204
204
struct dkimf_config
207
_Bool conf_softstart; /* do LDAP soft starts */
208
#endif /* USE_LDAP */
206
209
_Bool conf_weaksyntax; /* do weaker syntax checking */
207
210
_Bool conf_noadsp; /* suppress ADSP */
211
_Bool conf_logresults; /* log all results */
208
212
_Bool conf_allsigs; /* report on all signatures */
209
213
_Bool conf_dnsconnect; /* request TCP mode from DNS */
210
214
_Bool conf_capture; /* capture unknown errors */
214
218
_Bool conf_blen; /* use "l=" when signing */
215
219
_Bool conf_ztags; /* use "z=" when signing */
216
220
_Bool conf_alwaysaddar; /* always add Auth-Results:? */
218
221
_Bool conf_reqreports; /* request reports */
219
#endif /* _FFR_XTAGS */
220
222
_Bool conf_sendreports; /* signature failure reports */
221
223
_Bool conf_sendadspreports; /* ADSP failure reports */
222
224
_Bool conf_adspnxdomain; /* reject on ADSP NXDOMAIN? */
351
350
char * conf_redirect; /* redirect failures to */
352
351
#endif /* _FFR_REDIRECT */
353
char * conf_ldap_timeout; /* LDAP timeout */
354
char * conf_ldap_kaidle; /* LDAP keepalive idle */
355
char * conf_ldap_kaprobes; /* LDAP keepalive probes */
356
char * conf_ldap_kainterval; /* LDAP keepalive interval */
354
357
char * conf_ldap_binduser; /* LDAP bind user */
355
358
char * conf_ldap_bindpw; /* LDAP bind password */
356
359
char * conf_ldap_authmech; /* LDAP auth mechanism */
453
456
DKIMF_DB conf_replowtimedb; /* reputed low timers DB */
454
457
DKIMF_REP conf_rep; /* reputation subsystem */
455
458
char * conf_repcache; /* reputation cache DB */
459
char * conf_repdups; /* reputation duplicates DB */
456
460
char * conf_repspamcheck; /* reputation spam RE string */
457
461
regex_t conf_repspamre; /* reputation spam RE */
458
462
#endif /* _FFR_REPUTATION */
2111
** DKIMF_XS_GETENVFROM -- request envelope sender
2117
** Number of stack items pushed.
2121
dkimf_xs_getenvfrom(lua_State *l)
2124
const char *hdrname;
2128
struct dkimf_config *conf;
2133
if (lua_gettop(l) != 1)
2136
"odkim.get_envfrom(): incorrect argument count");
2139
else if (!lua_islightuserdata(l, 1))
2142
"odkim.get_envfrom(): incorrect argument type");
2146
ctx = (SMFICTX *) lua_touserdata(l, 1);
2150
cc = (struct connctx *) dkimf_getpriv(ctx);
2157
lua_pushstring(l, "dkimf_xs_getenvfrom");
2159
lua_pushstring(l, dfc->mctx_envfrom);
2109
2164
** DKIMF_XS_GETHEADER -- request a header value
5892
5947
if (data != NULL)
5950
(void) config_get(data, "LDAPSoftStart",
5951
&conf->conf_softstart,
5952
sizeof conf->conf_softstart);
5953
#endif /* USE_LDAP */
5894
5955
(void) config_get(data, "AddAllSignatureResults",
5895
5956
&conf->conf_allsigs,
5896
5957
sizeof conf->conf_allsigs);
5974
6035
&conf->conf_enablecores,
5975
6036
