklisted networks */
501
502
#endif
503
static ARGV *psc_acl; /* permanent white/backlist */
504
static int psc_blist_action; /* PSC_ACT_DROP/ENFORCE/etc */
505
506
/* psc_dump - dump some statistics before exit */
507
508
static void psc_dump(void)
509
{
510
511
/*
512
* Dump preliminary cache cleanup statistics when the process commits
513
* suicide while a cache cleanup run is in progress. We can't currently
514
* distinguish between "postfix reload" (we should restart) or "maximal
515
* idle time reached" (we could finish the cache cleanup first).
516
*/
517
if (psc_cache_map) {
518
dict_cache_close(psc_cache_map);
519
psc_cache_map = 0;
520
}
521
}
522
523
/* psc_drain - delayed exit after "postfix reload" */
524
525
static void psc_drain(char *unused_service, char **unused_argv)
526
{
527
int count;
528
529
/*
530
* After "postfix reload", complete work-in-progress in the background,
531
* instead of dropping already-accepted connections on the floor.
532
*
533
* Unfortunately we must close all writable tables, so we can't store or
534
* look up reputation information. The reason is that we don't have any
535
* multi-writer safety guarantees. We also can't use the single-writer
536
* proxywrite service, because its latency guarantees are too weak.
537
*
538
* All error retry counts shall be limited. Instead of blocking here, we
539
* could retry failed fork() operations in the event call-back routines,
540
* but we don't need perfection. The host system is severely overloaded
541
* and service levels are already way down.
542
*
543
* XXX Some Berkeley DB versions break with close-after-fork. Every new
544
* version is an improvement over its predecessor.
545
*/
546
if (psc_cache_map != 0) {
547
dict_cache_close(psc_cache_map);
548
psc_cache_map = 0;
549
}
550
for (count = 0; /* see below */ ; count++) {
551
if (count >= 5) {
552
msg_fatal("fork: %m");
553
} else if (event_server_drain() != 0) {
554
msg_warn("fork: %m");
555
sleep(1);
556
continue;
557
} else {
558
return;
559
}
560
}
561
}
562
563
/* psc_service - handle new client connection */
564
565
static void psc_service(VSTREAM *smtp_client_stream,
566
char *unused_service,
567
char **unused_argv)
568
{
569
const char *myname = "psc_service";
570
PSC_STATE *state;
571
struct sockaddr_storage addr_storage;
572
SOCKADDR_SIZE addr_storage_len = sizeof(addr_storage);
573
MAI_HOSTADDR_STR smtp_client_addr;
574
MAI_SERVPORT_STR smtp_client_port;
575
int aierr;
576
const char *stamp_str;
577
int saved_flags;
578
579
/*
580
* This program handles all incoming connections, so it must not block.
581
* We use event-driven code for all operations that introduce latency.
582
*
583
* Note: instead of using VSTREAM-level timeouts, we enforce limits on the
584
* total amount of time to receive a complete SMTP command line.
585
*/
586
non_blocking(vstream_fileno(smtp_client_stream), NON_BLOCKING);
587
588
/*
589
* We use the event_server framework. This means we get already-accepted
590
* connections so we have to invoke getpeername() to find out the remote
591
* address and port.
592
*/
593
#define PSC_SERVICE_DISCONNECT_AND_RETURN(stream) do { \
594
event_server_disconnect(stream); \
595
return; \
596
} while (0);
597
598
/*
599
* Look up the remote SMTP client address and port.
600
*/
601
if (getpeername(vstream_fileno(smtp_client_stream), (struct sockaddr *)
602
& addr_storage, &addr_storage_len) < 0) {
603
msg_warn("getpeername: %m -- dropping this connection");
604
/* Best effort - if this non-blocking write(2) fails, so be it. */
605
(void) write(vstream_fileno(smtp_client_stream),
606
"421 4.3.2 No system resources\r\n",
607
sizeof("421 4.3.2 No system resources\r\n") - 1);
608
PSC_SERVICE_DISCONNECT_AND_RETURN(smtp_client_stream);
609
}
610
611
/*
612
* Convert the remote SMTP client address and port to printable form for
613
* logging and access control.
