Author: bago
Date: Thu Apr 27 15:49:55 2006
New Revision: 397665
URL: http://svn.apache.org/viewcvs?rev=397665&view=rev
Log:
Added checks for valid domain in HELO/EHLO (JAMES-451)
Temporarily added this code to the main helo/ehlo handlers, but we'll move that
somewhere else.
Also added a comment for the inMemorySizeLimit temporary feature in the
config.xml
Fixed the SMTPServerTest according to the disabling of 8BITMIME.
Modified:
james/server/trunk/src/conf/james-config.xml
james/server/trunk/src/java/org/apache/james/smtpserver/EhloCmdHandler.java
james/server/trunk/src/java/org/apache/james/smtpserver/HeloCmdHandler.java
james/server/trunk/src/test/org/apache/james/smtpserver/SMTPServerTest.java
james/server/trunk/src/test/org/apache/james/smtpserver/SMTPTestConfiguration.java
Modified: james/server/trunk/src/conf/james-config.xml
URL:
http://svn.apache.org/viewcvs/james/server/trunk/src/conf/james-config.xml?rev=397665&r1=397664&r2=397665&view=diff
==============================================================================
--- james/server/trunk/src/conf/james-config.xml (original)
+++ james/server/trunk/src/conf/james-config.xml Thu Apr 27 15:49:55 2006
@@ -713,14 +713,28 @@
<!-- The command handler configuration -->
<handler command="HELO"
class="org.apache.james.smtpserver.HeloCmdHandler">
- <!-- If is set to true helo is only accepted if it can be
resolved
+ <!-- If is set to true helo is only accepted if it can be
resolved -->
+ <!--
<checkValidHelo> false </checkValidHelo>
-->
+
+ <!-- If is set to true sender domain will be checked also for
clients that -->
+ <!-- are allowed to relay. Default is false. -->
+ <!--
+ <checkAuthNetworks> false </checkAuthNetworks>
+ -->
</handler>
<handler command="EHLO"
class="org.apache.james.smtpserver.EhloCmdHandler">
<!-- If is set to true ehlo is only accepted if it can be
resolved
+ <!--
<checkValidEhlo> false </checkValidEhlo>
-->
+
+ <!-- If is set to true sender domain will be checked also for
clients that -->
+ <!-- are allowed to relay. Default is false. -->
+ <!--
+ <checkAuthNetworks> false </checkAuthNetworks>
+ -->
</handler>
<handler command="AUTH"
class="org.apache.james.smtpserver.AuthCmdHandler"></handler>
<handler command="VRFY"
class="org.apache.james.smtpserver.VrfyCmdHandler"></handler>
@@ -900,6 +914,13 @@
</types>
<config>
<sqlFile>file://conf/sqlResources.xml</sqlFile>
+ <!-- Set the size threshold for in memory handling of storing
operations -->
+ <!-- Default is currently 409600000 due to a bug with mysql and
binary stream -->
+ <!-- currently under investigation. Please change this only if
you know what -->
+ <!-- you do. -->
+ <!--
+ <inMemorySizeLimit>4096</inMemorySizeLimit>
+ -->
</config>
</repository>
Modified:
james/server/trunk/src/java/org/apache/james/smtpserver/EhloCmdHandler.java
URL:
http://svn.apache.org/viewcvs/james/server/trunk/src/java/org/apache/james/smtpserver/EhloCmdHandler.java?rev=397665&r1=397664&r2=397665&view=diff
==============================================================================
--- james/server/trunk/src/java/org/apache/james/smtpserver/EhloCmdHandler.java
(original)
+++ james/server/trunk/src/java/org/apache/james/smtpserver/EhloCmdHandler.java
Thu Apr 27 15:49:55 2006
@@ -41,6 +41,8 @@
*/
private boolean checkValidEhlo = false;
+ private boolean checkAuthNetworks = false;
+
/**
* @see
org.apache.avalon.framework.configuration.Configurable#configure(Configuration)
*/
@@ -49,6 +51,11 @@
if(configuration != null) {
checkValidEhlo = configuration.getValueAsBoolean();
}
+
+ Configuration configRelay =
handlerConfiguration.getChild("checkAuthNetworks",false);
+ if(configRelay != null) {
+ checkAuthNetworks = configRelay.getValueAsBoolean();
+ }
}
/*
@@ -74,23 +81,30 @@
boolean badEhlo = false;
// check for helo if its set in config
- if (checkValidEhlo == true) {
+ if (checkValidEhlo) {
+
+ /**
+ * don't check if the ip address is allowed to relay. Only check
if it is set in the config. ed.
