352
381
defer_if(&(state)->defer_if_reject, (class), (fmt), (a1), (a2))
353
382
#define DEFER_IF_REJECT3(state, class, fmt, a1, a2, a3) \
354
383
defer_if(&(state)->defer_if_reject, (class), (fmt), (a1), (a2), (a3))
384
#define DEFER_IF_REJECT4(state, class, fmt, a1, a2, a3, a4) \
385
defer_if(&(state)->defer_if_reject, (class), (fmt), (a1), (a2), (a3), (a4))
355
386
#define DEFER_IF_PERMIT2(state, class, fmt, a1, a2) do { \
356
387
if ((state)->warn_if_reject == 0) \
357
388
defer_if(&(state)->defer_if_permit, (class), (fmt), (a1), (a2)); \
465
496
* encounter. Dictionaries must be opened before entering the chroot
499
#define SMTPD_CHECK_PARSE_POLICY (1<<0)
500
#define SMTPD_CHECK_PARSE_MAPS (1<<1)
501
#define SMTPD_CHECK_PARSE_ALL (~0)
468
503
while ((name = mystrtok(&bp, RESTRICTION_SEPARATORS)) != 0) {
469
504
argv_add(argv, name, (char *) 0);
470
if (last && strcasecmp(last, CHECK_POLICY_SERVICE) == 0)
505
if ((flags & SMTPD_CHECK_PARSE_POLICY)
506
&& last && strcasecmp(last, CHECK_POLICY_SERVICE) == 0)
471
507
policy_client_register(name);
472
else if (strchr(name, ':') && dict_handle(name) == 0) {
508
else if ((flags & SMTPD_CHECK_PARSE_MAPS)
509
&& strchr(name, ':') && dict_handle(name) == 0) {
473
510
dict_register(name, dict_open(name, O_RDONLY, DICT_FLAG_LOCK));
623
664
* Pre-parse the restriction lists. At the same time, pre-open tables
624
665
* before going to jail.
626
client_restrctions = smtpd_check_parse(var_client_checks);
627
helo_restrctions = smtpd_check_parse(var_helo_checks);
628
mail_restrctions = smtpd_check_parse(var_mail_checks);
629
rcpt_restrctions = smtpd_check_parse(var_rcpt_checks);
630
etrn_restrctions = smtpd_check_parse(var_etrn_checks);
631
data_restrctions = smtpd_check_parse(var_data_checks);
667
client_restrctions = smtpd_check_parse(SMTPD_CHECK_PARSE_ALL,
669
helo_restrctions = smtpd_check_parse(SMTPD_CHECK_PARSE_ALL,
671
mail_restrctions = smtpd_check_parse(SMTPD_CHECK_PARSE_ALL,
673
rcpt_restrctions = smtpd_check_parse(SMTPD_CHECK_PARSE_ALL,
675
etrn_restrctions = smtpd_check_parse(SMTPD_CHECK_PARSE_ALL,
677
data_restrctions = smtpd_check_parse(SMTPD_CHECK_PARSE_ALL,
679
eod_restrictions = smtpd_check_parse(SMTPD_CHECK_PARSE_ALL,
634
683
* Parse the pre-defined restriction classes.
653
703
htable_enter(smtpd_rest_classes, "check_relay_domains",
654
smtpd_check_parse("permit_mydomain reject_unauth_destination"));
704
smtpd_check_parse(SMTPD_CHECK_PARSE_ALL,
705
"permit_mydomain reject_unauth_destination"));
656
707
htable_enter(smtpd_rest_classes, REJECT_SENDER_LOGIN_MISMATCH,
657
(char *) smtpd_check_parse(REJECT_AUTH_SENDER_LOGIN_MISMATCH
708
(char *) smtpd_check_parse(SMTPD_CHECK_PARSE_ALL,
709
REJECT_AUTH_SENDER_LOGIN_MISMATCH
658
710
" " REJECT_UNAUTH_SENDER_LOGIN_MISMATCH));
903
975
msg_info("%s: %s", myname, addr);
905
977
if (addr[0] == '[' && (len = strlen(addr)) > 2 && addr[len - 1] == ']') {
906
test_addr = mystrndup(&addr[1], len - 2);
978
test_addr = mystrndup(addr + 1, len - 2);
908
980
test_addr = addr;
911
983
* Validate the address.