614
*/
615
if ((aierr = sockaddr_to_hostaddr((struct sockaddr *) & addr_storage,
616
addr_storage_len, &smtp_client_addr,
617
&smtp_client_port, 0)) != 0) {
618
msg_warn("cannot convert client address/port to string: %s"
619
" -- dropping this connection",
620
MAI_STRERROR(aierr));
621
/* Best effort - if this non-blocking write(2) fails, so be it. */
622
(void) write(vstream_fileno(smtp_client_stream),
623
"421 4.3.2 No system resources\r\n",
624
sizeof("421 4.3.2 No system resources\r\n") - 1);
625
PSC_SERVICE_DISCONNECT_AND_RETURN(smtp_client_stream);
626
}
627
if (strncasecmp("::ffff:", smtp_client_addr.buf, 7) == 0)
628
memmove(smtp_client_addr.buf, smtp_client_addr.buf + 7,
629
sizeof(smtp_client_addr.buf) - 7);
630
if (msg_verbose > 1)
631
msg_info("%s: sq=%d cq=%d connect from [%s]:%s",
632
myname, psc_post_queue_length, psc_check_queue_length,
633
smtp_client_addr.buf, smtp_client_port.buf);
634
635
msg_info("CONNECT from [%s]:%s", smtp_client_addr.buf, smtp_client_port.buf);
636
637
/*
638
* Bundle up all the loose session pieces. This zeroes all flags and time
639
* stamps.
640
*/
641
state = psc_new_session_state(smtp_client_stream, smtp_client_addr.buf,
642
smtp_client_port.buf);
643
644
/*
645
* Reply with 421 when the client has too many open connections.
646
*/
647
if (var_psc_cconn_limit > 0
648
&& state->client_concurrency > var_psc_cconn_limit) {
649
msg_info("NOQUEUE: reject: CONNECT from [%s]:%s: too many connections",
650
state->smtp_client_addr, state->smtp_client_port);
651
PSC_DROP_SESSION_STATE(state,
652
"421 4.7.0 Error: too many connections\r\n");
653
return;
654
}
655
656
/*
657
* Reply with 421 when we can't forward more connections.
658
*/
659
if (var_psc_post_queue_limit > 0
660
&& psc_post_queue_length >= var_psc_post_queue_limit) {
661
msg_info("NOQUEUE: reject: CONNECT from [%s]:%s: all server ports busy",
662
state->smtp_client_addr, state->smtp_client_port);
663
PSC_DROP_SESSION_STATE(state,
664
"421 4.3.2 All server ports are busy\r\n");
665
return;
666
}
667
668
/*
669
* The permanent white/blacklist has highest precedence.
670
*/
671
if (psc_acl != 0) {
672
switch (psc_acl_eval(state, psc_acl, VAR_PSC_ACL)) {
673
674
/*
675
* Permanently blacklisted.
676
*/
677
case PSC_ACL_ACT_BLACKLIST:
678
msg_info("BLACKLISTED [%s]:%s", PSC_CLIENT_ADDR_PORT(state));
679
PSC_FAIL_SESSION_STATE(state, PSC_STATE_FLAG_BLIST_FAIL);
680
switch (psc_blist_action) {
681
case PSC_ACT_DROP:
682
PSC_DROP_SESSION_STATE(state,
683
"521 5.3.2 Service currently unavailable\r\n");
684
return;
685
case PSC_ACT_ENFORCE:
686
PSC_ENFORCE_SESSION_STATE(state,
687
"550 5.3.2 Service currently unavailable\r\n");
688
break;
689
case PSC_ACT_IGNORE:
690
PSC_UNFAIL_SESSION_STATE(state, PSC_STATE_FLAG_BLIST_FAIL);
691
692
/*
693
* Not: PSC_PASS_SESSION_STATE. Repeat this test the next
694
* time.
695
*/
696
break;
697
default:
698
msg_panic("%s: unknown blacklist action value %d",
699
myname, psc_blist_action);
700
}
701
break;
702
703
/*
704
* Permanently whitelisted.
705
*/
706
case PSC_ACL_ACT_WHITELIST:
707
msg_info("WHITELISTED [%s]:%s", PSC_CLIENT_ADDR_PORT(state));
708
psc_conclude(state);
709
return;
710
711
/*
712
* Other: dunno (don't know) or error.
713
*/
714
default:
715
break;
716
}
717
}
718
#ifdef MIGRATION_WARNING
719
720
/*
721
* The permanent whitelist has highest precedence (never block mail from
722
* whitelisted sites, and never run tests against those sites).
723
*/
724
if (psc_wlist_nets != 0
725
&& psc_addr_match_list_match(psc_wlist_nets, state->smtp_client_addr)) {
726
msg_info("WHITELISTED [%s]:%s", PSC_CLIENT_ADDR_PORT(state));
727
psc_conclude(state);
728
return;
729
}
730
731
/*
732
* The permanent blacklist has second precedence. If the client is
733
* permanently blacklisted, send some generic reply and hang up
734
* immediately, or run more tests for logging purposes.
