> You could post here (or send me) the routine where chkuser is
> called (both for sender and recipients), just to see what to change.
I have attached snippets from qmail-smtpd.c showing the send & rcpt routines
and chkuser code.... I hope this is what you meant.
> [Is chkuser.h included in a valid point within qmail-smtpd.c?]
I have:
<snip>
#include "fd.h"
#include "dns.h"
#include "spf.h"
/*chkuser*/
#include "chkuser.h"
Thanks
Lee
void smtp_mail(arg) char *arg;
{
int r;
rcptcounter = 0 ;
if (!addrparse(arg)) { err_syntax(); return; }
/*chkuser*/
if (chkuser_sender (&addr) != CHKUSER_OK) { return; }
/*chkuser end*/
flagbarf = bmfcheck();
switch(mfcheck()) {
case DNS_HARD: err_hmf(); return;
case DNS_SOFT: err_smf(); return;
case DNS_MEM: die_nomem();
}
flagbarfspf = 0;
if (spfbehavior && !relayclient)
{
switch (r = spfcheck())
{
case SPF_OK: env_put2("SPFRESULT","pass"); break;
case SPF_NONE: env_put2("SPFRESULT","none"); break;
case SPF_UNKNOWN: env_put2("SPFRESULT","unknown"); break;
case SPF_NEUTRAL: env_put2("SPFRESULT","neutral"); break;
case SPF_SOFTFAIL: env_put2("SPFRESULT","softfail"); break;
case SPF_FAIL: env_put2("SPFRESULT","fail"); break;
case SPF_ERROR: env_put2("SPFRESULT","error"); break;
}
switch (r)
{
case SPF_NOMEM:
die_nomem();
case SPF_ERROR:
if (spfbehavior < 2) break ;
out ("451 SPF lookup failure (#4.3.0)\r\n");
return;
case SPF_NONE:
case SPF_UNKNOWN:
if (spfbehavior < 6) break ;
case SPF_NEUTRAL:
if (spfbehavior < 5) break ;
case SPF_SOFTFAIL:
if (spfbehavior < 4) break ;
case SPF_FAIL:
if (spfbehavior < 3) break ;
if (!spfexplanation(&spfbarfmsg)) die_nomem();
if (!stralloc_0(&spfbarfmsg)) die_nomem();
flagbarfspf = 1;
}
}
else
env_unset("SPFRESULT");
seenmail = 1;
if (!stralloc_copys(&rcptto,"")) die_nomem();
if (!stralloc_copys(&mailfrom,addr.s)) die_nomem();
if (!stralloc_0(&mailfrom)) die_nomem();
out("250 ok\r\n");
}
void smtp_rcpt(arg) char *arg; {
rcptcounter++;
if (!seenmail) { err_wantmail(); return; }
if (checkrcptcount() == 1) { err_syntax(); return; }
if (!addrparse(arg)) { err_syntax(); return; }
if (flagbarf) { err_bmf(); return; }
if (flagbarfspf) { err_spf(); return; }
if (relayclient) {
--addr.len;
if (!stralloc_cats(&addr,relayclient)) die_nomem();
if (!stralloc_0(&addr)) die_nomem();
}
else
#ifndef TLS
if (!addrallowed()) { err_nogateway(); return; }
/*chkuser*/
switch (chkuser_realrcpt (&mailfrom, &addr)) {
case CHKUSER_KO:
return;
break;
case CHKUSER_RELAYING:
--addr.len;
if (!stralloc_cats(&addr,relayclient)) die_nomem();
if (!stralloc_0(&addr)) die_nomem();
break;
}
/*end chkuser*/
#else
if (!addrallowed())
{
if (ssl)
{ STACK_OF(X509_NAME) *sk;
X509 *peercert;
stralloc tlsclients = {0};
struct constmap maptlsclients;
int r;
SSL_set_verify(ssl,
SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
verify_cb);
if ((sk = SSL_load_client_CA_file("control/clientca.pem")) == NULL)
{ err_nogateway(); return; }
SSL_set_client_CA_list(ssl, sk);
if((control_readfile(&tlsclients,"control/tlsclients",0) != 1) ||
!constmap_init(&maptlsclients,tlsclients.s,tlsclients.len,0))
{ err_nogateway(); return; }
SSL_renegotiate(ssl);
SSL_do_handshake(ssl);
ssl->state = SSL_ST_ACCEPT;
SSL_do_handshake(ssl);
if ((r = SSL_get_verify_result(ssl)) != X509_V_OK)
{out("553 no valid cert for gatewaying: ");
out(X509_verify_cert_error_string(r));
out(" (#5.7.1)\r\n");
return;
}
if (peercert = SSL_get_peer_certificate(ssl))
{char emailAddress[256];
X509_NAME_get_text_by_NID(X509_get_subject_name(
SSL_get_peer_certificate(ssl)),
NID_pkcs9_emailAddress, emailAddress,
256); if (!stralloc_copys(&clientcert, emailAddress)) die_nomem();
if (!constmap(&maptlsclients,clientcert.s,clientcert.len))
{ err_nogwcert(); return; }
relayclient = "";
}
else { err_nogwcert(); return; }
}
else { err_nogateway(); return; }
}
#endif
if (!stralloc_cats(&rcptto,"T")) die_nomem();
if (!stralloc_cats(&rcptto,addr.s)) die_nomem();
if (!stralloc_0(&rcptto)) die_nomem();
out("250 ok\r\n");
}
