-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.396 2006/09/22 08:41:59 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.397 2006/09/25 10:14:20 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
JJ/02 exipick 20060919.0, --show-vars args can now be regular expressions,
miscellaneous code fixes
+PH/10 Added the log_reject_target ACL modifier to specify where to log
+ rejections.
+
+
Exim version 4.63
-----------------
-$Cambridge: exim/doc/doc-txt/NewStuff,v 1.110 2006/09/19 14:31:06 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/NewStuff,v 1.111 2006/09/25 10:14:20 ph10 Exp $
New Features in Exim
--------------------
used, spool files written by the new release can be read by earlier
releases.
+2. There is a new ACL modifier called log_reject_target. It makes it possible
+ to specify which logs are used for messages about ACL rejections. Its
+ argument is a list of words which can be "main", "reject", or "panic". The
+ default is "main:reject". The list may be empty, in which case a rejection
+ is not logged at all. For example, this ACL fragment writes no logging
+ information when access is denied:
+
+ deny <some conditions>
+ log_reject_target =
+
+ The modifier can be used in SMTP and non-SMTP ACLs. It applies to both
+ permanent and temporary rejections.
+
Version 4.63
------------
-/* $Cambridge: exim/src/src/acl.c,v 1.65 2006/09/19 14:31:06 ph10 Exp $ */
+/* $Cambridge: exim/src/src/acl.c,v 1.66 2006/09/25 10:14:20 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
ACLC_HOSTS,
ACLC_LOCAL_PARTS,
ACLC_LOG_MESSAGE,
+ ACLC_LOG_REJECT_TARGET,
ACLC_LOGWRITE,
#ifdef WITH_CONTENT_SCAN
ACLC_MALWARE,
ACLC_VERIFY };
/* ACL conditions/modifiers: "delay", "control", "endpass", "message",
-"log_message", "logwrite", and "set" are modifiers that look like conditions
-but always return TRUE. They are used for their side effects. */
+"log_message", "log_reject_target", "logwrite", and "set" are modifiers that
+look like conditions but always return TRUE. They are used for their side
+effects. */
static uschar *conditions[] = {
US"acl",
US"dk_senders",
US"dk_status",
#endif
- US"dnslists", US"domains", US"encrypted",
- US"endpass", US"hosts", US"local_parts", US"log_message", US"logwrite",
+ US"dnslists",
+ US"domains",
+ US"encrypted",
+ US"endpass",
+ US"hosts",
+ US"local_parts",
+ US"log_message",
+ US"log_reject_target",
+ US"logwrite",
#ifdef WITH_CONTENT_SCAN
US"malware",
#endif
FALSE, /* hosts */
FALSE, /* local_parts */
TRUE, /* log_message */
+ TRUE, /* log_reject_target */
TRUE, /* logwrite */
#ifdef WITH_CONTENT_SCAN
TRUE, /* malware */
FALSE, /* hosts */
FALSE, /* local_parts */
TRUE, /* log_message */
+ TRUE, /* log_reject_target */
TRUE, /* logwrite */
#ifdef WITH_CONTENT_SCAN
FALSE, /* malware */
0, /* log_message */
+ 0, /* log_reject_target */
+
0, /* logwrite */
#ifdef WITH_CONTENT_SCAN
&deliver_localpart_data);
break;
+ case ACLC_LOG_REJECT_TARGET:
+ {
+ int logbits = 0;
+ int sep = 0;
+ uschar *s = arg;
+ uschar *ss;
+ while ((ss = string_nextinlist(&s, &sep, big_buffer, big_buffer_size))
+ != NULL)
+ {
+ if (Ustrcmp(ss, "main") == 0) logbits |= LOG_MAIN;
+ else if (Ustrcmp(ss, "panic") == 0) logbits |= LOG_PANIC;
+ else if (Ustrcmp(ss, "reject") == 0) logbits |= LOG_REJECT;
+ else
+ {
+ logbits |= LOG_MAIN|LOG_REJECT;
+ log_write(0, LOG_MAIN|LOG_PANIC, "unknown log name \"%s\" in "
+ "\"log_reject_target\" in %s ACL", ss, acl_wherenames[where]);
