diff -u --recursive ../smtpd-2.0/CVS/Entries ./CVS/Entries --- ../smtpd-2.0/CVS/Entries Sun Oct 12 19:40:34 1997 +++ ./CVS/Entries Sat Dec 13 01:14:42 1997 @@ -1,17 +1,17 @@ /smtpd_check_rules.example/1.4/Mon Jul 14 06:44:04 1997// /INSTALL.SOLARIS/1.1/Sat Aug 9 21:12:36 1997// /LICENSE/1.2/Thu Aug 14 18:21:46 1997// -/smtp.h/1.6/Thu Aug 14 18:29:29 1997// -/CREDITS/1.16/Wed Oct 1 04:05:09 1997// -/Makefile.default/1.1/Tue Sep 23 21:03:07 1997// -/Makefile.minimal/1.1/Tue Sep 23 21:03:07 1997// -/Makefile.nochecks/1.1/Tue Sep 23 21:03:07 1997// /README/1.5/Wed Oct 1 04:05:09 1997// -/address_check.c/1.23/Wed Oct 1 04:05:09 1997// -/antirelay_check_rules_example/1.2/Wed Oct 1 04:05:09 1997// -/antispam_check_rules.example/1.8/Wed Oct 1 04:05:09 1997// -/smtpd.h/1.12/Wed Oct 1 04:05:09 1997// -/Makefile/1.32/Thu Oct 2 21:08:27 1997// -/smtpd.c/1.44/Thu Oct 2 21:08:27 1997// /INSTALL/1.6/Mon Oct 13 01:39:50 1997// -/smtpfwdd.c/1.33/Mon Oct 13 01:39:50 1997// +/antirelay_check_rules_example/1.5/Wed Nov 26 18:18:03 1997// +/CREDITS/1.18/Fri Dec 12 04:07:11 1997// +/Makefile/1.34/Fri Dec 12 04:07:11 1997// +/Makefile.default/1.3/Fri Dec 12 04:07:11 1997// +/Makefile.minimal/1.3/Fri Dec 12 04:07:11 1997// +/Makefile.nochecks/1.3/Fri Dec 12 04:07:11 1997// +/smtp.h/1.8/Fri Dec 12 04:07:48 1997// +/smtpd.h/1.14/Fri Dec 12 04:07:49 1997// +/smtpfwdd.c/1.35/Fri Dec 12 04:07:49 1997// +/address_check.c/1.26/Sat Dec 13 08:13:58 1997// +/antispam_check_rules.example/1.27/Sat Dec 13 08:12:54 1997// +/smtpd.c/1.48/Sat Dec 13 08:13:59 1997// diff -u --recursive ../smtpd-2.0/address_check.c ./address_check.c --- ../smtpd-2.0/address_check.c Sun Oct 12 19:40:34 1997 +++ ./address_check.c Sat Dec 13 01:14:42 1997 @@ -1,5 +1,5 @@ /* - * $Id: address_check.c,v 1.23 1997/10/01 04:00:37 beck Exp $ + * $Id: address_check.c,v 1.26 1997/12/13 08:13:58 beck Exp $ * * Copyright (c) 1996, 1997 Obtuse Systems Corporation. All rights * reserved. @@ -588,6 +588,40 @@ return(madt == adt); } +/* do a Vixie style rbl lookup for dotquad addr in rbl domain + * rbl_domain. + */ +int vixie_rbl_lookup(char * rbl_domain, char * addr) { + char *t, *d, *a; + t = strdup(addr); + if (t==NULL) { + syslog(LOG_ERR, "Malloc failed!"); + Failure = 1; + return(0); + } + d = (char *) malloc(strlen(t)+strlen(rbl_domain)+1); + if (d==NULL) { + syslog(LOG_ERR, "Malloc failed!"); + free(t); + Failure = 1; + return(0); + } + *d='\0'; + while((a = strrchr(t, '.'))) { + strcat(d, a+1); + strcat(d, "."); + *a='\0'; + } + strcat(d, t); + strcat(d, rbl_domain); + if (gethostbyname(d) != NULL) { + free(t); free(d); + return(1); + } + free(t); free(d); + return(0); +} + static int ip_match(char *tok, char *string) { /* @@ -601,12 +635,17 @@ else if ((string == NULL)) { return(0); } + else if (strncmp(tok, "RBL.", 4) == 0) { + /* do an rbl style lookup on the IP address in string usind + * rbl domain of whatever followed RBL in tok + */ + return(vixie_rbl_lookup(tok+3, string)); + } else { return(masked_ip_match(tok, string)); } return(0); } - #if NS_MATCH diff -u --recursive ../smtpd-2.0/antirelay_check_rules_example ./antirelay_check_rules_example --- ../smtpd-2.0/antirelay_check_rules_example Sun Oct 12 19:40:34 1997 +++ ./antirelay_check_rules_example Sat Dec 13 01:14:42 1997 @@ -9,6 +9,11 @@ # for any connection on a trusted interface. #allow:TRUSTED:ALL:ALL +# Don't allow people to %hack relay off of me. +noto:ALL:ALL:*%*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. +noto:ALL:ALL:*!*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. +noto:ALL:ALL:*@*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. + # If we have NS_MATCH=1 compiled in, we can do it this way, by allowing # the relay mail outbound from hosts that have dns.my.domain as one of # their nameservers. this might be useful if we sit in front of a diff -u --recursive ../smtpd-2.0/antispam_check_rules.example ./antispam_check_rules.example --- ../smtpd-2.0/antispam_check_rules.example Sun Oct 12 19:40:34 1997 +++ ./antispam_check_rules.example Sat Dec 13 01:14:42 1997 @@ -27,6 +27,10 @@ # otherwise, we'd do it like this: allow:*mydomain.com *otherdomain.com:ALL +# don't allow people to use %hack to relay off of me. +noto:ALL:ALL:*%*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. +noto:ALL:ALL:*!*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. +noto:ALL:ALL:*@*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. # First, the exceptions. # "I'll have your spam dear, I love it!" @@ -38,6 +42,18 @@ allow:ALL:ALL:ALL@hormel.mydomain.com spamboy@otherdomain.com +# Block any connections from host in the MAPS rbl at rbl.maps.vix.com +# Beware that this can throw the baby out with the bathwater. +noto:RBL.rbl.maps.vix.com:ALL:ALL:550 Mail refused from host %I in MAPS RBL, see http%C//maps.vix.com/rbl/ + +# Block any connections from a host or connecting address who uses a +# nameserver for which the address is in the MAPS rbl at rbl.maps.vix.com. +# Note that this can *really* throw the baby out with the bathwater, +# be sure you understand the implications before using the two below. +noto:NS=RBL.rbl.maps.vix.com:ALL:ALL:550 Mail refused due to nameserver for %H(%I) in MAPS RBL, see http%C//maps.vix.com/rbl/ +noto:ALL:NS=RBL.rbl.maps.vix.com:ALL:550 Mail refused due to nameserver for %F in MAPS RBL, see http%C//maps.vix.com/rbl/ + + # block anyone who uses a major SPAM provider as a nameserver or MX. either # on a connection from one of their hosts, a connection from a host they act # as a nameserver for, or a connection with a FROM: address that uses @@ -86,8 +102,85 @@ noto:NS=206.85.231.0/24:ALL:ALL noto:ALL:NS=206.85.231.0/24:ALL #tnlb.com - "the national letter bureau" and "mako marketing" - yeesh.. -noto:NS=206.101.40.5:ALL:ALL -noto:ALL:NS=206.101.40.5:ALL +noto:206.101.40.0/24 206.101.58.0/24 208.230.127.0/24:ALL:ALL +noto:NS=206.101.40.0/24 NS=206.101.58.0/24 NS=208.230.127.0/24:ALL:ALL +noto:ALL:NS=206.101.40.0/24 NS=206.101.58.0/24 NS=208.230.127.0/24:ALL +#c-flash.net - yaash +noto:205.199.166.0/24:ALL:ALL +noto:NS=205.199.166.0/24:ALL:ALL +noto:ALL:NS=205.199.166.0/24:ALL +#directsend.com - Former Nancynet customer, now yaash +noto:206.84.21.0/24 207.201.213.0/24:ALL:ALL +noto:NS=206.84.21.0/24 NS=207.201.213.0/24:ALL:ALL +noto:ALL:NS=206.84.21.0/24 NS=207.201.213.0/24:ALL +noto:206.84.21.0/24:ALL:ALL +noto:NS=206.84.21.0/24:ALL:ALL +noto:ALL:NS=206.84.21.0/24:ALL +#we-deliver.net - yaash +noto:206.62.151.0/24:ALL:ALL +noto:NS=206.62.151.0/24:ALL:ALL +noto:ALL:NS=206.62.151.0/24:ALL +#savoynet.com - yaash +noto:204.157.255.0/24:ALL:ALL +noto:NS=204.157.255.0/24:ALL:ALL +noto:ALL:NS=204.157.255.0/24:ALL +#taizen.com - "grandbikes.com" and other spammers. No response to complaints. +noto:208.219.218.0/24:ALL:ALL +noto:NS=208.219.218.0/24:ALL:ALL +noto:ALL:NS=208.219.218.0/24:ALL +#edgetone.com and cyberserverscentral.com +noto:208.223.114.0/24 208.223.112.0/24 204.178.73.192/25:ALL:ALL +noto:NS=208.223.114.0/24 NS=208.223.112.0/24 NS=204.178.73.192/25:ALL:ALL +noto:ALL:NS=208.223.114.0/24 NS=208.223.112.0/24 NS=204.178.73.192/25:ALL +#icsinc.net and money-group.net +noto:151.201.64.0/24:ALL:ALL +noto:NS=151.201.64.0/24:ALL:ALL +noto:ALL:NS=151.201.64.0/24:ALL +#gil.net and firstgear.com +noto:207.100.79.0/24:ALL:ALL +noto:NS=207.100.79.0/24:ALL:ALL +noto:ALL:NS=207.100.79.0/24:ALL +#ultramax.net and friends +noto:207.201.213.0/24:ALL:ALL +noto:NS=207.201.213.0/24:ALL:ALL +noto:ALL:NS=207.201.213.0/24:ALL +#t-1net.com +noto:208.21.213.0/24:ALL:ALL +noto:NS=208.21.213.0/24:ALL:ALL +noto:ALL:NS=208.21.213.0/24:ALL +#ezmoney.com and pals +noto:204.212.245.0/24:ALL:ALL +noto:NS=204.212.245.0/24:ALL:ALL +noto:ALL:NS=204.212.245.0/24:ALL +#mail-response, hitrus, etc. +noto:209.136.134.0/24:ALL:ALL +noto:NS=209.136.134.0/24:ALL:ALL +noto:ALL:NS=209.136.134.0/24:ALL +#nevwest - the next generation, via ACSI. +noto:209.12.111.0/23:ALL:ALL +noto:NS=209.12.111.0/23:ALL:ALL +noto:ALL:NS=209.12.111.0/23:ALL +#gtwinc, gmds.com - spamhaus +noto:207.201.213.0/24 206.98.109.0/24:ALL:ALL +noto:NS=207.201.213.0/24 NS=206.98.109.0/24:ALL:ALL +noto:ALL:NS=207.201.213.0/24 NS=206.98.109.0/24:ALL +#goplay.com, mpx.com - many, many spams +noto:199.74.206.0/24:ALL:ALL +noto:NS=199.74.206.0/24:ALL:ALL +noto:ALL:NS=199.74.206.0/24:ALL +#silkspin.com spamhaus +noto:151.196.90.0/24 151.196.69.0/24:ALL:ALL +noto:NS=151.196.90.0/24 NS=151.196.69.0/24:ALL:ALL +noto:ALL:NS=151.196.90.0/24 NS=151.196.69.0/24:ALL +#uplinkpro.com +noto:206.30.95.0/24:ALL:ALL +noto:NS=206.30.95.0/24:ALL:ALL +noto:ALL:NS=206.30.95.0/24:ALL +#excite.com mailexcite.com +noto:198.3.102.0/24 198.3.98.0/24:ALL:ALL +noto:NS=198.3.102.0/24 NS=198.3.98.0/24:ALL:ALL +noto:ALL:NS=198.3.102.0/24 NS=198.3.98.0/24:ALL + # dump things with a bogus rhs to a FROM: addresses. usually spammers diff -u --recursive ../smtpd-2.0/smtp.h ./smtp.h --- ../smtpd-2.0/smtp.h Sun Oct 12 19:40:34 1997 +++ ./smtp.h Sat Dec 13 01:14:42 1997 @@ -1,7 +1,7 @@ /* * Obtuse