735
*/
736
if (psc_blist_nets != 0
737
&& psc_addr_match_list_match(psc_blist_nets, state->smtp_client_addr)) {
738
msg_info("BLACKLISTED [%s]:%s", PSC_CLIENT_ADDR_PORT(state));
739
PSC_FAIL_SESSION_STATE(state, PSC_STATE_FLAG_BLIST_FAIL);
740
switch (psc_blist_action) {
741
case PSC_ACT_DROP:
742
PSC_DROP_SESSION_STATE(state,
743
"521 5.3.2 Service currently unavailable\r\n");
744
return;
745
case PSC_ACT_ENFORCE:
746
PSC_ENFORCE_SESSION_STATE(state,
747
"550 5.3.2 Service currently unavailable\r\n");
748
break;
749
case PSC_ACT_IGNORE:
750
PSC_UNFAIL_SESSION_STATE(state, PSC_STATE_FLAG_BLIST_FAIL);
751
/* Not: PSC_PASS_SESSION_STATE. Repeat this test the next time. */
752
break;
753
default:
754
msg_panic("%s: unknown blacklist action value %d",
755
myname, psc_blist_action);
756
}
757
}
758
#endif
759
760
/*
761
* The temporary whitelist (i.e. the postscreen cache) has the lowest
762
* precedence. This cache contains information about the results of prior
763
* tests. Whitelist the client when all enabled test results are still
764
* valid.
765
*/
766
if ((state->flags & PSC_STATE_MASK_ANY_FAIL) == 0
767
&& psc_cache_map != 0
768
&& (stamp_str = psc_cache_lookup(psc_cache_map, state->smtp_client_addr)) != 0) {
769
saved_flags = state->flags;
770
psc_parse_tests(state, stamp_str, event_time());
771
state->flags |= saved_flags;
772
if (msg_verbose)
773
msg_info("%s: cached + recent flags: %s",
774
myname, psc_print_state_flags(state->flags, myname));
775
if ((state->flags & PSC_STATE_MASK_ANY_TODO_FAIL) == 0) {
776
msg_info("PASS OLD [%s]:%s", PSC_CLIENT_ADDR_PORT(state));
777
psc_conclude(state);
778
return;
779
}
780
} else {
781
saved_flags = state->flags;
782
psc_new_tests(state);
783
state->flags |= saved_flags;
784
if (msg_verbose)
785
msg_info("%s: new + recent flags: %s",
786
myname, psc_print_state_flags(state->flags, myname));
787
}
788
789
/*
790
* Reply with 421 when we can't analyze more connections.
791
*/
792
if (var_psc_pre_queue_limit > 0
793
&& psc_check_queue_length - psc_post_queue_length
794
>= var_psc_pre_queue_limit) {
795
msg_info("reject: connect from [%s]:%s: all screening ports busy",
796
state->smtp_client_addr, state->smtp_client_port);
797
PSC_DROP_SESSION_STATE(state,
798
"421 4.3.2 All screening ports are busy\r\n");
799
return;
800
}
801
802
/*
803
* If the client has no up-to-date results for some tests, do those tests
804
* first. Otherwise, skip the tests and hand off the connection.
805
*/
806
if (state->flags & PSC_STATE_MASK_EARLY_TODO)
807
psc_early_tests(state);
808
else if (state->flags & (PSC_STATE_MASK_SMTPD_TODO | PSC_STATE_FLAG_NOFORWARD))
809
psc_smtpd_tests(state);
810
else
811
psc_conclude(state);
812
}
813
814
/* psc_cache_validator - validate one cache entry */
815
816
static int psc_cache_validator(const char *client_addr,
817
const char *stamp_str,
818
char *unused_context)
819
{
820
PSC_STATE dummy;
821
822
/*
823
* This function is called by the cache cleanup pseudo thread.
824
*
825
* When an entry is removed from the cache, the client will be reported as
826
* "NEW" in the next session where it passes all tests again. To avoid
827
* silly logging we remove the cache entry only after all tests have
828
* expired longer ago than the cache retention time.
