Sorry for the delay, was catching up.
On Thu, Oct 25, 2018 at 10:32:32PM +0200, Martijn van Duren wrote:
> Back in the old days of the ancient syntax smtpd.conf(5) contained
> the following section:
> sender [!] <senders>
> If specified, the rule will only be matched if the sender
> email address is found in the table senders. The table
> may contain complete email addresses or apply to an
> entire domain if prefixed with ???@???.
>
> This almost worked for me, except when adding @<domain>.<tld> in my
> sqlite backend (haven't tested with different backends). I reported
> this way back in 2016 and left it at that, but today I had a machine
> at my $DAYJOB that got an annoying amount of spam from a single
> domain that varied in user component and source ip. So filtering on
> domain would've helped a lot.
>
There was a bug in the mailaddr matching which got fixed a while ago
so this should not be a problem with the smtpd shipped with 6.4
> The following diff implements what the old sender said it would do
> for mail-from and rcpt-to.
>
> So far only lightly tested on a private server.
>
> thoughts?
>
Have you checked that it still doesn't work ??
I've been using the following for many many many months:
match from any mail-from "@qq.com" for any reject
So as far as I know there's no need for your diff...
$ nc localhost 25
220 poolp.org ESMTP OpenSMTPD
helo localhost
250 poolp.org Hello localhost [127.0.0.1], pleased to meet you
mail from:<gil...@qq.com>
250 2.0.0: Ok
rcpt to:<gil...@poolp.org>
550 Invalid recipient
^C
The diff would be wrong anyway but that's another story
> Index: ruleset.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/smtpd/ruleset.c,v
> retrieving revision 1.36
> diff -u -p -r1.36 ruleset.c
> --- ruleset.c 16 Jun 2018 19:41:26 -0000 1.36
> +++ ruleset.c 25 Oct 2018 20:18:53 -0000
> @@ -179,6 +179,13 @@ ruleset_match_smtp_mail_from(struct rule
> table = table_find(env, r->table_smtp_mail_from, NULL);
> if ((ret = ruleset_match_table_lookup(table, key, K_MAILADDR)) < 0)
> return -1;
> + if (ret == 0) {
> + if ((key = strchr(key, '@')) == NULL)
> + return 0;
> + ret = ruleset_match_table_lookup(table, key, K_MAILADDR);
> + if (ret < 0)
> + return -1;
> + }
>
> return r->flag_smtp_mail_from < 0 ? !ret : ret;
> }
> @@ -199,6 +206,13 @@ ruleset_match_smtp_rcpt_to(struct rule *
> table = table_find(env, r->table_smtp_rcpt_to, NULL);
> if ((ret = ruleset_match_table_lookup(table, key, K_MAILADDR)) < 0)
> return -1;
> + if (ret == 0) {
> + if ((key = strchr(key, '@')) == NULL)
> + return 0;
> + ret = ruleset_match_table_lookup(table, key, K_MAILADDR);
> + if (ret < 0)
> + return -1;
> + }
>
> return r->flag_smtp_rcpt_to < 0 ? !ret : ret;
> }
> Index: smtpd.conf.5
> ===================================================================
> RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v
> retrieving revision 1.206
> diff -u -p -r1.206 smtpd.conf.5
> --- smtpd.conf.5 8 Oct 2018 06:10:17 -0000 1.206
> +++ smtpd.conf.5 25 Oct 2018 20:18:53 -0000
> @@ -531,6 +531,11 @@ Specify that session's HELO / EHLO shoul
> .Xc
> Specify that transactions's MAIL FROM should match the string or list table
> .Ar sender .
> +The
> +.Ar sender
> +may contain complete email addresses or apply to an entire domain if prefixed
> +with
> +.Sq @ .
> .It Xo
> .Op Ic \&!
> .Cm rcpt\-to
> @@ -538,6 +543,11 @@ Specify that transactions's MAIL FROM sh
> .Xc
> Specify that transaction's RCPT TO should match the string or list table
> .Ar recipient .
> +The
> +.Ar recipient
> +may contain complete email addresses or apply to an entire domain if prefixed
> +with
> +.Sq @ .
> .It Xo
> .Op Ic \&!
> .Cm tag Ar tag
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
