> You could post here (or send me) the routine where chkuser is > called (both for sender and recipients), just to see what to change.
I have attached snippets from qmail-smtpd.c showing the send & rcpt routines and chkuser code.... I hope this is what you meant. > [Is chkuser.h included in a valid point within qmail-smtpd.c?] I have: <snip> #include "fd.h" #include "dns.h" #include "spf.h" /*chkuser*/ #include "chkuser.h" Thanks Lee
void smtp_mail(arg) char *arg; { int r; rcptcounter = 0 ; if (!addrparse(arg)) { err_syntax(); return; } /*chkuser*/ if (chkuser_sender (&addr) != CHKUSER_OK) { return; } /*chkuser end*/ flagbarf = bmfcheck(); switch(mfcheck()) { case DNS_HARD: err_hmf(); return; case DNS_SOFT: err_smf(); return; case DNS_MEM: die_nomem(); } flagbarfspf = 0; if (spfbehavior && !relayclient) { switch (r = spfcheck()) { case SPF_OK: env_put2("SPFRESULT","pass"); break; case SPF_NONE: env_put2("SPFRESULT","none"); break; case SPF_UNKNOWN: env_put2("SPFRESULT","unknown"); break; case SPF_NEUTRAL: env_put2("SPFRESULT","neutral"); break; case SPF_SOFTFAIL: env_put2("SPFRESULT","softfail"); break; case SPF_FAIL: env_put2("SPFRESULT","fail"); break; case SPF_ERROR: env_put2("SPFRESULT","error"); break; } switch (r) { case SPF_NOMEM: die_nomem(); case SPF_ERROR: if (spfbehavior < 2) break ; out ("451 SPF lookup failure (#4.3.0)\r\n"); return; case SPF_NONE: case SPF_UNKNOWN: if (spfbehavior < 6) break ; case SPF_NEUTRAL: if (spfbehavior < 5) break ; case SPF_SOFTFAIL: if (spfbehavior < 4) break ; case SPF_FAIL: if (spfbehavior < 3) break ; if (!spfexplanation(&spfbarfmsg)) die_nomem(); if (!stralloc_0(&spfbarfmsg)) die_nomem(); flagbarfspf = 1; } } else env_unset("SPFRESULT"); seenmail = 1; if (!stralloc_copys(&rcptto,"")) die_nomem(); if (!stralloc_copys(&mailfrom,addr.s)) die_nomem(); if (!stralloc_0(&mailfrom)) die_nomem(); out("250 ok\r\n"); }
void smtp_rcpt(arg) char *arg; { rcptcounter++; if (!seenmail) { err_wantmail(); return; } if (checkrcptcount() == 1) { err_syntax(); return; } if (!addrparse(arg)) { err_syntax(); return; } if (flagbarf) { err_bmf(); return; } if (flagbarfspf) { err_spf(); return; } if (relayclient) { --addr.len; if (!stralloc_cats(&addr,relayclient)) die_nomem(); if (!stralloc_0(&addr)) die_nomem(); } else #ifndef TLS if (!addrallowed()) { err_nogateway(); return; } /*chkuser*/ switch (chkuser_realrcpt (&mailfrom, &addr)) { case CHKUSER_KO: return; break; case CHKUSER_RELAYING: --addr.len; if (!stralloc_cats(&addr,relayclient)) die_nomem(); if (!stralloc_0(&addr)) die_nomem(); break; } /*end chkuser*/ #else if (!addrallowed()) { if (ssl) { STACK_OF(X509_NAME) *sk; X509 *peercert; stralloc tlsclients = {0}; struct constmap maptlsclients; int r; SSL_set_verify(ssl, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, verify_cb); if ((sk = SSL_load_client_CA_file("control/clientca.pem")) == NULL) { err_nogateway(); return; } SSL_set_client_CA_list(ssl, sk); if((control_readfile(&tlsclients,"control/tlsclients",0) != 1) || !constmap_init(&maptlsclients,tlsclients.s,tlsclients.len,0)) { err_nogateway(); return; } SSL_renegotiate(ssl); SSL_do_handshake(ssl); ssl->state = SSL_ST_ACCEPT; SSL_do_handshake(ssl); if ((r = SSL_get_verify_result(ssl)) != X509_V_OK) {out("553 no valid cert for gatewaying: "); out(X509_verify_cert_error_string(r)); out(" (#5.7.1)\r\n"); return; } if (peercert = SSL_get_peer_certificate(ssl)) {char emailAddress[256]; X509_NAME_get_text_by_NID(X509_get_subject_name( SSL_get_peer_certificate(ssl)), NID_pkcs9_emailAddress, emailAddress, 256); if (!stralloc_copys(&clientcert, emailAddress)) die_nomem(); if (!constmap(&maptlsclients,clientcert.s,clientcert.len)) { err_nogwcert(); return; } relayclient = ""; } else { err_nogwcert(); return; } } else { err_nogateway(); return; } } #endif if (!stralloc_cats(&rcptto,"T")) die_nomem(); if (!stralloc_cats(&rcptto,addr.s)) die_nomem(); if (!stralloc_0(&rcptto)) die_nomem(); out("250 ok\r\n"); }