--- qmail-JMS_BUILD/qmail-smtpd.c 2007-03-12 16:10:06.000000000 -0400 +++ qmail-WITH_CDB_RRCPT/qmail-smtpd.c 2007-06-06 08:56:21.000000000 -0400 @@ -156,6 +156,35 @@ void err_bmf() { out("553 sorry, your envelope sender has been denied (#5.7.1)\r\n"); } void err_brt() { out("553 sorry, your envelope recipient has been denied (#5.7.1)\r\n"); } + +/* +* +* The JMS-patch version of badrcptto "over" matches recipient strings. +* ie: if I put "abc@here.com" into the badrcptto file, it will also +* reject this-is-broken-abc@here.com. This makes it useful for stripping +* out bad characters such as !, #, etc - but not good for killing off +* "sales@" attempts without the potential for clobbering a valid address +* such as "real-sales@". In my opinion, it is nice to have both. +* +* Reject Recipient (rrcpt) will match only the specific address +* listed in the rejectrcpt file. It is modeled after the original +* badrcptto code, but utilizes the CDB format instead of a flat text +* file. +* +* Keep in mind that JMS offers a validrcptto option which is a much +* better choice if it fits into your environment. Unfortunately, +* that is not always the case, which is what prompted this patch in +* the first place! +* +* +* 06/06/07 - jmf@jmf.name +* +*/ + +void err_rrcpt() { out("553 Your envelope recipient has been denied. We'd say we're sorry, but we don't apologize to spammers. Nyak! (#5.7.1)\r\n"); } + +/* End mod chunk - JMF */ + void err_bhelo() { out("553 sorry, your HELO host name has been denied (#5.7.1)\r\n"); } void err_hmf() { out("553 sorry, your envelope sender domain must exist (#5.7.1)\r\n"); } void err_smf() { out("451 DNS temporary failure (#4.3.0)\r\n"); } @@ -241,6 +270,14 @@ int brtok = 0; stralloc brt = {0}; +/* Reject Recipient. See explanation above at err_rrcpt */ + + +int rrcptfd = -1; + + +/* End mod chunk - JMF */ + int brtnrok = 0; stralloc brtnr = {0}; @@ -336,6 +373,14 @@ if(-1 == auth_cdb_fd) die_control(); } +/* Reject Recipient. See explanation at err_rrcpt */ + + rrcptfd = open_read("control/rejectrcpt.cdb"); + if (rrcptfd == -1) die_control(); + +/* End mod chunk - JMF */ + + if (control_readint(&databytes,"control/databytes") == -1) die_control(); if (control_readint(&spfbehavior,"control/spfbehavior") == -1) @@ -644,6 +689,23 @@ return 0; } +/* Reject Recipient. See err_rrcpt above. */ + +int rrcptcheck() { + int r; + uint32 dlen; + stralloc laddr = {0}; + if (rrcptfd == -1) return 0; + if (!stralloc_copy(&laddr,&addr)) die_nomem(); + case_lowerb(laddr.s,laddr.len); + + r = cdb_seek(rrcptfd,laddr.s,laddr.len - 1,&dlen); + if (r > 0) return 1; + return 0; +} + +/* End mod chunk - JMF */ + int addrallowed() { int r; @@ -905,6 +967,16 @@ } #endif +/* Reject Recipient. See err_rrcpt above. */ + + if(!env_get("RELAYCLIENT") && rrcptcheck()) { + strerr_warn4("qmail-smtpd: rejectrcpt: ",addr.s," at ",remoteip,0); + err_rrcpt(); + return; + } + +/* End mod chunk - JMF */ + if (!relayclient && !vrtcheck()) { strerr_warn4("qmail-smtpd: validrcptto [",remoteip,"] not found: ", addr.s,0);