sizeof conf->conf_enablecores);
5978
6038
(void) config_get(data, "RequestReports",
5979
6039
&conf->conf_reqreports,
5980
6040
sizeof conf->conf_reqreports);
5981
#endif /* _FFR_XTAGS */
5983
6042
(void) config_get(data, "RequireSafeKeys",
5984
6043
&conf->conf_safekeys,
6197
6256
sizeof conf->conf_logwhy);
6259
(void) config_get(data, "LogResults", &conf->conf_logresults,
6260
sizeof conf->conf_logresults);
6200
6262
(void) config_get(data, "MultipleSignatures",
6201
6263
&conf->conf_multisig,
6202
6264
sizeof conf->conf_multisig);
6264
6326
dkimf_db_set_ldap_param(DKIMF_LDAP_PARAM_USETLS, "n");
6328
(void) config_get(data, "LDAPTimeout",
6329
&conf->conf_ldap_timeout,
6330
sizeof conf->conf_ldap_timeout);
6332
dkimf_db_set_ldap_param(DKIMF_LDAP_PARAM_TIMEOUT,
6333
conf->conf_ldap_timeout);
6335
(void) config_get(data, "LDAPKeepaliveIdle",
6336
&conf->conf_ldap_kaidle,
6337
sizeof conf->conf_ldap_kaidle);
6339
dkimf_db_set_ldap_param(DKIMF_LDAP_PARAM_KA_IDLE,
6340
conf->conf_ldap_kaidle);
6342
(void) config_get(data, "LDAPKeepaliveProbes",
6343
&conf->conf_ldap_kaprobes,
6344
sizeof conf->conf_ldap_kaprobes);
6346
dkimf_db_set_ldap_param(DKIMF_LDAP_PARAM_KA_PROBES,
6347
conf->conf_ldap_kaprobes);
6349
(void) config_get(data, "LDAPKeepaliveInterval",
6350
&conf->conf_ldap_kainterval,
6351
sizeof conf->conf_ldap_kainterval);
6353
dkimf_db_set_ldap_param(DKIMF_LDAP_PARAM_KA_INTERVAL,
6354
conf->conf_ldap_kainterval);
6266
6356
(void) config_get(data, "LDAPAuthMechanism",
6267
6357
&conf->conf_ldap_authmech,
6268
6358
sizeof conf->conf_ldap_authmech);
6792
6891
else if (data != NULL)
6794
(void) config_get(data, "ExternalIgnoreList", &str, sizeof str);
6893
(void) config_get(data, "ExternalIgnoreList", &str,
6796
6896
if (str != NULL && !testmode)
7036
7146
char *dberr = NULL;
7038
7148
status = dkimf_db_open(&conf->conf_mtasdb, str,
7039
DKIMF_DB_FLAG_READONLY, NULL, &dberr);
7149
(dbflags | DKIMF_DB_FLAG_READONLY),
7040
7151
if (status != 0)
7042
7153
snprintf(err, errlen, "%s: dkimf_db_open(): %s",
7215
7331
status = dkimf_db_open(&conf->conf_keytabledb,
7216
7332
conf->conf_keytable,
7217
DKIMF_DB_FLAG_READONLY, NULL,
7334
DKIMF_DB_FLAG_READONLY), NULL,
7219
7336
if (status != 0)
7412
7529
char *dberr = NULL;
7414
7531
status = dkimf_db_open(&conf->conf_macrosdb, str,
7415
(DKIMF_DB_FLAG_READONLY |
7532
(dbflags | DKIMF_DB_FLAG_READONLY |
7416
7533
DKIMF_DB_FLAG_VALLIST |
7417
7534
DKIMF_DB_FLAG_MATCHBOTH), NULL,
7610
7727
char *dberr = NULL;
7612
7729
status = dkimf_db_open(&conf->conf_rephdrsdb, str,
7613
(DKIMF_DB_FLAG_READONLY |
7730
(dbflags | DKIMF_DB_FLAG_READONLY |
7614
7731
DKIMF_DB_FLAG_ICASE), NULL,
7616
7733
if (status != 0)
7671
7788
&conf->conf_repcachettl,
7672
7789
