OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[PATCH] Handle unreachable host in address verification as 200

From: René Nussbaumer (postfixprotection-fault.ch)
Date: Fri Apr 25 2008 - 17:03:15 CDT


Hello,

If postfix is configured as a backup MX with mail relaying and you do
for example a recipient address verification on that host but that host
is at that time not reachable, current postfixes will handle this an 450
error.

This patch will let you allow to modify the behaviour so your postfix
will accept the e-mail in the case the primary MX is not reachable.

René

---

diff --git a/src/global/mail_params.h b/src/global/mail_params.h
index b8b0caf..abb0b4d 100644
--- a/src/global/mail_params.h
+++ b/src/global/mail_params.h
-1940,11 +1940,19 extern bool var_smtpd_rej_unl_rcpt;
 #define DEF_UNV_RCPT_CODE 450
 extern int var_unv_rcpt_code;
 
+#define VAR_UNV_RCPT_DEFER_OK "unverified_recipient_defer_ok"
+#define DEF_UNV_RCPT_DEFER_OK 0
+extern bool var_unv_rcpt_defer_ok;
+
 #define REJECT_UNVERIFIED_SENDER "reject_unverified_sender"
 #define VAR_UNV_FROM_CODE "unverified_sender_reject_code"
 #define DEF_UNV_FROM_CODE 450
 extern int var_unv_from_code;
 
+#define VAR_UNV_FROM_DEFER_OK "unverified_sender_defer_ok"
+#define DEF_UNV_FROM_DEFER_OK 0
+extern bool var_unv_from_defer_ok;
+
 #define REJECT_MUL_RCPT_BOUNCE "reject_multi_recipient_bounce"
 #define VAR_MUL_RCPT_CODE "multi_recipient_bounce_reject_code"
 #define DEF_MUL_RCPT_CODE 550
diff --git a/src/smtpd/smtpd.c b/src/smtpd/smtpd.c
index 35d1cf0..4df4625 100644
--- a/src/smtpd/smtpd.c
+++ b/src/smtpd/smtpd.c
-1057,7 +1057,9 int var_smtpd_hist_thrsh;
 char *var_smtpd_exp_filter;
 char *var_def_rbl_reply;
 int var_unv_from_code;
+bool var_unv_from_defer_ok;
 int var_unv_rcpt_code;
+bool var_unv_rcpt_defer_ok;
 int var_mul_rcpt_code;
 char *var_relay_rcpt_maps;
 char *var_verify_sender;
-4710,6 +4712,8 int main(int argc, char **argv)
         VAR_SHOW_UNK_RCPT_TABLE, DEF_SHOW_UNK_RCPT_TABLE, &var_show_unk_rcpt_table,
         VAR_SMTPD_REJ_UNL_FROM, DEF_SMTPD_REJ_UNL_FROM, &var_smtpd_rej_unl_from,
         VAR_SMTPD_REJ_UNL_RCPT, DEF_SMTPD_REJ_UNL_RCPT, &var_smtpd_rej_unl_rcpt,
+ VAR_UNV_RCPT_DEFER_OK, DEF_UNV_RCPT_DEFER_OK, &var_unv_rcpt_defer_ok,
+ VAR_UNV_FROM_DEFER_OK, DEF_UNV_FROM_DEFER_OK, &var_unv_from_defer_ok,
         VAR_SMTPD_USE_TLS, DEF_SMTPD_USE_TLS, &var_smtpd_use_tls,
         VAR_SMTPD_ENFORCE_TLS, DEF_SMTPD_ENFORCE_TLS, &var_smtpd_enforce_tls,
         VAR_SMTPD_TLS_WRAPPER, DEF_SMTPD_TLS_WRAPPER, &var_smtpd_tls_wrappermode,
diff --git a/src/smtpd/smtpd_check.c b/src/smtpd/smtpd_check.c
index f1c0366..3d97975 100644
--- a/src/smtpd/smtpd_check.c
+++ b/src/smtpd/smtpd_check.c
-1781,7 +1781,7 static int reject_unknown_address(SMTPD_STATE *state, const char *addr,
 
 static int reject_unverified_address(SMTPD_STATE *state, const char *addr,
                             const char *reply_name, const char *reply_class,
- int unv_addr_code)
+ int unv_addr_code, bool unv_defer_ok)
 {
     const char *myname = "reject_unverified_address";
     VSTRING *why = vstring_alloc(10);
-1820,11 +1820,13 static int reject_unverified_address(SMTPD_STATE *state, const char *addr,
             break;
         case DEL_RCPT_STAT_TODO:
         case DEL_RCPT_STAT_DEFER:
- DEFER_IF_PERMIT3(state, MAIL_ERROR_POLICY,
- 450, strcmp(reply_class, SMTPD_NAME_SENDER) == 0 ?
- SND_DSN : "4.1.1",
- "<%s>: %s rejected: unverified address: %.250s",
- reply_name, reply_class, STR(why));
+ if (!unv_defer_ok) {
+ DEFER_IF_PERMIT3(state, MAIL_ERROR_POLICY,
+ 450, strcmp(reply_class, SMTPD_NAME_SENDER) == 0 ?
+ SND_DSN : "4.1.1",
+ "<%s>: %s rejected: unverified address: %.250s",
+ reply_name, reply_class, STR(why));
+ }
             rqst_status = SMTPD_CHECK_DUNNO;
             break;
         case DEL_RCPT_STAT_OK:
-3710,7 +3712,7 static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
             if (state->sender && *state->sender)
                 status = reject_unverified_address(state, state->sender,
                                            state->sender, SMTPD_NAME_SENDER,
- var_unv_from_code);
+ var_unv_from_code, var_unv_from_defer_ok);
         } else if (strcasecmp(name, REJECT_NON_FQDN_SENDER) == 0) {
             if (state->sender && *state->sender)
                 status = reject_non_fqdn_address(state, state->sender,
-3840,7 +3842,7 static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
             if (state->recipient && *state->recipient)
                 status = reject_unverified_address(state, state->recipient,
                                      state->recipient, SMTPD_NAME_RECIPIENT,
- var_unv_rcpt_code);
+ var_unv_rcpt_code, var_unv_rcpt_defer_ok);
         }
 
         /*