Re: smtpd.conf add admd keyword
On 9/6/20 5:06 PM, Martijn van Duren wrote: > EHLO, > > RFC8601 defines the authentication-results header which can be used to > show the verification-results of DKIM, SPF, DMARC, and others. > I think it can be a good addition. ok giovanni@ Cheers Giovanni > I can think of quite a few filters that could be build around this > header: > - the prior mentioned > - detecting the header before accepting it into ones ADMD > - using it to calculate some sort of spam-score by some other filter > > These are the 3 main categories that spring to mind, with especially > the first one having the option to be split in quite a few different > filters on itself. > > Since setting the authservid on every of these filters (once they > arrive) will be cumbersome and error-prone I would like to propose to > distribute this value from a single point in the smtpd.conf. > > I already have a filter-admdscrub basically ready and I'm working on a > filter-dkimverify every now and then (no where near done yet) which can > use this feature. > > OK? > > martijn@ > > Index: lka_filter.c > === > RCS file: /cvs/src/usr.sbin/smtpd/lka_filter.c,v > retrieving revision 1.62 > diff -u -p -r1.62 lka_filter.c > --- lka_filter.c 24 Apr 2020 11:34:07 - 1.62 > +++ lka_filter.c 6 Sep 2020 15:05:21 - > @@ -210,6 +210,8 @@ lka_proc_config(struct processor_instanc > io_printf(pi->io, "config|subsystem|smtp-in\n"); > if (pi->subsystems & FILTER_SUBSYSTEM_SMTP_OUT) > io_printf(pi->io, "config|subsystem|smtp-out\n"); > + io_printf(pi->io, "config|admd|%s\n", > + env->sc_admd != NULL ? env->sc_admd : env->sc_hostname); > io_printf(pi->io, "config|ready\n"); > } > > Index: parse.y > === > RCS file: /cvs/src/usr.sbin/smtpd/parse.y,v > retrieving revision 1.278 > diff -u -p -r1.278 parse.y > --- parse.y 1 Jun 2020 05:21:30 - 1.278 > +++ parse.y 6 Sep 2020 15:05:21 - > @@ -173,7 +173,7 @@ typedef struct { > > %} > > -%token ACTION ALIAS ANY ARROW AUTH AUTH_OPTIONAL > +%token ACTION ADMD ALIAS ANY ARROW AUTH AUTH_OPTIONAL > %token BACKUP BOUNCE BYPASS > %token CA CERT CHAIN CHROOT CIPHERS COMMIT COMPRESSION CONNECT > %token DATA DATA_LINE DHE DISCONNECT DOMAIN > @@ -209,6 +209,7 @@ grammar : /* empty */ > | grammar include '\n' > | grammar varset '\n' > | grammar bounce '\n' > + | grammar admd '\n' > | grammar ca '\n' > | grammar mda '\n' > | grammar mta '\n' > @@ -310,6 +311,21 @@ BOUNCE WARN_INTERVAL { > ; > > > +admd: > +ADMD STRING { > + size_t i; > + > + for (i = 0; $2[i] != '\0'; i++) { > + if (!isprint($2[i])) { > + yyerror("not a valid admd"); > + free($2); > + YYERROR; > + } > + } > + conf->sc_admd = $2; > +}; > + > + > ca: > CA STRING { > char buf[HOST_NAME_MAX+1]; > @@ -2603,6 +2619,7 @@ lookup(char *s) > /* this has to be sorted always */ > static const struct keywords keywords[] = { > { "action", ACTION }, > + { "admd", ADMD }, > { "alias", ALIAS }, > { "any",ANY }, > { "auth", AUTH }, > Index: smtpd.conf.5 > === > RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v > retrieving revision 1.251 > diff -u -p -r1.251 smtpd.conf.5 > --- smtpd.conf.5 27 Aug 2020 08:58:30 - 1.251 > +++ smtpd.conf.5 6 Sep 2020 15:05:21 - > @@ -313,6 +313,11 @@ which is useful on machines with multipl > If the list contains more than one address, all of them are used > in such a way that traffic is routed as efficiently as possible. > .El > +.It Ic admd Ar authservid > +The Administrative Management Domain this mailserver belongs to. > +The authservid will be forwarded to filters using it to identify or mark > +authentication-results headers. > +If omitted it defaults to the server name. > .It Ic bounce Cm warn-interval Ar delay Op , Ar delay ... > Send warning messages to the envelope sender when temporary delivery > failures cause a message to remain on the queue for longer than > Index: smtpd.h > === > RCS file: /cvs/src/usr.sbin/smtpd/smtpd.h,v > retrieving revision 1.656 > diff -u -p -r1.656 smtpd.h > --- smtpd.h 8 Apr 2020 07:30:44 - 1.656 > +++ smtpd.h 6 Sep 2020 15:05:21 - > @@ -624,6 +624,8 @@ struct smtpd { > char *sc_srs_key; > char *sc_srs_key_backup; > int
