diff options
| author | Stef Walter <stef@memberwebs.com> | 2004-12-01 19:00:24 +0000 |
|---|---|---|
| committer | Stef Walter <stef@memberwebs.com> | 2004-12-01 19:00:24 +0000 |
| commit | 73a3dc99172f328cd6a0698fde3d17029d271c1a (patch) | |
| tree | 2b5f14381d5b0e7f333fe64e35c31d0e4dc0b688 | |
| parent | 0e5aff8ddec0b297e26f7a18e1201b49ffd05d03 (diff) | |
Don't handle or mess with XFORWARD commands.
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | common/smtppass.c | 20 |
2 files changed, 8 insertions, 14 deletions
@@ -1,6 +1,6 @@ 1.2 ???? - XCLIENT support - - Drop XCLIENT and XFORWARD commands coming in from clients for security. + - Drop XCLIENT commands coming in from clients for security. - Added the sample virus_action.sh script to the distribution - Documentation fixes [Olivier Beyssac] diff --git a/common/smtppass.c b/common/smtppass.c index 59a4bf4..5670a48 100644 --- a/common/smtppass.c +++ b/common/smtppass.c @@ -108,7 +108,6 @@ spthread_t; #define ESMTP_CHUNK "CHUNKING" #define ESMTP_BINARY "BINARYMIME" #define ESMTP_CHECK "CHECKPOINT" -#define ESMTP_XFORWARD "XFORWARD" #define ESMTP_XCLIENT "XCLIENT" #define HELO_CMD "HELO" @@ -119,7 +118,6 @@ spthread_t; #define RSET_CMD "RSET" #define STARTTLS_CMD "STARTTLS" #define BDAT_CMD "BDAT" -#define XFORWARD_CMD "XFORWARD" #define XCLIENT_CMD "XCLIENT" #define DATA_END_SIG "." CRLF @@ -899,7 +897,7 @@ static int smtp_passthru(spctx_t* ctx) } /* - * We always support XFORWARD on a HELO type connection. We do this + * We always support XCLIENT on a HELO type connection. We do this * for security reasons, so that a client can't get around filtering * by backing up one on the protocol. */ @@ -931,15 +929,12 @@ static int smtp_passthru(spctx_t* ctx) /* * For security reasons we're not about to forward any XCLIENTs - * or XFORWARDs from our client through. This could lead to a - * client using our privileged IP address to change an audit - * trail or relay etc... + * from our client through. This could lead to a client using our + * privileged IP address to change an audit trail or relay etc... */ - else if(is_first_word(C_LINE, XCLIENT_CMD, KL(XCLIENT_CMD)) || - is_first_word(C_LINE, XFORWARD_CMD, KL(XFORWARD_CMD))) + else if(is_first_word(C_LINE, XCLIENT_CMD, KL(XCLIENT_CMD))) { - trim_end(C_LINE); - sp_messagex(ctx, LOG_WARNING, "client attempted use of privileged feature: %s", C_LINE); + sp_messagex(ctx, LOG_WARNING, "client attempted use of privileged XCLIENT feature"); if(spio_write_data(ctx, &(ctx->client), SMTP_NOTAUTH) == -1) RETURN(-1); @@ -1028,7 +1023,7 @@ static int smtp_passthru(spctx_t* ctx) { /* * On ESMTP connections we let the server tell us whether it - * wants XFORWARDs or not. (In contrast to old SMTP above). + * wants XCLIENTs or not. (In contrast to old SMTP above). */ if(is_first_word(p, ESMTP_XCLIENT, KL(ESMTP_XCLIENT))) { @@ -1041,8 +1036,7 @@ static int smtp_passthru(spctx_t* ctx) is_first_word(p, ESMTP_CHUNK, KL(ESMTP_CHUNK)) || is_first_word(p, ESMTP_BINARY, KL(ESMTP_BINARY)) || is_first_word(p, ESMTP_CHECK, KL(ESMTP_CHECK)) || - is_first_word(p, ESMTP_XCLIENT, KL(ESMTP_XCLIENT)) || - is_first_word(p, ESMTP_XFORWARD, KL(ESMTP_XFORWARD))) + is_first_word(p, ESMTP_XCLIENT, KL(ESMTP_XCLIENT))) { sp_messagex(ctx, LOG_DEBUG, "filtered ESMTP feature: %s", trim_space((char*)p)); |