Introduced the archive_address feature

Signed-off-by: Janos SUTO <sj@acts.hu>

RELEASE_NOTES

@@ -1,3 +1,5 @@
+- Introduced the archive_address feature, see etc/example.conf for the details
+
 1.3.12:
 -------
 

etc/example.conf

@@ -238,6 +238,15 @@ mmap_dedup_test=0
 ; clients via an IP-address list is not feasible.
 security_header=
 
+; By default the archive accepts any envelope recipient addresses.
+; If your archive's port 25 is wide open to the Internet (which it
+; shouldn't be, then spammers may find it, and fill it with spam.
+;
+; By setting this variable you may restrict the envelope address
+; to a single email address, eg. some-random-address-12345@archive.yourdomain.com
+; Then the archive will reject any other envelope recipients
+archive_address=
+
 ; whether to enable (1) or not (0) an smtp access list similar to
 ; postfix's postscreen. Valid actions in the acl file are "permit"
 ; and "reject" (without quotes). See smtp.acl.example for more.

src/cfg.c

@@ -39,7 +39,7 @@ struct _parse_rule {
 
 struct _parse_rule config_parse_rules[] =
 {
-
+   { "archive_address", "string", (void*) string_parser, offsetof(struct config, archive_address), "", MAXVAL-1},
    { "archive_emails_not_having_message_id", "integer", (void*) int_parser, offsetof(struct config, archive_emails_not_having_message_id), "0", sizeof(int)},
    { "archive_only_mydomains", "integer", (void*) int_parser, offsetof(struct config, archive_only_mydomains), "0", sizeof(int)},
    { "backlog", "integer", (void*) int_parser, offsetof(struct config, backlog), "20", sizeof(int)},

src/cfg.h

@@ -67,6 +67,7 @@ struct config {
    int default_retention_days;
 
    char security_header[MAXVAL];
+   char archive_address[MAXVAL];
 
    // mysql stuff
 

src/smtp.c

@@ -42,7 +42,7 @@ void process_smtp_command(struct smtp_session *session, char *buf, struct config
    }
 
    if(strncasecmp(buf, SMTP_CMD_RCPT_TO, strlen(SMTP_CMD_RCPT_TO)) == 0){
-      process_command_rcpt_to(session, buf);
+      process_command_rcpt_to(session, buf, cfg);
       return;
    }
 
@@ -239,7 +239,7 @@ void process_command_mail_from(struct smtp_session *session, char *buf){
 }
 
 
-void process_command_rcpt_to(struct smtp_session *session, char *buf){
+void process_command_rcpt_to(struct smtp_session *session, char *buf, struct config *cfg){
 
    if(session->protocol_state == SMTP_STATE_MAIL_FROM || session->protocol_state == SMTP_STATE_RCPT_TO){
 
@@ -249,6 +249,14 @@ void process_command_rcpt_to(struct smtp_session *session, char *buf){
 
       if(session->num_of_rcpt_to < MAX_RCPT_TO){
          extractEmail(buf, session->rcptto[session->num_of_rcpt_to]);
+
+         // Check if we should accept archive_address only
+         if(cfg->archive_address[0] && !strstr(cfg->archive_address, session->rcptto[session->num_of_rcpt_to])){
+            syslog(LOG_PRIORITY, "ERROR: Invalid recipient: *%s*", session->rcptto[session->num_of_rcpt_to]);
+            send_smtp_response(session, SMTP_RESP_550_ERR_INVALID_RECIPIENT);
+            return;
+         }
+
          session->num_of_rcpt_to++;
       }
 

src/smtp.h

@@ -16,7 +16,7 @@ void process_command_ehlo_lhlo(struct smtp_session *session, char *buf, int bufl
 void process_command_quit(struct smtp_session *session, char *buf, int buflen);
 void process_command_reset(struct smtp_session *session);
 void process_command_mail_from(struct smtp_session *session, char *buf);
-void process_command_rcpt_to(struct smtp_session *session, char *buf);
+void process_command_rcpt_to(struct smtp_session *session, char *buf, struct config *cfg);
 void process_command_data(struct smtp_session *session, struct config *cfg);
 void process_command_period(struct smtp_session *session);
 void process_command_starttls(struct smtp_session *session);

src/smtpcodes.h

@@ -56,6 +56,7 @@
 
 #define SMTP_RESP_502_ERR "502 Command not implemented\r\n"
 #define SMTP_RESP_503_ERR "503 Bad command sequence\r\n"
+#define SMTP_RESP_550_ERR_INVALID_RECIPIENT "550 Invalid recipient\r\n"
 #define SMTP_RESP_550_ERR_YOU_ARE_BANNED_BY_LOCAL_POLICY "550 You are banned by local policy\r\n"
 #define SMTP_RESP_550_ERR "550 Service currently unavailable\r\n"