From 8ed3cb136c336a3103d233f1f82b6da35ae2f6f9 Mon Sep 17 00:00:00 2001
From: manuel <manuel@mausz.at>
Date: Tue, 5 Feb 2013 18:26:02 +0100
Subject: [PATCH] check envelope sender's domain for validity

qmail-1.03-r17-mfcheck
---
 qmail-smtpd.c | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

(limited to 'qmail-smtpd.c')

diff --git a/qmail-smtpd.c b/qmail-smtpd.c
index 4553b42..8f0ebad 100644
--- a/qmail-smtpd.c
+++ b/qmail-smtpd.c
@@ -28,6 +28,7 @@
 #include "strerr.h"
 #include "cdb.h"
 #include "qmail-spp.h"
+#include "dns.h"
 
 int spp_val;
 
@@ -42,6 +43,7 @@ int spp_val;
 
 #define MAXHOPS 100
 unsigned int databytes = 0;
+unsigned int mfchk = 0;
 int timeout = 1200;
 
 const char *protocol = "SMTP";
@@ -124,6 +126,8 @@ void straynewline()
 void err_size() { out("552 sorry, that message size exceeds my databytes limit (#5.3.4)\r\n"); }
 void err_bmf() { out("553 sorry, your envelope sender has been denied (#5.7.1)\r\n"); }
 void err_bmt() { out("553 sorry, your envelope recipient has been denied (#5.7.1)\r\n"); }
+void err_hmf() { out("553 sorry, your envelope sender domain must exist (#5.7.1)\r\n"); }
+void err_smf() { out("451 DNS temporary failure (#4.3.0)\r\n"); }
 void err_brt() { out("550 sorry, this message is not deliverable (#5.7.1)\r\n"); }
 void err_bhelo() { out("553 sorry, your HELO host name has been denied (#5.7.1)\r\n"); }
 #ifndef TLS
@@ -224,6 +228,10 @@ void setup()
   if (rcpthosts_init() == -1) die_control();
   if (spp_init() == -1) die_control();
 
+  if (control_readint(&mfchk,"control/mfcheck") == -1) die_control();
+  x = env_get("MFCHECK");
+  if (x) { scan_ulong(x,&u); mfchk = u; }
+
   bmfok = control_readfile(&bmf,"control/badmailfrom",0);
   if (bmfok == -1) die_control();
 
@@ -412,6 +420,25 @@ int brtcheck()
   return 0;
 }
 
+int mfcheck()
+{
+  stralloc sa = {0};
+  ipalloc ia = {0};
+  unsigned int random;
+  int j;
+
+  if (!mfchk) return 0;
+  random = now() + (getpid() << 16);
+  j = byte_rchr(addr.s,addr.len,'@') + 1;
+  if (j < addr.len) {
+    stralloc_copys(&sa, addr.s + j);
+    dns_init(0);
+    j = dns_mxip(&ia,&sa,random);
+    if (j < 0) return j;
+  }
+  return 0;
+}
+
 int addrallowed()
 {
   int r;
@@ -565,6 +592,11 @@ void smtp_mail(arg) char *arg;
   if ((!flagbarfbmf) && (bmfnrok) && (addr.len != 1) && (!relayclient)) {
     flagbarfbmf = bmcheck(BMCHECK_BMFNR);
   }
+  switch(mfcheck()) {
+    case DNS_HARD: err_hmf(); return;
+    case DNS_SOFT: err_smf(); return;
+    case DNS_MEM: die_nomem();
+  }
   if (!(spp_val = spp_mail())) return;
   seenmail = 1;
   if (!stralloc_copys(&rcptto,"")) die_nomem();
-- 
cgit v1.2.3