Index | Thread | Search

From:
Philipp <philipp@bureaucracy.de>
Subject:
smtpd: be more relaxed in table usage
To:
tech@openbsd.org
Date:
Wed, 07 Feb 2024 13:42:41 +0100

Download raw body.

Thread 
Helo

Currently you can't use a map on some places in smtpd.conf. Therefor
you need sometimes hold the content in a list and a map. For example
you want some recipients handle by a different action then others:

table specialvirt { a@example.com=alice@example.com, b@example.com=bob@example.com }
table specialrcpt { a@example.com, b@example.com }

action specialaction forward-only virtual <specialvirt>
action default mbox virtual <virtual>

match for rcpt-to <specialrcpt> for domain "example.com" action specialaction
match for domain "example.com" action default

It would be simpler when you could use the specialvirt table also for
the rcpt-to rule. There are a few places where such double uses of
tables are not posible because the config parser restrict this:

* src and helo-src
* match auth and userbase or auth table
* match mail-from and virtual (you might want to reject local recipients)
* match rcpt-to and virtual

Following patch would fix this.

Philipp

diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y
index a7c35364a26..37b3cec4c25 100644
--- a/usr.sbin/smtpd/parse.y
+++ b/usr.sbin/smtpd/parse.y
@@ -778,7 +778,7 @@ HELO STRING {
 		YYERROR;
 	}
 
-	if (!table_check_use(t, T_DYNAMIC|T_LIST, K_SOURCE)) {
+	if (!table_check_use(t, T_DYNAMIC|T_LIST|T_HASH, K_SOURCE)) {
 		yyerror("table \"%s\" may not be used for source lookups",
 		    t->t_name);
 		YYERROR;
@@ -1102,7 +1102,7 @@ negation TAG REGEX tables {
 		YYERROR;
 	}
 
-       	if (!table_check_use(t, T_DYNAMIC|T_LIST, K_STRING|K_CREDENTIALS)) {
+	if (!table_check_use(t, T_DYNAMIC|T_LIST|T_HASH, K_STRING|K_CREDENTIALS)) {
 		yyerror("table \"%s\" may not be used for auth lookups",
 		    t->t_name);
 		YYERROR;
@@ -1137,7 +1137,7 @@ negation TAG REGEX tables {
 		YYERROR;
 	}
 
-	if (!table_check_use(t, T_DYNAMIC|T_LIST, K_MAILADDR)) {
+	if (!table_check_use(t, T_DYNAMIC|T_LIST|T_HASH, K_MAILADDR)) {
 		yyerror("table \"%s\" may not be used for mail-from lookups",
 		    t->t_name);
 		YYERROR;
@@ -1172,7 +1172,7 @@ negation TAG REGEX tables {
 		YYERROR;
 	}
 
-	if (!table_check_use(t, T_DYNAMIC|T_LIST, K_MAILADDR)) {
+	if (!table_check_use(t, T_DYNAMIC|T_LIST|T_HASH, K_MAILADDR)) {
 		yyerror("table \"%s\" may not be used for rcpt-to lookups",
 		    t->t_name);
 		YYERROR;
@@ -1372,7 +1372,7 @@ negation TAG REGEX tables {
 		YYERROR;
 	}
 
-	if (!table_check_use(t, T_DYNAMIC|T_LIST, K_MAILADDR)) {
+	if (!table_check_use(t, T_DYNAMIC|T_LIST|T_HASH, K_MAILADDR)) {
 		yyerror("table \"%s\" may not be used for from lookups",
 		    t->t_name);
 		YYERROR;
@@ -1469,7 +1469,7 @@ negation TAG REGEX tables {
 		YYERROR;
 	}
 
-	if (!table_check_use(t, T_DYNAMIC|T_LIST, K_MAILADDR)) {
+	if (!table_check_use(t, T_DYNAMIC|T_LIST|T_HASH, K_MAILADDR)) {
 		yyerror("table \"%s\" may not be used for for lookups",
 		    t->t_name);
 		YYERROR;