diff -Nrup exim-4.33/src/acl.c exim-4.33-folke/src/acl.c --- exim-4.33/src/acl.c 2004-05-05 12:08:35.000000000 +0200 +++ exim-4.33-folke/src/acl.c 2004-06-04 13:42:24.000000000 +0200 @@ -35,7 +35,7 @@ follows. */ enum { ACLC_ACL, ACLC_AUTHENTICATED, ACLC_CONDITION, ACLC_CONTROL, ACLC_DELAY, ACLC_DNSLISTS, ACLC_DOMAINS, ACLC_ENCRYPTED, ACLC_ENDPASS, ACLC_HOSTS, ACLC_LOCAL_PARTS, ACLC_LOG_MESSAGE, ACLC_LOGWRITE, ACLC_MESSAGE, - ACLC_RECIPIENTS, ACLC_SENDER_DOMAINS, ACLC_SENDERS, ACLC_SET, ACLC_VERIFY }; + ACLC_RECIPIENTS, ACLC_SENDER_DOMAINS, ACLC_SENDERCHECK, ACLC_SENDERS, ACLC_SET, ACLC_VERIFY }; /* ACL conditions/modifiers: "delay", "control", "endpass", "message", "log_message", "logwrite", and "set" are modifiers that look like conditions @@ -44,7 +44,7 @@ but always return TRUE. They are used fo static uschar *conditions[] = { US"acl", US"authenticated", US"condition", US"control", US"delay", US"dnslists", US"domains", US"encrypted", US"endpass", US"hosts", US"local_parts", US"log_message", US"logwrite", - US"message", US"recipients", US"sender_domains", US"senders", US"set", + US"message", US"recipients", US"sender_domains", US"sendercheck", US"senders", US"set", US"verify" }; /* Flags to indicate for which conditions /modifiers a string expansion is done @@ -68,6 +68,7 @@ static uschar cond_expand_at_top[] = { TRUE, /* message */ FALSE, /* recipients */ FALSE, /* sender_domains */ + FALSE, /* sendercheck */ FALSE, /* senders */ TRUE, /* set */ TRUE /* verify */ @@ -366,7 +367,7 @@ while ((s = (*func)()) != NULL) /* For "set", we are now positioned for the data. For the others, only "endpass" has no data */ - if (c != ACLC_ENDPASS) + if (c != ACLC_ENDPASS && c != ACLC_SENDERCHECK ) { if (*s++ != '=') { @@ -965,6 +966,32 @@ BAD_VERIFY: return ERROR; } +/* This function implements the "sendercheck" condition. + +Returns: OK verification condition succeeded + FAIL verification failed + DEFER there was a problem verifying +*/ + +static int +acl_sendercheck(void) +{ + int rc; + address_item *sender_vaddr = NULL; + HDEBUG(D_acl) debug_printf("----------- sendercheck ------------\n"); + /* TODO: wenn authenticated_id in trusted_users dann OK */ + if (!authenticated_id && Ustrlen(authenticated_id)<1){ + HDEBUG(D_acl) debug_printf("User not authenticated\n"); + rc = FAIL; + } else { + BOOL routed = FALSE; + sender_vaddr = deliver_make_addr(sender_address, TRUE); + rc = verify_address(sender_vaddr, NULL, vopt_senderauth, FALSE, &routed); + } + HDEBUG(D_acl) debug_printf("--------- sendercheck DONE ----------\n"); + return rc; +} + @@ -1282,6 +1309,10 @@ for (; cb != NULL; cb = cb->next) if (verb == ACL_WARN) *user_msgptr = NULL; break; + case ACLC_SENDERCHECK: + rc = acl_sendercheck(); + break; + default: log_write(0, LOG_MAIN|LOG_PANIC_DIE, "internal ACL error: unknown " "condition %d", cb->type); diff -Nrup exim-4.33/src/macros.h exim-4.33-folke/src/macros.h --- exim-4.33/src/macros.h 2004-05-05 12:08:36.000000000 +0200 +++ exim-4.33-folke/src/macros.h 2004-06-04 13:42:24.000000000 +0200 @@ -575,6 +575,7 @@ enum { v_none, v_sender, v_recipient, v_ #define vopt_callout_random 0x0020 /* during callout */ #define vopt_callout_no_cache 0x0040 /* disable callout cache */ #define vopt_callout_recipsender 0x0080 /* use real sender to verify recip */ +#define vopt_senderauth 0x0100 /* Values for fields in callout cache records */ diff -Nrup exim-4.33/src/verify.c exim-4.33-folke/src/verify.c --- exim-4.33/src/verify.c 2004-05-05 12:08:36.000000000 +0200 +++ exim-4.33-folke/src/verify.c 2004-06-04 13:42:24.000000000 +0200 @@ -745,9 +745,10 @@ BOOL allok = TRUE; BOOL full_info = (f == NULL)? FALSE : (debug_selector != 0); BOOL is_recipient = (options & vopt_is_recipient) != 0; BOOL expn = (options & vopt_expn) != 0; +BOOL senderauth = (options & vopt_senderauth) != 0; int i; -int yield = OK; +int yield = senderauth ? FAIL : OK; int verify_type = expn? v_expn : address_test_mode? v_none : is_recipient? v_recipient : v_sender; @@ -1025,7 +1026,7 @@ while (addr_new != NULL) } if (!full_info) return copy_error(vaddr, addr, FAIL); - else yield = FAIL; + else if (!senderauth) yield = FAIL; } /* Soft failure */ @@ -1048,8 +1049,9 @@ while (addr_new != NULL) fprintf(f, "%s\n", cr); } - if (!full_info) return copy_error(vaddr, addr, DEFER); - else if (yield == OK) yield = DEFER; + if (full_info){ + if (yield == OK) yield = DEFER; + } else if (!senderauth) return copy_error(vaddr, addr, DEFER); } /* If we are handling EXPN, we do not want to continue to route beyond @@ -1092,7 +1094,7 @@ while (addr_new != NULL) just a single new address as a special case, and continues on to verify the generated address. */ - if (!full_info && /* Stop if short info wanted AND */ + if (!full_info && !senderauth && /* Stop if short info wanted AND */ (addr_new == NULL || /* No new address OR */ addr_new->next != NULL || /* More than one new address OR */ testflag(addr_new, af_pfr))) /* New address is pfr */ @@ -1106,9 +1108,26 @@ while (addr_new != NULL) vaddr->p.address_data = addr->p.address_data; return OK; } + if (senderauth && addr->transport && addr->transport->name && addr->local_part + && Ustrlen(addr->local_part)>0 ){ + HDEBUG(D_verify) debug_printf("Checking %s against %s ", + addr->local_part, authenticated_id); + if (Ustrcmp(addr->local_part, authenticated_id)==0){ + HDEBUG(D_verify) debug_printf("passed\n"); + return OK; + } else + HDEBUG(D_verify) debug_printf("NOT passed\n"); } + } + } /* Loop for generated addresses */ +if (senderauth){ + HDEBUG(D_acl) debug_printf("%s is not allowed to send email as %s\n", + authenticated_id, address); + return yield; +} + /* Display the full results of the successful routing, including any generated addresses. Control gets here only when full_info is set, which requires f not to be NULL, and this occurs only when a top-level verify is called with the