829
*/
830
psc_parse_tests(&dummy, stamp_str, event_time() - var_psc_cache_ret);
831
return ((dummy.flags & PSC_STATE_MASK_ANY_TODO) == 0);
832
}
833
834
/* pre_jail_init - pre-jail initialization */
835
836
static void pre_jail_init(char *unused_name, char **unused_argv)
837
{
838
VSTRING *redirect;
839
840
/*
841
* Open read-only maps before dropping privilege, for consistency with
842
* other Postfix daemons.
843
*/
844
#ifdef MIGRATION_WARNING
845
if (*var_psc_wlist_nets)
846
psc_wlist_nets =
847
addr_match_list_init(MATCH_FLAG_NONE, var_psc_wlist_nets);
848
849
if (*var_psc_blist_nets)
850
psc_blist_nets = addr_match_list_init(MATCH_FLAG_NONE,
851
var_psc_blist_nets);
852
if (psc_blist_nets || psc_wlist_nets) {
853
msg_warn("The %s and %s features will be removed soon. Use %s instead",
854
VAR_PSC_WLIST_NETS, VAR_PSC_BLIST_NETS, VAR_PSC_ACL);
855
msg_warn("To stop this warning, specify empty values for %s and %s",
856
VAR_PSC_WLIST_NETS, VAR_PSC_BLIST_NETS);
857
}
858
#endif
859
psc_acl_pre_jail_init();
860
if (*var_psc_acl)
861
psc_acl = psc_acl_parse(var_psc_acl, VAR_PSC_ACL);
862
if (*var_psc_forbid_cmds)
863
psc_forbid_cmds = string_list_init(MATCH_FLAG_NONE,
864
var_psc_forbid_cmds);
865
if (*var_psc_dnsbl_reply)
866
psc_dnsbl_reply = dict_open(var_psc_dnsbl_reply, O_RDONLY,
867
DICT_FLAG_DUP_WARN);
868
869
/*
870
* Never, ever, get killed by a master signal, as that would corrupt the
871
* database when we're in the middle of an update.
872
*/
873
if (setsid() < 0)
874
msg_warn("setsid: %m");
875
876
/*
877
* Security: don't create root-owned files that contain untrusted data.
878
* And don't create Postfix-owned files in root-owned directories,
879
* either. We want a correct relationship between (file or directory)
880
* ownership and (file or directory) content. To open files before going
881
* to jail, temporarily drop root privileges.
882
*/
883
SAVE_AND_SET_EUGID(var_owner_uid, var_owner_gid);
884
redirect = vstring_alloc(100);
885
886
/*
887
* Keep state in persistent external map. As a safety measure we sync the
888
* database on each update. This hurts on LINUX file systems that sync
889
* all dirty disk blocks whenever any application invokes fsync().
890
*
891
* Start the cache maintenance pseudo thread after dropping privileges.
892
*/
893
#define PSC_DICT_OPEN_FLAGS (DICT_FLAG_DUP_REPLACE | DICT_FLAG_SYNC_UPDATE)
894
895
if (*var_psc_cache_map)
896
psc_cache_map =
897
dict_cache_open(data_redirect_map(redirect, var_psc_cache_map),
898
O_CREAT | O_RDWR, PSC_DICT_OPEN_FLAGS);
899
900
/*
901
* Clean up and restore privilege.
902
*/
903
vstring_free(redirect);
904
RESTORE_SAVED_EUGID();
905
906
/*
907
* Initialize the dummy SMTP engine.
908
*/
909
psc_smtpd_pre_jail_init();
910
}
911
912
/* pre_accept - see if tables have changed */
913
914
static void pre_accept(char *unused_name, char **unused_argv)
915
{
916
static time_t last_event_time;
917
time_t new_event_time;
918
const char *name;
919
920
/*
921
* If some table has changed then stop accepting new connections. Don't
922
* check the tables more than once a second.
923
*/
924
new_event_time = event_time();
925
if (new_event_time >= last_event_time + 1
926
&& (name = dict_changed_name()) != 0) {
927
msg_info("table %s has changed - finishing in the background", name);
928
event_server_drain();
929
} else {
930
last_event_time = new_event_time;
931
}
932
}
933
934
/* post_jail_init - post-jail initialization */
935
936
static void post_jail_init(char *unused_name, char **unused_argv)
937
{
938
const NAME_CODE actions[] = {
939
PSC_NAME_ACT_DROP, PSC_ACT_DROP,
940
PSC_NAME_ACT_ENFORCE, PSC_ACT_ENFORCE,
941
PSC_NAME_ACT_IGNORE, PSC_ACT_IGNORE,
942
PSC_NAME_ACT_CONT, PSC_ACT_IGNORE, /* compatibility */
943
0, -1,
944
};
945
int cache_flags;
946
const char *tmp;
947
948
/*
949
* This routine runs after the skeleton code has entered the chroot jail.
