Add initial version of rejectutils.

schmonz · Jul 20, 2017 · 0c3fe7f · 0c3fe7f
1 parent e40bdc5
commit 0c3fe7f
Show file tree

Hide file tree

Showing 19 changed files with 1,185 additions and 0 deletions.
diff --git a/Makefile b/Makefile
@@ -136,6 +136,11 @@ auto_usera.o: \
 compile auto_usera.c
 	./compile auto_usera.c
 
+badrcptto.o: \
+compile badrcptto.c byte.h constmap.h control.h env.h fmt.h str.h \
+stralloc.h strerr.h
+	./compile badrcptto.c
+
 binm1: \
 binm1.sh conf-qmail
 	cat binm1.sh \
@@ -237,6 +242,10 @@ case_lowers.o: \
 compile case_lowers.c case.h
 	./compile case_lowers.c
 
+case_startb2.o: \
+compile case_startb2.c case.h
+	./compile case_startb2.c
+
 case_starts.o: \
 compile case_starts.c case.h
 	./compile case_starts.c
@@ -1331,6 +1340,44 @@ fmt.h str.h scan.h open.h error.h getln.h auto_break.h auto_qmail.h \
 auto_usera.h
 	./compile qmail-pw2u.c
 
+qmail-qfilter-ofmipd-queue: \
+load qmail-qfilter-ofmipd-queue.o control.o error.a fs.a getln.a \
+open.a stralloc.a substdio.a str.a alloc.a wait.a
+	./load qmail-qfilter-ofmipd-queue control.o error.a fs.a getln.a \
+	open.a stralloc.a substdio.a str.a alloc.a wait.a
+
+qmail-qfilter-ofmipd-queue.c: \
+qmail-qfilter-smtpd-queue.c
+	cat qmail-qfilter-smtpd-queue.c \
+	| sed s}control/smtpfilters}control/ofmipfilters}g \
+	> qmail-qfilter-ofmipd-queue.c
+
+qmail-qfilter-ofmipd-queue.o: \
+compile qmail-qfilter-ofmipd-queue.c control.h stralloc.h wait.h
+	./compile qmail-qfilter-ofmipd-queue.c
+
+qmail-qfilter-smtpd-queue: \
+load qmail-qfilter-smtpd-queue.o control.o error.a fs.a getln.a \
+open.a stralloc.a substdio.a str.a alloc.a wait.a
+	./load qmail-qfilter-smtpd-queue control.o error.a fs.a getln.a \
+	open.a stralloc.a substdio.a str.a alloc.a wait.a
+
+qmail-qfilter-smtpd-queue.o: \
+compile qmail-qfilter-smtpd-queue.c control.h stralloc.h wait.h
+	./compile qmail-qfilter-smtpd-queue.c
+
+qmail-qfilter-viruscan: \
+load qmail-qfilter-viruscan.o viruscan.o case_startb2.o control.o \
+env.a error.a case.a fs.a getln.a open.a stralloc.a substdio.a \
+str.a alloc.a
+	./load qmail-qfilter-viruscan viruscan.o case_startb2.o control.o \
+	env.a error.a case.a fs.a getln.a open.a stralloc.a substdio.a \
+	str.a alloc.a
+
+qmail-qfilter-viruscan.o: \
+compile qmail-qfilter-viruscan.c viruscan.h
+	./compile qmail-qfilter-viruscan.c
+
 qmail-qmqpc: \
 load qmail-qmqpc.o slurpclose.o timeoutread.o timeoutwrite.o \
 timeoutconn.o ip.o control.o auto_qmail.o sig.a ndelay.a open.a \
@@ -1437,6 +1484,54 @@ alloc.h substdio.h datetime.h now.h datetime.h triggerpull.h extra.h \
 auto_qmail.h auto_uids.h date822fmt.h fmtqfn.h
 	./compile qmail-queue.c
 