913
if (!valid_hostaddr(test_addr, DONT_GRIPE))
985
if (!valid_mailhost_addr(test_addr, DONT_GRIPE))
914
986
stat = smtpd_check_reject(state, MAIL_ERROR_POLICY,
915
987
"%d <%s>: %s rejected: invalid ip address",
916
988
var_bad_name_code, reply_name, reply_class);
1015
1088
#define RR_ADDR_TYPES T_A
1018
dns_status = dns_lookup_types(name, 0, (DNS_RR **) 0, (VSTRING *) 0,
1019
(VSTRING *) 0, RR_ADDR_TYPES, T_MX, 0);
1091
dns_status = dns_lookup_l(name, 0, (DNS_RR **) 0, (VSTRING *) 0,
1092
(VSTRING *) 0, DNS_REQ_FLAG_ANY,
1093
RR_ADDR_TYPES, T_MX, 0);
1020
1094
if (dns_status == DNS_NOTFOUND)
1021
1095
return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
1022
1096
"%d <%s>: %s rejected: Host not found",
1040
1114
if (msg_verbose)
1041
1115
msg_info("%s: %s", myname, name);
1043
dns_status = dns_lookup_types(name, 0, (DNS_RR **) 0, (VSTRING *) 0,
1044
(VSTRING *) 0, RR_ADDR_TYPES, T_MX, 0);
1117
dns_status = dns_lookup_l(name, 0, (DNS_RR **) 0, (VSTRING *) 0,
1118
(VSTRING *) 0, DNS_REQ_FLAG_ANY,
1119
RR_ADDR_TYPES, T_MX, 0);
1045
1120
if (dns_status == DNS_NOTFOUND)
1046
1121
return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
1047
1122
"%d <%s>: %s rejected: Domain not found",
1057
1132
static int permit_auth_destination(SMTPD_STATE *state, char *recipient);
1134
/* permit_tls_clientcerts - OK/DUNNO for message relaying */
1137
static int permit_tls_clientcerts(SMTPD_STATE *state, int permit_all_certs)
1142
if (state->tls_info.peer_verified && permit_all_certs) {
1144
msg_info("Relaying allowed for all verified client certificates");
1145
return(SMTPD_CHECK_OK);
1148
if (state->tls_info.peer_verified && state->tls_info.peer_fingerprint) {
1149
low_name = lowercase(mystrdup(state->tls_info.peer_fingerprint));
1150
found = maps_find(relay_ccerts, low_name, DICT_FLAG_FIXED);
1154
msg_info("Relaying allowed for certified client: %s", found);
1155
return (SMTPD_CHECK_OK);
1156
} else if (msg_verbose)
1157
msg_info("relay_clientcerts: No match for fingerprint '%s'",
1158
state->tls_info.peer_fingerprint);
1160
return (SMTPD_CHECK_DUNNO);
1059
1164
/* check_relay_domains - OK/FAIL for message relaying */
1061
1166
static int check_relay_domains(SMTPD_STATE *state, char *recipient,
1215
1321
* Verify that all host addresses are within permit_mx_backup_networks.
1217
dns_status = dns_lookup(host, T_A, 0, &addr_list, (VSTRING *) 0, (VSTRING *) 0);
1323
dns_status = dns_lookup_v(host, 0, &addr_list, (VSTRING *) 0, (VSTRING *) 0,
1324
DNS_REQ_FLAG_ALL, inet_proto_info()->dns_atype_list);
1218
1325
if (dns_status != DNS_OK) {
1219
1326
DEFER_IF_REJECT3(state, MAIL_ERROR_POLICY,
1220
1327
"450 <%s>: %s rejected: Unable to look up host %s as mail exchanger",
1224
1331
for (rr = addr_list; rr != 0; rr = rr->next) {
1225
if (rr->data_len > sizeof(addr)) {
1226
msg_warn("%s: skipping address length %d for host %s",
1227
state->queue_id, rr->data_len, host);
