smtpd(8) match mail-from entire domain

Thu, 25 Oct 2018 13:33:01 -0700 

Back in the old days of the ancient syntax smtpd.conf(5) contained
the following section:
sender [!] <senders>
        If specified, the rule will only be matched if the sender
        email address is found in the table senders.  The table
        may contain complete email addresses or apply to an
        entire domain if prefixed with ‘@’.

This almost worked for me, except when adding @<domain>.<tld> in my
sqlite backend (haven't tested with different backends). I reported
this way back in 2016 and left it at that, but today I had a machine
at my $DAYJOB that got an annoying amount of spam from a single
domain that varied in user component and source ip. So filtering on
domain would've helped a lot.

The following diff implements what the old sender said it would do
for mail-from and rcpt-to.

So far only lightly tested on a private server.

thoughts?

martijn@

Index: ruleset.c
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/ruleset.c,v
retrieving revision 1.36
diff -u -p -r1.36 ruleset.c
--- ruleset.c   16 Jun 2018 19:41:26 -0000      1.36
+++ ruleset.c   25 Oct 2018 20:18:53 -0000
@@ -179,6 +179,13 @@ ruleset_match_smtp_mail_from(struct rule
        table = table_find(env, r->table_smtp_mail_from, NULL);
        if ((ret = ruleset_match_table_lookup(table, key, K_MAILADDR)) < 0)
                return -1;
+       if (ret == 0) {
+               if ((key = strchr(key, '@')) == NULL)
+                       return 0;
+               ret = ruleset_match_table_lookup(table, key, K_MAILADDR);
+               if (ret < 0)
+                       return -1;
+       }
 
        return r->flag_smtp_mail_from < 0 ? !ret : ret;
 }
@@ -199,6 +206,13 @@ ruleset_match_smtp_rcpt_to(struct rule *
        table = table_find(env, r->table_smtp_rcpt_to, NULL);
        if ((ret = ruleset_match_table_lookup(table, key, K_MAILADDR)) < 0)
                return -1;
+       if (ret == 0) {
+               if ((key = strchr(key, '@')) == NULL)
+                       return 0;
+               ret = ruleset_match_table_lookup(table, key, K_MAILADDR);
+               if (ret < 0)
+                       return -1;
+       }
 
        return r->flag_smtp_rcpt_to < 0 ? !ret : ret;
 }
Index: smtpd.conf.5
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v
retrieving revision 1.206
diff -u -p -r1.206 smtpd.conf.5
--- smtpd.conf.5        8 Oct 2018 06:10:17 -0000       1.206
+++ smtpd.conf.5        25 Oct 2018 20:18:53 -0000
@@ -531,6 +531,11 @@ Specify that session's HELO / EHLO shoul
 .Xc
 Specify that transactions's MAIL FROM should match the string or list table
 .Ar sender .
+The
+.Ar sender
+may contain complete email addresses or apply to an entire domain if prefixed
+with
+.Sq @ .
 .It Xo
 .Op Ic \&!
 .Cm rcpt\-to
@@ -538,6 +543,11 @@ Specify that transactions's MAIL FROM sh
 .Xc
 Specify that transaction's RCPT TO should match the string or list table
 .Ar recipient .
+The
+.Ar recipient 
+may contain complete email addresses or apply to an entire domain if prefixed
+with
+.Sq @ .
 .It Xo
 .Op Ic \&!
 .Cm tag Ar tag

Reply via email to