steffen: server/kolab/kolab kolab_smtpdpolicy,1.3,1.4
cvs at intevation.de
cvs at intevation.de
Wed Jun 16 03:06:32 CEST 2004
Author: steffen
Update of /kolabrepository/server/kolab/kolab
In directory doto:/tmp/cvs-serv30693/kolab/kolab
Modified Files:
kolab_smtpdpolicy
Log Message:
relaying between trusted kolab smtpds works
Index: kolab_smtpdpolicy
===================================================================
RCS file: /kolabrepository/server/kolab/kolab/kolab_smtpdpolicy,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- kolab_smtpdpolicy 15 Jun 2004 01:52:05 -0000 1.3
+++ kolab_smtpdpolicy 16 Jun 2004 01:06:29 -0000 1.4
@@ -24,6 +24,8 @@
use URI;
use Net::LDAP;
use Net::LDAP::Entry;
+use Net::hostent;
+use Socket;
#
# Usage: kolab_smtpd_policy.pl [-v]
@@ -117,16 +119,29 @@
sub smtpd_access_policy {
# Get relevant attributes
- my $sender = $attr{'sender'};
- my $recip = $attr{'recipient'};
- my $username = $attr{'sasl_username'};
+ my $sender = $attr{'sender'};
+ my $recip = $attr{'recipient'};
+ my $username = $attr{'sasl_username'};
+ my $client_addr = $attr{'client_address'};
- mylog($syslog_priority, "Checking sender=\"$sender\", recipient=\"$recip\", username=\"$username\", domains=".join(',',$conf_domain)) if $verbose;
+ mylog($syslog_priority, "Checking sender=\"$sender\", recipient=\"$recip\", username=\"$username\", domains=".join(',', at conf_domain)." permithosts=".join(',', at conf_permithosts)) if $verbose;
#### This should probably be simplifed to
#### reject sender <anything>@domain.tld if the user is
#### not authenticated
+ CHECKPERMITHOSTS:
+ # First check if the sender is a privileged kolabhost
+ for my $host (@conf_permithosts) {
+ unless ($h = gethost($host)) {
+ mylog($syslog_priority,"No such host $host\n");
+ next;
+ }
+ for my $addr ( @{$h->addr_list} ) {
+ return "DUNNO" if inet_ntoa($addr) eq $client_addr;
+ }
+ }
+
# Check for allowed sender
CHECKSENDER:
@@ -223,6 +238,10 @@
$conf_ldapbase = shift(@ARGV);
} elsif ($option eq '-domain') {
push @conf_domain, shift(@ARGV);
+ } elsif ($option eq '-permithosts') {
+ for my $h (split /\s*,\s*/, shift(@ARGV)) {
+ push @conf_permithosts, $h;
+ }
} else {
mylog( $syslog_priority, "Invalid option: %s. Usage: %s [-v] -ldap <uri> -base <base_dn>",
$option, $0);
More information about the commits
mailing list