Re: smtpd.conf add admd keyword
Any takers? On Sun, 2020-09-06 at 17:06 +0200, Martijn van Duren wrote: > EHLO, > > RFC8601 defines the authentication-results header which can be used to > show the verification-results of DKIM, SPF, DMARC, and others. > > I can think of quite a few filters that could be build around this > header: > - the prior mentioned > - detecting the header before accepting it into ones ADMD > - using it to calculate some sort of spam-score by some other filter > > These are the 3 main categories that spring to mind, with especially > the first one having the option to be split in quite a few different > filters on itself. > > Since setting the authservid on every of these filters (once they > arrive) will be cumbersome and error-prone I would like to propose to > distribute this value from a single point in the smtpd.conf. > > I already have a filter-admdscrub basically ready and I'm working on a > filter-dkimverify every now and then (no where near done yet) which can > use this feature. > > OK? > > martijn@ > > Index: lka_filter.c > === > RCS file: /cvs/src/usr.sbin/smtpd/lka_filter.c,v > retrieving revision 1.62 > diff -u -p -r1.62 lka_filter.c > --- lka_filter.c 24 Apr 2020 11:34:07 - 1.62 > +++ lka_filter.c 6 Sep 2020 15:05:21 - > @@ -210,6 +210,8 @@ lka_proc_config(struct processor_instanc > io_printf(pi->io, "config|subsystem|smtp-in\n"); > if (pi->subsystems & FILTER_SUBSYSTEM_SMTP_OUT) > io_printf(pi->io, "config|subsystem|smtp-out\n"); > + io_printf(pi->io, "config|admd|%s\n", > + env->sc_admd != NULL ? env->sc_admd : env->sc_hostname); > io_printf(pi->io, "config|ready\n"); > } > > Index: parse.y > === > RCS file: /cvs/src/usr.sbin/smtpd/parse.y,v > retrieving revision 1.278 > diff -u -p -r1.278 parse.y > --- parse.y 1 Jun 2020 05:21:30 - 1.278 > +++ parse.y 6 Sep 2020 15:05:21 - > @@ -173,7 +173,7 @@ typedef struct { > > %} > > -%token ACTION ALIAS ANY ARROW AUTH AUTH_OPTIONAL > +%token ACTION ADMD ALIAS ANY ARROW AUTH AUTH_OPTIONAL > %token BACKUP BOUNCE BYPASS > %token CA CERT CHAIN CHROOT CIPHERS COMMIT COMPRESSION CONNECT > %token DATA DATA_LINE DHE DISCONNECT DOMAIN > @@ -209,6 +209,7 @@ grammar : /* empty */ > | grammar include '\n' > | grammar varset '\n' > | grammar bounce '\n' > + | grammar admd '\n' > | grammar ca '\n' > | grammar mda '\n' > | grammar mta '\n' > @@ -310,6 +311,21 @@ BOUNCE WARN_INTERVAL { > ; > > > +admd: > +ADMD STRING { > + size_t i; > + > + for (i = 0; $2[i] != '\0'; i++) { > + if (!isprint($2[i])) { > + yyerror("not a valid admd"); > + free($2); > + YYERROR; > + } > + } > + conf->sc_admd = $2; > +}; > + > + > ca: > CA STRING { > char buf[HOST_NAME_MAX+1]; > @@ -2603,6 +2619,7 @@ lookup(char *s) > /* this has to be sorted always */ > static const struct keywords keywords[] = { > { "action", ACTION }, > + { "admd", ADMD }, > { "alias", ALIAS }, > { "any",ANY }, > { "auth", AUTH }, > Index: smtpd.conf.5 > === > RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v > retrieving revision 1.251 > diff -u -p -r1.251 smtpd.conf.5 > --- smtpd.conf.5 27 Aug 2020 08:58:30 - 1.251 > +++ smtpd.conf.5 6 Sep 2020 15:05:21 - > @@ -313,6 +313,11 @@ which is useful on machines with multipl > If the list contains more than one address, all of them are used > in such a way that traffic is routed as efficiently as possible. > .El > +.It Ic admd Ar authservid > +The Administrative Management Domain this mailserver belongs to. > +The authservid will be forwarded to filters using it to identify or mark > +authentication-results headers. > +If omitted it defaults to the server name. > .It Ic bounce Cm warn-interval Ar delay Op , Ar delay ... > Send warning messages to the envelope sender when temporary delivery > failures cause a message to remain on the queue for longer than > Index: smtpd.h > === > RCS file: /cvs/src/usr.sbin/smtpd/smtpd.h,v > retrieving revision 1.656 > diff -u -p -r1.656 smtpd.h > --- smtpd.h 8 Apr 2020 07:30:44 - 1.656 > +++ smtpd.h 6 Sep 2020 15:05:21 - > @@ -624,6 +624,8 @@ struct smtpd { > char *sc_srs_key; > char *sc_srs_key_backup; > int sc_srs_ttl; > + > +
