diff options
| author | manuel <manuel@mausz.at> | 2019-06-11 16:45:26 +0200 |
|---|---|---|
| committer | manuel <manuel@mausz.at> | 2019-06-11 16:45:26 +0200 |
| commit | 42f639244bcadf9978299ae5c55034b32fa463f7 (patch) | |
| tree | cd98f6653ceabb9c5cdbb8e4787f36f61a827da0 | |
| parent | 3a12dd05a808add990cc6712cbc49f57fda6eacc (diff) | |
| download | qmail-42f639244bcadf9978299ae5c55034b32fa463f7.tar.gz qmail-42f639244bcadf9978299ae5c55034b32fa463f7.tar.bz2 qmail-42f639244bcadf9978299ae5c55034b32fa463f7.zip | |
SMTP: limit max errors to 20
| -rw-r--r-- | qmail-smtpd.c | 64 |
1 files changed, 40 insertions, 24 deletions
diff --git a/qmail-smtpd.c b/qmail-smtpd.c index 245949d..0b78265 100644 --- a/qmail-smtpd.c +++ b/qmail-smtpd.c | |||
| @@ -160,29 +160,39 @@ void straynewline() | |||
| 160 | } | 160 | } |
| 161 | void die_pre_greet() { out("554 SMTP protocol violation\r\n"); flush(); _exit(1); } | 161 | void die_pre_greet() { out("554 SMTP protocol violation\r\n"); flush(); _exit(1); } |
| 162 | 162 | ||
| 163 | void err_size() { out("552 sorry, that message size exceeds my databytes limit (#5.3.4)\r\n"); } | 163 | int hard_errors = 0; |
| 164 | void err_bmf() { out("553 sorry, your envelope sender has been denied (#5.7.1)\r\n"); } | 164 | unsigned int max_hard_errors = 20; |
| 165 | void err_bmt() { out("553 sorry, your envelope recipient has been denied (#5.7.1)\r\n"); } | 165 | void do_hard_errors() { |
| 166 | void err_hmf() { out("553 sorry, your envelope sender domain must exist (#5.7.1)\r\n"); } | 166 | if (++hard_errors < max_hard_errors) |
| 167 | return; | ||
| 168 | enew(); eout("Maximum errors for "); eout(remoteip); eout(" reached. Closing connection\n"); | ||
| 169 | out("421 too many errors (#4.7.0)\r\n"); flush(); | ||
| 170 | eflush(); | ||
| 171 | _exit(1); | ||
| 172 | } | ||
| 173 | |||
| 174 | void err_size() { out("552 sorry, that message size exceeds my databytes limit (#5.3.4)\r\n"); do_hard_errors(); } | ||
| 175 | void err_bmf() { out("553 sorry, your envelope sender has been denied (#5.7.1)\r\n"); do_hard_errors(); } | ||
| 176 | void err_bmt() { out("553 sorry, your envelope recipient has been denied (#5.7.1)\r\n"); do_hard_errors(); } | ||
| 177 | void err_hmf() { out("553 sorry, your envelope sender domain must exist (#5.7.1)\r\n"); do_hard_errors(); } | ||
| 167 | void err_smf() { out("451 DNS temporary failure (#4.3.0)\r\n"); } | 178 | void err_smf() { out("451 DNS temporary failure (#4.3.0)\r\n"); } |
| 168 | void err_brt() { out("550 sorry, this message is not deliverable (#5.7.1)\r\n"); } | 179 | void err_brt() { out("550 sorry, this message is not deliverable (#5.7.1)\r\n"); do_hard_errors(); } |
| 169 | void err_bhelo() { out("553 sorry, your HELO host name has been denied (#5.7.1)\r\n"); } | 180 | void err_bhelo() { out("553 sorry, your HELO host name has been denied (#5.7.1)\r\n"); do_hard_errors(); } |
| 170 | #ifndef TLS | ||
| 171 | void err_nogateway() { out("553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)\r\n"); } | ||
| 172 | #else | ||
| 173 | void err_nogateway() | 181 | void err_nogateway() |
| 174 | { | 182 | { |
| 175 | out("553 sorry, that domain isn't in my list of allowed rcpthosts"); | 183 | out("553 sorry, that domain isn't in my list of allowed rcpthosts"); |
| 184 | #ifdef TLS | ||
| 176 | tls_nogateway(); | 185 | tls_nogateway(); |