+qmail-rcptcheck: \
+load qmail-rcptcheck.o control.o error.a fs.a getln.a open.a \
+stralloc.a substdio.a str.a alloc.a wait.a
+	./load qmail-rcptcheck control.o error.a fs.a getln.a open.a \
+	stralloc.a substdio.a str.a alloc.a wait.a
+
+qmail-rcptcheck-badrcptto: \
+load qmail-rcptcheck-badrcptto.o badrcptto.o control.o constmap.o \
+case.a env.a fs.a getln.a open.a stralloc.a strerr.a substdio.a \
+error.a str.a alloc.a
+	./load qmail-rcptcheck-badrcptto badrcptto.o control.o constmap.o \
+	case.a env.a fs.a getln.a open.a stralloc.a strerr.a substdio.a \
+	error.a str.a alloc.a
+
+qmail-rcptcheck-badrcptto.o: \
+compile qmail-rcptcheck-badrcptto.c badrcptto.h env.h
+	./compile qmail-rcptcheck-badrcptto.c
+
+qmail-rcptcheck-qregex: \
+load qmail-rcptcheck-qregex.o qregexrcptto.o control.o env.a \
+qregex.o stralloc.a strerr.a error.a getln.a open.a fs.a \
+substdio.a str.a alloc.a
+	./load qmail-rcptcheck-qregex qregexrcptto.o control.o env.a \
+	qregex.o stralloc.a strerr.a error.a getln.a open.a fs.a \
+	substdio.a str.a alloc.a
+
+qmail-rcptcheck-qregex.o: \
+compile qmail-rcptcheck-qregex.c env.h qregexrcptto.h
+	./compile qmail-rcptcheck-qregex.c
+
+qmail-rcptcheck-realrcptto: \
+load qmail-rcptcheck-realrcptto.o realrcptto.o auto_break.o \
+auto_usera.o control.o constmap.o timeoutwrite.o \
+case.a cdb.a env.a error.a fs.a getln.a open.a str.a stralloc.a \
+alloc.a substdio.a
+	./load qmail-rcptcheck-realrcptto realrcptto.o auto_break.o \
+	auto_usera.o control.o constmap.o timeoutwrite.o \
+	case.a cdb.a env.a error.a fs.a getln.a open.a str.a stralloc.a \
+	alloc.a substdio.a
+
+qmail-rcptcheck-realrcptto.o: \
+compile qmail-rcptcheck-realrcptto.c env.h realrcptto.h
+	./compile qmail-rcptcheck-realrcptto.c
+
+qmail-rcptcheck.o: \
+compile qmail-rcptcheck.c control.h stralloc.h wait.h
+	./compile qmail-rcptcheck.c
+
 qmail-remote: \
 load qmail-remote.o control.o constmap.o timeoutread.o timeoutwrite.o \
 timeoutconn.o tcpto.o now.o dns.o ip.o ipalloc.o ipme.o quote.o \
@@ -1655,6 +1750,14 @@ gen_alloc.h error.h gen_alloc.h gen_allocdefs.h headerbody.h exit.h \
 open.h quote.h qmail.h substdio.h
 	./compile qreceipt.c
 
+qregex.o: \
+compile qregex.c qregex.h
+	./compile qregex.c
+
+qregexrcptto.o: \
+compile qregexrcptto.c control.h env.h qregex.h stralloc.h strerr.h
+	./compile qregexrcptto.c
+
 qsmhook: \
 load qsmhook.o sig.a case.a fd.a wait.a getopt.a env.a stralloc.a \
 alloc.a substdio.a error.a str.a
@@ -1686,6 +1789,11 @@ compile readsubdir.c readsubdir.h direntry.h fmt.h scan.h str.h \
 auto_split.h
 	./compile readsubdir.c
 
+realrcptto.o: \
+compile realrcptto.c auto_break.h auto_usera.h byte.h case.h cdb.h \
+constmap.h error.h fmt.h open.h str.h stralloc.h uint32.h
+	./compile realrcptto.c
+
 received.o: \
 compile received.c fmt.h qmail.h substdio.h now.h datetime.h \
 datetime.h date822fmt.h received.h
@@ -1696,6 +1804,12 @@ compile remoteinfo.c byte.h substdio.h ip.h fmt.h timeoutconn.h \
 timeoutread.h timeoutwrite.h remoteinfo.h
 	./compile remoteinfo.c
 
