Hello,
Whenever a rule with a local action (mbox, maildir, lmtp or mda) is matched,
smtpd will
attempt to search for a ~/.forward file in the recipient directory and process
it. This
may be convenient for some setups but it is an implicit behavior that's not
overridable
and not always wanted.
This diff changes this behavior by requiring the admins to explicitly allow the
forward
files processing in the actions when desired:
action "local_users" maildir forward-file
With this diff, if forward-file is not specified, code to request parent
process for an
fd is bypassed and the expansion layer just pretends parent couldn't find one.
This let
the code fallback in an already existing code path with the proper behavior and
is very
uninvasive.
diff --git a/usr.sbin/smtpd/lka_session.c b/usr.sbin/smtpd/lka_session.c
index ed1fd36fafd..ff328441957 100644
--- a/usr.sbin/smtpd/lka_session.c
+++ b/usr.sbin/smtpd/lka_session.c
@@ -434,9 +434,17 @@ lka_expand(struct lka_session *lks, struct rule *rule,
struct expandnode *xn)
fwreq.uid = lk.userinfo.uid;
fwreq.gid = lk.userinfo.gid;
- m_compose(p_parent, IMSG_LKA_OPEN_FORWARD, 0, 0, -1,
- &fwreq, sizeof(fwreq));
- lks->flags |= F_WAITING;
+ if (dsp->u.local.forward_file) {
+ log_debug("OPENING FORWARD FILE");
+ m_compose(p_parent, IMSG_LKA_OPEN_FORWARD, 0, 0, -1,
+ &fwreq, sizeof(fwreq));
+ lks->flags |= F_WAITING;
+ } else {
+ log_debug("BYPASSING FORWARD FILE");
+ fwreq.status = 1;
+ lks->flags |= F_WAITING;
+ lka_session_forward_reply(&fwreq, -1);
+ }
break;
case EXPAND_FILENAME:
diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y
index 9f1cb52ec98..752c3376b77 100644
--- a/usr.sbin/smtpd/parse.y
+++ b/usr.sbin/smtpd/parse.y
@@ -178,7 +178,7 @@ typedef struct {
%token CA CERT CHAIN CHROOT CIPHERS COMMIT COMPRESSION CONNECT
%token DATA DATA_LINE DHE DISCONNECT DOMAIN
%token EHLO ENABLE ENCRYPTION ERROR EXPAND_ONLY
-%token FCRDNS FILTER FOR FORWARD_ONLY FROM
+%token FCRDNS FILTER FOR FORWARD_FILE FORWARD_ONLY FROM
%token GROUP
%token HELO HELO_SRC HOST HOSTNAME HOSTNAMES
%token INCLUDE INET4 INET6
@@ -669,6 +669,13 @@ USER STRING {
}
dispatcher->u.local.mda_wrapper = $2;
}
+| FORWARD_FILE {
+ if (dispatcher->u.local.forward_file) {
+ yyerror("forward-file already specified for this dispatcher");
+ YYERROR;
+ }
+ dispatcher->u.local.forward_file = 1;
+}
;
dispatcher_local_options:
@@ -2646,6 +2653,7 @@ lookup(char *s)
{ "fcrdns", FCRDNS },
{ "filter", FILTER },
{ "for", FOR },
+ { "forward-file", FORWARD_FILE },
{ "forward-only", FORWARD_ONLY },
{ "from", FROM },
{ "group", GROUP },
diff --git a/usr.sbin/smtpd/smtpd.conf.5 b/usr.sbin/smtpd/smtpd.conf.5
index 36207c39a1e..fa98e13e158 100644
--- a/usr.sbin/smtpd/smtpd.conf.5
+++ b/usr.sbin/smtpd/smtpd.conf.5
@@ -173,6 +173,8 @@ Use the mapping
for
.Xr aliases 5
expansion.
+.It Cm forward-file
+Allow the use of a .forward file in user home directory .
.It Xo
.Cm ttl
.Sm off
diff --git a/usr.sbin/smtpd/smtpd.h b/usr.sbin/smtpd/smtpd.h
index 529ff683f76..8225f3ff157 100644
--- a/usr.sbin/smtpd/smtpd.h
+++ b/usr.sbin/smtpd/smtpd.h
@@ -1159,6 +1159,7 @@ struct dispatcher_local {
uint8_t expand_only;
uint8_t forward_only;
+ uint8_t forward_file;
char *mda_wrapper;
char *command;