sizeof conf->conf_repcachettl);
7791
(void) config_get(data, "ReputationDuplicates",
7792
&conf->conf_repdups,
7793
sizeof conf->conf_repdups);
7674
7795
(void) config_get(data, "ReputationRatios",
7675
7796
&conf->conf_repratios,
7676
7797
sizeof conf->conf_repratios);
7726
7847
status = dkimf_db_open(&conf->conf_replowtimedb,
7727
7848
conf->conf_replowtime,
7728
DKIMF_DB_FLAG_READONLY, NULL, &dberr);
7849
(dbflags | DKIMF_DB_FLAG_READONLY),
7729
7851
if (status != 0)
7731
7853
snprintf(err, errlen, "%s: dkimf_db_open(): %s",
7744
7866
status = dkimf_db_open(&conf->conf_replimitsdb,
7745
7867
conf->conf_replimits,
7746
DKIMF_DB_FLAG_READONLY, NULL,
7869
DKIMF_DB_FLAG_READONLY), NULL,
7748
7871
if (status != 0)
7759
7882
status = dkimf_db_open(&conf->conf_replimitmodsdb,
7760
7883
conf->conf_replimitmods,
7761
DKIMF_DB_FLAG_READONLY, NULL,
7885
DKIMF_DB_FLAG_READONLY), NULL,
7763
7887
if (status != 0)
7772
7896
status = dkimf_db_open(&conf->conf_repratiosdb,
7773
7897
conf->conf_repratios,
7774
DKIMF_DB_FLAG_READONLY, NULL, &dberr);
7898
(dbflags | DKIMF_DB_FLAG_READONLY),
7775
7900
if (status != 0)
7777
7902
snprintf(err, errlen, "%s: dkimf_db_open(): %s",
8044
8170
(void) dkim_options(lib, DKIM_OP_GETOPT, DKIM_OPTS_FLAGS,
8045
8171
&opts, sizeof opts);
8046
opts |= DKIM_LIBFLAGS_ACCEPTV05;
8172
opts |= (DKIM_LIBFLAGS_ACCEPTV05 | DKIM_LIBFLAGS_DROPSIGNER);
8047
8173
if (conf->conf_weaksyntax)
8048
8174
opts |= DKIM_LIBFLAGS_BADSIGHANDLES;
8049
8175
#ifdef QUERY_CACHE
10796
10922
if (envfrom[0] != NULL)
10798
10928
strlcpy(dfc->mctx_envfrom, envfrom[0],
10799
10929
sizeof dfc->mctx_envfrom);
10931
len = strlen(dfc->mctx_envfrom);
10932
p = dfc->mctx_envfrom;
10933
q = dfc->mctx_envfrom + len - 1;
10935
while (len >= 2 && *p == '<' && *q == '>')
10942
if (p != dfc->mctx_envfrom)
10945
memmove(dfc->mctx_envfrom, p, len + 1);
11191
11338
dfc->mctx_hqtail = newhdr;
11193
#ifdef _FFR_SELECT_CANONICALIZATION
11194
if (strcasecmp(headerf, XSELECTCANONHDR) == 0)
11199
slash = strchr(headerv, '/');
11204
c = dkimf_configlookup(headerv, dkimf_canon);
11206
dfc->mctx_hdrcanon = (dkim_canon_t) c;
11207
c = dkimf_configlookup(slash + 1, dkimf_canon);
11209
dfc->mctx_bodycanon = (dkim_canon_t) c;
11215
c = dkimf_configlookup(headerv, dkimf_canon);
11217
dfc->mctx_hdrcanon = (dkim_canon_t) c;
11220
/* XXX -- eat this header? */
11222
#endif /* _FFR_SELECT_CANONICALIZATION */
11224
11340
return SMFIS_CONTINUE;
11606
11724
if (!originok && !status && conf->conf_logwhy)
11608
syslog(LOG_INFO, "%s: no MTA name match",
11727
"%s: no MTA name match (host=%s, MTA=%s)",
11728
dfc->mctx_jobid, host,
11729
mtaname == NULL ? "?" : mtaname);
13203
13321
status = dkim_eom(dfc->mctx_dkimv, &testkey);
13204