| 186 | #endif | ||
| 177 | out(" (#5.7.1)\r\n"); | 187 | out(" (#5.7.1)\r\n"); |
| 188 | do_hard_errors(); | ||
| 178 | } | 189 | } |
| 179 | #endif | 190 | void err_badbounce() { out("550 sorry, bounce messages should have a single envelope recipient (#5.7.1)\r\n"); do_hard_errors(); } |
| 180 | void err_badbounce() { out("550 sorry, bounce messages should have a single envelope recipient (#5.7.1)\r\n"); } | 191 | void err_unimpl(arg) char *arg; { out("502 unimplemented (#5.5.1)\r\n"); do_hard_errors(); } |
| 181 | void err_unimpl(arg) char *arg; { out("502 unimplemented (#5.5.1)\r\n"); } | 192 | void err_syntax() { out("555 syntax error (#5.5.4)\r\n"); do_hard_errors(); } |
| 182 | void err_syntax() { out("555 syntax error (#5.5.4)\r\n"); } | 193 | void err_relay() { out("553 we don't relay (#5.7.1)\r\n"); do_hard_errors(); } |
| 183 | void err_relay() { out("553 we don't relay (#5.7.1)\r\n"); } | 194 | void err_wantmail() { out("503 MAIL first (#5.5.1)\r\n"); do_hard_errors(); } |
| 184 | void err_wantmail() { out("503 MAIL first (#5.5.1)\r\n"); } | 195 | void err_wantrcpt() { out("503 RCPT first (#5.5.1)\r\n"); do_hard_errors(); } |
| 185 | void err_wantrcpt() { out("503 RCPT first (#5.5.1)\r\n"); } | ||
| 186 | void err_noop(arg) char *arg; { out("250 ok\r\n"); } | 196 | void err_noop(arg) char *arg; { out("250 ok\r\n"); } |
| 187 | void err_vrfy(arg) char *arg; { out("252 send some mail, i'll try my best\r\n"); } | 197 | void err_vrfy(arg) char *arg; { out("252 send some mail, i'll try my best\r\n"); } |
| 188 | void err_qqt() { out("451 qqt failure (#4.3.0)\r\n"); } | 198 | void err_qqt() { out("451 qqt failure (#4.3.0)\r\n"); } |
| @@ -192,12 +202,15 @@ int err_fork() { out("454 oops, child won't start and I can't auth (#4.3.0)\r\n" | |||
| 192 | int err_pipe() { out("454 oops, unable to open pipe and I can't auth (#4.3.0)\r\n"); return -1; } | 202 | int err_pipe() { out("454 oops, unable to open pipe and I can't auth (#4.3.0)\r\n"); return -1; } |
| 193 | int err_write() { out("454 oops, unable to write pipe and I can't auth (#4.3.0)\r\n"); return -1; } | 203 | int err_write() { out("454 oops, unable to write pipe and I can't auth (#4.3.0)\r\n"); return -1; } |
| 194 | void err_authd() { out("503 you're already authenticated (#5.5.0)\r\n"); } | 204 | void err_authd() { out("503 you're already authenticated (#5.5.0)\r\n"); } |
| 195 | void err_authmail() { out("503 no auth during mail transaction (#5.5.0)\r\n"); } | 205 | void err_authmail() { out("503 no auth during mail transaction (#5.5.0)\r\n"); do_hard_errors(); } |
| 196 | int err_noauth() { out("504 auth type unimplemented (#5.5.1)\r\n"); return -1; } | 206 | int err_noauth() { out("504 auth type unimplemented (#5.5.1)\r\n"); do_hard_errors(); return -1; } |
| 207 | int err_noauth2() { out("503 auth not available (#5.3.3)\r\n"); do_hard_errors(); } | ||
| 197 | int err_authabrt() { out("501 auth exchange canceled (#5.0.0)\r\n"); return -1; } | 208 | int err_authabrt() { out("501 auth exchange canceled (#5.0.0)\r\n"); return -1; } |
| 198 | int err_input() { out("501 malformed auth input (#5.5.4)\r\n"); return -1; } | 209 | int err_input() { out("501 malformed auth input (#5.5.4)\r\n"); return -1; } |
| 199 | int err_wantstarttls() { out("530 Must issue a STARTTLS command first (#5.7.0)\r\n"); return -1; }; | 210 | int err_wantstarttls() { out("530 Must issue a STARTTLS command first (#5.7.0)\r\n"); return -1; }; |