950
* Prevent automatic process suicide after a limited number of client
951
* requests. It is OK to terminate after a limited amount of idle time.
952
*/
953
var_use_limit = 0;
954
955
/*
956
* Workaround for parameters whose values may contain "$", and that have
957
* a default of "$parametername". Not sure if it would be a good idea to
958
* always to this in the mail_conf_raw(3) module.
959
*/
960
if (*var_psc_rej_footer == '$'
961
&& mail_conf_lookup(var_psc_rej_footer + 1)) {
962
tmp = mail_conf_eval_once(var_psc_rej_footer);
963
myfree(var_psc_rej_footer);
964
var_psc_rej_footer = mystrdup(tmp);
965
}
966
if (*var_psc_exp_filter == '$'
967
&& mail_conf_lookup(var_psc_exp_filter + 1)) {
968
tmp = mail_conf_eval_once(var_psc_exp_filter);
969
myfree(var_psc_exp_filter);
970
var_psc_exp_filter = mystrdup(tmp);
971
}
972
973
/*
974
* Other one-time initialization.
975
*/
976
psc_temp = vstring_alloc(10);
977
vstring_sprintf(psc_temp, "%s/%s", MAIL_CLASS_PRIVATE, var_smtpd_service);
978
psc_smtpd_service_name = mystrdup(STR(psc_temp));
979
psc_dnsbl_init();
980
psc_early_init();
981
psc_smtpd_init();
982
983
if ((psc_blist_action = name_code(actions, NAME_CODE_FLAG_NONE,
984
var_psc_blist_action)) < 0)
985
msg_fatal("bad %s value: %s", VAR_PSC_BLIST_ACTION,
986
var_psc_blist_action);
987
if ((psc_dnsbl_action = name_code(actions, NAME_CODE_FLAG_NONE,
988
var_psc_dnsbl_action)) < 0)
989
msg_fatal("bad %s value: %s", VAR_PSC_DNSBL_ACTION,
990
var_psc_dnsbl_action);
991
if ((psc_pregr_action = name_code(actions, NAME_CODE_FLAG_NONE,
992
var_psc_pregr_action)) < 0)
993
msg_fatal("bad %s value: %s", VAR_PSC_PREGR_ACTION,
994
var_psc_pregr_action);
995
if ((psc_pipel_action = name_code(actions, NAME_CODE_FLAG_NONE,
996
var_psc_pipel_action)) < 0)
997
msg_fatal("bad %s value: %s", VAR_PSC_PIPEL_ACTION,
998
var_psc_pipel_action);
999
if ((psc_nsmtp_action = name_code(actions, NAME_CODE_FLAG_NONE,
1000
var_psc_nsmtp_action)) < 0)
1001
msg_fatal("bad %s value: %s", VAR_PSC_NSMTP_ACTION,
1002
var_psc_nsmtp_action);
1003
if ((psc_barlf_action = name_code(actions, NAME_CODE_FLAG_NONE,
1004
var_psc_barlf_action)) < 0)
1005
msg_fatal("bad %s value: %s", VAR_PSC_BARLF_ACTION,
1006
var_psc_barlf_action);
1007
1008
/*
1009
* Start the cache maintenance pseudo thread last. Early cleanup makes
1010
* verbose logging more informative (we get positive confirmation that
1011
* the cleanup thread runs).
1012
*/
1013
cache_flags = DICT_CACHE_FLAG_STATISTICS;
1014
if (msg_verbose > 1)
1015
cache_flags |= DICT_CACHE_FLAG_VERBOSE;
1016
if (psc_cache_map != 0 && var_psc_cache_scan > 0)
1017
dict_cache_control(psc_cache_map,
1018
DICT_CACHE_CTL_FLAGS, cache_flags,
1019
DICT_CACHE_CTL_INTERVAL, var_psc_cache_scan,
1020
DICT_CACHE_CTL_VALIDATOR, psc_cache_validator,
1021
DICT_CACHE_CTL_CONTEXT, (char *) 0,
1022
DICT_CACHE_CTL_END);
1023
1024
/*
1025
* Pre-compute the minimal and maximal TTL.
