Re: block attachments on per user basis

Mon, 17 Sep 2012 08:15:16 -0700 

Hi,
I have the attached patched which works fine, but its per IP base not per user. I need to know how can I read an attribute from ldap in qmail-smtpd.c. 



Subject: Re: block attachments on per user basis
Date: Mon, 17 Sep 2012 15:47:28 +0100
From: Nicolas de Bari Embriz Garcia Rojas <nb...@unixmexico.org>
To: Mario Remy Almeida <malme...@isa.ae>Cc: qmail-ldap@qmail-ldap.org


attachments + txt build the full email package so for been available
to allow user to send only attachments maybe you will need something
that could read the full package before releasing the email, maybe is
simpler to limit the user via send quota.

On Mon, Sep 17, 2012 at 1:03 PM, Mario Remy Almeida <malme...@isa.ae> wrote:

Hi All,

Dose anyone has a patch for qmail-ldap to block attachments on per user
basis?

For example:
us...@example.com is allowed to send emails but us...@example.com is not
allowed to send emails with attachments.





--- qmail-ldap-1.03-20120221.orig/execcheck.c	2012-09-14 22:17:21.000000000 +0400
+++ qmail-ldap-1.03-20120221/execcheck.c	2012-09-14 22:17:39.000000000 +0400
@@ -52,6 +52,7 @@
 
 static int checkexecutable = 0;
 static int flagexecutable;
+static int flagattachment;
 static stralloc signatures = {0};
 
 void
@@ -81,6 +82,12 @@
 	return flagexecutable;
 }
 
+int
+attachmentcheck_flag(void)
+{
+	return flagattachment;
+}
+
 static int
 signatures_match(stralloc *line, char *sig)
 {
@@ -107,6 +114,17 @@
 	return 0;
 }
 
+static int
+attachments_check(stralloc *line)
+{
+	char *s;
+	s = "Content-Disposition: attachment; filename=";
+
+	if(signatures_match(line, s))
+		return 1;
+	return 0;
+}
+
 static int linespastheader;	/* = 0 if in header (mime or mail)
 			 	 * = 1 line after blank line
 				 * = 2 somewhere in body
@@ -217,6 +235,7 @@
 	boundary_start = 0;
 	boundary_len = 0;
 	flagexecutable = 0;
+	flagattachment = 0;
 	flagrfc822 = 0;
 	linetype = ' ';
 }
@@ -243,6 +262,9 @@
 		 * in mail or mime header, search for content-type
 		 * and possible boundary
 		 */
+		if(attachments_check(&line))
+			flagattachment = 1;
+
 		if (line.len == 1) {	/* end of header */
 			linespastheader = 1;
 			if (content.len) /* MIME header */
--- qmail-ldap-1.03-20120221.orig/execcheck.h	2012-09-14 22:17:21.000000000 +0400
+++ qmail-ldap-1.03-20120221/execcheck.h	2012-09-14 22:17:39.000000000 +0400
@@ -40,6 +40,7 @@
 void execcheck_start(void);
 int execcheck_on(void);
 int execcheck_flag(void);
+int attachmentcheck_flag(void);
 void execcheck_put(struct qmail *, const char *);
 
 #endif
--- qmail-ldap-1.03-20120221.orig/qmail-smtpd.c	2012-09-14 22:17:21.000000000 +0400
+++ qmail-ldap-1.03-20120221/qmail-smtpd.c	2012-09-14 22:19:06.000000000 +0400
@@ -307,6 +307,9 @@
 unsigned int tarpitdelay = 5;
 unsigned int maxrcptcount = 0;
 unsigned int badrcptdelay = 0;
+int senderlocalflag = 0;
+int attachmentcheck = 0;
+int rcptlocalflag = 0;
 int greylist = 0;
 int sendercheck = 0;
 int rcptcheck = 0;
@@ -431,6 +434,7 @@
   if (env_get("BLOCKRELAYPROBE")) blockrelayprobe = 1;
   if (env_get("ENFORCEFQDNHELO")) enforcefqdnhelo = 1;
   if (env_get("SENDERCHECK")) {
+    if (env_get("BLOCKATTACHMENT")) attachmentcheck = 1;
     sendercheck = 1;
     if (!case_diffs("LOOSE",env_get("SENDERCHECK"))) sendercheck = 2;
     if (!case_diffs("STRICT",env_get("SENDERCHECK"))) sendercheck = 3;
@@ -1180,6 +1184,7 @@
 
         switch (ldaplookup(addr.s, &s)) {
           case 1: /* valid */
+	    senderlocalflag = 1;
 	    logline(4,"sender verify OK");
             break;
           case 0: /* invalid */
@@ -1306,6 +1311,7 @@
 
   /* check if recipient exists in ldap */
   if (rcptcheck) {
+    rcptlocalflag = 0;
     if (!goodmailaddr()) {
       logline(4,"recipient verify, recipient not in goodmailaddr");
       if (addrlocals()) {
@@ -1313,6 +1319,7 @@
 	logline(4,"recipient verify, recipient is local");
         switch (ldaplookup(addr.s, &s)) {
           case 1: /* valid */
+	    rcptlocalflag = 1;
 	    logline(4,"recipient verify OK");
             break;
           case 0: /* invalid */
@@ -1694,6 +1701,18 @@
   }
 #endif
 
+#ifdef SMTPEXECCHECK
+/* check if the email has attachment*/
+if (attachmentcheck) {
+  if (senderlocalflag && attachmentcheck_flag() && !rcptlocalflag) {
+      //out("552 You are not allowed to send email with attachment other then to local address (#5.3.5)\r\n");
+      logline(3,"email with attachment other then to local address denied");
+      if (errdisconnect) err_quit();
+        return;
+  }
+}
+#endif
+
   logpid(1);
   if (*qqx == 'D') {
     out("554 "); logstring(1,"message permanently not accepted because: ");
--- qmail-ldap-1.03-20120221.orig/QLDAPINSTALL	2012-09-14 22:17:21.000000000 +0400
+++ qmail-ldap-1.03-20120221/QLDAPINSTALL	2012-09-14 22:17:39.000000000 +0400
@@ -1087,6 +1087,14 @@
  Affects: qmail-smtpd 
  Example: "" 
 
+BLOCKATTACHMENT
+
+ Reject SMTP connections if contains attachment. The check is dependent
+ on SENDERCHECK env is set and sender is local
+ Default: off
+ Affects: qmail-smtpd
+ Example: ""
+
 ================================================================================
 
 DEFAULT LDAP PARAMETER FIELDS:






















					Reply via email to