1 diff -urN -x '*~' postfix-2.2.5/src/global/mail_params.h postfix-2.2.5-ident/src/global/mail_params.h
2 --- postfix-2.2.5/src/global/mail_params.h 2006-02-22 16:20:15.000000000 +0100
3 +++ postfix-2.2.5-ident/src/global/mail_params.h 2006-02-22 15:56:31.000000000 +0100
5 #define DEF_SMTP_EHLO_DIS_MAPS ""
6 extern char *var_smtp_ehlo_dis_maps;
8 +#define VAR_SMTPD_IDENT_LOOKUP "smtpd_ident_lookup"
9 +#define DEF_SMTPD_IDENT_LOOKUP ""
10 +extern char *var_smtpd_ident_lookup;
14 diff -urN -x '*~' postfix-2.2.5/src/smtpd/smtpd_ident.c postfix-2.2.5-ident/src/smtpd/smtpd_ident.c
15 --- postfix-2.2.5/src/smtpd/smtpd_ident.c 1970-01-01 01:00:00.000000000 +0100
16 +++ postfix-2.2.5-ident/src/smtpd/smtpd_ident.c 2006-02-22 15:56:31.000000000 +0100
18 +#include <sys_defs.h>
19 +#include <sys/socket.h>
20 +#include <netinet/in.h>
21 +#include <arpa/inet.h>
22 +#include <stdio.h> /* strerror() */
25 +#include <mymalloc.h>
26 +#include <sys/types.h>
27 +#include <sys/time.h>
34 +#define IDENT_MSGSIZE 256
35 +#define IDENT_TIMEOUT 10
37 +#define CHOMP(STR) { char *tmp; tmp = STR; while (*tmp) { \
38 + if (*tmp == '\n' || *tmp == '\r') *tmp = '\0'; tmp++ ; } }
40 +char *smtpd_ident(struct sockaddr_in *peer_addr, struct sockaddr_in *smtpd_addr)
43 + char ident_msg[IDENT_MSGSIZE + 1], *sp;
44 + char ident_user[IDENT_MSGSIZE + 1];
45 + struct sockaddr_in local_addr;
46 + struct sockaddr_in ident_addr;
48 + VSTREAM *ident_stream;
50 + memset(ident_msg, 0, IDENT_MSGSIZE + 1);
51 + memset(ident_user, 0, IDENT_MSGSIZE + 1);
54 + * Bind the local sockaddr to the same interface as smtpd before
55 + * connecting back to the auth port on the peer. This helps
56 + * with multihomed postfix servers. First, set up the address.
59 + /* Local sockname */
61 + memset((char *) &local_addr, 0, sizeof(local_addr));
62 + local_addr.sin_family = AF_INET;
63 + memcpy((void *) &local_addr.sin_addr, (void *) &smtpd_addr->sin_addr, sizeof(local_addr.sin_addr));
65 + /* Remote sockname + port */
67 + memset((char *) &ident_addr, 0, sizeof(ident_addr));
68 + ident_addr.sin_family = AF_INET;
69 + memcpy((void *) &ident_addr.sin_addr, (void *) &peer_addr->sin_addr, sizeof(ident_addr.sin_addr));
70 + ident_addr.sin_port = htons(113);
75 + if ((ident_sock = socket(ident_addr.sin_family, SOCK_STREAM, 0)) < 0) {
76 + msg_warn("Can't allocate socket for ident lookup: %s", strerror(errno));
80 + /* Now bind the local sock to the interface */
82 + if (bind(ident_sock, (struct sockaddr *)&local_addr, sizeof(local_addr)) < 0) {
83 + msg_warn("local bind of ident sock failed: %s", strerror(errno));
87 + /* connect() back to the smtp client host on port 113 */
89 + if (connect(ident_sock, (struct sockaddr *) &ident_addr, sizeof(ident_addr )) < 0) {
90 + msg_warn( "ident connect to %s: %s", inet_ntoa(peer_addr->sin_addr),
95 + /* Ok, make this a vstream */
97 + ident_stream = vstream_fdopen(ident_sock, O_RDWR);
98 + ident_stream->timeout = IDENT_TIMEOUT;
100 + /* Print the ident message to the remote host */
102 + vstream_fprintf(ident_stream, "%d, %d\n", ntohs(peer_addr->sin_port), ntohs(smtpd_addr->sin_port));
103 + if (vstream_ftimeout(ident_stream)) {
104 + msg_warn( "ident write timed out to %s", inet_ntoa(peer_addr->sin_addr));
108 + /* Read back the result */
110 + vstream_fread(ident_stream, ident_msg, IDENT_MSGSIZE);
111 + if (vstream_ftimeout(ident_stream)) {
112 + msg_warn( "ident read timed out to %s", inet_ntoa(peer_addr->sin_addr));
117 + * Should I even bother with this?