+rejectutils: \
+qmail-qfilter-ofmipd-queue qmail-qfilter-smtpd-queue \
+qmail-qfilter-viruscan \
+qmail-rcptcheck \
+qmail-rcptcheck-badrcptto qmail-rcptcheck-qregex qmail-rcptcheck-realrcptto
+
 scan_8long.o: \
 compile scan_8long.c scan.h
 	./compile scan_8long.c
@@ -2128,6 +2242,10 @@ tryulong32.c compile load uint32.h1 uint32.h2
 	&& cat uint32.h2 || cat uint32.h1 ) > uint32.h
 	rm -f tryulong32.o tryulong32
 
+viruscan.o: \
+compile viruscan.c byte.h case.h control.h env.h fmt.h getln.h str.h stralloc.h substdio.h
+	./compile viruscan.c
+
 wait.a: \
 makelib wait_pid.o wait_nohang.o
 	./makelib wait.a wait_pid.o wait_nohang.o

diff --git a/TARGETS b/TARGETS
@@ -385,3 +385,24 @@ forgeries.0
 man
 setup
 check
+badrcptto.o
+case_startb2.o
+qmail-qfilter-ofmipd-queue
+qmail-qfilter-ofmipd-queue.c
+qmail-qfilter-ofmipd-queue.o
+qmail-qfilter-smtpd-queue
+qmail-qfilter-smtpd-queue.o
+qmail-qfilter-viruscan
+qmail-qfilter-viruscan.o
+qmail-rcptcheck
+qmail-rcptcheck.o
+qmail-rcptcheck-badrcptto
+qmail-rcptcheck-badrcptto.o
+qmail-rcptcheck-qregex
+qmail-rcptcheck-qregex.o
+qmail-rcptcheck-realrcptto
+qmail-rcptcheck-realrcptto.o
+qregex.o
+qregexrcptto.o
+realrcptto.o
+viruscan.o
diff --git a/badrcptto.c b/badrcptto.c
@@ -0,0 +1,67 @@
+#include <unistd.h>
+#include "byte.h"
+#include "constmap.h"
+#include "control.h"
+#include "env.h"
+#include "fmt.h"
+#include "str.h"
+#include "stralloc.h"
+#include "strerr.h"
+
+extern void die_control();
+extern void die_nomem();
+
+static void _badrcptto_log_rejection(char *recipient)
+{
+  char smtpdpid[32];
+  char *remoteip = env_get("TCPREMOTEIP");
+  if (!remoteip) remoteip = "unknown";
+  str_copy(smtpdpid + fmt_ulong(smtpdpid,getppid())," ");
+  strerr_warn5("rcptcheck: badrcptto ",smtpdpid,remoteip," ",recipient,0);
+}
+
+static int _badrcptto_reject_exact_address(struct constmap map, stralloc address)
+{
+  return (1 && constmap(&map,address.s,address.len - 1));
+}
+
+static int _badrcptto_reject_whole_domain(struct constmap map, stralloc address)
+{
+  /* why not just comment out the domain in control/rcpthosts? */
+  int j = byte_rchr(address.s,address.len,'@');
+  return ((j < address.len) && (constmap(&map,address.s + j,address.len - j - 1)));
+}
+
+static int _badrcptto_reject_string(char *string)
+{
+  stralloc addr = {0};
+  stralloc brt = {0};
+  struct constmap mapbrt;
+  int brtok = control_readfile(&brt,"control/badrcptto",0);
+  if (brtok == -1) die_control();
+  if (!brtok) return 0;
+  if (!constmap_init(&mapbrt,brt.s,brt.len,0)) die_nomem();
+
+  if (!stralloc_copys(&addr,string)) die_nomem();
+  if (!stralloc_0(&addr)) die_nomem();
+
+  if (_badrcptto_reject_exact_address(mapbrt,addr)) {
+    _badrcptto_log_rejection(addr.s);
+    return 1;
+  }
+
+  if (_badrcptto_reject_whole_domain(mapbrt,addr)) {
+    _badrcptto_log_rejection(addr.s);
+    return 1;
+  }
+
+  return 0;
+}
+
+int badrcptto_reject_recipient(char *recipient)
+{
+  if (env_get("RELAYCLIENT"))
+    return 0;
+
+  return _badrcptto_reject_string(recipient);
