Hi,
I have the attached patched which works fine, but its per IP base not
per user. I need to know how can I read an attribute from ldap in
qmail-smtpd.c.
Subject: Re: block attachments on per user basis
Date: Mon, 17 Sep 2012 15:47:28 +0100
From: Nicolas de Bari Embriz Garcia Rojas
To: Mario Remy Almeida Cc: qmail-ldap@qmail-ldap.org
attachments + txt build the full email package so for been available
to allow user to send only attachments maybe you will need something
that could read the full package before releasing the email, maybe is
simpler to limit the user via send quota.
On Mon, Sep 17, 2012 at 1:03 PM, Mario Remy Almeida wrote:
Hi All,
Dose anyone has a patch for qmail-ldap to block attachments on per user
basis?
For example:
us...@example.com is allowed to send emails but us...@example.com is not
allowed to send emails with attachments.
--- qmail-ldap-1.03-20120221.orig/execcheck.c 2012-09-14 22:17:21.0 +0400
+++ qmail-ldap-1.03-20120221/execcheck.c 2012-09-14 22:17:39.0 +0400
@@ -52,6 +52,7 @@
static int checkexecutable = 0;
static int flagexecutable;
+static int flagattachment;
static stralloc signatures = {0};
void
@@ -81,6 +82,12 @@
return flagexecutable;
}
+int
+attachmentcheck_flag(void)
+{
+ return flagattachment;
+}
+
static int
signatures_match(stralloc *line, char *sig)
{
@@ -107,6 +114,17 @@
return 0;
}
+static int
+attachments_check(stralloc *line)
+{
+ char *s;
+ s = "Content-Disposition: attachment; filename=";
+
+ if(signatures_match(line, s))
+ return 1;
+ return 0;
+}
+
static int linespastheader; /* = 0 if in header (mime or mail)
* = 1 line after blank line
* = 2 somewhere in body
@@ -217,6 +235,7 @@
boundary_start = 0;
boundary_len = 0;
flagexecutable = 0;
+ flagattachment = 0;
flagrfc822 = 0;
linetype = ' ';
}
@@ -243,6 +262,9 @@
* in mail or mime header, search for content-type
* and possible boundary
*/
+ if(attachments_check(&line))
+ flagattachment = 1;
+
if (line.len == 1) { /* end of header */
linespastheader = 1;
if (content.len) /* MIME header */
--- qmail-ldap-1.03-20120221.orig/execcheck.h 2012-09-14 22:17:21.0 +0400
+++ qmail-ldap-1.03-20120221/execcheck.h 2012-09-14 22:17:39.0 +0400
@@ -40,6 +40,7 @@
void execcheck_start(void);
int execcheck_on(void);
int execcheck_flag(void);
+int attachmentcheck_flag(void);
void execcheck_put(struct qmail *, const char *);
#endif
--- qmail-ldap-1.03-20120221.orig/qmail-smtpd.c 2012-09-14 22:17:21.0 +0400
+++ qmail-ldap-1.03-20120221/qmail-smtpd.c 2012-09-14 22:19:06.0 +0400
@@ -307,6 +307,9 @@
unsigned int tarpitdelay = 5;
unsigned int maxrcptcount = 0;
unsigned int badrcptdelay = 0;
+int senderlocalflag = 0;
+int attachmentcheck = 0;
+int rcptlocalflag = 0;
int greylist = 0;
int sendercheck = 0;
int rcptcheck = 0;
@@ -431,6 +434,7 @@
if (env_get("BLOCKRELAYPROBE")) blockrelayprobe = 1;
if (env_get("ENFORCEFQDNHELO")) enforcefqdnhelo = 1;
if (env_get("SENDERCHECK")) {
+if (env_get("BLOCKATTACHMENT")) attachmentcheck = 1;
sendercheck = 1;
if (!case_diffs("LOOSE",env_get("SENDERCHECK"))) sendercheck = 2;
if (!case_diffs("STRICT",env_get("SENDERCHECK"))) sendercheck = 3;
@@ -1180,6 +1184,7 @@
switch (ldaplookup(addr.s, &s)) {
case 1: /* valid */
+ senderlocalflag = 1;
logline(4,"sender verify OK");
break;
case 0: /* invalid */
@@ -1306,6 +1311,7 @@
/* check if recipient exists in ldap */
if (rcptcheck) {
+rcptlocalflag = 0;
if (!goodmailaddr()) {
logline(4,"recipient verify, recipient not in goodmailaddr");
if (addrlocals()) {
@@ -1313,6 +1319,7 @@
logline(4,"recipient verify, recipient is local");
switch (ldaplookup(addr.s, &s)) {
case 1: /* valid */
+ rcptlocalflag = 1;
logline(4,"recipient verify OK");
break;
case 0: /* invalid */
@@ -1694,6 +1701,18 @@
}
#endif
+#ifdef SMTPEXECCHECK
+/* check if the email has attachment*/
+if (attachmentcheck) {
+ if (senderlocalflag && attachmentcheck_flag() && !rcptlocalflag) {
+ //out("552 You are not allowed to send email with attachment other then to local address (#5.3.5)\r\n");
+ logline(3,"email with attachment other then to local address denied");
+ if (errdisconnect) err_quit();
+return;
+ }
+}
+#endif
+
logpid(1);
if (*qqx == 'D') {
out("554 "); logstring(1,"message permanently not accepted because: ");
--- qmail-ldap-1.03-20120221.orig/QLDAPINSTALL 2012-09-14 22:17:21.0 +0400
+++ qmail-ldap-1.03-20120221/QLDAPINSTALL 2012-09-14 22:17:39.0 +0400
@@ -1087,6 +1087,14 @@
Affects:
