2012-04-29 10:35:59 +02:00
|
|
|
#!perl -w
|
2012-04-08 02:11:16 +02:00
|
|
|
|
2012-05-12 05:26:17 +02:00
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
|
|
deny connections to recipients in the I<badrcptto> file
|
|
|
|
|
|
|
|
like badmailfrom, but for recipient address rather than sender
|
|
|
|
|
|
|
|
=head1 CONFIG
|
|
|
|
|
|
|
|
Recipients are matched against entries in I<config/badrcptto>. Entries can be
|
|
|
|
a complete email address, a host entry that starts with an @ symbol, or a
|
|
|
|
regular expression. For regexp pattern matches, see PATTERNS.
|
|
|
|
|
|
|
|
=head1 PATTERNS
|
|
|
|
|
|
|
|
This allows special patterns to be denied (e.g. percent hack, bangs,
|
|
|
|
double ats).
|
|
|
|
|
|
|
|
Patterns are stored in the format pattern\sresponse, where pattern
|
|
|
|
is a Perl pattern expression. Don't forget to anchor the pattern if
|
|
|
|
you want to restrict it from matching anywhere in the string.
|
|
|
|
|
|
|
|
qpsmtpd already ensures that the address contains an @, with something
|
|
|
|
to the left and right of the @.
|
|
|
|
|
|
|
|
=head1 AUTHOR
|
|
|
|
|
|
|
|
2002 - original badrcptto plugin - apparently Jim Winstead
|
|
|
|
https://github.com/smtpd/qpsmtpd/commits/master/plugins/check_badrcptto
|
|
|
|
|
|
|
|
2005 - pattern feature, (c) Gordon Rowell <gordonr@gormand.com.au>
|
|
|
|
|
|
|
|
2012 - merged the two, refactored, added tests - Matt Simerson
|
|
|
|
|
|
|
|
=head1 LICENSE
|
|
|
|
|
|
|
|
This software is free software and may be distributed under the same
|
|
|
|
terms as qpsmtpd itself.
|
|
|
|
|
|
|
|
=cut
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use warnings;
|
|
|
|
|
|
|
|
use Qpsmtpd::Constants;
|
2006-01-25 03:59:31 +01:00
|
|
|
use Qpsmtpd::DSN;
|
2002-09-10 13:00:31 +02:00
|
|
|
|
2005-07-07 06:17:39 +02:00
|
|
|
sub hook_rcpt {
|
2012-06-23 05:56:25 +02:00
|
|
|
my ($self, $transaction, $recipient, %param) = @_;
|
2012-05-12 05:26:17 +02:00
|
|
|
|
2014-09-18 03:28:51 +02:00
|
|
|
return DECLINED if $self->is_immune();
|
2012-05-12 05:26:17 +02:00
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
my ($host, $to) = $self->get_host_and_to($recipient)
|
2014-09-18 03:28:51 +02:00
|
|
|
or return DECLINED;
|
2012-05-12 05:26:17 +02:00
|
|
|
|
2012-06-03 03:44:46 +02:00
|
|
|
my @badrcptto = $self->qp->config("badrcptto") or do {
|
2012-06-23 05:56:25 +02:00
|
|
|
$self->log(LOGINFO, "skip, empty config");
|
2014-09-18 03:28:51 +02:00
|
|
|
return DECLINED;
|
2012-06-03 03:44:46 +02:00
|
|
|
};
|
2012-05-12 05:26:17 +02:00
|
|
|
|
|
|
|
for my $line (@badrcptto) {
|
2013-04-21 06:50:39 +02:00
|
|
|
$line =~ s/^\s+//g; # trim leading whitespace
|
2012-05-12 05:26:17 +02:00
|
|
|
my ($bad, $reason) = split /\s+/, $line, 2;
|
2013-04-21 06:50:39 +02:00
|
|
|
next if !$bad;
|
|
|
|
if ($self->is_match($to, lc($bad), $host)) {
|
|
|
|
$self->adjust_karma(-2);
|
|
|
|
if ($reason) {
|
2014-09-18 03:28:51 +02:00
|
|
|
return DENY, "mail to $bad not accepted here";
|
2012-05-12 05:26:17 +02:00
|
|
|
}
|
|
|
|
else {
|
2013-04-21 06:50:39 +02:00
|
|
|
return Qpsmtpd::DSN->no_such_user(
|
|
|
|
"mail to $bad not accepted here");
|
2012-05-12 05:26:17 +02:00
|
|
|
}
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-05-12 05:26:17 +02:00
|
|
|
}
|
|
|
|
$self->log(LOGINFO, 'pass');
|
2014-09-18 03:28:51 +02:00
|
|
|
return DECLINED;
|
2002-09-10 13:00:31 +02:00
|
|
|
}
|
2012-05-12 05:26:17 +02:00
|
|
|
|
|
|
|
sub is_match {
|
2013-04-21 06:50:39 +02:00
|
|
|
my ($self, $to, $bad, $host) = @_;
|
2012-05-12 05:26:17 +02:00
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($bad =~ /[\/\^\$\*\+\!\%\?\\]/) { # it's a regexp
|
2012-05-12 05:26:17 +02:00
|
|
|
$self->log(LOGDEBUG, "badmailfrom pattern ($bad) match for $to");
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($to =~ /$bad/i) {
|
2012-05-12 05:26:17 +02:00
|
|
|
$self->log(LOGINFO, 'fail: pattern match');
|
|
|
|
return 1;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-05-12 05:26:17 +02:00
|
|
|
return;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-05-12 05:26:17 +02:00
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($bad !~ m/\@/) {
|
2012-05-12 05:26:17 +02:00
|
|
|
$self->log(LOGERROR, "badrcptto: bad config: no \@ sign in $bad");
|
|
|
|
return;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-05-12 05:26:17 +02:00
|
|
|
|
|
|
|
$bad = lc $bad;
|
|
|
|
$to = lc $to;
|
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
if (substr($bad, 0, 1) eq '@') {
|
|
|
|
if ($bad eq "\@$host") {
|
2012-05-12 05:26:17 +02:00
|
|
|
$self->log(LOGINFO, 'fail: host match');
|
|
|
|
return 1;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-05-12 05:26:17 +02:00
|
|
|
return;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-05-12 05:26:17 +02:00
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($bad eq $to) {
|
2012-05-12 05:26:17 +02:00
|
|
|
$self->log(LOGINFO, 'fail: rcpt match');
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
return;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-05-12 05:26:17 +02:00
|
|
|
|
|
|
|
sub get_host_and_to {
|
2013-04-21 06:50:39 +02:00
|
|
|
my ($self, $recipient) = @_;
|
2012-05-12 05:26:17 +02:00
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
if (!$recipient) {
|
2012-05-12 05:26:17 +02:00
|
|
|
$self->log(LOGERROR, 'skip: no recipient!');
|
|
|
|
return;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-05-12 05:26:17 +02:00
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
if (!$recipient->host || !$recipient->user) {
|
2012-05-12 05:26:17 +02:00
|
|
|
$self->log(LOGINFO, 'skip: missing host or user');
|
|
|
|
return;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-05-12 05:26:17 +02:00
|
|
|
|
|
|
|
my $host = lc $recipient->host;
|
2014-09-18 03:28:51 +02:00
|
|
|
return $host, lc($recipient->user) . '@' . $host;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|