Re: smtpd.conf add admd keyword
On 9/6/20 5:06 PM, Martijn van Duren wrote:
> EHLO,
>
> RFC8601 defines the authentication-results header which can be used to
> show the verification-results of DKIM, SPF, DMARC, and others.
>
I think it can be a good addition.
ok giovanni@
Cheers
Giovanni
> I can think of quite a few filters that could be build around this
> header:
> - the prior mentioned
> - detecting the header before accepting it into ones ADMD
> - using it to calculate some sort of spam-score by some other filter
>
> These are the 3 main categories that spring to mind, with especially
> the first one having the option to be split in quite a few different
> filters on itself.
>
> Since setting the authservid on every of these filters (once they
> arrive) will be cumbersome and error-prone I would like to propose to
> distribute this value from a single point in the smtpd.conf.
>
> I already have a filter-admdscrub basically ready and I'm working on a
> filter-dkimverify every now and then (no where near done yet) which can
> use this feature.
>
> OK?
>
> martijn@
>
> Index: lka_filter.c
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/lka_filter.c,v
> retrieving revision 1.62
> diff -u -p -r1.62 lka_filter.c
> --- lka_filter.c 24 Apr 2020 11:34:07 - 1.62
> +++ lka_filter.c 6 Sep 2020 15:05:21 -
> @@ -210,6 +210,8 @@ lka_proc_config(struct processor_instanc
> io_printf(pi->io, "config|subsystem|smtp-in\n");
> if (pi->subsystems & FILTER_SUBSYSTEM_SMTP_OUT)
> io_printf(pi->io, "config|subsystem|smtp-out\n");
> + io_printf(pi->io, "config|admd|%s\n",
> + env->sc_admd != NULL ? env->sc_admd : env->sc_hostname);
> io_printf(pi->io, "config|ready\n");
> }
>
> Index: parse.y
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/parse.y,v
> retrieving revision 1.278
> diff -u -p -r1.278 parse.y
> --- parse.y 1 Jun 2020 05:21:30 - 1.278
> +++ parse.y 6 Sep 2020 15:05:21 -
> @@ -173,7 +173,7 @@ typedef struct {
>
> %}
>
> -%token ACTION ALIAS ANY ARROW AUTH AUTH_OPTIONAL
> +%token ACTION ADMD ALIAS ANY ARROW AUTH AUTH_OPTIONAL
> %token BACKUP BOUNCE BYPASS
> %token CA CERT CHAIN CHROOT CIPHERS COMMIT COMPRESSION CONNECT
> %token DATA DATA_LINE DHE DISCONNECT DOMAIN
> @@ -209,6 +209,7 @@ grammar : /* empty */
> | grammar include '\n'
> | grammar varset '\n'
> | grammar bounce '\n'
> + | grammar admd '\n'
> | grammar ca '\n'
> | grammar mda '\n'
> | grammar mta '\n'
> @@ -310,6 +311,21 @@ BOUNCE WARN_INTERVAL {
> ;
>
>
> +admd:
> +ADMD STRING {
> + size_t i;
> +
> + for (i = 0; $2[i] != '\0'; i++) {
> + if (!isprint($2[i])) {
> + yyerror("not a valid admd");
> + free($2);
> + YYERROR;
> + }
> + }
> + conf->sc_admd = $2;
> +};
> +
> +
> ca:
> CA STRING {
> char buf[HOST_NAME_MAX+1];
> @@ -2603,6 +2619,7 @@ lookup(char *s)
> /* this has to be sorted always */
> static const struct keywords keywords[] = {
> { "action", ACTION },
> + { "admd", ADMD },
> { "alias", ALIAS },
> { "any",ANY },
> { "auth", AUTH },
> Index: smtpd.conf.5
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v
> retrieving revision 1.251
> diff -u -p -r1.251 smtpd.conf.5
> --- smtpd.conf.5 27 Aug 2020 08:58:30 - 1.251
> +++ smtpd.conf.5 6 Sep 2020 15:05:21 -
> @@ -313,6 +313,11 @@ which is useful on machines with multipl
> If the list contains more than one address, all of them are used
> in such a way that traffic is routed as efficiently as possible.
> .El
> +.It Ic admd Ar authservid
> +The Administrative Management Domain this mailserver belongs to.
> +The authservid will be forwarded to filters using it to identify or mark
> +authentication-results headers.
> +If omitted it defaults to the server name.
> .It Ic bounce Cm warn-interval Ar delay Op , Ar delay ...
> Send warning messages to the envelope sender when temporary delivery
> failures cause a message to remain on the queue for longer than
> Index: smtpd.h
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/smtpd.h,v
> retrieving revision 1.656
> diff -u -p -r1.656 smtpd.h
> --- smtpd.h 8 Apr 2020 07:30:44 - 1.656
> +++ smtpd.h 6 Sep 2020 15:05:21 -
> @@ -624,6 +624,8 @@ struct smtpd {
> char *sc_srs_key;
> char *sc_srs_key_backup;
> int
Re: smtpd.conf add admd keyword
Any takers?