+ }
+ }
+ log_reject_target = logbits;
+ }
+ break;
+
case ACLC_LOGWRITE:
{
int logbits = 0;
s++;
}
while (isspace(*s)) s++;
+
+
if (logbits == 0) logbits = LOG_MAIN;
log_write(0, logbits, "%s", string_printing(s));
}
#ifdef WITH_CONTENT_SCAN
case ACLC_MALWARE:
{
- /* Seperate the regular expression and any optional parameters. */
+ /* Separate the regular expression and any optional parameters. */
uschar *ss = string_nextinlist(&arg, &sep, big_buffer, big_buffer_size);
/* Run the malware backend. */
rc = malware(&ss);
*user_msgptr = *log_msgptr = NULL;
sender_verified_failed = NULL;
ratelimiters_cmd = NULL;
+log_reject_target = LOG_MAIN|LOG_REJECT;
if (where == ACL_WHERE_RCPT)
{
-/* $Cambridge: exim/src/src/globals.c,v 1.58 2006/09/19 11:28:45 ph10 Exp $ */
+/* $Cambridge: exim/src/src/globals.c,v 1.59 2006/09/25 10:14:20 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
};
int log_options_count = sizeof(log_options)/sizeof(bit_table);
-unsigned int log_write_selector= L_default;
+int log_reject_target = 0;
uschar *log_selector_string = NULL;
FILE *log_stderr = NULL;
BOOL log_testing_mode = FALSE;
BOOL log_timezone = FALSE;
+unsigned int log_write_selector= L_default;
uschar *login_sender_address = NULL;
int lookup_open_max = 25;
uschar *lookup_value = NULL;
-/* $Cambridge: exim/src/src/globals.h,v 1.40 2006/09/19 11:28:45 ph10 Exp $ */
+/* $Cambridge: exim/src/src/globals.h,v 1.41 2006/09/25 10:14:20 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
extern uschar *log_file_path; /* If unset, use default */
extern bit_table log_options[]; /* Table of options */
extern int log_options_count; /* Size of table */
-extern unsigned int log_write_selector;/* Bit map of logging options for log_write() */
+extern int log_reject_target; /* Target log for ACL rejections */
extern uschar *log_selector_string; /* As supplied in the config */
extern FILE *log_stderr; /* Copy of stderr for log use, or NULL */
extern BOOL log_testing_mode; /* TRUE in various testing modes */
extern BOOL log_timezone; /* TRUE to include the timezone in log lines */
+extern unsigned int log_write_selector;/* Bit map of logging options for log_write() */
extern uschar *login_sender_address; /* The actual sender address */
extern lookup_info lookup_list[]; /* Vector of available lookups */
extern int lookup_list_count; /* Number of entries in the list */
-/* $Cambridge: exim/src/src/receive.c,v 1.28 2006/07/13 13:53:33 ph10 Exp $ */
+/* $Cambridge: exim/src/src/receive.c,v 1.29 2006/09/25 10:14:20 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
#ifdef WITH_CONTENT_SCAN
unspool_mbox();
#endif
- log_write(0, LOG_MAIN|LOG_REJECT, "F=<%s> rejected by non-SMTP ACL: %s",
- sender_address, log_msg);
+ /* The ACL can specify where rejections are to be logged, possibly
+ nowhere. The default is main and reject logs. */
+
+ if (log_reject_target != 0)
+ log_write(0, log_reject_target, "F=<%s> rejected by non-SMTP ACL: %s",
+ sender_address, log_msg);
+
if (user_msg == NULL) user_msg = US"local configuration problem";
if (smtp_batched_input)
{
-/* $Cambridge: exim/src/src/smtp_in.c,v 1.43 2006/09/19 11:28:45 ph10 Exp $ */
+/* $Cambridge: exim/src/src/smtp_in.c,v 1.44 2006/09/25 10:14:20 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
US"Temporary local problem - please try later");
}
-/* Log the incident. If the connection is not forcibly to be dropped, return 0.