| 200 | void err_authfail() { out("535 authentication failed (#5.7.1)\r\n"); } | 211 | void err_authfail() { out("535 authentication failed (#5.7.1)\r\n"); do_hard_errors(); } |
| 212 | void err_nomailbox() { out("554 sorry, no mailbox here by that name (#5.1.1)\r\n"); do_hard_errors(); } | ||
| 213 | void err_maxrcpt() { out("450 too many recipients (#4.7.1)\r\n"); do_hard_errors(); } | ||
| 201 | 214 | ||
| 202 | extern void realrcptto_init(); | 215 | extern void realrcptto_init(); |
| 203 | extern void realrcptto_start(); | 216 | extern void realrcptto_start(); |
| @@ -736,8 +749,8 @@ void smtp_rcpt(arg) char *arg; { | |||
| 736 | if (!addrparse(arg)) { err_syntax(); return; } | 749 | if (!addrparse(arg)) { err_syntax(); return; } |
| 737 | if (!relayclient && addrrelay()) { err_relay(); return; } | 750 | if (!relayclient && addrrelay()) { err_relay(); return; } |
| 738 | if (recipcount >= max_recipcount) { | 751 | if (recipcount >= max_recipcount) { |
| 739 | out("450 too many recipients. (#4.7.1)\r\n"); | 752 | enew(); eout("Too many recipients for "); eout(remoteip); eout(".\n"); |
| 740 | strerr_warn2("qmail-smtpd: too many recipients at ",remoteip,0); | 753 | err_maxrcpt(); |
| 741 | return; | 754 | return; |
| 742 | } | 755 | } |
| 743 | if (flagbarfbhelo) { | 756 | if (flagbarfbhelo) { |
| @@ -786,7 +799,7 @@ void smtp_rcpt(arg) char *arg; { | |||
| 786 | log_deny("BAD RCPT TO", mailfrom.s,addr.s); | 799 | log_deny("BAD RCPT TO", mailfrom.s,addr.s); |
| 787 | } | 800 | } |
| 788 | if (!flagauth && !relayclient && !realrcptto(addr.s,1)) { | 801 | if (!flagauth && !relayclient && !realrcptto(addr.s,1)) { |
| 789 | out("554 sorry, no mailbox here by that name. (#5.1.1)\r\n"); | 802 | err_nomailbox(); |
| 790 | return; | 803 | return; |
| 791 | } | 804 | } |
| 792 | if (!(spp_val = spp_rcpt(allowed))) return; | 805 | if (!(spp_val = spp_rcpt(allowed))) return; |
| @@ -924,7 +937,10 @@ void smtp_data(arg) char *arg; { | |||
| 924 | if (mailfrom.len == 1 && recipcount > 1) { err_badbounce(); return; } | 937 | if (mailfrom.len == 1 && recipcount > 1) { err_badbounce(); return; } |
| 925 | if (flagbrt) { err_brt(); return; } | 938 | if (flagbrt) { err_brt(); return; } |
| 926 | if (!spp_data()) return; | 939 | if (!spp_data()) return; |
| 927 | if (!relayclient && realrcptto_deny()) { out("550 sorry, no mailbox here by that name. (#5.1.1)\r\n"); return; } | 940 | if (!relayclient && realrcptto_deny()) { |
| 941 | err_nomailbox(); | ||
| 942 | return; | ||
| 943 | } | ||
| 928 | seenmail = 0; | 944 | seenmail = 0; |
| 929 | if (databytes) bytestooverflow = databytes + 1; | 945 | if (databytes) bytestooverflow = databytes + 1; |
| 930 | if (qmail_open(&qqt) == -1) { err_qqt(); return; } | 946 | if (qmail_open(&qqt) == -1) { err_qqt(); return; } |
| @@ -1207,7 +1223,7 @@ char *arg; | |||
| 1207 | int i; | 1223 | int i; |
| 1208 | char *cmd = arg; | 1224 | char *cmd = arg; |
| 1209 | 1225 | ||
| 1210 | if (!*childargs) { out("503 auth not available (#5.3.3)\r\n"); return; } | 1226 | if (!*childargs) { err_noauth2(); return; } |
| 1211 | if (flagauth) { err_authd(); return; } | 1227 | if (flagauth) { err_authd(); return; } |
| 1212 | if (seenmail) { err_authmail(); return; } | 1228 | if (seenmail) { err_authmail(); return; } |
| 1213 | 1229 | ||