[packages/postfix.git] / postfix-ident.patch

diff -urN -x '*~' postfix-2.2.5/src/global/mail_params.h postfix-2.2.5-ident/src/global/mail_params.h
--- postfix-2.2.5/src/global/mail_params.h	2006-02-22 16:20:15.000000000 +0100
+++ postfix-2.2.5-ident/src/global/mail_params.h	2006-02-22 15:56:31.000000000 +0100
@@ -2346,6 +2346,9 @@
 #define DEF_SMTP_EHLO_DIS_MAPS		""
 extern char *var_smtp_ehlo_dis_maps;
 
+#define VAR_SMTPD_IDENT_LOOKUP		"smtpd_ident_lookup"
+#define DEF_SMTPD_IDENT_LOOKUP		""
+extern char *var_smtpd_ident_lookup;
  /*
   * SMTPD messages
   */
diff -urN -x '*~' postfix-2.2.5/src/smtpd/smtpd_ident.c postfix-2.2.5-ident/src/smtpd/smtpd_ident.c
--- postfix-2.2.5/src/smtpd/smtpd_ident.c	1970-01-01 01:00:00.000000000 +0100
+++ postfix-2.2.5-ident/src/smtpd/smtpd_ident.c	2006-02-22 15:56:31.000000000 +0100
@@ -0,0 +1,138 @@
+#include <sys_defs.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <stdio.h>                      /* strerror() */
+#include <errno.h>
+#include <string.h>
+#include <mymalloc.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <unistd.h>
+#include <vstream.h>
+
+#include <iostuff.h>
+#include "smtpd.h"
+
+#define IDENT_MSGSIZE 256 
+#define IDENT_TIMEOUT 10
+
+#define CHOMP(STR) { char *tmp; tmp = STR; while (*tmp) { \
+             if (*tmp == '\n' || *tmp == '\r') *tmp = '\0'; tmp++ ; } }
+
+char *smtpd_ident(struct sockaddr_in *peer_addr, struct sockaddr_in *smtpd_addr)
+{
+    int ident_sock;
+    char ident_msg[IDENT_MSGSIZE + 1], *sp;
+    char ident_user[IDENT_MSGSIZE + 1];
+    struct sockaddr_in local_addr;
+    struct sockaddr_in ident_addr;
+    char *return_val;
+    VSTREAM *ident_stream;
+
+    memset(ident_msg, 0, IDENT_MSGSIZE + 1);
+    memset(ident_user, 0, IDENT_MSGSIZE + 1);
+
+    /*
+     * Bind the local sockaddr to the same interface as smtpd before
+     * connecting back to the auth port on the peer. This helps
+     * with multihomed postfix servers. First, set up the address.
+     */
+
+    /* Local sockname */
+
+    memset((char *) &local_addr, 0, sizeof(local_addr));
+    local_addr.sin_family = AF_INET;
+    memcpy((void *) &local_addr.sin_addr, (void *) &smtpd_addr->sin_addr, sizeof(local_addr.sin_addr));
+
+    /* Remote sockname + port */
+
+    memset((char *) &ident_addr, 0, sizeof(ident_addr));
+    ident_addr.sin_family = AF_INET;
+    memcpy((void *) &ident_addr.sin_addr, (void *) &peer_addr->sin_addr, sizeof(ident_addr.sin_addr));
+    ident_addr.sin_port = htons(113);
+
+    do {
+        /* socket call */
+
+        if ((ident_sock = socket(ident_addr.sin_family, SOCK_STREAM, 0)) < 0) {
+            msg_warn("Can't allocate socket for ident lookup: %s", strerror(errno));
+            break;
+        }
+
+        /* Now bind the local sock to the interface */
+
+        if (bind(ident_sock, (struct sockaddr *)&local_addr, sizeof(local_addr)) < 0) {
+            msg_warn("local bind of ident sock failed: %s", strerror(errno));
+            break;
+         }
+
+        /* connect() back to the smtp client host on port 113 */
+
+         if (connect(ident_sock, (struct sockaddr *) &ident_addr, sizeof(ident_addr )) < 0) {
+            msg_warn( "ident connect to %s: %s", inet_ntoa(peer_addr->sin_addr), 
+                   strerror(errno));
+            break;
+         }
+
+        /* Ok, make this a vstream */
+
+        ident_stream = vstream_fdopen(ident_sock, O_RDWR);
+        ident_stream->timeout = IDENT_TIMEOUT;
+
+        /* Print the ident message to the remote host */
+    
+        vstream_fprintf(ident_stream, "%d, %d\n", ntohs(peer_addr->sin_port), ntohs(smtpd_addr->sin_port));
+        if (vstream_ftimeout(ident_stream)) {
+            msg_warn( "ident write timed out to %s", inet_ntoa(peer_addr->sin_addr));
+            break;
+        }
+
+        /* Read back the result */
+
+        vstream_fread(ident_stream, ident_msg, IDENT_MSGSIZE);
+        if (vstream_ftimeout(ident_stream)) {
+            msg_warn( "ident read timed out to %s", inet_ntoa(peer_addr->sin_addr));
+            break;
+        }
+    
+        /*
+         * Should I even bother with this?
+         *
+         * Even if so, don't worry about this failing, set the timeout low
+         */
+
+        ident_stream->timeout = 2;
+        vstream_fwrite(ident_stream, "quit\n", strlen("quit\n"));
+
+        if (strlen(ident_msg) == 0) {
+            msg_warn( "Failed to get ident string from %s", inet_ntoa(peer_addr->sin_addr));
+            break;
+        }
+    
+        if ((sp = strrchr(ident_msg, ':')) == NULL) {
+            msg_warn( "Invalid ident string from %s", inet_ntoa(peer_addr->sin_addr));
+            break;
+        }
+        sp++;
+        CHOMP(sp);
+        while (*sp && (*sp == ' ' || *sp == '\t')) {
+            sp++;
+        }
+
+        /* If we break before this line, we know we had some sort of bad error */
+
+        strncpy(ident_user, sp, IDENT_MSGSIZE);
+        msg_info( "Received ident string %s from %s", sp, inet_ntoa(peer_addr->sin_addr));
+    
+    } while (0);
+
+    if (strlen(ident_user) == 0) {
+        msg_warn( "Failed to get ident user for %s", inet_ntoa(peer_addr->sin_addr));
+        return NULL;
+    } 
+    
+    vstream_fclose(ident_stream);
+    return_val = mystrdup(ident_user);
+    return return_val;
+}
--- postfix-2.3-RC9/src/smtpd/smtpd.h.orig	2006-07-09 21:49:21.000000000 +0200
+++ postfix-2.3-RC9/src/smtpd/smtpd.h	2006-07-11 20:30:43.993322048 +0200
@@ -77,6 +77,7 @@
     char   *addr;			/* client host address string */
     char   *namaddr;			/* combined name and address */
     char   *rfc_addr;			/* address for RFC 2821 */
+    char   *ident_user;			/* user name returned by ident RFC 1413 */
     int     addr_family;		/* address family */
     struct sockaddr_storage sockaddr;	/* binary client endpoint */
     int     name_status;		/* 2=ok 4=soft 5=hard 6=forged */
@@ -266,6 +267,8 @@
 extern void smtpd_peer_init(SMTPD_STATE *state);
 extern void smtpd_peer_reset(SMTPD_STATE *state);
 
