Author: bago Date: Thu Apr 27 15:49:55 2006 New Revision: 397665 URL: http://svn.apache.org/viewcvs?rev=397665&view=rev Log: Added checks for valid domain in HELO/EHLO (JAMES-451) Temporarily added this code to the main helo/ehlo handlers, but we'll move that somewhere else. Also added a comment for the inMemorySizeLimit temporary feature in the config.xml Fixed the SMTPServerTest according to the disabling of 8BITMIME.
Modified: james/server/trunk/src/conf/james-config.xml james/server/trunk/src/java/org/apache/james/smtpserver/EhloCmdHandler.java james/server/trunk/src/java/org/apache/james/smtpserver/HeloCmdHandler.java james/server/trunk/src/test/org/apache/james/smtpserver/SMTPServerTest.java james/server/trunk/src/test/org/apache/james/smtpserver/SMTPTestConfiguration.java Modified: james/server/trunk/src/conf/james-config.xml URL: http://svn.apache.org/viewcvs/james/server/trunk/src/conf/james-config.xml?rev=397665&r1=397664&r2=397665&view=diff ============================================================================== --- james/server/trunk/src/conf/james-config.xml (original) +++ james/server/trunk/src/conf/james-config.xml Thu Apr 27 15:49:55 2006 @@ -713,14 +713,28 @@ <!-- The command handler configuration --> <handler command="HELO" class="org.apache.james.smtpserver.HeloCmdHandler"> - <!-- If is set to true helo is only accepted if it can be resolved + <!-- If is set to true helo is only accepted if it can be resolved --> + <!-- <checkValidHelo> false </checkValidHelo> --> + + <!-- If is set to true sender domain will be checked also for clients that --> + <!-- are allowed to relay. Default is false. --> + <!-- + <checkAuthNetworks> false </checkAuthNetworks> + --> </handler> <handler command="EHLO" class="org.apache.james.smtpserver.EhloCmdHandler"> <!-- If is set to true ehlo is only accepted if it can be resolved + <!-- <checkValidEhlo> false </checkValidEhlo> --> + + <!-- If is set to true sender domain will be checked also for clients that --> + <!-- are allowed to relay. Default is false. --> + <!-- + <checkAuthNetworks> false </checkAuthNetworks> + --> </handler> <handler command="AUTH" class="org.apache.james.smtpserver.AuthCmdHandler"></handler> <handler command="VRFY" class="org.apache.james.smtpserver.VrfyCmdHandler"></handler> @@ -900,6 +914,13 @@ </types> <config> <sqlFile>file://conf/sqlResources.xml</sqlFile> + <!-- Set the size threshold for in memory handling of storing operations --> + <!-- Default is currently 409600000 due to a bug with mysql and binary stream --> + <!-- currently under investigation. Please change this only if you know what --> + <!-- you do. --> + <!-- + <inMemorySizeLimit>4096</inMemorySizeLimit> + --> </config> </repository> Modified: james/server/trunk/src/java/org/apache/james/smtpserver/EhloCmdHandler.java URL: http://svn.apache.org/viewcvs/james/server/trunk/src/java/org/apache/james/smtpserver/EhloCmdHandler.java?rev=397665&r1=397664&r2=397665&view=diff ============================================================================== --- james/server/trunk/src/java/org/apache/james/smtpserver/EhloCmdHandler.java (original) +++ james/server/trunk/src/java/org/apache/james/smtpserver/EhloCmdHandler.java Thu Apr 27 15:49:55 2006 @@ -41,6 +41,8 @@ */ private boolean checkValidEhlo = false; + private boolean checkAuthNetworks = false; + /** * @see org.apache.avalon.framework.configuration.Configurable#configure(Configuration) */ @@ -49,6 +51,11 @@ if(configuration != null) { checkValidEhlo = configuration.getValueAsBoolean(); } + + Configuration configRelay = handlerConfiguration.getChild("checkAuthNetworks",false); + if(configRelay != null) { + checkAuthNetworks = configRelay.getValueAsBoolean(); + } } /* @@ -74,23 +81,30 @@ boolean badEhlo = false; // check for helo if its set in config - if (checkValidEhlo == true) { + if (checkValidEhlo) { + + /** + * don't check if the ip address is allowed to relay. Only check if it is set in the config. ed. + */ + if (!session.isRelayingAllowed() || checkAuthNetworks) { + - // try to resolv the provided helo. If it can not resolved do not accept it. - try { - org.apache.james.dnsserver.DNSServer.getByName(argument); - } catch (UnknownHostException e) { - badEhlo = true; - responseString = "501 "+DSNStatus.getStatus(DSNStatus.PERMANENT,DSNStatus.DELIVERY_INVALID_ARG)+" Provided EHLO " + argument + " can not resolved"; - session.writeResponse(responseString); - getLogger().info(responseString); + // try to resolv the provided helo. If it can not resolved do not accept it. + try { + org.apache.james.dnsserver.DNSServer.getByName(argument); + } catch (UnknownHostException e) { + badEhlo = true; + responseString = "501 "+DSNStatus.getStatus(DSNStatus.PERMANENT,DSNStatus.DELIVERY_INVALID_ARG)+" Provided EHLO " + argument + " can not resolved"; + session.writeResponse(responseString); + getLogger().info(responseString); + } } } if (argument == null) { responseString = "501 "+DSNStatus.getStatus(DSNStatus.PERMANENT,DSNStatus.DELIVERY_INVALID_ARG)+" Domain address required: " + COMMAND_NAME; session.writeResponse(responseString); - } else if (badEhlo == false){ + } else if (!badEhlo){ session.resetState(); session.getState().put(SMTPSession.CURRENT_HELO_MODE, COMMAND_NAME); Modified: james/server/trunk/src/java/org/apache/james/smtpserver/HeloCmdHandler.java URL: http://svn.apache.org/viewcvs/james/server/trunk/src/java/org/apache/james/smtpserver/HeloCmdHandler.java?rev=397665&r1=397664&r2=397665&view=diff ============================================================================== --- james/server/trunk/src/java/org/apache/james/smtpserver/HeloCmdHandler.java (original) +++ james/server/trunk/src/java/org/apache/james/smtpserver/HeloCmdHandler.java Thu Apr 27 15:49:55 2006 @@ -40,6 +40,8 @@ */ private boolean checkValidHelo = false; + private boolean checkAuthNetworks = false; + /** * @see org.apache.avalon.framework.configuration.Configurable#configure(Configuration) */ @@ -48,6 +50,12 @@ if(configuration != null) { checkValidHelo = configuration.getValueAsBoolean(); } + + Configuration configRelay = handlerConfiguration.getChild("checkAuthNetworks",false); + if(configRelay != null) { + checkAuthNetworks = configRelay.getValueAsBoolean(); + } + } /* @@ -57,7 +65,6 @@ **/ public void onCommand(SMTPSession session) { doHELO(session, session.getCommandArgument()); - } /** @@ -74,16 +81,23 @@ // check for helo if its set in config - if (checkValidHelo == true) { - - // try to resolv the provided helo. If it can not resolved do not accept it. - try { - org.apache.james.dnsserver.DNSServer.getByName(argument); - } catch (UnknownHostException e) { - badHelo = true; - responseString = "501 Provided HELO " + argument + " can not resolved"; - session.writeResponse(responseString); - getLogger().info(responseString); + if (checkValidHelo) { + + /** + * don't check if the ip address is allowed to relay. Only check if it is set in the config. ed. + */ + if (!session.isRelayingAllowed() || checkAuthNetworks) { + + // try to resolv the provided helo. If it can not resolved do not accept it. + try { + org.apache.james.dnsserver.DNSServer.getByName(argument); + } catch (UnknownHostException e) { + badHelo = true; + responseString = "501 Provided HELO " + argument + " can not resolved"; + session.writeResponse(responseString); + getLogger().info(responseString); + } + } } @@ -91,7 +105,7 @@ responseString = "501 Domain address required: " + COMMAND_NAME; session.writeResponse(responseString); getLogger().info(responseString); - } else if (badHelo == false) { + } else if (!badHelo) { session.resetState(); session.getState().put(SMTPSession.CURRENT_HELO_MODE, COMMAND_NAME); session.getResponseBuffer().append("250 ") @@ -107,8 +121,4 @@ session.writeResponse(responseString); } } - - - - } Modified: james/server/trunk/src/test/org/apache/james/smtpserver/SMTPServerTest.java URL: http://svn.apache.org/viewcvs/james/server/trunk/src/test/org/apache/james/smtpserver/SMTPServerTest.java?rev=397665&r1=397664&r2=397665&view=diff ============================================================================== --- james/server/trunk/src/test/org/apache/james/smtpserver/SMTPServerTest.java (original) +++ james/server/trunk/src/test/org/apache/james/smtpserver/SMTPServerTest.java Thu Apr 27 15:49:55 2006 @@ -155,11 +155,11 @@ assertNull("no mail received by mail server", m_mailServer.getLastMail()); String[] capabilityStrings = smtpProtocol.ehlo(InetAddress.getLocalHost()); - assertEquals("capabilities", 3, capabilityStrings.length); + assertEquals("capabilities", 2, capabilityStrings.length); List capabilitieslist = Arrays.asList(capabilityStrings); assertTrue("capabilities present