13322
lastdkim = dfc->mctx_dkimv;
13324
if (conf->conf_logresults && conf->conf_dolog)
13328
DKIM_SIGINFO **sigs;
13330
if (dfc->mctx_tmpstr == NULL)
13332
dfc->mctx_tmpstr = dkimf_dstring_new(BUFRSZ,
13335
if (dfc->mctx_tmpstr == NULL)
13337
syslog(LOG_WARNING,
13338
"%s: dkimf_dstring_new() failed",
13341
return SMFIS_TEMPFAIL;
13346
dkimf_dstring_blank(dfc->mctx_tmpstr);
13349
status = dkim_getsiglist(dfc->mctx_dkimv,
13352
if (status == DKIM_STAT_OK)
13356
const char *domain;
13357
const char *selector;
13358
const char *errstr;
13359
char substr[BUFRSZ];
13361
for (c = 0; c < nsigs; c++)
13363
domain = dkim_sig_getdomain(sigs[c]);
13364
selector = dkim_sig_getdomain(sigs[c]);
13365
err = dkim_sig_geterror(sigs[c]);
13366
errstr = dkim_sig_geterrorstr(err);
13368
memset(substr, '\0', sizeof substr);
13369
len = sizeof substr;
13371
status = dkim_get_sigsubstring(dfc->mctx_dkimv,
13376
if (status == DKIM_STAT_OK &&
13378
selector != NULL &&
13381
if (dkimf_dstring_len(dfc->mctx_tmpstr) > 0)
13383
dkimf_dstring_catn(dfc->mctx_tmpstr,
13388
dkimf_dstring_printf(dfc->mctx_tmpstr,
13389
"signature=%s domain=%s selector=%s result=\"%s\"",
13397
if (dkimf_dstring_len(dfc->mctx_tmpstr) > 0)
13399
syslog(LOG_INFO, "%s: %s",
13401
dkimf_dstring_get(dfc->mctx_tmpstr));
13206
13406
switch (status)
13208
13408
case DKIM_STAT_OK:
14198
14398
strlcat((char *) header, DELIMITER,
14199
14399
sizeof header);
14200
strlcat((char *) header, "(",
14400
strlcat((char *) header, "reason=\"",
14201
14401
sizeof header);
14202
14402
strlcat((char *) header, comment,
14203
14403
sizeof header);
14204
strlcat((char *) header, ")",
14404
strlcat((char *) header, "\"",
14205
14405
sizeof header);
14277
14477
err = dkim_geterror(dfc->mctx_dkimv);
14278
14478
if (err != NULL)
14280
strlcat((char *) header, " (",
14480
strlcat((char *) header,
14281
14482
sizeof header);
14282
14483
strlcat((char *) header, err,
14283
14484
sizeof header);
14284
strlcat((char *) header, ")",
14485
strlcat((char *) header, "\"",
14285
14486
sizeof header);
14339
14540
err = dkim_geterror(dfc->mctx_dkimv);
14340
14541
if (err != NULL)
14342
strlcat((char *) header, " (",
14543
strlcat((char *) header,
14343
14545
sizeof header);
14344
14546
strlcat((char *) header, err,
14345
14547
sizeof header);
14346
strlcat((char *) header, ")",
14548
strlcat((char *) header, "\"",
14347
14549
sizeof header);
15871
16073
#ifdef _FFR_REPUTATION
15872
16074
"\trepute:server[:reporter]\n"
15873
16075
#endif /* _FFR_REPUTATION */
16076
#ifdef _FFR_SOCKETDB
16077
"\tsocket:{ port@host | path}\n"
16078
#endif /* _FFR_SOCKETDB */
16081
#endif /* USE_MDB */
16083
"\terlang:node@host[,...]:cookie:module:function\n"
16084
#endif /* USE_ERLANG */