On Sun, 2020-09-06 at 17:06 +0200, Martijn van Duren wrote:
> EHLO,
>
> RFC8601 defines the authentication-results header which can be used to
> show the verification-results of DKIM, SPF, DMARC, and others.
>
> I can think of quite a few filters that could be build around this
> header:
> - the prior mentioned
> - detecting the header before accepting it into ones ADMD
> - using it to calculate some sort of spam-score by some other filter
>
> These are the 3 main categories that spring to mind, with especially
> the first one having the option to be split in quite a few different
> filters on itself.
>
> Since setting the authservid on every of these filters (once they
> arrive) will be cumbersome and error-prone I would like to propose to
> distribute this value from a single point in the smtpd.conf.
>
> I already have a filter-admdscrub basically ready and I'm working on a
> filter-dkimverify every now and then (no where near done yet) which can
> use this feature.
>
> OK?
>
> martijn@
>
> Index: lka_filter.c
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/lka_filter.c,v
> retrieving revision 1.62
> diff -u -p -r1.62 lka_filter.c
> --- lka_filter.c 24 Apr 2020 11:34:07 - 1.62
> +++ lka_filter.c 6 Sep 2020 15:05:21 -
> @@ -210,6 +210,8 @@ lka_proc_config(struct processor_instanc
> io_printf(pi->io, "config|subsystem|smtp-in\n");
> if (pi->subsystems & FILTER_SUBSYSTEM_SMTP_OUT)
> io_printf(pi->io, "config|subsystem|smtp-out\n");
> + io_printf(pi->io, "config|admd|%s\n",
> + env->sc_admd != NULL ? env->sc_admd : env->sc_hostname);
> io_printf(pi->io, "config|ready\n");
> }
>
> Index: parse.y
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/parse.y,v
> retrieving revision 1.278
> diff -u -p -r1.278 parse.y
> --- parse.y 1 Jun 2020 05:21:30 - 1.278
> +++ parse.y 6 Sep 2020 15:05:21 -
> @@ -173,7 +173,7 @@ typedef struct {
>
> %}
>
> -%token ACTION ALIAS ANY ARROW AUTH AUTH_OPTIONAL
> +%token ACTION ADMD ALIAS ANY ARROW AUTH AUTH_OPTIONAL
> %token BACKUP BOUNCE BYPASS
> %token CA CERT CHAIN CHROOT CIPHERS COMMIT COMPRESSION CONNECT
> %token DATA DATA_LINE DHE DISCONNECT DOMAIN
> @@ -209,6 +209,7 @@ grammar : /* empty */
> | grammar include '\n'
> | grammar varset '\n'
> | grammar bounce '\n'
> + | grammar admd '\n'
> | grammar ca '\n'
> | grammar mda '\n'
> | grammar mta '\n'
> @@ -310,6 +311,21 @@ BOUNCE WARN_INTERVAL {
> ;
>
>
> +admd:
> +ADMD STRING {
> + size_t i;
> +
> + for (i = 0; $2[i] != '\0'; i++) {
> + if (!isprint($2[i])) {
> + yyerror("not a valid admd");
> + free($2);
> + YYERROR;
> + }
> + }
> + conf->sc_admd = $2;
> +};
> +
> +
> ca:
> CA STRING {
> char buf[HOST_NAME_MAX+1];
> @@ -2603,6 +2619,7 @@ lookup(char *s)
> /* this has to be sorted always */
> static const struct keywords keywords[] = {
> { "action", ACTION },
> + { "admd", ADMD },
> { "alias", ALIAS },
> { "any",ANY },
> { "auth", AUTH },
> Index: smtpd.conf.5
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v
> retrieving revision 1.251
> diff -u -p -r1.251 smtpd.conf.5
> --- smtpd.conf.5 27 Aug 2020 08:58:30 - 1.251
> +++ smtpd.conf.5 6 Sep 2020 15:05:21 -
> @@ -313,6 +313,11 @@ which is useful on machines with multipl
> If the list contains more than one address, all of them are used
> in such a way that traffic is routed as efficiently as possible.
> .El
> +.It Ic admd Ar authservid
> +The Administrative Management Domain this mailserver belongs to.
> +The authservid will be forwarded to filters using it to identify or mark
> +authentication-results headers.
> +If omitted it defaults to the server name.
> .It Ic bounce Cm warn-interval Ar delay Op , Ar delay ...
> Send warning messages to the envelope sender when temporary delivery
> failures cause a message to remain on the queue for longer than
> Index: smtpd.h
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/smtpd.h,v
> retrieving revision 1.656
> diff -u -p -r1.656 smtpd.h
> --- smtpd.h 8 Apr 2020 07:30:44 - 1.656
> +++ smtpd.h 6 Sep 2020 15:05:21 -
> @@ -624,6 +624,8 @@ struct smtpd {
> char *sc_srs_key;
> char *sc_srs_key_backup;
> int sc_srs_ttl;
> +
> +
smtpd.conf add admd keyword
EHLO,
RFC8601 defines the authentication-results header which can be used to
show the verification-results of DKIM, SPF, DMARC, and others.