PIPELINING", capabilitieslist.contains("PIPELINING")); assertTrue("capabilities present ENHANCEDSTATUSCODES", capabilitieslist.contains("ENHANCEDSTATUSCODES")); - assertTrue("capabilities present 8BITMIME", capabilitieslist.contains("8BITMIME")); + //assertTrue("capabilities present 8BITMIME", capabilitieslist.contains("8BITMIME")); smtpProtocol.mail(new Address("[EMAIL PROTECTED]")); smtpProtocol.rcpt(new Address("[EMAIL PROTECTED]")); @@ -297,6 +297,7 @@ public void testHeloResolv() throws Exception, SMTPException { m_testConfiguration.setHeloResolv(); + m_testConfiguration.setAuthorizedAddresses("192.168.0.1"); finishSetUp(m_testConfiguration); @@ -506,6 +507,7 @@ public void testEhloResolv() throws Exception, SMTPException { m_testConfiguration.setEhloResolv(); + m_testConfiguration.setAuthorizedAddresses("192.168.0.1"); finishSetUp(m_testConfiguration); @@ -543,6 +545,36 @@ SMTPResponse response = smtpProtocol1.getResponse(); // ehlo should not be checked. so this should give a 250 code assertEquals("ehlo accepted", 250, response.getCode()); + + smtpProtocol1.quit(); + } + + public void testEhloResolvIgnoreClientDisabled() throws Exception, SMTPException { + m_testConfiguration.setEhloResolv(); + m_testConfiguration.setCheckAuthNetworks(true); + finishSetUp(m_testConfiguration); + + + MySMTPProtocol smtpProtocol1 = new MySMTPProtocol("127.0.0.1", m_smtpListenerPort); + smtpProtocol1.openPort(); + + assertEquals("first connection taken", 1, smtpProtocol1.getState()); + + // no message there, yet + assertNull("no mail received by mail server", m_mailServer.getLastMail()); + + String[] ehlo1 = new String[] { "abgsfe3rsf.de"}; + String[] ehlo2 = new String[] { "james.apache.org" }; + + smtpProtocol1.sendCommand("ehlo", ehlo1); + SMTPResponse response = smtpProtocol1.getResponse(); + // this should give a 501 code cause the ehlo could not resolved + assertEquals("expected error: ehlo could not resolved", 501, response.getCode()); + + smtpProtocol1.sendCommand("ehlo", ehlo2); + SMTPResponse response2 = smtpProtocol1.getResponse(); + // ehlo is resolvable. so this should give a 250 code + assertEquals("ehlo accepted", 250, response2.getCode()); smtpProtocol1.quit(); } Modified: james/server/trunk/src/test/org/apache/james/smtpserver/SMTPTestConfiguration.java URL: http://svn.apache.org/viewcvs/james/server/trunk/src/test/org/apache/james/smtpserver/SMTPTestConfiguration.java?rev=397665&r1=397664&r2=397665&view=diff ============================================================================== --- james/server/trunk/src/test/org/apache/james/smtpserver/SMTPTestConfiguration.java (original) +++ james/server/trunk/src/test/org/apache/james/smtpserver/SMTPTestConfiguration.java Thu Apr 27 15:49:55 2006 @@ -34,6 +34,7 @@ private boolean m_heloResolv = false; private boolean m_ehloResolv = false; private boolean m_senderDomainResolv = false; + private boolean m_checkAuthNetworks = false; private boolean m_checkAuthClients = false; private boolean m_heloEhloEnforcement = true; private int m_maxRcpt = 0; @@ -44,6 +45,11 @@ m_smtpListenerPort = smtpListenerPort; } + + public void setCheckAuthNetworks(boolean checkAuth) { + m_checkAuthNetworks = checkAuth; + } + public void setMaxMessageSize(int kilobytes) { @@ -130,9 +136,11 @@ String cmd = ((DefaultConfiguration) heloConfig[i]).getAttribute("command",null); if (cmd != null) { if ("HELO".equals(cmd)) { - ((DefaultConfiguration) heloConfig[i]).addChild(Util.getValuedConfiguration("checkValidHelo",m_heloResolv+"")); + ((DefaultConfiguration) heloConfig[i]).addChild(Util.getValuedConfiguration("checkValidHelo",m_heloResolv+"")); + ((DefaultConfiguration) heloConfig[i]).addChild(Util.getValuedConfiguration("checkAuthNetworks",m_checkAuthNetworks+"")); } else if ("EHLO".equals(cmd)) { ((DefaultConfiguration) heloConfig[i]).addChild(Util.getValuedConfiguration("checkValidEhlo",m_ehloResolv+"")); + ((DefaultConfiguration) heloConfig[i]).addChild(Util.getValuedConfiguration("checkAuthNetworks",m_checkAuthNetworks+"")); } else if ("MAIL".equals(cmd)) { ((DefaultConfiguration) heloConfig[i]).addChild(Util.getValuedConfiguration("checkValidSenderDomain",m_senderDomainResolv+"")); ((DefaultConfiguration) heloConfig[i]).addChild(Util.getValuedConfiguration("checkAuthClients",m_checkAuthClients+"")); --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]