119 + * Even if so, don't worry about this failing, set the timeout low
122 + ident_stream->timeout = 2;
123 + vstream_fwrite(ident_stream, "quit\n", strlen("quit\n"));
125 + if (strlen(ident_msg) == 0) {
126 + msg_warn( "Failed to get ident string from %s", inet_ntoa(peer_addr->sin_addr));
130 + if ((sp = strrchr(ident_msg, ':')) == NULL) {
131 + msg_warn( "Invalid ident string from %s", inet_ntoa(peer_addr->sin_addr));
136 + while (*sp && (*sp == ' ' || *sp == '\t')) {
140 + /* If we break before this line, we know we had some sort of bad error */
142 + strncpy(ident_user, sp, IDENT_MSGSIZE);
143 + msg_info( "Received ident string %s from %s", sp, inet_ntoa(peer_addr->sin_addr));
147 + if (strlen(ident_user) == 0) {
148 + msg_warn( "Failed to get ident user for %s", inet_ntoa(peer_addr->sin_addr));
152 + vstream_fclose(ident_stream);
153 + return_val = mystrdup(ident_user);
156 --- postfix-2.3-RC9/src/smtpd/smtpd.h.orig 2006-07-09 21:49:21.000000000 +0200
157 +++ postfix-2.3-RC9/src/smtpd/smtpd.h 2006-07-11 20:30:43.993322048 +0200
159 char *addr; /* client host address string */
160 char *namaddr; /* combined name and address */
161 char *rfc_addr; /* address for RFC 2821 */
162 + char *ident_user; /* user name returned by ident RFC 1413 */
163 int addr_family; /* address family */
164 struct sockaddr_storage sockaddr; /* binary client endpoint */
165 int name_status; /* 2=ok 4=soft 5=hard 6=forged */
167 extern void smtpd_peer_init(SMTPD_STATE *state);
168 extern void smtpd_peer_reset(SMTPD_STATE *state);
170 +extern char *smtpd_ident(struct sockaddr_in *peer_addr, struct sockaddr_in *smtpd_addr);
172 #define SMTPD_PEER_CODE_OK 2
173 #define SMTPD_PEER_CODE_TEMP 4
174 #define SMTPD_PEER_CODE_PERM 5
175 --- postfix-2.9.0/src/smtpd/smtpd.c.orig 2012-02-04 19:34:17.737149536 +0100
176 +++ postfix-2.9.0/src/smtpd/smtpd.c 2012-02-04 19:36:43.414073592 +0100
177 @@ -1208,6 +1208,7 @@
178 char *var_local_rwr_clients;
179 char *var_smtpd_ehlo_dis_words;
180 char *var_smtpd_ehlo_dis_maps;
181 +char *var_smtpd_ident_lookup;
183 char *var_smtpd_tls_level;
184 bool var_smtpd_use_tls;
185 @@ -1329,6 +1330,11 @@
186 int smtpd_input_transp_mask;
189 + * Hosts that should be ident-queried
191 +NAMADR_LIST *smtpd_ident_lookup;
194 * Forward declarations.
196 static void helo_reset(SMTPD_STATE *);
197 @@ -2950,10 +2956,18 @@
198 * intermediate proxy.
200 if (!proxy || state->xforward.flags == 0) {
201 - out_fprintf(out_stream, REC_TYPE_NORM,
202 - "Received: from %s (%s [%s])",
203 - state->helo_name ? state->helo_name : state->name,
204 - state->name, state->rfc_addr);
205 + if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) {
206 + out_fprintf(out_stream, REC_TYPE_NORM,
207 + "Received: from %s (%s [%s] ident=%s)",
208 + state->helo_name ? state->helo_name : state->name,
209 + state->name, state->rfc_addr,
210 + state->ident_user);
212 + out_fprintf(out_stream, REC_TYPE_NORM,
213 + "Received: from %s (%s [%s])",
214 + state->helo_name ? state->helo_name : state->name,
215 + state->name, state->rfc_addr);
218 #define VSTRING_STRDUP(s) vstring_strcpy(vstring_alloc(strlen(s) + 1), (s))
220 @@ -4954,6 +4968,9 @@
221 xclient_hosts = namadr_list_init(MATCH_FLAG_RETURN, var_xclient_hosts);
222 xforward_hosts = namadr_list_init(MATCH_FLAG_RETURN, var_xforward_hosts);
223 hogger_list = namadr_list_init(MATCH_FLAG_RETURN, var_smtpd_hoggers);
224 + smtpd_ident_lookup =
225 + namadr_list_init(match_parent_style(VAR_SMTPD_IDENT_LOOKUP),
226 + var_smtpd_ident_lookup);
229 * Open maps before dropping privileges so we can read passwords etc.