+ */
+ if (!session.isRelayingAllowed() || checkAuthNetworks) {
+
- // try to resolv the provided helo. If it can not resolved do not
accept it.
- try {
- org.apache.james.dnsserver.DNSServer.getByName(argument);
- } catch (UnknownHostException e) {
- badEhlo = true;
- responseString = "501
"+DSNStatus.getStatus(DSNStatus.PERMANENT,DSNStatus.DELIVERY_INVALID_ARG)+"
Provided EHLO " + argument + " can not resolved";
- session.writeResponse(responseString);
- getLogger().info(responseString);
+ // try to resolv the provided helo. If it can not resolved do
not accept it.
+ try {
+ org.apache.james.dnsserver.DNSServer.getByName(argument);
+ } catch (UnknownHostException e) {
+ badEhlo = true;
+ responseString = "501
"+DSNStatus.getStatus(DSNStatus.PERMANENT,DSNStatus.DELIVERY_INVALID_ARG)+"
Provided EHLO " + argument + " can not resolved";
+ session.writeResponse(responseString);
+ getLogger().info(responseString);
+ }
}
}
if (argument == null) {
responseString = "501
"+DSNStatus.getStatus(DSNStatus.PERMANENT,DSNStatus.DELIVERY_INVALID_ARG)+"
Domain address required: " + COMMAND_NAME;
session.writeResponse(responseString);
- } else if (badEhlo == false){
+ } else if (!badEhlo){
session.resetState();
session.getState().put(SMTPSession.CURRENT_HELO_MODE,
COMMAND_NAME);
Modified:
james/server/trunk/src/java/org/apache/james/smtpserver/HeloCmdHandler.java
URL:
http://svn.apache.org/viewcvs/james/server/trunk/src/java/org/apache/james/smtpserver/HeloCmdHandler.java?rev=397665&r1=397664&r2=397665&view=diff
==============================================================================
--- james/server/trunk/src/java/org/apache/james/smtpserver/HeloCmdHandler.java
(original)
+++ james/server/trunk/src/java/org/apache/james/smtpserver/HeloCmdHandler.java
Thu Apr 27 15:49:55 2006
@@ -40,6 +40,8 @@
*/
private boolean checkValidHelo = false;
+ private boolean checkAuthNetworks = false;
+
/**
* @see
org.apache.avalon.framework.configuration.Configurable#configure(Configuration)
*/
@@ -48,6 +50,12 @@
if(configuration != null) {
checkValidHelo = configuration.getValueAsBoolean();
}
+
+ Configuration configRelay =
handlerConfiguration.getChild("checkAuthNetworks",false);
+ if(configRelay != null) {
+ checkAuthNetworks = configRelay.getValueAsBoolean();
+ }
+
}
/*
@@ -57,7 +65,6 @@
**/
public void onCommand(SMTPSession session) {
doHELO(session, session.getCommandArgument());
-
}
/**
@@ -74,16 +81,23 @@
// check for helo if its set in config
- if (checkValidHelo == true) {
-
- // try to resolv the provided helo. If it can not resolved do not
accept it.