1332
if (dns_rr_to_pa(rr, &hostaddr) == 0) {
1333
msg_warn("%s: skipping record type %s for host %s: %m",
1334
myname, dns_strtype(rr->type), host);
1230
memcpy((char *) &addr, rr->data, sizeof(addr));
1231
1337
if (msg_verbose)
1232
msg_info("%s: checking: %s", myname, inet_ntoa(addr));
1338
msg_info("%s: checking: %s", myname, hostaddr.buf);
1234
if (!namadr_list_match(perm_mx_networks, host, inet_ntoa(addr))) {
1340
if (!namadr_list_match(perm_mx_networks, host, hostaddr.buf)) {
1237
1343
* Reject: at least one IP address is not listed in
1270
if ((hp = gethostbyname(host)) == 0) {
1271
DEFER_IF_REJECT3(state, MAIL_ERROR_POLICY,
1272
"450 <%s>: %s rejected: Unable to look up mail exchanger host %s",
1273
reply_name, reply_class, host);
1276
if (hp->h_addrtype != AF_INET || hp->h_length != sizeof(addr)) {
1277
msg_warn("address type %d length %d for %s",
1278
hp->h_addrtype, hp->h_length, host);
1281
for (cpp = hp->h_addr_list; *cpp; cpp++) {
1282
memcpy((char *) &addr, *cpp, sizeof(addr));
1284
msg_info("%s: addr %s", myname, inet_ntoa(addr));
1285
if (own_inet_addr(&addr))
1287
if (proxy_inet_addr(&addr))
1378
aierr = hostname_to_sockaddr(host, (char *) 0, 0, &res0);
1380
DEFER_IF_REJECT4(state, MAIL_ERROR_POLICY,
1381
"450 <%s>: %s rejected: Unable to look up mail exchanger host %s: %s",
1382
reply_name, reply_class, host, MAI_STRERROR(aierr));
1385
#define HAS_MY_ADDR_RETURN(x) { freeaddrinfo(res0); return (x); }
1387
for (res = res0; res != 0; res = res->ai_next) {
1388
if (strchr((char *) proto_info->sa_family_list, res->ai_family) == 0) {
1390
msg_info("skipping address family %d for host %s",
1391
res->ai_family, host);
1395
SOCKADDR_TO_HOSTADDR(res->ai_addr, res->ai_addrlen,
1396
&hostaddr, (MAI_SERVPORT_STR *) 0, 0);
1397
msg_info("%s: addr %s", myname, hostaddr.buf);
1399
if (own_inet_addr(res->ai_addr))
1400
HAS_MY_ADDR_RETURN(YUP);
1401
if (proxy_inet_addr(res->ai_addr))
1402
HAS_MY_ADDR_RETURN(YUP);
1290
1404
if (msg_verbose)
1291
1405
msg_info("%s: host %s: no match", myname, host);
1407
HAS_MY_ADDR_RETURN(NOPE);
1296
1410
/* i_am_mx - is this machine listed as MX relay */
2278
* Treat an address literal as its own MX server, just like we treat a
2279
* name without MX record as its own MX server. There is, however, no
2280
* applicable NS server equivalent.
2282
if (*domain == '[') {
2284
const char *bare_addr;
2288
return (SMTPD_CHECK_DUNNO);
2289
len = strlen(domain);
2290
if (domain[len - 1] != ']')
2291
return (SMTPD_CHECK_DUNNO);
2292
/* Memory leak alert: no early returns after this point. */
2293
saved_addr = mystrndup(domain + 1, len - 2);
2294
if ((bare_addr = valid_mailhost_addr(saved_addr, DONT_GRIPE)) == 0)
2295
status = SMTPD_CHECK_DUNNO;
2297
status = check_addr_access(state, table, bare_addr, FULL,
2298
&found, reply_name, reply_class,
2139
2305
* If the domain name does not exist then we apply no restriction.
2141
2307
* If the domain name exists but no MX record exists, fabricate an MX record
2183
2350
FULL, &found, reply_name, reply_class,
2184
2351
def_acl)) != 0 || found)
2185
2352
CHECK_SERVER_RETURN(status);
2186
SET_H_ERRNO(0); /* XXX */
2187
if ((hp = gethostbyname((char *) server->data)) == 0) {
2353
if ((aierr = hostname_to_sockaddr((char *) server->data,
2354
(char *) 0, 0, &res0)) != 0) {
2188
2355
msg_warn("Unable to look up %s host %s for %s %s: %s",
2189
2356
dns_strtype(type), (char *) server->data,
2190
reply_class, reply_name, dns_strerror(h_errno));
2357
reply_class, reply_name, MAI_STRERROR(aierr));
2193
if (hp->h_addrtype != AF_INET || hp->h_length != sizeof(addr)) {
2195
msg_warn("address type %d length %d for %s",
2196
hp->h_addrtype, hp->h_length, (char *) server->data);
2360
/* Now we must also free the addrinfo result. */
2199
2361
if (msg_verbose)
2200
2362
msg_info("%s: %s host address check: %s",
2201
2363
myname, dns_strtype(type), (char *) server->data);
2202
for (cpp = hp->h_addr_list; *cpp; cpp++) {
2203
memcpy((char *) &addr, *cpp, sizeof(addr));
2204
addr_string = mystrdup(inet_ntoa(addr));
2205
status = check_addr_access(state, table, addr_string, FULL,
2364
for (res = res0; res != 0; res = res->ai_next) {
2365
if (strchr((char *) proto_info->sa_family_list, res->ai_family) == 0) {
2367
msg_info("skipping address family %d for host %s",
2368
res->ai_family, server->data);
2371
SOCKADDR_TO_HOSTADDR(res->ai_addr, res->ai_addrlen,
2372
&addr_string, (MAI_SERVPORT_STR *) 0, 0);
2373
status = check_addr_access(state, table, addr_string.buf, FULL,
2206
2374
&found, reply_name, reply_class,
2208
myfree(addr_string);
2209
if (status != 0 || found)
2376
if (status != 0 || found) {
2377
freeaddrinfo(res0); /* 200412 */
2210
2378
CHECK_SERVER_RETURN(status);
2381
freeaddrinfo(res0); /* 200412 */
2213
2383
CHECK_SERVER_RETURN(SMTPD_CHECK_DUNNO);
2386
/* check_ccert_access - access for TLS clients by certificate fingerprint */
2390
static int check_ccert_access(SMTPD_STATE *state, const char *table,
2391
const char *def_acl)
2393
char *myname = "check_ccert_access";
2396
if (state->tls_info.peer_verified && state->tls_info.peer_fingerprint) {
2398
msg_info("%s: %s", myname, state->tls_info.peer_fingerprint);
2401
* Regexp tables don't make sense for certificate fingerprints. That
2402
* may be so, but we can't ignore the entire check_ccert_access
2403
* request without logging a warning.
2405
* Log the peer CommonName when access is denied. Non-printable
2406
* characters will be neutered by smtpd_check_reject(). The SMTP
2407
* client name and address are always syslogged as part of a "reject"
2410
return (check_access(state, table, state->tls_info.peer_fingerprint,
2411
DICT_FLAG_NONE, &found, state->tls_info.peer_CN,
2412
SMTPD_NAME_CCERT, def_acl));
2414
return (SMTPD_CHECK_DUNNO);
2216
2419
/* check_mail_access - OK/FAIL based on mail address lookup */
2218
2421
static int check_mail_access(SMTPD_STATE *state, const char *table,
2879
3087
var_smtpd_sasl_enable && state->sasl_sender ?
2880
3088
state->sasl_sender : "",
3091
ATTR_TYPE_STR, MAIL_ATTR_CCERT_SUBJECT,
3092
state->tls_info.peer_verified ?
3093
state->tls_info.peer_CN : "",
3094
ATTR_TYPE_STR, MAIL_ATTR_CCERT_ISSSUER,
3095
state->tls_info.peer_verified ?
3096
state->tls_info.issuer_CN : "",
3097
ATTR_TYPE_STR, MAIL_ATTR_CCERT_FINGERPRINT,
3098
state->tls_info.peer_verified ?
3099
state->tls_info.peer_fingerprint : "",
2883
3102
ATTR_FLAG_MISSING, /* Reply attributes. */
2884
3103
ATTR_TYPE_STR, MAIL_ATTR_ACTION, action,
3014
3233
} else if (strcasecmp(name, REJECT_UNAUTH_PIPE) == 0) {
3015
3234
status = reject_unauth_pipelining(state, reply_name, reply_class);
3016
3235
} else if (strcasecmp(name, CHECK_POLICY_SERVICE) == 0) {
3236
if (cpp[1] == 0 || strchr(cpp[1], ':') == 0) {
3018
3237
msg_warn("restriction %s must be followed by transport:server",
3019
3238
CHECK_POLICY_SERVICE);
3239
longjmp(smtpd_check_buf, smtpd_check_reject(state,
3240
MAIL_ERROR_SOFTWARE, "451 Server configuration error"));
3021
3242
status = check_policy_service(state, *++cpp, reply_name,
3022
3243
reply_class, def_acl);
3023
3244
} else if (strcasecmp(name, DEFER_IF_PERMIT) == 0) {
3028
3249
DEFER_IF_REJECT2(state, MAIL_ERROR_POLICY,
3029
3250
"450 <%s>: %s rejected: defer_if_reject requested",
3030
3251
reply_name, reply_class);
3253
} else if (strcasecmp(name, SLEEP) == 0) {
3254
if (cpp[1] == 0 || alldig(cpp[1]) == 0) {
3255
msg_warn("restriction %s must be followed by number", SLEEP);
3256
longjmp(smtpd_check_buf, smtpd_check_reject(state,
3257
MAIL_ERROR_SOFTWARE, "451 Server configuration error"));
3259
sleep(atoi(*++cpp));
3601
/* smtpd_check_rewrite - choose address qualification context */
3603
void smtpd_check_rewrite(SMTPD_STATE *state)
3605
const char *myname = "smtpd_check_rewrite";
3612
* We don't use generic_checks() because it produces results that aren't
3613
* applicable such as DEFER or REJECT.
3615
for (cpp = local_rewrite_clients->argv; *cpp != 0; cpp++) {
3617
msg_info("%s: trying: %s", myname, *cpp);
3618
status = SMTPD_CHECK_DUNNO;
3619
if (strchr(name = *cpp, ':') != 0) {
3620
name = CHECK_ADDR_MAP;
3623
if (strcasecmp(name, PERMIT_INET_INTERFACES) == 0) {
3624
status = permit_inet_interfaces(state);
3625
} else if (strcasecmp(name, PERMIT_MYNETWORKS) == 0) {
3626
status = permit_mynetworks(state);
3627
} else if (is_map_command(state, name, CHECK_ADDR_MAP, &cpp)) {
3628
if ((dict = dict_handle(*cpp)) == 0)
3629
msg_panic("%s: dictionary not found: %s", myname, *cpp);
3630
if (dict_get(dict, state->addr) != 0)
3631
status = SMTPD_CHECK_OK;
3632
} else if (strcasecmp(name, PERMIT_SASL_AUTH) == 0) {
3633
#ifdef USE_SASL_AUTH
3634
status = permit_sasl_auth(state, SMTPD_CHECK_OK,
3637
status = SMTPD_CHECK_DUNNO;
3640
} else if (strcasecmp(name, PERMIT_TLS_ALL_CLIENTCERTS) == 0) {
3641
status = permit_tls_clientcerts(state, 1);
3642
} else if (strcasecmp(name, PERMIT_TLS_CLIENTCERTS) == 0) {
3643
status = permit_tls_clientcerts(state, 0);
3646
msg_warn("parameter %s: invalid request: %s",
3647
VAR_LOC_RWR_CLIENTS, name);
3650
if (status == SMTPD_CHECK_OK) {
3651
state->rewrite_context = MAIL_ATTR_RWR_LOCAL;
3655
state->rewrite_context = MAIL_ATTR_RWR_REMOTE;
3359
3658
/* smtpd_check_client - validate client name or address */
3361
3660
char *smtpd_check_client(SMTPD_STATE *state)
3919
4220
return (status == SMTPD_CHECK_REJECT ? STR(error_text) : 0);
4223
/* smtpd_check_eod - check end-of-data command */
4225
char *smtpd_check_eod(SMTPD_STATE *state)
4228
char *NOCLOBBER saved_recipient;
4231
* Minor kluge so that we can delegate work to the generic routine. We
4232
* provide no recipient information in the case of multiple recipients,
4233
* This restriction applies to all recipients alike, and logging only one
4234
* of them would be misleading.
4236
if (state->rcpt_count > 1) {
4237
saved_recipient = state->recipient;
4238
state->recipient = 0;
4242
* Reset the defer_if_permit flag. This is necessary when some recipients
4243
* were accepted but the last one was rejected.
4245
state->defer_if_permit.active = 0;
4248
* Apply restrictions in the order as specified.
4250
* XXX We cannot specify a default target for a bare access map.
4252
SMTPD_CHECK_RESET();
4253
status = setjmp(smtpd_check_buf);
4254
if (status == 0 && eod_restrictions->argc)
4255
status = generic_checks(state, eod_restrictions,
4256
"END-OF-DATA", SMTPD_NAME_EOD, NO_DEF_ACL);
4259
* Force permission into deferral when some earlier temporary error may
4260
* have prevented us from rejecting mail, and report the earlier problem.