230 @@ -5382,6 +5399,7 @@
231 VAR_MILT_V, DEF_MILT_V, &var_milt_v, 1, 0,
232 VAR_STRESS, DEF_STRESS, &var_stress, 0, 0,
233 VAR_REJECT_REPLY_MSG_ACCESS_DENIED, DEF_REJECT_REPLY_MSG_ACCESS_DENIED, &var_reject_reply_msg_access_denied, 1, 0,
234 + VAR_SMTPD_IDENT_LOOKUP, DEF_SMTPD_IDENT_LOOKUP, &var_smtpd_ident_lookup, 0, 0,
235 VAR_UNV_FROM_WHY, DEF_UNV_FROM_WHY, &var_unv_from_why, 0, 0,
236 VAR_UNV_RCPT_WHY, DEF_UNV_RCPT_WHY, &var_unv_rcpt_why, 0, 0,
237 VAR_REJECT_TMPF_ACT, DEF_REJECT_TMPF_ACT, &var_reject_tmpf_act, 1, 0,
238 --- postfix-2.10.0/src/smtpd/Makefile.in.orig 2013-03-12 18:39:01.000000000 +0100
239 +++ postfix-2.10.0/src/smtpd/Makefile.in 2013-03-12 18:44:40.190592153 +0100
241 SRCS = smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.c smtpd_state.c \
242 smtpd_peer.c smtpd_sasl_proto.c smtpd_sasl_glue.c smtpd_proxy.c \
243 smtpd_xforward.c smtpd_dsn_fix.c smtpd_milter.c smtpd_resolve.c \
244 - smtpd_expand.c smtpd_haproxy.c
245 + smtpd_expand.c smtpd_haproxy.c smtpd_ident.c
246 OBJS = smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o \
247 smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o \
248 smtpd_xforward.o smtpd_dsn_fix.o smtpd_milter.o smtpd_resolve.o \
249 - smtpd_expand.o smtpd_haproxy.o
250 + smtpd_expand.o smtpd_haproxy.o smtpd_ident.o
251 HDRS = smtpd_token.h smtpd_check.h smtpd_chat.h smtpd_sasl_proto.h \
252 smtpd_sasl_glue.h smtpd_proxy.h smtpd_dsn_fix.h smtpd_milter.h \
253 smtpd_resolve.h smtpd_expand.h
254 --- postfix-2.10.0/src/smtpd/smtpd_peer.c.orig 2013-03-12 19:14:53.347495658 +0100
255 +++ postfix-2.10.0/src/smtpd/smtpd_peer.c 2013-03-12 22:24:19.932605940 +0100
258 #include <sys_defs.h>
259 #include <sys/socket.h>
260 +#include <sys/types.h>
261 #include <netinet/in.h>
262 #include <arpa/inet.h>
263 #include <stdio.h> /* strerror() */
266 /* Global library. */
268 +#include <namadr_list.h>
269 #include <mail_proto.h>
270 #include <valid_mailhost_addr.h>
271 #include <mail_params.h>
275 static INET_PROTO_INFO *proto_info;
276 +extern NAMADR_LIST *smtpd_ident_lookup;
279 * XXX If we make local endpoint (getsockname) information available to
281 static void smtpd_peer_sockaddr_to_hostname(SMTPD_STATE *state)
283 struct sockaddr *sa = (struct sockaddr *) & (state->sockaddr);
284 + struct sockaddr_in serv_sin;
285 + char *ident_user = NULL;
286 SOCKADDR_SIZE sa_length = state->sockaddr_len;
287 MAI_HOSTNAME_STR client_name;
291 msg_warn("hostname %s does not resolve to address %s: %s",
292 state->name, state->addr, MAI_STRERROR(aierr));
293 + state->ident_user = mystrdup("NO-USER");
294 REJECT_PEER_NAME(state, (TEMP_AI_ERROR(aierr) ?
295 SMTPD_PEER_CODE_TEMP : SMTPD_PEER_CODE_FORGED));
301 + if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) {
302 + /* If getsockname fails, just forget it */
303 + sa_length = sizeof(serv_sin);
304 + if (getsockname(vstream_fileno(state->client), (struct sockaddr *)&serv_sin, &sa_length) >= 0) {
305 + ident_user = smtpd_ident((struct sockaddr_in *)sa, &serv_sin);
306 + if (ident_user == NULL)
307 + state->ident_user = mystrdup("NO-USER");
309 + state->ident_user = ident_user;
311 + msg_warn("getsockname failed while doing ident lookup: %s", strerror(errno));
313 + state->ident_user = mystrdup("NO-USER");
316 /* smtpd_peer_hostaddr_to_sockaddr - convert numeric string to binary */
318 state->name_status = SMTPD_PEER_CODE_OK;
319 state->reverse_name_status = SMTPD_PEER_CODE_OK;
320 state->port = mystrdup("0"); /* XXX bogus. */
321 + state->ident_user = mystrdup("NO-USER");
324 /* smtpd_peer_no_client - peer went away, or peer info unavailable */
326 state->addr_family = AF_UNSPEC;
327 state->name_status = SMTPD_PEER_CODE_PERM;
328 state->reverse_name_status = SMTPD_PEER_CODE_PERM;
329 + state->ident_user = mystrdup("NO-USER");
330 state->port = mystrdup(CLIENT_PORT_UNKNOWN);
338 /* smtpd_peer_init - initialize peer information */
340 void smtpd_peer_init(SMTPD_STATE *state)
342 myfree(state->namaddr);
344 myfree(state->rfc_addr);
345 + if (state->ident_user)
346 + myfree(state->ident_user);
349 if (state->dest_addr)