1026
*/
1027
psc_min_ttl =
1028
PSC_MIN(PSC_MIN(var_psc_pregr_ttl, var_psc_dnsbl_ttl),
1029
PSC_MIN(PSC_MIN(var_psc_pipel_ttl, var_psc_nsmtp_ttl),
1030
var_psc_barlf_ttl));
1031
psc_max_ttl =
1032
PSC_MAX(PSC_MAX(var_psc_pregr_ttl, var_psc_dnsbl_ttl),
1033
PSC_MAX(PSC_MAX(var_psc_pipel_ttl, var_psc_nsmtp_ttl),
1034
var_psc_barlf_ttl));
1035
1036
/*
1037
* Pre-compute the stress and normal command time limits.
1038
*/
1039
mail_conf_update(VAR_STRESS, "yes");
1040
psc_stress_cmd_time_limit =
1041
get_mail_conf_time(VAR_PSC_CMD_TIME, DEF_PSC_CMD_TIME, 1, 0);
1042
psc_stress_greet_wait =
1043
get_mail_conf_time(VAR_PSC_GREET_WAIT, DEF_PSC_GREET_WAIT, 1, 0);
1044
1045
mail_conf_update(VAR_STRESS, "");
1046
psc_normal_cmd_time_limit =
1047
get_mail_conf_time(VAR_PSC_CMD_TIME, DEF_PSC_CMD_TIME, 1, 0);
1048
psc_normal_greet_wait =
1049
get_mail_conf_time(VAR_PSC_GREET_WAIT, DEF_PSC_GREET_WAIT, 1, 0);
1050
1051
psc_lowat_check_queue_length = .7 * var_psc_pre_queue_limit;
1052
psc_hiwat_check_queue_length = .9 * var_psc_pre_queue_limit;
1053
if (msg_verbose)
1054
msg_info(VAR_PSC_CMD_TIME ": stress=%d normal=%d lowat=%d hiwat=%d",
1055
psc_stress_cmd_time_limit, psc_normal_cmd_time_limit,
1056
psc_lowat_check_queue_length, psc_hiwat_check_queue_length);
1057
1058
if (psc_lowat_check_queue_length == 0)
1059
msg_panic("compiler error: 0.7 * %d = %d", var_psc_pre_queue_limit,
1060
psc_lowat_check_queue_length);
1061
if (psc_hiwat_check_queue_length == 0)
1062
msg_panic("compiler error: 0.9 * %d = %d", var_psc_pre_queue_limit,
1063
psc_hiwat_check_queue_length);
1064
1065
/*
1066
* Per-client concurrency.
1067
*/
1068
psc_client_concurrency = htable_create(var_psc_pre_queue_limit);
1069
}
1070
1071
MAIL_VERSION_STAMP_DECLARE;
1072
1073
/* main - pass control to the multi-threaded skeleton */
1074
1075
int main(int argc, char **argv)
1076
{
1077
1078
/*
1079
* List smtpd(8) parameters before any postscreen(8) parameters that have
1080
* defaults dependencies on them.
1081
*/
1082
static const CONFIG_STR_TABLE str_table[] = {
1083
VAR_SMTPD_SERVICE, DEF_SMTPD_SERVICE, &var_smtpd_service, 1, 0,
1084
VAR_SMTPD_BANNER, DEF_SMTPD_BANNER, &var_smtpd_banner, 1, 0,
1085
VAR_SMTPD_FORBID_CMDS, DEF_SMTPD_FORBID_CMDS, &var_smtpd_forbid_cmds, 0, 0,
1086
VAR_SMTPD_EHLO_DIS_WORDS, DEF_SMTPD_EHLO_DIS_WORDS, &var_smtpd_ehlo_dis_words, 0, 0,
1087
VAR_SMTPD_EHLO_DIS_MAPS, DEF_SMTPD_EHLO_DIS_MAPS, &var_smtpd_ehlo_dis_maps, 0, 0,
1088
VAR_SMTPD_TLS_LEVEL, DEF_SMTPD_TLS_LEVEL, &var_smtpd_tls_level, 0, 0,
1089
