diff -ruN qmail-1.03-tls-auth/Makefile qmail-1.03/Makefile --- qmail-1.03-tls-auth/Makefile Mon Aug 19 18:04:44 2002 +++ qmail-1.03/Makefile Mon Aug 19 18:29:47 2002 @@ -1541,13 +1541,13 @@ timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o received.o \ date822fmt.o now.o qmail.o cdb.a fd.a wait.a datetime.a getln.a \ open.a sig.a case.a env.a stralloc.a alloc.a substdio.a error.a str.a \ -fs.a auto_qmail.o base64.o socket.lib +fs.a auto_qmail.o base64.o socket.lib dns.o dns.lib ./load qmail-smtpd rcpthosts.o commands.o timeoutread.o \ timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \ received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \ datetime.a getln.a open.a sig.a case.a env.a stralloc.a \ alloc.a substdio.a error.a str.a fs.a auto_qmail.o base64.o `cat \ - socket.lib` -lssl -lcrypto + socket.lib` -lssl -lcrypto dns.o `cat dns.lib` qmail-smtpd.0: \ qmail-smtpd.8 diff -ruN qmail-1.03-tls-auth/qmail-control.9 qmail-1.03/qmail-control.9 --- qmail-1.03-tls-auth/qmail-control.9 Mon Jun 15 06:53:16 1998 +++ qmail-1.03/qmail-control.9 Mon Aug 19 18:20:50 2002 @@ -55,6 +55,7 @@ .I idhost \fIme \fRqmail-inject .I localiphost \fIme \fRqmail-smtpd .I locals \fIme \fRqmail-send +.I mfcheck \fR0 \fRqmail-smtpd .I morercpthosts \fR(none) \fRqmail-smtpd .I percenthack \fR(none) \fRqmail-send .I plusdomain \fIme \fRqmail-inject diff -ruN qmail-1.03-tls-auth/qmail-smtpd.8 qmail-1.03/qmail-smtpd.8 --- qmail-1.03-tls-auth/qmail-smtpd.8 Mon Aug 19 18:04:44 2002 +++ qmail-1.03/qmail-smtpd.8 Mon Aug 19 18:20:50 2002 @@ -124,6 +124,12 @@ This is done before .IR rcpthosts . .TP 5 +.I mfcheck +If set, +.B qmail-smtpd +tries to resolve the domain of the envelope from address. It can be +handy when you want to filter out spamhosts. +.TP 5 .I morercpthosts Extra allowed RCPT domains. If diff -ruN qmail-1.03-tls-auth/qmail-smtpd.c qmail-1.03/qmail-smtpd.c --- qmail-1.03-tls-auth/qmail-smtpd.c Mon Aug 19 18:04:44 2002 +++ qmail-1.03/qmail-smtpd.c Mon Aug 19 18:31:55 2002 @@ -27,6 +27,7 @@ #include "commands.h" #include "wait.h" #include "fd.h" +#include "dns.h" #ifdef TLS #include @@ -39,6 +40,7 @@ #define AUTHCRAM #define MAXHOPS 100 unsigned int databytes = 0; +unsigned int mfchk = 0; int timeout = 1200; #ifdef TLS @@ -107,6 +109,8 @@ void straynewline() { out("451 See http://pobox.com/~djb/docs/smtplf.html.\r\n"); flush(); _exit(1); } void err_bmf() { out("553 sorry, your envelope sender is in my badmailfrom list (#5.7.1)\r\n"); } +void err_hmf() { out("553 sorry, your envelope sender domain must exist (#5.7.1)\r\n"); } +void err_smf() { out("451 DNS temporary failure (#4.3.0)\r\n"); } void err_nogateway() { out("553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)\r\n"); } #ifdef TLS void err_nogwcert() { out("553 no valid cert for gatewaying (#5.7.1)\r\n"); } @@ -187,6 +191,10 @@ if (rcpthosts_init() == -1) die_control(); + if (control_readint(&mfchk,"control/mfcheck") == -1) die_control(); + x = env_get("MFCHECK"); + if (x) { scan_ulong(x,&u); mfchk = u; } + bmfok = control_readfile(&bmf,"control/badmailfrom",0); if (bmfok == -1) die_control(); if (bmfok) @@ -294,6 +302,25 @@ return 0; } +int mfcheck() +{ + stralloc sa = {0}; + ipalloc ia = {0}; + unsigned int random; + int j; + + if (!mfchk) return 0; + random = now() + (getpid() << 16); + j = byte_rchr(addr.s,addr.len,'@') + 1; + if (j < addr.len) { + stralloc_copys(&sa, addr.s + j); + dns_init(0); + j = dns_mxip(&ia,&sa,random); + if (j < 0) return j; + } + return 0; +} + int addrallowed() { int r; @@ -338,6 +365,11 @@ { if (!addrparse(arg)) { err_syntax(); return; } flagbarf = bmfcheck(); + switch(mfcheck()) { + case DNS_HARD: err_hmf(); return; + case DNS_SOFT: err_smf(); return; + case DNS_MEM: die_nomem(); + } seenmail = 1; if (!stralloc_copys(&rcptto,"")) die_nomem(); if (!stralloc_copys(&mailfrom,addr.s)) die_nomem();