diff options
| author | manuel <manuel@mausz.at> | 2023-09-26 14:11:58 +0200 |
|---|---|---|
| committer | manuel <manuel@mausz.at> | 2023-09-26 14:11:58 +0200 |
| commit | ff1e0ece50986156e0b6f5f37985833ed0ae6c97 (patch) | |
| tree | 1f3c3a158ec75c6b175ba9b081bd5ff4ea819c81 /qmail-smtpd.c | |
| parent | 52e4c7626ff891fbaf2eb2ced1d0f42eb05dd17d (diff) | |
| download | qmail-ff1e0ece50986156e0b6f5f37985833ed0ae6c97.tar.gz qmail-ff1e0ece50986156e0b6f5f37985833ed0ae6c97.tar.bz2 qmail-ff1e0ece50986156e0b6f5f37985833ed0ae6c97.zip | |
Add support for "require TLS"-settings
Diffstat (limited to 'qmail-smtpd.c')
| -rw-r--r-- | qmail-smtpd.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/qmail-smtpd.c b/qmail-smtpd.c index 48a66b1..d0395fc 100644 --- a/qmail-smtpd.c +++ b/qmail-smtpd.c | |||
| @@ -78,7 +78,7 @@ void tls_nogateway(); | |||
| 78 | int ssl_rfd = -1, ssl_wfd = -1; /* SSL_get_Xfd() are broken */ | 78 | int ssl_rfd = -1, ssl_wfd = -1; /* SSL_get_Xfd() are broken */ |
| 79 | stralloc proto = {0}; | 79 | stralloc proto = {0}; |
| 80 | int tls_before_auth = 0; | 80 | int tls_before_auth = 0; |
| 81 | int tls_require = 0; | 81 | int tls_required = 0; |
| 82 | #endif | 82 | #endif |
| 83 | 83 | ||
| 84 | #ifdef SMTPUTF8 | 84 | #ifdef SMTPUTF8 |
| @@ -344,7 +344,7 @@ void setup() | |||
| 344 | 344 | ||
| 345 | #ifdef TLS | 345 | #ifdef TLS |
| 346 | if (env_get("TLSBEFOREAUTH")) tls_before_auth = 1; | 346 | if (env_get("TLSBEFOREAUTH")) tls_before_auth = 1; |
| 347 | if (env_get("TLSREQUIRE")) tls_require = 1; | 347 | if (env_get("TLSREQUIRE")) tls_required = 1; |
| 348 | if (env_get("SMTPS")) { smtps = 1; tls_init(); } | 348 | if (env_get("SMTPS")) { smtps = 1; tls_init(); } |
| 349 | else | 349 | else |
| 350 | #endif | 350 | #endif |
| @@ -722,7 +722,7 @@ void smtp_mail(arg) char *arg; | |||
| 722 | { | 722 | { |
| 723 | if (!seenhelo) { err_wanthelo(); return; } | 723 | if (!seenhelo) { err_wanthelo(); return; } |
| 724 | #if defined(TLS) | 724 | #if defined(TLS) |
| 725 | if (tls_require && !ssl) { err_wantstarttls(); return; } | 725 | if (tls_required && !ssl) { err_wantstarttls(); return; } |
| 726 | #endif | 726 | #endif |
| 727 | if (!addrparse(arg)) { err_syntax(); return; } | 727 | if (!addrparse(arg)) { err_syntax(); return; } |
| 728 | flagsize = 0; | 728 | flagsize = 0; |
| @@ -818,6 +818,21 @@ void smtp_rcpt(arg) char *arg; { | |||
| 818 | return; | 818 | return; |
| 819 | } | 819 | } |
| 820 | } | 820 | } |
| 821 | #if defined(TLS) | ||
| 822 | /* per-domain "require TLS"-settings */ | ||
| 823 | if (!tls_required && !relayclient) { | ||
| 824 | int at = byte_rchr(addr.s, addr.len, '@') + 1; | ||
| 825 | if (at < addr.len) { | ||
| 826 | stralloc tmp = { 0 }; | ||
| 827 | if (!stralloc_copys(&tmp, "control/tlsrequire/") | ||
| 828 | || !stralloc_catb(&tmp, addr.s + at, addr.len - at)) // addr is 0-terminated | ||
| 829 | die_nomem(); | ||
| 830 | if (control_readint(&tls_required, tmp.s) == -1) die_control(); | ||
| 831 | tls_required = (tls_required & 0x01) ? 1 : 0; // 1st bit is SMTP incoming | ||
| 832 | if (tls_required && !ssl) { err_wantstarttls(); return; } | ||
| 833 | } | ||
| 834 | } | ||
| 835 | #endif | ||
| 821 | spp_rcpt_accepted(); | 836 | spp_rcpt_accepted(); |
| 822 | if (!stralloc_cats(&rcptto,"T")) die_nomem(); | 837 | if (!stralloc_cats(&rcptto,"T")) die_nomem(); |
| 823 | if (!stralloc_cats(&rcptto,addr.s)) die_nomem(); | 838 | if (!stralloc_cats(&rcptto,addr.s)) die_nomem(); |