+}
diff --git a/badrcptto.h b/badrcptto.h
@@ -0,0 +1,6 @@
+#ifndef BADRCPTTO_H
+#define BADRCPTTO_H
+
+int badrcptto_reject_recipient(char *);
+
+#endif
diff --git a/case_startb2.c b/case_startb2.c
@@ -0,0 +1,21 @@
+#include "case.h"
+
+int case_startb(s,len,t)
+register char *s;
+unsigned int len;
+register char *t;
+{
+  register unsigned char x;
+  register unsigned char y;
+
+  for (;;) {
+    y = *t++ - 'A';
+    if (y <= 'Z' - 'A') y += 'a'; else y += 'A';
+    if (!y) return 1;
+    if (!len) return 0;
+    --len;
+    x = *s++ - 'A';
+    if (x <= 'Z' - 'A') x += 'a'; else x += 'A';
+    if (x != y) return 0;
+  }
+}
diff --git a/qmail-qfilter-smtpd-queue.c b/qmail-qfilter-smtpd-queue.c
@@ -0,0 +1,61 @@
+#include <unistd.h>
+#include "alloc.h"
+#include "control.h"
+#include "str.h"
+#include "stralloc.h"
+#include "wait.h"
+
+void unable_to_allocate() { _exit(51); }
+void unable_to_execute()  { _exit(71); }
+void unable_to_verify()   { _exit(55); }
+
+static int num_lines(stralloc lines)
+{
+  int num = 0;
+  int i;
+  for (i = 0; i < lines.len; i++) if (lines.s[i] == '\0') num++;
+  return num;
+}
+
+static void run_qmail_qfilter(stralloc filters)
+{
+  int num_args;
+  char **args;
+  int arg;
+  int linestart;
+  int i;
+
+  num_args = 2 * num_lines(filters);
+  if (num_args == 0) num_args = 1;
+  if (!(args = (char **) alloc(sizeof(char *) * num_args)))
+    unable_to_allocate();
+
+  args[0] = "bin/qmail-qfilter";
+
+  arg = 0;
+  linestart = 0;
+  for (i = 0; i < filters.len; i++) {
+    if (filters.s[i] == '\0') {
+      stralloc filter = {0};
+      stralloc_copys(&filter, filters.s + linestart);
+      stralloc_0(&filter);
+      args[++arg] = filter.s;
+      args[++arg] = "--";
+      linestart = i + 1;
+    }
+  }
+  args[num_args] = 0;
+
+  execv(*args, args);
+  unable_to_execute();
+}
+
+int main(int argc, char **argv)
+{
+  stralloc filters = {0};
+
+  if (control_readfile(&filters,"control/smtpfilters",0) == -1)
+    unable_to_verify();
+
+  run_qmail_qfilter(filters);
+}
diff --git a/qmail-qfilter-viruscan.c b/qmail-qfilter-viruscan.c
@@ -0,0 +1,16 @@
+#include <unistd.h>
+#include "viruscan.h"
+
+static void accept_message() { _exit( 0); }
+static void reject_message() { _exit(31); }
+
+void die_control()           { _exit(55); }
+void die_nomem()             { _exit(51); }
+
+int main(void)
+{
+  if (viruscan_reject_attachment())
+    reject_message();
+
+  accept_message();
+}
diff --git a/qmail-rcptcheck-badrcptto.c b/qmail-rcptcheck-badrcptto.c
@@ -0,0 +1,23 @@
+#include <unistd.h>
+#include "badrcptto.h"
+#include "env.h"
+
+void accept_recipient() { _exit(  0); }
+void reject_recipient() { _exit(100); }
+void unable_to_verify() { _exit(111); }
+
+void die_control() { unable_to_verify(); }
+void die_nomem()   { unable_to_verify(); }
+
+int main(void)
+{
+  char *recipient = env_get("RECIPIENT");
+
+  if (!recipient)
+    unable_to_verify();
+
+  if (badrcptto_reject_recipient(recipient))
+    reject_recipient();
+
+  accept_recipient();
+}