Sorry for the delay, was catching up. On Thu, Oct 25, 2018 at 10:32:32PM +0200, Martijn van Duren wrote: > Back in the old days of the ancient syntax smtpd.conf(5) contained > the following section: > sender [!] <senders> > If specified, the rule will only be matched if the sender > email address is found in the table senders. The table > may contain complete email addresses or apply to an > entire domain if prefixed with ???@???. > > This almost worked for me, except when adding @<domain>.<tld> in my > sqlite backend (haven't tested with different backends). I reported > this way back in 2016 and left it at that, but today I had a machine > at my $DAYJOB that got an annoying amount of spam from a single > domain that varied in user component and source ip. So filtering on > domain would've helped a lot. >
There was a bug in the mailaddr matching which got fixed a while ago so this should not be a problem with the smtpd shipped with 6.4 > The following diff implements what the old sender said it would do > for mail-from and rcpt-to. > > So far only lightly tested on a private server. > > thoughts? > Have you checked that it still doesn't work ?? I've been using the following for many many many months: match from any mail-from "@qq.com" for any reject So as far as I know there's no need for your diff... $ nc localhost 25 220 poolp.org ESMTP OpenSMTPD helo localhost 250 poolp.org Hello localhost [127.0.0.1], pleased to meet you mail from:<gil...@qq.com> 250 2.0.0: Ok rcpt to:<gil...@poolp.org> 550 Invalid recipient ^C The diff would be wrong anyway but that's another story > Index: ruleset.c > =================================================================== > RCS file: /cvs/src/usr.sbin/smtpd/ruleset.c,v > retrieving revision 1.36 > diff -u -p -r1.36 ruleset.c > --- ruleset.c 16 Jun 2018 19:41:26 -0000 1.36 > +++ ruleset.c 25 Oct 2018 20:18:53 -0000 > @@ -179,6 +179,13 @@ ruleset_match_smtp_mail_from(struct rule > table = table_find(env, r->table_smtp_mail_from, NULL); > if ((ret = ruleset_match_table_lookup(table, key, K_MAILADDR)) < 0) > return -1; > + if (ret == 0) { > + if ((key = strchr(key, '@')) == NULL) > + return 0; > + ret = ruleset_match_table_lookup(table, key, K_MAILADDR); > + if (ret < 0) > + return -1; > + } > > return r->flag_smtp_mail_from < 0 ? !ret : ret; > } > @@ -199,6 +206,13 @@ ruleset_match_smtp_rcpt_to(struct rule * > table = table_find(env, r->table_smtp_rcpt_to, NULL); > if ((ret = ruleset_match_table_lookup(table, key, K_MAILADDR)) < 0) > return -1; > + if (ret == 0) { > + if ((key = strchr(key, '@')) == NULL) > + return 0; > + ret = ruleset_match_table_lookup(table, key, K_MAILADDR); > + if (ret < 0) > + return -1; > + } > > return r->flag_smtp_rcpt_to < 0 ? !ret : ret; > } > Index: smtpd.conf.5 > =================================================================== > RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v > retrieving revision 1.206 > diff -u -p -r1.206 smtpd.conf.5 > --- smtpd.conf.5 8 Oct 2018 06:10:17 -0000 1.206 > +++ smtpd.conf.5 25 Oct 2018 20:18:53 -0000 > @@ -531,6 +531,11 @@ Specify that session's HELO / EHLO shoul > .Xc > Specify that transactions's MAIL FROM should match the string or list table > .Ar sender . > +The > +.Ar sender > +may contain complete email addresses or apply to an entire domain if prefixed > +with > +.Sq @ . > .It Xo > .Op Ic \&! > .Cm rcpt\-to > @@ -538,6 +543,11 @@ Specify that transactions's MAIL FROM sh > .Xc > Specify that transaction's RCPT TO should match the string or list table > .Ar recipient . > +The > +.Ar recipient > +may contain complete email addresses or apply to an entire domain if prefixed > +with > +.Sq @ . > .It Xo > .Op Ic \&! > .Cm tag Ar tag > -- Gilles Chehade https://www.poolp.org @poolpOrg