VAR_SMTPD_CMD_FILTER, DEF_SMTPD_CMD_FILTER, &var_smtpd_cmd_filter, 0, 0,
1090
VAR_PSC_CACHE_MAP, DEF_PSC_CACHE_MAP, &var_psc_cache_map, 0, 0,
1091
VAR_PSC_PREGR_BANNER, DEF_PSC_PREGR_BANNER, &var_psc_pregr_banner, 0, 0,
1092
VAR_PSC_PREGR_ACTION, DEF_PSC_PREGR_ACTION, &var_psc_pregr_action, 1, 0,
1093
VAR_PSC_DNSBL_SITES, DEF_PSC_DNSBL_SITES, &var_psc_dnsbl_sites, 0, 0,
1094
VAR_PSC_DNSBL_ACTION, DEF_PSC_DNSBL_ACTION, &var_psc_dnsbl_action, 1, 0,
1095
VAR_PSC_PIPEL_ACTION, DEF_PSC_PIPEL_ACTION, &var_psc_pipel_action, 1, 0,
1096
VAR_PSC_NSMTP_ACTION, DEF_PSC_NSMTP_ACTION, &var_psc_nsmtp_action, 1, 0,
1097
VAR_PSC_BARLF_ACTION, DEF_PSC_BARLF_ACTION, &var_psc_barlf_action, 1, 0,
1098
#ifdef MIGRATION_WARNING
1099
VAR_PSC_WLIST_NETS, DEF_PSC_WLIST_NETS, &var_psc_wlist_nets, 0, 0,
1100
VAR_PSC_BLIST_NETS, DEF_PSC_BLIST_NETS, &var_psc_blist_nets, 0, 0,
1101
#endif
1102
VAR_PSC_ACL, DEF_PSC_ACL, &var_psc_acl, 0, 0,
1103
VAR_PSC_BLIST_ACTION, DEF_PSC_BLIST_ACTION, &var_psc_blist_action, 1, 0,
1104
VAR_PSC_FORBID_CMDS, DEF_PSC_FORBID_CMDS, &var_psc_forbid_cmds, 0, 0,
1105
VAR_PSC_EHLO_DIS_WORDS, DEF_PSC_EHLO_DIS_WORDS, &var_psc_ehlo_dis_words, 0, 0,
1106
VAR_PSC_EHLO_DIS_MAPS, DEF_PSC_EHLO_DIS_MAPS, &var_psc_ehlo_dis_maps, 0, 0,
1107
VAR_PSC_DNSBL_REPLY, DEF_PSC_DNSBL_REPLY, &var_psc_dnsbl_reply, 0, 0,
1108
VAR_PSC_TLS_LEVEL, DEF_PSC_TLS_LEVEL, &var_psc_tls_level, 0, 0,
1109
VAR_PSC_CMD_FILTER, DEF_PSC_CMD_FILTER, &var_psc_cmd_filter, 0, 0,
1110
VAR_DNSBLOG_SERVICE, DEF_DNSBLOG_SERVICE, &var_dnsblog_service, 1, 0,
1111
VAR_TLSPROXY_SERVICE, DEF_TLSPROXY_SERVICE, &var_tlsproxy_service, 1, 0,
1112
0,
1113
};
1114
static const CONFIG_INT_TABLE int_table[] = {
1115
VAR_PROC_LIMIT, DEF_PROC_LIMIT, &var_proc_limit, 1, 0,
1116
VAR_PSC_DNSBL_THRESH, DEF_PSC_DNSBL_THRESH, &var_psc_dnsbl_thresh, 0, 0,
1117
VAR_PSC_CMD_COUNT, DEF_PSC_CMD_COUNT, &var_psc_cmd_count, 1, 0,
1118
VAR_SMTPD_CCONN_LIMIT, DEF_SMTPD_CCONN_LIMIT, &var_smtpd_cconn_limit, 0, 0,
1119
0,
1120
};
1121
static const CONFIG_NINT_TABLE nint_table[] = {
1122
VAR_PSC_POST_QLIMIT, DEF_PSC_POST_QLIMIT, &var_psc_post_queue_limit, 5, 0,
1123
VAR_PSC_PRE_QLIMIT, DEF_PSC_PRE_QLIMIT, &var_psc_pre_queue_limit, 10, 0,
1124
VAR_PSC_CCONN_LIMIT, DEF_PSC_CCONN_LIMIT, &var_psc_cconn_limit, 0, 0,
1125
0,
1126
};
1127
static const CONFIG_TIME_TABLE time_table[] = {
1128
VAR_PSC_GREET_WAIT, DEF_PSC_GREET_WAIT, &var_psc_greet_wait, 1, 0,
1129
VAR_PSC_PREGR_TTL, DEF_PSC_PREGR_TTL, &var_psc_pregr_ttl, 1, 0,
1130
VAR_PSC_DNSBL_TTL, DEF_PSC_DNSBL_TTL, &var_psc_dnsbl_ttl, 1, 0,
1131
