13a14
> #define REJECT_RELAY
30a32,38
> #ifdef REJECT_RELAY
> #ifndef SYSV
> extern char *index();
> extern char *rindex();
> #endif
> #endif
>
59d66
<
76a84,87
> static char relay_ok_flag = 0;
> static char my_domain_name[512];
> static char relay_check_flag = 0; /* default off */
>
87a99,105
>
> /* function prototypes */
> int oktotalkto( Cfg *confp );
>
>
>
>
109a128
> char *domain_ptr;
127c146
<
---
>
184c203,213
< strcpy(myhostname,hp->h_name);
---
> strncpy(myhostname,hp->h_name, sizeof(myhostname));
>
> #ifdef REJECT_RELAY
> /* get domain name from host name. cause getdomainname() return
> * null on my OS environment */
> if((domain_ptr = index(myhostname, '.')) != (char *)0) {
> strcpy( my_domain_name, domain_ptr+1 );
> } else {
> strcpy( my_domain_name, "amnesiac" );
> }
> #endif
237a267,274
> if((cf = cfg_get("relaycheck",cfp)) != (Cfg *)0) {
> if(cf->argc != 1) {
> syslog(LLEV,"fwtkcfgerr: relay_check must have ip or domain parameter, line %d",cf->ln);
> exit(1);
> }
> relay_check_flag = !strcasecmp( cf->argv[0], "on" );
> }
>
273a311,313
> #ifdef REJECT_RELAY
> relay_ok_flag = !relay_check_flag || check_relay_remote_host_check(cfp);
> #endif
368a409,416
> #ifdef REJECT_RELAY
> if(!relay_ok_flag && !check_rcpt_valid(q)) {
> syslog(LLEV,"securityalert: relay from %.512s to %.512 port smap", riaddr, q);
> fflush(stdout);
> continue;
> }
> #endif
>
649c697
< static int
---
> static int
707c755,757
< printf("usage:\n");
---
> printf("usage: sendmail wrapper rev by ykaji@usa.net\n"
> " add line in /etc/inetd.conf.\n"
> " smtp stream tcp nowait root /usr/local/libexec/smap\n");
824a875,984
>
> /* reject spam mail relay */
> #ifdef REJECT_RELAY
> extern char *strpbrk();
>
> char *bad_recp = "550 Sender or Recipient must have this domain.\r\n";
>
> int check_rcpt_valid(r)
> char *r;
> {
> char *atp;
> char *jxp;
> char *chop;
> char *domain_p;
> char *chsavp;
> int x;
>
> if((chop = malloc((x = strlen(r)) + 1)) == NULL) {
> unlink(tempfile);
> syslog(LLEV,"fwtksyserr: of memory: %m");
> exit(1);
> }
> chsavp = chop;
> strcpy(chop,r);
>
> if(r[0] == '<') {
> if(chop[x - 1] == '>')
> chop[x - 1] = '\0';
> chop++;
> }
>
> if((atp = rindex(chop,'@')) != NULL) {
> atp++;
>
> /* check if it ends in @host.domain || @domain */
> if (strcasecmp(atp, my_domain_name)) {
> if (((domain_p = index(atp, '.')) != NULL) &&
> strcasecmp(domain_p+1, my_domain_name))
> {
> goto bomb;
> }
> }
>
> /* now make sure there are no other routing chars */
> atp--;
> *atp = '\0';
> if((jxp = strpbrk(chop,"%@:[]!")) != NULL) {
> goto bomb;
> }
> }
> if((jxp = strpbrk(chop,"%@:[]!")) != NULL)
> goto bomb;
>
> free(chsavp);
> return(1);
> bomb:
> /* printf(bad_recp);
> */
> printf("550 wrong sender or recipient. sender:%s, recipient:%s, my domain:%s\r\n",
> rladdr, r, my_domain_name );
> free(chsavp);
> return(0);
> }
>
>
> /*
> ref:
> char rladdr[]; // local domain name
> char riaddr[]; // local domain IP address
>
> */
> int check_relay_remote_host_check( Cfg *cfp )
> {
> return oktotalkto(cfp);
> }
>
> int oktotalkto( Cfg *confp )
> {
> Cfg *cf;
> int x;
>
> cf = cfg_get("hosts",confp);
> while(cf != (Cfg *)0) {
> if(cf->argc < 1)
> goto skip;
>
> for(x = 0; x < cf->argc; x++) {
> if(cf->argv[x][0] == '-')
> break;
> if(hostmatch(cf->argv[x],riaddr)) {
> if(cf->flags & PERM_DENY) {
> syslog(LLEV,"deny host=%.512s/%.20s mail relay",rladdr,riaddr);
> return 0;
> }
> /* syslog(LLEV,"permit host=%.512s/%.20s mail relay",rladdr,riaddr);
> */
> return 1;
> }
> }
>
> skip:
> cf = cfg_get("hosts",(Cfg*)0);
> }
> syslog(LLEV,"deny host=%.512s/%.20s mail relay",rladdr,riaddr);
> return 0;
> }
>
>
> #endif
>
(
geocities.com/tokyo)