1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
#!perl -w
=head1 SYNOPSIS
deny connections to recipients in the I<badrcptto> file
like badmailfrom, but for recipient address rather than sender
=head1 CONFIG
Recipients are matched against entries in I<config/badrcptto>. Entries can be
a complete email address, a host entry that starts with an @ symbol, or a
regular expression. For regexp pattern matches, see PATTERNS.
=head1 PATTERNS
This allows special patterns to be denied (e.g. percent hack, bangs,
double ats).
Patterns are stored in the format pattern\sresponse, where pattern
is a Perl pattern expression. Don't forget to anchor the pattern if
you want to restrict it from matching anywhere in the string.
qpsmtpd already ensures that the address contains an @, with something
to the left and right of the @.
=head1 AUTHOR
2002 - original badrcptto plugin - apparently Jim Winstead
https://github.com/smtpd/qpsmtpd/commits/master/plugins/check_badrcptto
2005 - pattern feature, (c) Gordon Rowell <gordonr@gormand.com.au>
2012 - merged the two, refactored, added tests - Matt Simerson
=head1 LICENSE
This software is free software and may be distributed under the same
terms as qpsmtpd itself.
=cut
use strict;
use warnings;
use Qpsmtpd::Constants;
use Qpsmtpd::DSN;
sub hook_rcpt {
my ($self, $transaction, $recipient, %param) = @_;
return (DECLINED) if $self->is_immune();
my ($host, $to) = $self->get_host_and_to($recipient)
or return (DECLINED);
my @badrcptto = $self->qp->config("badrcptto") or do {
$self->log(LOGINFO, "skip, empty config");
return (DECLINED);
};
for my $line (@badrcptto) {
$line =~ s/^\s+//g; # trim leading whitespace
my ($bad, $reason) = split /\s+/, $line, 2;
next if !$bad;
if ($self->is_match($to, lc($bad), $host)) {
$self->adjust_karma(-2);
if ($reason) {
return (DENY, "mail to $bad not accepted here");
}
else {
return Qpsmtpd::DSN->no_such_user(
"mail to $bad not accepted here");
}
}
}
$self->log(LOGINFO, 'pass');
return (DECLINED);
}
sub is_match {
my ($self, $to, $bad, $host) = @_;
if ($bad =~ /[\/\^\$\*\+\!\%\?\\]/) { # it's a regexp
$self->log(LOGDEBUG, "badmailfrom pattern ($bad) match for $to");
if ($to =~ /$bad/i) {
$self->log(LOGINFO, 'fail: pattern match');
return 1;
}
return;
}
if ($bad !~ m/\@/) {
$self->log(LOGERROR, "badrcptto: bad config: no \@ sign in $bad");
return;
}
$bad = lc $bad;
$to = lc $to;
if (substr($bad, 0, 1) eq '@') {
if ($bad eq "\@$host") {
$self->log(LOGINFO, 'fail: host match');
return 1;
}
return;
}
if ($bad eq $to) {
$self->log(LOGINFO, 'fail: rcpt match');
return 1;
}
return;
}
sub get_host_and_to {
my ($self, $recipient) = @_;
if (!$recipient) {
$self->log(LOGERROR, 'skip: no recipient!');
return;
}
if (!$recipient->host || !$recipient->user) {
$self->log(LOGINFO, 'skip: missing host or user');
return;
}
my $host = lc $recipient->host;
return ($host, lc($recipient->user) . '@' . $host);
}
|