VAR_PSC_PIPEL_TTL, DEF_PSC_PIPEL_TTL, &var_psc_pipel_ttl, 1, 0,
1132
VAR_PSC_NSMTP_TTL, DEF_PSC_NSMTP_TTL, &var_psc_nsmtp_ttl, 1, 0,
1133
VAR_PSC_BARLF_TTL, DEF_PSC_BARLF_TTL, &var_psc_barlf_ttl, 1, 0,
1134
VAR_PSC_CACHE_RET, DEF_PSC_CACHE_RET, &var_psc_cache_ret, 1, 0,
1135
VAR_PSC_CACHE_SCAN, DEF_PSC_CACHE_SCAN, &var_psc_cache_scan, 1, 0,
1136
VAR_PSC_WATCHDOG, DEF_PSC_WATCHDOG, &var_psc_watchdog, 10, 0,
1137
0,
1138
};
1139
static const CONFIG_BOOL_TABLE bool_table[] = {
1140
VAR_HELO_REQUIRED, DEF_HELO_REQUIRED, &var_helo_required,
1141
VAR_DISABLE_VRFY_CMD, DEF_DISABLE_VRFY_CMD, &var_disable_vrfy_cmd,
1142
VAR_SMTPD_USE_TLS, DEF_SMTPD_USE_TLS, &var_smtpd_use_tls,
1143
VAR_SMTPD_ENFORCE_TLS, DEF_SMTPD_ENFORCE_TLS, &var_smtpd_enforce_tls,
1144
VAR_PSC_PIPEL_ENABLE, DEF_PSC_PIPEL_ENABLE, &var_psc_pipel_enable,
1145
VAR_PSC_NSMTP_ENABLE, DEF_PSC_NSMTP_ENABLE, &var_psc_nsmtp_enable,
1146
VAR_PSC_BARLF_ENABLE, DEF_PSC_BARLF_ENABLE, &var_psc_barlf_enable,
1147
0,
1148
};
1149
static const CONFIG_RAW_TABLE raw_table[] = {
1150
VAR_PSC_CMD_TIME, DEF_PSC_CMD_TIME, &var_psc_cmd_time, 1, 0,
1151
VAR_SMTPD_REJ_FOOTER, DEF_SMTPD_REJ_FOOTER, &var_smtpd_rej_footer, 0, 0,
1152
VAR_PSC_REJ_FOOTER, DEF_PSC_REJ_FOOTER, &var_psc_rej_footer, 0, 0,
1153
VAR_SMTPD_EXP_FILTER, DEF_SMTPD_EXP_FILTER, &var_smtpd_exp_filter, 1, 0,
1154
VAR_PSC_EXP_FILTER, DEF_PSC_EXP_FILTER, &var_psc_exp_filter, 1, 0,
1155
0,
1156
};
1157
static const CONFIG_NBOOL_TABLE nbool_table[] = {
1158
VAR_PSC_HELO_REQUIRED, DEF_PSC_HELO_REQUIRED, &var_psc_helo_required,
1159
VAR_PSC_DISABLE_VRFY, DEF_PSC_DISABLE_VRFY, &var_psc_disable_vrfy,
1160
VAR_PSC_USE_TLS, DEF_PSC_USE_TLS, &var_psc_use_tls,
1161
VAR_PSC_ENFORCE_TLS, DEF_PSC_ENFORCE_TLS, &var_psc_enforce_tls,
1162
0,
1163
};
1164
1165
/*
1166
* Fingerprint executables and core dumps.
1167
*/
1168
MAIL_VERSION_STAMP_ALLOCATE;
1169
1170
event_server_main(argc, argv, psc_service,
1171
MAIL_SERVER_STR_TABLE, str_table,
1172
MAIL_SERVER_INT_TABLE, int_table,
1173
MAIL_SERVER_NINT_TABLE, nint_table,
1174
MAIL_SERVER_TIME_TABLE, time_table,
1175
MAIL_SERVER_BOOL_TABLE, bool_table,
1176
MAIL_SERVER_RAW_TABLE, raw_table,
1177
MAIL_SERVER_NBOOL_TABLE, nbool_table,
1178
MAIL_SERVER_PRE_INIT, pre_jail_init,
1179
MAIL_SERVER_POST_INIT, post_jail_init,
1180
MAIL_SERVER_PRE_ACCEPT, pre_accept,
1181
MAIL_SERVER_SOLITARY,
1182
MAIL_SERVER_SLOW_EXIT, psc_drain,
1183
MAIL_SERVER_EXIT, psc_dump,
1184
MAIL_SERVER_WATCHDOG, &var_psc_watchdog,
1185
0);
1186
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.1