- try {
- org.apache.james.dnsserver.DNSServer.getByName(argument);
- } catch (UnknownHostException e) {
- badHelo = true;
- responseString = "501 Provided HELO " + argument + " can not
resolved";
- session.writeResponse(responseString);
- getLogger().info(responseString);
+ if (checkValidHelo) {
+
+ /**
+ * don't check if the ip address is allowed to relay. Only check
if it is set in the config. ed.
+ */
+ if (!session.isRelayingAllowed() || checkAuthNetworks) {
+
+ // try to resolv the provided helo. If it can not resolved do
not accept it.
+ try {
+ org.apache.james.dnsserver.DNSServer.getByName(argument);
+ } catch (UnknownHostException e) {
+ badHelo = true;
+ responseString = "501 Provided HELO " + argument + " can
not resolved";
+ session.writeResponse(responseString);
+ getLogger().info(responseString);
+ }
+
}
}
@@ -91,7 +105,7 @@
responseString = "501 Domain address required: " + COMMAND_NAME;
session.writeResponse(responseString);
getLogger().info(responseString);
- } else if (badHelo == false) {
+ } else if (!badHelo) {
session.resetState();
session.getState().put(SMTPSession.CURRENT_HELO_MODE,
COMMAND_NAME);
session.getResponseBuffer().append("250 ")
@@ -107,8 +121,4 @@
session.writeResponse(responseString);
}
}
-
-
-
-
}
Modified:
james/server/trunk/src/test/org/apache/james/smtpserver/SMTPServerTest.java
URL:
http://svn.apache.org/viewcvs/james/server/trunk/src/test/org/apache/james/smtpserver/SMTPServerTest.java?rev=397665&r1=397664&r2=397665&view=diff
==============================================================================
--- james/server/trunk/src/test/org/apache/james/smtpserver/SMTPServerTest.java
(original)
+++ james/server/trunk/src/test/org/apache/james/smtpserver/SMTPServerTest.java
Thu Apr 27 15:49:55 2006
@@ -155,11 +155,11 @@
assertNull("no mail received by mail server",
m_mailServer.getLastMail());
String[] capabilityStrings =
smtpProtocol.ehlo(InetAddress.getLocalHost());
- assertEquals("capabilities", 3, capabilityStrings.length);
+ assertEquals("capabilities", 2, capabilityStrings.length);
List capabilitieslist = Arrays.asList(capabilityStrings);
assertTrue("capabilities present PIPELINING",
capabilitieslist.contains("PIPELINING"));
assertTrue("capabilities present ENHANCEDSTATUSCODES",
capabilitieslist.contains("ENHANCEDSTATUSCODES"));
- assertTrue("capabilities present 8BITMIME",
capabilitieslist.contains("8BITMIME"));
+ //assertTrue("capabilities present 8BITMIME",
capabilitieslist.contains("8BITMIME"));
smtpProtocol.mail(new Address("[EMAIL PROTECTED]"));
smtpProtocol.rcpt(new Address("[EMAIL PROTECTED]"));
@@ -297,6 +297,7 @@
public void testHeloResolv() throws Exception, SMTPException {
m_testConfiguration.setHeloResolv();
+ m_testConfiguration.setAuthorizedAddresses("192.168.0.1");
finishSetUp(m_testConfiguration);
@@ -506,6 +507,7 @@
public void testEhloResolv() throws Exception, SMTPException {
m_testConfiguration.setEhloResolv();
+ m_testConfiguration.setAuthorizedAddresses("192.168.0.1");
finishSetUp(m_testConfiguration);
@@ -543,6 +545,36 @@
SMTPResponse response = smtpProtocol1.getResponse();
// ehlo should not be checked. so this should give a 250 code
assertEquals("ehlo accepted", 250, response.getCode());
+
+ smtpProtocol1.quit();
+ }
+
