-
Notifications
You must be signed in to change notification settings - Fork 0
/
milter_callbacks.ml
342 lines (300 loc) · 10.3 KB
/
milter_callbacks.ml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
open Lwt
open Printf
open Release_lwt
open Log_preemptive
open Util
module O = Release.Util.Option
module C = Milter_config
type result
= No_result
| Whitelisted of (string * string)
| Spf_response of SPF.response
type priv =
{ addr : Unix.inet_addr
; helo : string option
; from : string option
; rcpts : string list
; is_bounce : bool
; result : result
}
module SetOfList = struct
module type S = sig
include Set.S
val of_list : elt list -> t
end
module Make (E : Set.OrderedType) : S with type elt = E.t = struct
include Set.Make(E)
let of_list =
List.fold_left (fun s e -> add e s) empty
end
end
module FlagSet = SetOfList.Make(struct
type t = Milter.flag
let compare = compare
end)
module StepSet = SetOfList.Make(struct
type t = Milter.step
let compare = compare
end)
type ops =
{ is_remote_sender : (string -> bool Lwt.t)
; choose_forward_domain : (string list -> string option Lwt.t)
}
let proxymap_ops = ref None
let init ops =
proxymap_ops := Some ops
let is_remote_sender sender =
let run ops =
Lwt_preemptive.run_in_main (fun () -> ops.is_remote_sender sender) in
run (O.some !proxymap_ops)
let choose_forward_domain rcpts =
let run ops =
Lwt_preemptive.run_in_main (fun () -> ops.choose_forward_domain rcpts) in
run (O.some !proxymap_ops)
let spf = SPF.server SPF.Dns_cache
let srs_re = Str.regexp "^SRS\\([01]\\)[=+-]"
let with_priv_data z ctx f =
match Milter.getpriv ctx with
| None -> z
| Some p -> let p', r = f p in Milter.setpriv ctx (Some p'); r
(* Remove leading and trailing spaces, angle brackets and quotes. *)
let canon_trim =
let re = Str.regexp "\\(^[ \t<\"]+\\|[ \t>\"]+$\\)" in
Str.global_replace re ""
let canonicalize a =
let a = canon_trim a in
try
let t = String.rindex a '@' in
let u = String.sub a 0 t in
let d = String.sub a (t+1) (String.length a - t - 1) in
let u = canon_trim u in
try
(* @mx.example.com:user@example.com -> user@example.com *)
let v = String.rindex u ':' in
let u = String.sub u (v+1) (String.length u - v - 1) in
u ^ "@" ^ d
with Not_found ->
u ^ "@" ^ d
with Not_found ->
a
let milter_reject ctx msg =
Milter.setreply ctx "550" (Some "5.7.1") (Some msg);
Milter.Reject
let milter_tempfail ctx msg =
Milter.setreply ctx "451" (Some "4.7.1") (Some msg);
Milter.Tempfail
let detached_in_main f x =
Lwt_preemptive.run_in_main (fun () -> Lwt_preemptive.detach f x)
let check_helo addr helo =
detached_in_main (SPF.check_helo spf addr) helo
let check_from addr from =
detached_in_main (SPF.check_from spf addr) from
let spf_check_helo ctx priv =
let addr = priv.addr in
let helo = O.some (priv.helo) in
let spf_res = check_helo addr helo in
let milter_res =
match SPF.result spf_res with
| SPF.Fail c ->
debug "HELO SPF failure for %s" helo;
milter_reject ctx (SPF.smtp_comment c)
| SPF.Temperror ->
debug "HELO SPF temperror for %s" helo;
if (C.spf_fail_on_helo_temperror ()) then
milter_tempfail ctx (SPF.header_comment spf_res)
else
Milter.Continue
| _ ->
debug "HELO SPF pass for %s" helo;
Milter.Continue in
spf_res, milter_res
let spf_check_from ctx priv from =
let addr = priv.addr in
let spf_res = check_from addr from in
let milter_res =
match SPF.result spf_res with
| SPF.Fail c ->
debug "MAIL SPF failure for %s" from;
milter_reject ctx (SPF.smtp_comment c)
| SPF.Temperror ->
debug "MAIL SPF temperror for %s" from;
milter_tempfail ctx (SPF.header_comment spf_res)
| _ ->
debug "MAIL SPF pass for %s" from;
Milter.Continue in
spf_res, milter_res
let spf_check ctx priv from =
try
let spf_res, milter_res = spf_check_helo ctx priv in
match milter_res with
| Milter.Continue ->
let spf_res, milter_res =
if String.contains from '@' then spf_check_from ctx priv from
else spf_res, milter_res in
Some spf_res, milter_res
| other ->
Some spf_res, milter_res
with SPF.SPF_error e ->
let msg = sprintf "error checking SPF: %s" e in
warning "%s" msg;
None, milter_tempfail ctx msg
let milter_add_header ctx (field, value) =
debug "inserting header: %s: %s" field value;
Milter.insheader ctx 1 field value
let milter_replace_rcpt ctx old_rcpt new_rcpt =
Milter.delrcpt ctx old_rcpt;
Milter.addrcpt ctx new_rcpt
let reverse_srs_signed_rcpts ctx rcpts =
let srs = Milter_srs.current () in
List.iter
(fun rcpt ->
if Str.string_match srs_re rcpt 0 then begin
debug "got an SRS-signed bounce";
let n = 1 + int_of_string (Str.matched_group 1 rcpt) in
try
let rev_rcpt = applyn (SRS.reverse srs) rcpt n in
info "SRS-reversed address for '%s': '%s'" rcpt rev_rcpt;
milter_replace_rcpt ctx rcpt rev_rcpt
with SRS.SRS_error e ->
notice "SRS failure: %s: %s" rcpt e
end)
rcpts
let whitelist h =
Whitelisted h
let authentication_results ctx priv spf_res =
let myhostname = O.default "localhost" (Milter.getsymval ctx "j") in
let res = SPF.string_of_result (SPF.result spf_res) in
let comm = SPF.header_comment spf_res in
let from = O.some priv.from in
let helo = O.some priv.helo in
sprintf "%s; spf=%s (%s) smtp.mailfrom=%s smtp.helo=%s"
myhostname res comm from helo
let add_spf_header ctx priv resp = function
| "Authentication-Results" ->
let ar = authentication_results ctx priv resp in
milter_add_header ctx ("Authentication-Results", ar)
| "Received-SPF" ->
let rs = SPF.received_spf_value resp in
milter_add_header ctx ("Received-SPF", rs)
| h ->
error "invalid SPF header '%s'; using Authentication-Results instead" h;
let ar = authentication_results ctx priv resp in
milter_add_header ctx ("Authentication-Results", ar)
let srs_forward ctx from fwd =
let srs = Milter_srs.current () in
debug "randomly chosen SRS forward domain for '%s': '%s'" from fwd;
let srs_from = SRS.forward srs from fwd in
info "SRS-forwarding %s as %s" from srs_from;
Milter.chgfrom ctx srs_from None
(* Callbacks *)
let connect ctx host addr =
debug "connect callback: host=%s addr=%s"
(O.default "?" host) (O.may_default "?" string_of_sockaddr addr);
let addr = O.may_default Unix.inet_addr_loopback inet_addr_of_sockaddr addr in
let result = O.may_default No_result whitelist (Whitelist.check addr) in
let priv =
{ addr = addr
; helo = None
; from = None
; rcpts = []
; is_bounce = false
; result = result
} in
Milter.setpriv ctx (Some priv);
Milter.Continue
let helo ctx helo =
debug "helo callback: helo=%s" helo;
with_priv_data Milter.Tempfail ctx
(fun priv ->
{ priv with helo = Some helo}, Milter.Continue)
let envfrom ctx from args =
debug "envfrom callback: from=%s" from;
with_priv_data Milter.Tempfail ctx
(fun priv ->
match priv.helo with
| None ->
let addr = Unix.string_of_inet_addr priv.addr in
notice "remote %s didn't say HELO, rejecting message" addr;
Milter.setreply ctx "503" (Some "5.0.0") (Some "Please say HELO");
priv, Milter.Reject
| Some _ ->
let from = canonicalize from in
let priv = { priv with from = Some from; is_bounce = from = "" } in
match priv.result with
| No_result | Spf_response _ ->
(* This callback may be called multiple times in the same
* connection, so ignore previous results if any. *)
if C.spf_enable () then begin
debug "doing SPF verification";
let spf_res, milter_res = spf_check ctx priv from in
let result =
O.may_default priv.result (fun r -> Spf_response r) spf_res in
{ priv with result = result }, milter_res
end else
priv, Milter.Continue
| Whitelisted _ ->
(* Whitelists are IP-based, so just move on. *)
debug "connect address is whitelisted";
priv, Milter.Continue)
let envrcpt ctx rcpt args =
debug "envrcpt callback: rcpt=%s" rcpt;
with_priv_data Milter.Tempfail ctx
(fun priv ->
let rcpt = canonicalize rcpt in
let priv = { priv with rcpts = rcpt::priv.rcpts } in
priv, Milter.Continue)
let eom ctx =
debug "eom callback";
with_priv_data Milter.Tempfail ctx
(fun priv ->
let from = O.some priv.from in
let rcpts = priv.rcpts in
if C.srs_enable () then begin
if priv.is_bounce then
reverse_srs_signed_rcpts ctx rcpts
else if C.srs_always_rewrite () then
let myhostname = O.default "localhost" (Milter.getsymval ctx "j") in
srs_forward ctx from myhostname
else if is_remote_sender from then
match choose_forward_domain rcpts with
| None -> ()
| Some fwd -> srs_forward ctx from fwd
end;
match priv.result with
| Whitelisted ((_, msg) as header) ->
info "Whitelisted address: %s" msg;
milter_add_header ctx header;
priv, Milter.Continue
| Spf_response r ->
info "SPF result: %s" (SPF.string_of_result (SPF.result r));
List.iter (add_spf_header ctx priv r) (C.spf_result_headers ());
priv, Milter.Continue
| No_result ->
priv, Milter.Continue)
let abort ctx =
debug "abort callback";
with_priv_data Milter.Continue ctx
(fun priv ->
{ priv with result = No_result }, Milter.Continue)
let close ctx =
debug "close callback";
O.may (fun () -> Milter.setpriv ctx None) (Milter.getpriv ctx);
Milter.Continue
let negotiate ctx actions steps =
debug "negotiate callback";
let reqactions =
[Milter.ADDHDRS; Milter.ADDRCPT; Milter.DELRCPT; Milter.CHGFROM] in
if FlagSet.subset (FlagSet.of_list reqactions) (FlagSet.of_list actions) then
let unreq_steps =
StepSet.of_list
[ Milter.NOHDRS
; Milter.NOEOH
; Milter.NOBODY
; Milter.NOUNKNOWN
; Milter.NODATA
] in
let steps = StepSet.of_list steps in
let unreq_steps = StepSet.elements (StepSet.inter steps unreq_steps) in
(Milter.Continue, reqactions, unreq_steps)
else
(Milter.Reject, [], [])