-Otherwise, log why it is closing if required and return 2. */
+/* Log the incident to the logs that are specified by log_reject_target
+(default main, reject). This can be empty to suppress logging of rejections. If
+the connection is not forcibly to be dropped, return 0. Otherwise, log why it
+is closing if required and return 2. */
-log_write(0, LOG_MAIN|LOG_REJECT, "%s %s%srejected %s%s",
- host_and_ident(TRUE),
- sender_info, (rc == FAIL)? US"" : US"temporarily ", what, log_msg);
+if (log_reject_target != 0)
+ log_write(0, log_reject_target, "%s %s%srejected %s%s",
+ host_and_ident(TRUE),
+ sender_info, (rc == FAIL)? US"" : US"temporarily ", what, log_msg);
if (!drop) return 0;
--- /dev/null
+# Exim test configuration 0539
+
+exim_path = EXIM_PATH
+host_lookup_order = bydns
+primary_hostname = myhost.test.ex
+rfc1413_query_timeout = 0s
+spool_directory = DIR/spool
+log_file_path = DIR/spool/log/%slog
+gecos_pattern = ""
+gecos_name = CALLER_NAME
+
+# ----- Main settings -----
+
+acl_not_smtp = not_smtp
+acl_smtp_mail = check_mail
+acl_smtp_rcpt = check_rcpt
+acl_smtp_predata = predata
+
+
+# ----- ACLs -----
+
+begin acl
+
+check_mail:
+ deny senders = main@test.ex
+ log_reject_target = main
+ deny senders = reject@test.ex
+ log_reject_target = reject
+ deny senders = both@test.ex
+ log_reject_target = <, main, reject
+ deny senders = panic@test.ex
+ log_reject_target = panic
+ deny senders = none@test.ex
+ log_reject_target =
+ accept
+
+check_rcpt:
+ deny local_parts = main
+ log_reject_target = main
+ deny local_parts = reject
+ log_reject_target = reject
+ deny local_parts = both
+ log_reject_target = <, main, reject
+ deny local_parts = panic
+ log_reject_target = panic
+ deny local_parts = none
+ log_reject_target =
+ accept
+
+predata:
+ deny log_reject_target = main
+ log_message = Not today
+
+not_smtp:
+ deny log_reject_target = reject
+ log_message = Nyet
+
+
+# End
--- /dev/null
+1999-03-02 09:44:33 U=CALLER rejected MAIL <main@test.ex>
+1999-03-02 09:44:33 U=CALLER rejected MAIL <both@test.ex>
+1999-03-02 09:44:33 U=CALLER F=<ok@test.ex> rejected RCPT <main@test.ex>
+1999-03-02 09:44:33 U=CALLER F=<ok@test.ex> rejected RCPT <both@test.ex>
+1999-03-02 09:44:33 U=CALLER rejected DATA: Not today
--- /dev/null
+1999-03-02 09:44:33 U=CALLER rejected MAIL <panic@test.ex>
+1999-03-02 09:44:33 U=CALLER F=<ok@test.ex> rejected RCPT <panic@test.ex>
--- /dev/null
+1999-03-02 09:44:33 U=CALLER rejected MAIL <reject@test.ex>
+1999-03-02 09:44:33 U=CALLER rejected MAIL <both@test.ex>
+1999-03-02 09:44:33 U=CALLER F=<ok@test.ex> rejected RCPT <reject@test.ex>
+1999-03-02 09:44:33 U=CALLER F=<ok@test.ex> rejected RCPT <both@test.ex>
+1999-03-02 09:44:33 10HmaX-0005vi-00 F=<CALLER@myhost.test.ex> rejected by non-SMTP ACL: Nyet
+Envelope-from: <CALLER@myhost.test.ex>
+Envelope-to: <userx@test.ex>
+P Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmaX-0005vi-00
+ for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+I Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
+F From: CALLER_NAME <CALLER@myhost.test.ex>
+ Date: Tue, 2 Mar 1999 09:44:33 +0000
--- /dev/null
+# log_reject_target
+exim -bs
+mail from:<main@test.ex>
+mail from:<reject@test.ex>
+mail from:<both@test.ex>
+mail from:<panic@test.ex>
+mail from:<none@test.ex>
+mail from:<ok@test.ex>
+rcpt to:<main@test.ex>
+rcpt to:<reject@test.ex>
+rcpt to:<both@test.ex>
+rcpt to:<panic@test.ex>
+rcpt to:<none@test.ex>
+rcpt to:<ok@test.ex>
+data
+quit
+****
+1
+exim -oep userx@test.ex
+****
--- /dev/null
+1999-03-02 09:44:33 U=CALLER rejected MAIL <panic@test.ex>
+1999-03-02 09:44:33 U=CALLER F=<ok@test.ex> rejected RCPT <panic@test.ex>
+exim: message rejected by non-SMTP ACL: local configuration problem
--- /dev/null
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+550 Administrative prohibition\r
+550 Administrative prohibition\r
+550 Administrative prohibition\r
+550 Administrative prohibition\r
+550 Administrative prohibition\r
+250 OK\r
+550 Administrative prohibition\r
+550 Administrative prohibition\r
+550 Administrative prohibition\r
+550 Administrative prohibition\r
+550 Administrative prohibition\r
+250 Accepted\r
+550 Administrative prohibition\r
+221 myhost.test.ex closing connection\r
projects / exim.git / commitdiff