Package: qmail-src
Version: 1.03-38
Severity: wishlist
Tags: patch
Hi Jon!
Please consider adding mfcheck (or similar) patch to debian-qmail. It's
short patch, which adds capability to check validity of envelope sender's
domain (DNS lookup). It's behavior is controlled by control file and
environment variable (disabled by default).
Patch is available from:
http://www.jms1.net/qmail/patches/qmail-1.03-mfcheck.3.patch
Short description can be found at:
http://www.jms1.net/qmail/patches/combined.shtml#details
Patch modified to apply cleanly to debian-qmail is in attachment.
Similar patch is also part of Spamcontrol.
Thanks!
th.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.27-grsec
Locale: LANG=sk_SK, LC_CTYPE=sk_SK (charmap=ISO-8859-2)
Versions of packages qmail-src depends on:
ii debconf 1.4.30.13 Debian configuration management sy
ii dpkg-dev 1.10.28 Package building tools for Debian
ii fakeroot 1.2.10 Gives a fake root environment
ii gcc 4:3.3.5-3 The GNU C compiler
ii groff-base 1.18.1.1-7 GNU troff text-formatting system (
ii make 3.80-9 The GNU version of the "make" util
ii patch 2.5.9-2 Apply a diff file to an original
ii sudo 1.6.8p7-1.1 Provide limited super user privile
-- debconf information excluded
diff -ruN qmail-1.03-orig/Makefile qmail-1.03/Makefile
--- qmail-1.03-orig/Makefile 2005-06-20 13:43:48.000000000 +0200
+++ qmail-1.03/Makefile 2005-06-20 13:48:23.000000000 +0200
@@ -1536,13 +1536,13 @@
timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o received.o \
date822fmt.o now.o qmail.o cdb.a fd.a wait.a datetime.a getln.a \
open.a sig.a case.a env.a stralloc.a alloc.a strerr.a substdio.a error.a str.a
\
-fs.a auto_qmail.o socket.lib
+fs.a auto_qmail.o socket.lib dns.o dns.lib
./load qmail-smtpd qregex.o rcpthosts.o commands.o timeoutread.o \
timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \
received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \
datetime.a getln.a open.a sig.a case.a env.a stralloc.a \
alloc.a strerr.a substdio.a error.a str.a fs.a auto_qmail.o `cat \
- socket.lib`
+ socket.lib` dns.o `cat dns.lib`
qmail-smtpd.0: \
qmail-smtpd.8
diff -ruN qmail-1.03-orig/qmail-control.9 qmail-1.03/qmail-control.9
--- qmail-1.03-orig/qmail-control.9 2005-06-20 13:43:48.000000000 +0200
+++ qmail-1.03/qmail-control.9 2005-06-20 13:44:36.000000000 +0200
@@ -63,6 +63,7 @@
.I idhost \fIme \fRqmail-inject
.I localiphost \fIme \fRqmail-smtpd
.I locals \fIme \fRqmail-send
+.I mfcheck \fR0 \fRqmail-smtpd
.I morercpthosts \fR(none) \fRqmail-smtpd
.I percenthack \fR(none) \fRqmail-send
.I plusdomain \fIme \fRqmail-inject
diff -ruN qmail-1.03-orig/qmail-smtpd.8 qmail-1.03/qmail-smtpd.8
--- qmail-1.03-orig/qmail-smtpd.8 2005-06-20 13:43:48.000000000 +0200
+++ qmail-1.03/qmail-smtpd.8 2005-06-20 13:44:36.000000000 +0200
@@ -138,6 +138,12 @@
This is done before
.IR rcpthosts .
.TP 5
+.I mfcheck
+If set,
+.B qmail-smtpd
+tries to resolve the domain of the envelope from address. It can be
+handy when you want to filter out spamhosts.
+.TP 5
.I morercpthosts
Extra allowed RCPT domains.
If
diff -ruN qmail-1.03-orig/qmail-smtpd.c qmail-1.03/qmail-smtpd.c
--- qmail-1.03-orig/qmail-smtpd.c 2005-06-20 13:43:48.000000000 +0200
+++ qmail-1.03/qmail-smtpd.c 2005-06-20 14:06:59.000000000 +0200
@@ -25,6 +25,7 @@
#include "commands.h"
#include "qregex.h"
#include "strerr.h"
+#include "dns.h"
#define BMCHECK_BMF 0
#define BMCHECK_BMFNR 1
@@ -35,6 +36,7 @@
#define MAXHOPS 100
unsigned int databytes = 0;
+unsigned int mfchk = 0;
int timeout = 1200;
int safewrite(fd,buf,len) int fd; char *buf; int len;
@@ -61,6 +63,8 @@
void err_bmf() { out("553 sorry, your envelope sender has been denied
(#5.7.1)\r\n"); }
void err_bmt() { out("553 sorry, your envelope recipient has been denied
(#5.7.1)\r\n"); }
void err_bhelo() { out("553 sorry, your HELO host name has been denied
(#5.7.1)\r\n"); }
+void err_hmf() { out("553 sorry, your envelope sender domain must exist
(#5.7.1)\r\n"); }
+void err_smf() { out("451 DNS temporary failure (#4.3.0)\r\n"); }
void err_nogateway() { out("553 sorry, that domain isn't in my list of allowed
rcpthosts (#5.7.1)\r\n"); }
void err_unimpl(arg) char *arg; { out("502 unimplemented (#5.5.1)\r\n"); }
void err_syntax() { out("555 syntax error (#5.5.4)\r\n"); }
@@ -135,6 +139,10 @@
if (rcpthosts_init() == -1) die_control();
+ if (control_readint(&mfchk,"control/mfcheck") == -1) die_control();
+ x = env_get("MFCHECK");
+ if (x) { scan_ulong(x,&u); mfchk = u; }
+
bmfok = control_readfile(&bmf,"control/badmailfrom",0);
if (bmfok == -1) die_control();
@@ -276,6 +284,25 @@
return 0;
}
+int mfcheck()
+{
+ stralloc sa = {0};
+ ipalloc ia = {0};
+ unsigned int random;
+ int j;
+
+ if (!mfchk) return 0;
+ random = now() + (getpid() << 16);
+ j = byte_rchr(addr.s,addr.len,'@') + 1;
+ if (j < addr.len) {
+ stralloc_copys(&sa, addr.s + j);
+ dns_init(0);
+ j = dns_mxip(&ia,&sa,random);
+ if (j < 0) return j;
+ }
+ return 0;
+}
+
int addrallowed()
{
int r;
@@ -317,6 +344,11 @@
if ((!flagbarfbmf) && (bmfnrok) && (addr.len != 1) && (!relayclient)) {
flagbarfbmf = bmcheck(BMCHECK_BMFNR);
}
+ switch(mfcheck()) {
+ case DNS_HARD: err_hmf(); return;
+ case DNS_SOFT: err_smf(); return;
+ case DNS_MEM: die_nomem();
+ }
seenmail = 1;
if (!stralloc_copys(&rcptto,"")) die_nomem();
if (!stralloc_copys(&mailfrom,addr.s)) die_nomem();