smtpd.conf add admd keyword
EHLO, RFC8601 defines the authentication-results header which can be used to show the verification-results of DKIM, SPF, DMARC, and others. I can think of quite a few filters that could be build around this header: - the prior mentioned - detecting the header before accepting it into ones ADMD - using it to calculate some sort of spam-score by some other filter These are the 3 main categories that spring to mind, with especially the first one having the option to be split in quite a few different filters on itself. Since setting the authservid on every of these filters (once they arrive) will be cumbersome and error-prone I would like to propose to distribute this value from a single point in the smtpd.conf. I already have a filter-admdscrub basically ready and I'm working on a filter-dkimverify every now and then (no where near done yet) which can use this feature. OK? martijn@ Index: lka_filter.c === RCS file: /cvs/src/usr.sbin/smtpd/lka_filter.c,v retrieving revision 1.62 diff -u -p -r1.62 lka_filter.c --- lka_filter.c24 Apr 2020 11:34:07 - 1.62 +++ lka_filter.c6 Sep 2020 15:05:21 - @@ -210,6 +210,8 @@ lka_proc_config(struct processor_instanc io_printf(pi->io, "config|subsystem|smtp-in\n"); if (pi->subsystems & FILTER_SUBSYSTEM_SMTP_OUT) io_printf(pi->io, "config|subsystem|smtp-out\n"); + io_printf(pi->io, "config|admd|%s\n", + env->sc_admd != NULL ? env->sc_admd : env->sc_hostname); io_printf(pi->io, "config|ready\n"); } Index: parse.y === RCS file: /cvs/src/usr.sbin/smtpd/parse.y,v retrieving revision 1.278 diff -u -p -r1.278 parse.y --- parse.y 1 Jun 2020 05:21:30 - 1.278 +++ parse.y 6 Sep 2020 15:05:21 - @@ -173,7 +173,7 @@ typedef struct { %} -%token ACTION ALIAS ANY ARROW AUTH AUTH_OPTIONAL +%token ACTION ADMD ALIAS ANY ARROW AUTH AUTH_OPTIONAL %token BACKUP BOUNCE BYPASS %token CA CERT CHAIN CHROOT CIPHERS COMMIT COMPRESSION CONNECT %token DATA DATA_LINE DHE DISCONNECT DOMAIN @@ -209,6 +209,7 @@ grammar : /* empty */ | grammar include '\n' | grammar varset '\n' | grammar bounce '\n' + | grammar admd '\n' | grammar ca '\n' | grammar mda '\n' | grammar mta '\n' @@ -310,6 +311,21 @@ BOUNCE WARN_INTERVAL { ; +admd: +ADMD STRING { + size_t i; + + for (i = 0; $2[i] != '\0'; i++) { + if (!isprint($2[i])) { + yyerror("not a valid admd"); + free($2); + YYERROR; + } + } + conf->sc_admd = $2; +}; + + ca: CA STRING { char buf[HOST_NAME_MAX+1]; @@ -2603,6 +2619,7 @@ lookup(char *s) /* this has to be sorted always */ static const struct keywords keywords[] = { { "action", ACTION }, + { "admd", ADMD }, { "alias", ALIAS }, { "any",ANY }, { "auth", AUTH }, Index: smtpd.conf.5 === RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v retrieving revision 1.251 diff -u -p -r1.251 smtpd.conf.5 --- smtpd.conf.527 Aug 2020 08:58:30 - 1.251 +++ smtpd.conf.56 Sep 2020 15:05:21 - @@ -313,6 +313,11 @@ which is useful on machines with multipl If the list contains more than one address, all of them are used in such a way that traffic is routed as efficiently as possible. .El +.It Ic admd Ar authservid +The Administrative Management Domain this mailserver belongs to. +The authservid will be forwarded to filters using it to identify or mark +authentication-results headers. +If omitted it defaults to the server name. .It Ic bounce Cm warn-interval Ar delay Op , Ar delay ... Send warning messages to the envelope sender when temporary delivery failures cause a message to remain on the queue for longer than Index: smtpd.h === RCS file: /cvs/src/usr.sbin/smtpd/smtpd.h,v retrieving revision 1.656 diff -u -p -r1.656 smtpd.h --- smtpd.h 8 Apr 2020 07:30:44 - 1.656 +++ smtpd.h 6 Sep 2020 15:05:21 - @@ -624,6 +624,8 @@ struct smtpd { char *sc_srs_key; char *sc_srs_key_backup; int sc_srs_ttl; + + char *sc_admd; }; #defineTRACE_DEBUG 0x0001