From 459abd49cc42a453248daa955678e01bc6e31492 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Sat, 5 Apr 2014 09:58:02 +0100 Subject: [PATCH] New file `auth-sender.conf' lists extra allowed senders for users. This is an escape hatch I'm not using yet. --- base.m4 | 9 +++++++++ lists.m4 | 1 + local.m4 | 4 ++++ 3 files changed, 14 insertions(+) diff --git a/base.m4 b/base.m4 index d312eb5..90e20f2 100644 --- a/base.m4 +++ b/base.m4 @@ -270,6 +270,15 @@ mail_check_auth: ## Make sure that the local part is one that the authenticated sender ## is allowed to claim. deny message = Sender address forbidden to calling user + !condition = \ + ${if exists {CONF_sysconf_dir/auth-sender.conf} \ + {${lookup {$acl_c_user} \ + lsearch \ + {CONF_sysconf_dir/auth-sender.conf} \ + {${if match_address \ + {$sender_address} \ + {+value}}} \ + {false}}}} !condition = ${LOOKUP_DOMAIN($sender_address_domain, {${if and {{match_local_part \ {$acl_c_user} \ diff --git a/lists.m4 b/lists.m4 index 2c458c7..39f2ee4 100644 --- a/lists.m4 +++ b/lists.m4 @@ -55,6 +55,7 @@ localpartlist dom_users = ${expand:KV(users, {$value}{*})} localpartlist dom_locals = ${expand:KV(locals, {$value}{+user_extaddr})} localpartlist user_extaddr = ^CONF_user_extaddr_regexp addresslist user_extaddr = ^CONF_user_extaddr_regexp +addresslist value = $value ## All of the `standard' local parts which ought to be provided by a domain. localpartlist required = postmaster : abuse diff --git a/local.m4 b/local.m4 index 52398aa..f3b5e9f 100644 --- a/local.m4 +++ b/local.m4 @@ -47,6 +47,10 @@ addresslist wrong_local = ! +user_extaddr addresslist wrong_domain = ! *@+public addresslist wrong_address = +wrong_local : +wrong_domain untrusted_set_sender = : \ + ${if exists {CONF_sysconf_dir/auth-sender.conf} \ + {${lookup {$sender_ident} \ + lsearch {CONF_sysconf_dir/auth-sender.conf} \ + {$value}}}} : \ ${LOOKUP_DOMAIN($sender_address_domain, {${if and {{match_local_part {$sender_ident} {+dom_users}} \ {match_local_part {$sender_address_local_part} \ -- 2.11.0