4262
if (status != SMTPD_CHECK_REJECT && state->defer_if_permit.active)
4263
status = smtpd_check_reject(state, state->defer_if_permit.class,
4264
"%s", STR(state->defer_if_permit.reason));
4266
if (state->rcpt_count > 1)
4267
state->recipient = saved_recipient;
4269
return (status == SMTPD_CHECK_REJECT ? STR(error_text) : 0);
3997
4355
VAR_MYORIGIN, DEF_MYORIGIN, &var_myorigin,
3998
4356
VAR_MYDEST, DEF_MYDEST, &var_mydest,
3999
4357
VAR_INET_INTERFACES, DEF_INET_INTERFACES, &var_inet_interfaces,
4358
VAR_PROXY_INTERFACES, DEF_PROXY_INTERFACES, &var_proxy_interfaces,
4000
4359
VAR_RCPT_DELIM, DEF_RCPT_DELIM, &var_rcpt_delim,
4001
4360
VAR_REST_CLASSES, DEF_REST_CLASSES, &var_rest_classes,
4002
4361
VAR_ALIAS_MAPS, DEF_ALIAS_MAPS, &var_alias_maps,
4107
4469
VAR_VIRT_MAILBOX_CODE, DEF_VIRT_MAILBOX_CODE, &var_virt_mailbox_code,
4108
4470
VAR_SHOW_UNK_RCPT_TABLE, DEF_SHOW_UNK_RCPT_TABLE, &var_show_unk_rcpt_table,
4109
4471
VAR_VERIFY_POLL_COUNT, DEF_VERIFY_POLL_COUNT, &var_verify_poll_count,
4472
VAR_SMTPD_REJ_UNL_FROM, DEF_SMTPD_REJ_UNL_FROM, &var_smtpd_rej_unl_from,
4473
VAR_SMTPD_REJ_UNL_RCPT, DEF_SMTPD_REJ_UNL_RCPT, &var_smtpd_rej_unl_rcpt,
4243
4607
return (VRFY_STAT_OK);
4246
/* canon_addr_internal - stub */
4610
/* rewrite_clnt_internal - stub */
4248
VSTRING *canon_addr_internal(VSTRING *result, const char *addr)
4612
VSTRING *rewrite_clnt_internal(const char *context, const char *addr,
4250
4615
if (addr == STR(result))
4251
msg_panic("canon_addr_internal: result clobbers input");
4616
msg_panic("rewrite_clnt_internal: result clobbers input");
4252
4617
if (*addr && strchr(addr, '@') == 0)
4253
4618
msg_fatal("%s: address rewriting is disabled", addr);
4254
4619
vstring_strcpy(result, addr);
4415
if (strcasecmp(args->argv[0], "local_recipient_maps") == 0) {
4783
if (strcasecmp(args->argv[0], VAR_LOCAL_RCPT_MAPS) == 0) {
4416
4784
UPDATE_STRING(var_local_rcpt_maps, args->argv[1]);
4417
4785
UPDATE_MAPS(local_rcpt_maps, VAR_LOCAL_RCPT_MAPS,
4418
4786
var_local_rcpt_maps, DICT_FLAG_LOCK);
4422
if (strcasecmp(args->argv[0], "relay_recipient_maps") == 0) {
4790
if (strcasecmp(args->argv[0], VAR_RELAY_RCPT_MAPS) == 0) {
4423
4791
UPDATE_STRING(var_relay_rcpt_maps, args->argv[1]);
4424
4792
UPDATE_MAPS(relay_rcpt_maps, VAR_RELAY_RCPT_MAPS,
4425
4793
var_relay_rcpt_maps, DICT_FLAG_LOCK);
4429
if (strcasecmp(args->argv[0], "canonical_maps") == 0) {
4797
if (strcasecmp(args->argv[0], VAR_CANONICAL_MAPS) == 0) {
4430
4798
UPDATE_STRING(var_canonical_maps, args->argv[1]);
4431
4799
UPDATE_MAPS(canonical_maps, VAR_CANONICAL_MAPS,
4432
4800
var_canonical_maps, DICT_FLAG_LOCK);
4436
if (strcasecmp(args->argv[0], "rbl_reply_maps") == 0) {
4804
if (strcasecmp(args->argv[0], VAR_RBL_REPLY_MAPS) == 0) {
4437
4805
UPDATE_STRING(var_rbl_reply_maps, args->argv[1]);
4438
4806
UPDATE_MAPS(rbl_reply_maps, VAR_RBL_REPLY_MAPS,
4439
4807
var_rbl_reply_maps, DICT_FLAG_LOCK);
4443
if (strcasecmp(args->argv[0], "mynetworks") == 0) {
4811
if (strcasecmp(args->argv[0], VAR_MYNETWORKS) == 0) {
4812
/* NOT: UPDATE_STRING */
4444
4813
namadr_list_free(mynetworks);
4446
4815
namadr_list_init(match_parent_style(VAR_MYNETWORKS),