steffen: server/kolab/kolab kolab_smtpdpolicy,1.3,1.4

cvs at intevation.de cvs at intevation.de
Wed Jun 16 03:06:32 CEST 2004 

Author: steffen

Update of /kolabrepository/server/kolab/kolab
In directory doto:/tmp/cvs-serv30693/kolab/kolab

Modified Files:
	kolab_smtpdpolicy 
Log Message:
relaying between trusted kolab smtpds works

Index: kolab_smtpdpolicy
===================================================================
RCS file: /kolabrepository/server/kolab/kolab/kolab_smtpdpolicy,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- kolab_smtpdpolicy	15 Jun 2004 01:52:05 -0000	1.3
+++ kolab_smtpdpolicy	16 Jun 2004 01:06:29 -0000	1.4
@@ -24,6 +24,8 @@
 use URI;
 use Net::LDAP;
 use Net::LDAP::Entry;
+use Net::hostent;
+use Socket;
 
 #
 # Usage: kolab_smtpd_policy.pl [-v]
@@ -117,16 +119,29 @@
 sub smtpd_access_policy {
 
   # Get relevant attributes
-  my $sender = $attr{'sender'};
-  my $recip  = $attr{'recipient'};
-  my $username = $attr{'sasl_username'};
+  my $sender      = $attr{'sender'};
+  my $recip       = $attr{'recipient'};
+  my $username    = $attr{'sasl_username'};
+  my $client_addr = $attr{'client_address'};
 
-  mylog($syslog_priority, "Checking sender=\"$sender\", recipient=\"$recip\", username=\"$username\", domains=".join(',',$conf_domain)) if $verbose;
+  mylog($syslog_priority, "Checking sender=\"$sender\", recipient=\"$recip\", username=\"$username\", domains=".join(',', at conf_domain)." permithosts=".join(',', at conf_permithosts)) if $verbose;
 
   #### This should probably be simplifed to 
   #### reject sender <anything>@domain.tld if the user is
   #### not authenticated
 
+ CHECKPERMITHOSTS:
+  # First check if the sender is a privileged kolabhost
+  for my $host (@conf_permithosts) {
+    unless ($h = gethost($host)) {
+      mylog($syslog_priority,"No such host $host\n");
+      next;
+    }
+    for my $addr ( @{$h->addr_list} ) {
+      return "DUNNO" if inet_ntoa($addr) eq $client_addr;
+    }
+  }
+
   # Check for allowed sender
  CHECKSENDER:
 
@@ -223,6 +238,10 @@
     $conf_ldapbase = shift(@ARGV);
   } elsif ($option eq '-domain') {
     push @conf_domain, shift(@ARGV);
+  } elsif ($option eq '-permithosts') {
+    for my $h (split /\s*,\s*/, shift(@ARGV)) {
+      push @conf_permithosts, $h;
+    }
   } else {
     mylog( $syslog_priority, "Invalid option: %s. Usage: %s [-v] -ldap <uri> -base <base_dn>",
 	   $option, $0);

More information about the commits mailing list