+ public void testEhloResolvIgnoreClientDisabled() throws Exception,
SMTPException {
+ m_testConfiguration.setEhloResolv();
+ m_testConfiguration.setCheckAuthNetworks(true);
+ finishSetUp(m_testConfiguration);
+
+
+ MySMTPProtocol smtpProtocol1 = new MySMTPProtocol("127.0.0.1",
m_smtpListenerPort);
+ smtpProtocol1.openPort();
+
+ assertEquals("first connection taken", 1, smtpProtocol1.getState());
+
+ // no message there, yet
+ assertNull("no mail received by mail server",
m_mailServer.getLastMail());
+
+ String[] ehlo1 = new String[] { "abgsfe3rsf.de"};
+ String[] ehlo2 = new String[] { "james.apache.org" };
+
+ smtpProtocol1.sendCommand("ehlo", ehlo1);
+ SMTPResponse response = smtpProtocol1.getResponse();
+ // this should give a 501 code cause the ehlo could not resolved
+ assertEquals("expected error: ehlo could not resolved", 501,
response.getCode());
+
+ smtpProtocol1.sendCommand("ehlo", ehlo2);
+ SMTPResponse response2 = smtpProtocol1.getResponse();
+ // ehlo is resolvable. so this should give a 250 code
+ assertEquals("ehlo accepted", 250, response2.getCode());
smtpProtocol1.quit();
}
Modified:
james/server/trunk/src/test/org/apache/james/smtpserver/SMTPTestConfiguration.java
URL:
http://svn.apache.org/viewcvs/james/server/trunk/src/test/org/apache/james/smtpserver/SMTPTestConfiguration.java?rev=397665&r1=397664&r2=397665&view=diff
==============================================================================
---
james/server/trunk/src/test/org/apache/james/smtpserver/SMTPTestConfiguration.java
(original)
+++
james/server/trunk/src/test/org/apache/james/smtpserver/SMTPTestConfiguration.java
Thu Apr 27 15:49:55 2006
@@ -34,6 +34,7 @@
private boolean m_heloResolv = false;
private boolean m_ehloResolv = false;
private boolean m_senderDomainResolv = false;
+ private boolean m_checkAuthNetworks = false;
private boolean m_checkAuthClients = false;
private boolean m_heloEhloEnforcement = true;
private int m_maxRcpt = 0;
@@ -44,6 +45,11 @@
m_smtpListenerPort = smtpListenerPort;
}
+
+ public void setCheckAuthNetworks(boolean checkAuth) {
+ m_checkAuthNetworks = checkAuth;
+ }
+
public void setMaxMessageSize(int kilobytes)
{
@@ -130,9 +136,11 @@
String cmd = ((DefaultConfiguration)
heloConfig[i]).getAttribute("command",null);
if (cmd != null) {
if ("HELO".equals(cmd)) {
- ((DefaultConfiguration)
heloConfig[i]).addChild(Util.getValuedConfiguration("checkValidHelo",m_heloResolv+""));
+ ((DefaultConfiguration)
heloConfig[i]).addChild(Util.getValuedConfiguration("checkValidHelo",m_heloResolv+""));
+ ((DefaultConfiguration)
heloConfig[i]).addChild(Util.getValuedConfiguration("checkAuthNetworks",m_checkAuthNetworks+""));
} else if ("EHLO".equals(cmd)) {
((DefaultConfiguration)
heloConfig[i]).addChild(Util.getValuedConfiguration("checkValidEhlo",m_ehloResolv+""));
+ ((DefaultConfiguration)
heloConfig[i]).addChild(Util.getValuedConfiguration("checkAuthNetworks",m_checkAuthNetworks+""));
} else if ("MAIL".equals(cmd)) {
((DefaultConfiguration)
heloConfig[i]).addChild(Util.getValuedConfiguration("checkValidSenderDomain",m_senderDomainResolv+""));
((DefaultConfiguration)
heloConfig[i]).addChild(Util.getValuedConfiguration("checkAuthClients",m_checkAuthClients+""));
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
