13a14 > #define REJECT_RELAY 30a32,38 > #ifdef REJECT_RELAY > #ifndef SYSV > extern char *index(); > extern char *rindex(); > #endif > #endif > 59d66 < 76a84,87 > static char relay_ok_flag = 0; > static char my_domain_name[512]; > static char relay_check_flag = 0; /* default off */ > 87a99,105 > > /* function prototypes */ > int oktotalkto( Cfg *confp ); > > > > 109a128 > char *domain_ptr; 127c146 < --- > 184c203,213 < strcpy(myhostname,hp->h_name); --- > strncpy(myhostname,hp->h_name, sizeof(myhostname)); > > #ifdef REJECT_RELAY > /* get domain name from host name. cause getdomainname() return > * null on my OS environment */ > if((domain_ptr = index(myhostname, '.')) != (char *)0) { > strcpy( my_domain_name, domain_ptr+1 ); > } else { > strcpy( my_domain_name, "amnesiac" ); > } > #endif 237a267,274 > if((cf = cfg_get("relaycheck",cfp)) != (Cfg *)0) { > if(cf->argc != 1) { > syslog(LLEV,"fwtkcfgerr: relay_check must have ip or domain parameter, line %d",cf->ln); > exit(1); > } > relay_check_flag = !strcasecmp( cf->argv[0], "on" ); > } > 273a311,313 > #ifdef REJECT_RELAY > relay_ok_flag = !relay_check_flag || check_relay_remote_host_check(cfp); > #endif 368a409,416 > #ifdef REJECT_RELAY > if(!relay_ok_flag && !check_rcpt_valid(q)) { > syslog(LLEV,"securityalert: relay from %.512s to %.512 port smap", riaddr, q); > fflush(stdout); > continue; > } > #endif > 649c697 < static int --- > static int 707c755,757 < printf("usage:\n"); --- > printf("usage: sendmail wrapper rev by ykaji@usa.net\n" > " add line in /etc/inetd.conf.\n" > " smtp stream tcp nowait root /usr/local/libexec/smap\n"); 824a875,984 > > /* reject spam mail relay */ > #ifdef REJECT_RELAY > extern char *strpbrk(); > > char *bad_recp = "550 Sender or Recipient must have this domain.\r\n"; > > int check_rcpt_valid(r) > char *r; > { > char *atp; > char *jxp; > char *chop; > char *domain_p; > char *chsavp; > int x; > > if((chop = malloc((x = strlen(r)) + 1)) == NULL) { > unlink(tempfile); > syslog(LLEV,"fwtksyserr: of memory: %m"); > exit(1); > } > chsavp = chop; > strcpy(chop,r); > > if(r[0] == '<') { > if(chop[x - 1] == '>') > chop[x - 1] = '\0'; > chop++; > } > > if((atp = rindex(chop,'@')) != NULL) { > atp++; > > /* check if it ends in @host.domain || @domain */ > if (strcasecmp(atp, my_domain_name)) { > if (((domain_p = index(atp, '.')) != NULL) && > strcasecmp(domain_p+1, my_domain_name)) > { > goto bomb; > } > } > > /* now make sure there are no other routing chars */ > atp--; > *atp = '\0'; > if((jxp = strpbrk(chop,"%@:[]!")) != NULL) { > goto bomb; > } > } > if((jxp = strpbrk(chop,"%@:[]!")) != NULL) > goto bomb; > > free(chsavp); > return(1); > bomb: > /* printf(bad_recp); > */ > printf("550 wrong sender or recipient. sender:%s, recipient:%s, my domain:%s\r\n", > rladdr, r, my_domain_name ); > free(chsavp); > return(0); > } > > > /* > ref: > char rladdr[]; // local domain name > char riaddr[]; // local domain IP address > > */ > int check_relay_remote_host_check( Cfg *cfp ) > { > return oktotalkto(cfp); > } > > int oktotalkto( Cfg *confp ) > { > Cfg *cf; > int x; > > cf = cfg_get("hosts",confp); > while(cf != (Cfg *)0) { > if(cf->argc < 1) > goto skip; > > for(x = 0; x < cf->argc; x++) { > if(cf->argv[x][0] == '-') > break; > if(hostmatch(cf->argv[x],riaddr)) { > if(cf->flags & PERM_DENY) { > syslog(LLEV,"deny host=%.512s/%.20s mail relay",rladdr,riaddr); > return 0; > } > /* syslog(LLEV,"permit host=%.512s/%.20s mail relay",rladdr,riaddr); > */ > return 1; > } > } > > skip: > cf = cfg_get("hosts",(Cfg*)0); > } > syslog(LLEV,"deny host=%.512s/%.20s mail relay",rladdr,riaddr); > return 0; > } > > > #endif >