smtp store/forward daemon include file * - * $Id: smtp.h,v 1.6 1997/08/14 18:29:29 beck Exp $ + * $Id: smtp.h,v 1.8 1997/12/12 04:07:48 beck Exp $ * * Copyright (c) 1996, 1997 Obtuse Systems Corporation. All rights * reserved. diff -u --recursive ../smtpd-2.0/smtpd.c ./smtpd.c --- ../smtpd-2.0/smtpd.c Sun Oct 12 19:40:34 1997 +++ ./smtpd.c Sat Dec 13 01:14:42 1997 @@ -2,7 +2,7 @@ * smtpd, Obtuse SMTP daemon, storing agent. does simple collection of * mail messages, for later forwarding by smtpfwdd. * - * $Id: smtpd.c,v 1.44 1997/10/02 21:05:25 beck Exp $ + * $Id: smtpd.c,v 1.48 1997/12/13 08:13:59 beck Exp $ * * Copyright (c) 1996, 1997 Obtuse Systems Corporation. All rights * reserved. @@ -40,7 +40,7 @@ char *obtuse_copyright = "Copyright 1996 - Obtuse Systems Corporation - All rights reserved."; -char *obtuse_rcsid = "$Id: smtpd.c,v 1.44 1997/10/02 21:05:25 beck Exp $"; +char *obtuse_rcsid = "$Id: smtpd.c,v 1.48 1997/12/13 08:13:59 beck Exp $"; #include #include @@ -209,6 +209,12 @@ int len; c++; switch (*c) { + case '%': + add = "%"; + break; + case 'C': + add = ":"; + break; case 'F': add = from; break; @@ -957,7 +963,12 @@ *dst++ = '^'; *dst++ = '='; } - if (isalnum(ch) || strchr(" -,:=.@_!<>()[]/+%", ch) != NULL) { + /* + * RFC822 allows both ' and " in local-part. + * " is infact _required_ if local-part contains spaces as is + * common in x400 (yuk). + */ + if (isalnum(ch) || strchr(" -,:=.@_!<>()[]/+%'\"", ch) != NULL) { if (firstone && (ch == '-')) { arg_attempt = 1; *dst++ = '^'; @@ -1407,8 +1418,15 @@ } buf += 5; SPANBLANK(buf); + /* + * if local-part contains ", then spaces are allowed + */ cp = NULL; - cp = strchr(buf, ' '); + if (buf[0] == '"' || buf[1] == '"') + cp = strrchr(buf, '"'); /* REVISIT: find last " */ + if (cp == NULL) + cp = buf; + cp = strchr(cp+1, ' '); if (cp != NULL) { /* stuff on the end */ *cp = '\0'; diff -u --recursive ../smtpd-2.0/smtpd.h ./smtpd.h --- ../smtpd-2.0/smtpd.h Sun Oct 12 19:40:34 1997 +++ ./smtpd.h Sat Dec 13 01:14:42 1997 @@ -1,6 +1,6 @@ /* Obtuse smtpd SMTP store daemon header file * - * $Id: smtpd.h,v 1.12 1997/10/01 04:00:38 beck Exp $ + * $Id: smtpd.h,v 1.14 1997/12/12 04:07:49 beck Exp $ * * Copyright (c) 1996, 1997 Obtuse Systems Corporation. All rights * reserved. diff -u --recursive ../smtpd-2.0/smtpfwdd.c ./smtpfwdd.c --- ../smtpd-2.0/smtpfwdd.c Sun Oct 12 19:40:34 1997 +++ ./smtpfwdd.c Sat Dec 13 01:14:42 1997 @@ -4,7 +4,7 @@ * to pick it up and invokes sendmail (or sendmail-like agent) to * deliver it. * - * $Id: smtpfwdd.c,v 1.33 1997/10/13 01:24:31 beck Exp $ + * $Id: smtpfwdd.c,v 1.35 1997/12/12 04:07:49 beck Exp $ * * Copyright (c) 1996, 1997 Obtuse Systems Corporation. All rights * reserved. @@ -41,7 +41,7 @@ */ char *obtuse_copyright = "Copyright 1996 - Obtuse Systems Corporation - All rights reserved."; -char *obtuse_rcsid = "$Id: smtpfwdd.c,v 1.33 1997/10/13 01:24:31 beck Exp $"; +char *obtuse_rcsid = "$Id: smtpfwdd.c,v 1.35 1997/12/12 04:07:49 beck Exp $"; #include #include