On Wed, Nov 16, 2011 at 04:11:17PM -0500, Wietse Venema wrote:
> As I explained in a different response, there is no "this table"
> concept outside the low-level (pcre, hash, etc.) table itself. At
> higher levels, there is a lookup result without source attribution.
>
> Considering Postfix's drive to economy of mechanisms, a "this table"
> concept at higher levels (e.g. multi-table driver, or even higher)
> is unlikely.
>
> So all we can do at the moment is an ACCEPT operation that skips
> all further lookups in all header_checks tables.
OK. I took a look at the code and I see those difficulties now. How
about something like the attached patch? It's totally untested other
than that it compiles, and it's probably wrong (especially considering
that it's the first time I am dealing with this code) - but I think it
illustrates what I am speaking about.
The patch tries to implement what you wrote above plus a default action.
I think it (once tested, debugged, and fixed) should let me set the
default action to REJECT, then change it to ACCEPT in a header_checks
table for certain target addresses and also to ACCEPT in body_checks for
PGP-encrypted messages regardless of target address. If so, this will
suit my needs right now.
Alexander
diff -urp postfix-2.8.7.orig/src/cleanup/cleanup.c
postfix-2.8.7/src/cleanup/cleanup.c
--- postfix-2.8.7.orig/src/cleanup/cleanup.c 2009-12-23 17:47:44 +0000
+++ postfix-2.8.7/src/cleanup/cleanup.c 2011-11-16 23:49:06 +0000
@@ -457,6 +457,9 @@ static void cleanup_service(VSTREAM *src
}
cleanup_control(state, flags);
+ if (var_hbc_default_action && !(state->flags & CLEANUP_FLAG_ACCEPT))
+ cleanup_act_global(state, var_hbc_default_action);
+
/*
* XXX Rely on the front-end programs to enforce record size limits.
*
diff -urp postfix-2.8.7.orig/src/cleanup/cleanup.h
postfix-2.8.7/src/cleanup/cleanup.h
--- postfix-2.8.7.orig/src/cleanup/cleanup.h 2010-11-04 00:14:33 +0000
+++ postfix-2.8.7/src/cleanup/cleanup.h 2011-11-16 23:48:29 +0000
@@ -129,6 +129,7 @@ typedef struct CLEANUP_STATE {
#define CLEANUP_FLAG_INRCPT (1<<16) /* Processing recipient records */
#define CLEANUP_FLAG_WARN_SEEN (1<<17) /* REC_TYPE_WARN record seen */
#define CLEANUP_FLAG_END_SEEN (1<<18) /* REC_TYPE_END record seen */
+#define CLEANUP_FLAG_ACCEPT (1<<30) /* Accept the message per hbc */
/*
* Mappings.
@@ -236,6 +237,7 @@ extern void cleanup_envelope(CLEANUP_STA
/*
* cleanup_message.c
*/
+extern void cleanup_act_global(CLEANUP_STATE *, const char *);
extern void cleanup_message(CLEANUP_STATE *, int, const char *, ssize_t);
/*
diff -urp postfix-2.8.7.orig/src/cleanup/cleanup_init.c
postfix-2.8.7/src/cleanup/cleanup_init.c
--- postfix-2.8.7.orig/src/cleanup/cleanup_init.c 2009-06-05 13:28:28
+0000
+++ postfix-2.8.7/src/cleanup/cleanup_init.c 2011-11-16 23:39:44 +0000
@@ -127,6 +127,7 @@ char *var_header_checks; /* primary h
char *var_mimehdr_checks; /* mime header checks */
char *var_nesthdr_checks; /* nested header checks */
char *var_body_checks; /* any body checks */
+char *var_hbc_default_action; /* action per hbc on no match */
int var_dup_filter_limit; /* recipient dup filter */
bool var_enable_orcpt; /* Include orcpt in dup filter? */
char *var_empty_addr; /* destination of bounced
bounces */
@@ -206,6 +207,7 @@ CONFIG_STR_TABLE cleanup_str_table[] = {
VAR_MIMEHDR_CHECKS, DEF_MIMEHDR_CHECKS, &var_mimehdr_checks, 0, 0,
VAR_NESTHDR_CHECKS, DEF_NESTHDR_CHECKS, &var_nesthdr_checks, 0, 0,
VAR_BODY_CHECKS, DEF_BODY_CHECKS, &var_body_checks, 0, 0,
+ VAR_HBC_DEFAULT_ACTION, DEF_HBC_DEFAULT_ACTION, &var_hbc_default_action,
0, 0,
VAR_PROP_EXTENSION, DEF_PROP_EXTENSION, &var_prop_extension, 0, 0,
VAR_ALWAYS_BCC, DEF_ALWAYS_BCC, &var_always_bcc, 0, 0,
VAR_RCPT_WITHELD, DEF_RCPT_WITHELD, &var_rcpt_witheld, 0, 0,
diff -urp postfix-2.8.7.orig/src/cleanup/cleanup_message.c
postfix-2.8.7/src/cleanup/cleanup_message.c
--- postfix-2.8.7.orig/src/cleanup/cleanup_message.c 2010-07-27 20:34:20
+0000
+++ postfix-2.8.7/src/cleanup/cleanup_message.c 2011-11-16 23:47:37 +0000
@@ -351,6 +351,12 @@ static const char *cleanup_act(CLEANUP_S
state->flags &= ~CLEANUP_FLAG_FILTER_ALL;
return (buf);
}
+ if (STREQUAL(value, "ACCEPT", command_len)) {
+ cleanup_act_log(state, "accept", context, buf, optional_text);
+ state->flags |= CLEANUP_FLAG_ACCEPT;
+ state->flags &= ~CLEANUP_FLAG_FILTER_ALL;
+ return (buf);
+ }
if (STREQUAL(value, "HOLD", command_len)) {
if ((state->flags & (CLEANUP_FLAG_HOLD | CLEANUP_FLAG_DISCARD)) == 0) {
cleanup_act_log(state, "hold", context, buf, optional_text);
@@ -440,6 +446,11 @@ static const char *cleanup_act(CLEANUP_S
return (buf);
}
+void cleanup_act_global(CLEANUP_STATE *state, const char *action)
+{
+ cleanup_act(state, CLEANUP_ACT_CTXT_ANY, "N/A", action, "N/A");
+}
+
/* cleanup_header_callback - process one complete header line */
static void cleanup_header_callback(void *context, int header_class,
diff -urp postfix-2.8.7.orig/src/global/mail_params.h
postfix-2.8.7/src/global/mail_params.h
--- postfix-2.8.7.orig/src/global/mail_params.h 2011-03-14 17:59:09 +0000
+++ postfix-2.8.7/src/global/mail_params.h 2011-11-16 23:41:09 +0000
@@ -1809,6 +1809,10 @@ extern char *var_nesthdr_checks;
#define DEF_BODY_CHECKS ""
extern char *var_body_checks;
+#define VAR_HBC_DEFAULT_ACTION "hbc_default_action"
+#define DEF_HBC_DEFAULT_ACTION ""
+extern char *var_hbc_default_action;
+
#define VAR_BODY_CHECK_LEN "body_checks_size_limit"
#define DEF_BODY_CHECK_LEN (50*1024)
extern int var_body_check_len;