I can think of quite a few filters that could be build around this
header:
- the prior mentioned
- detecting the header before accepting it into ones ADMD
- using it to calculate some sort of spam-score by some other filter
These are the 3 main categories that spring to mind, with especially
the first one having the option to be split in quite a few different
filters on itself.
Since setting the authservid on every of these filters (once they
arrive) will be cumbersome and error-prone I would like to propose to
distribute this value from a single point in the smtpd.conf.
I already have a filter-admdscrub basically ready and I'm working on a
filter-dkimverify every now and then (no where near done yet) which can
use this feature.
OK?
martijn@
Index: lka_filter.c
===
RCS file: /cvs/src/usr.sbin/smtpd/lka_filter.c,v
retrieving revision 1.62
diff -u -p -r1.62 lka_filter.c
--- lka_filter.c24 Apr 2020 11:34:07 - 1.62
+++ lka_filter.c6 Sep 2020 15:05:21 -
@@ -210,6 +210,8 @@ lka_proc_config(struct processor_instanc
io_printf(pi->io, "config|subsystem|smtp-in\n");
if (pi->subsystems & FILTER_SUBSYSTEM_SMTP_OUT)
io_printf(pi->io, "config|subsystem|smtp-out\n");
+ io_printf(pi->io, "config|admd|%s\n",
+ env->sc_admd != NULL ? env->sc_admd : env->sc_hostname);
io_printf(pi->io, "config|ready\n");
}
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/smtpd/parse.y,v
retrieving revision 1.278
diff -u -p -r1.278 parse.y
--- parse.y 1 Jun 2020 05:21:30 - 1.278
+++ parse.y 6 Sep 2020 15:05:21 -
@@ -173,7 +173,7 @@ typedef struct {
%}
-%token ACTION ALIAS ANY ARROW AUTH AUTH_OPTIONAL
+%token ACTION ADMD ALIAS ANY ARROW AUTH AUTH_OPTIONAL
%token BACKUP BOUNCE BYPASS
%token CA CERT CHAIN CHROOT CIPHERS COMMIT COMPRESSION CONNECT
%token DATA DATA_LINE DHE DISCONNECT DOMAIN
@@ -209,6 +209,7 @@ grammar : /* empty */
| grammar include '\n'
| grammar varset '\n'
| grammar bounce '\n'
+ | grammar admd '\n'
| grammar ca '\n'
| grammar mda '\n'
| grammar mta '\n'
@@ -310,6 +311,21 @@ BOUNCE WARN_INTERVAL {
;
+admd:
+ADMD STRING {
+ size_t i;
+
+ for (i = 0; $2[i] != '\0'; i++) {
+ if (!isprint($2[i])) {
+ yyerror("not a valid admd");
+ free($2);
+ YYERROR;
+ }
+ }
+ conf->sc_admd = $2;
+};
+
+
ca:
CA STRING {
char buf[HOST_NAME_MAX+1];
@@ -2603,6 +2619,7 @@ lookup(char *s)
/* this has to be sorted always */
static const struct keywords keywords[] = {
{ "action", ACTION },
+ { "admd", ADMD },
{ "alias", ALIAS },
{ "any",ANY },
{ "auth", AUTH },
Index: smtpd.conf.5
===
RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v
retrieving revision 1.251
diff -u -p -r1.251 smtpd.conf.5
--- smtpd.conf.527 Aug 2020 08:58:30 - 1.251
+++ smtpd.conf.56 Sep 2020 15:05:21 -
@@ -313,6 +313,11 @@ which is useful on machines with multipl
If the list contains more than one address, all of them are used
in such a way that traffic is routed as efficiently as possible.
.El
+.It Ic admd Ar authservid
+The Administrative Management Domain this mailserver belongs to.
+The authservid will be forwarded to filters using it to identify or mark
+authentication-results headers.
+If omitted it defaults to the server name.
.It Ic bounce Cm warn-interval Ar delay Op , Ar delay ...
Send warning messages to the envelope sender when temporary delivery
failures cause a message to remain on the queue for longer than
Index: smtpd.h
===
RCS file: /cvs/src/usr.sbin/smtpd/smtpd.h,v
retrieving revision 1.656
diff -u -p -r1.656 smtpd.h
--- smtpd.h 8 Apr 2020 07:30:44 - 1.656
+++ smtpd.h 6 Sep 2020 15:05:21 -
@@ -624,6 +624,8 @@ struct smtpd {
char *sc_srs_key;
char *sc_srs_key_backup;
int sc_srs_ttl;
+
+ char *sc_admd;
};
#defineTRACE_DEBUG 0x0001