+extern char *smtpd_ident(struct sockaddr_in *peer_addr, struct sockaddr_in *smtpd_addr);
+
 #define	SMTPD_PEER_CODE_OK	2
 #define SMTPD_PEER_CODE_TEMP	4
 #define SMTPD_PEER_CODE_PERM	5
--- postfix-2.8.3/src/smtpd/Makefile.in~	2011-05-17 14:28:28.406666872 +0200
+++ postfix-2.8.3/src/smtpd/Makefile.in	2011-05-17 14:31:06.946666872 +0200
@@ -2,11 +2,11 @@
 SRCS	= smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.c smtpd_state.c \
 	smtpd_peer.c smtpd_sasl_proto.c smtpd_sasl_glue.c smtpd_proxy.c \
 	smtpd_xforward.c smtpd_dsn_fix.c smtpd_milter.c smtpd_resolve.c \
-	smtpd_expand.c smtpd_haproxy.c
+	smtpd_expand.c smtpd_haproxy.c smtpd_ident.c
 OBJS	= smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o \
 	smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o \
 	smtpd_xforward.o smtpd_dsn_fix.o smtpd_milter.o smtpd_resolve.o \
-	smtpd_expand.o smtpd_haproxy.o
+	smtpd_expand.o smtpd_haproxy.o smtpd_ident.o
 HDRS	= smtpd_token.h smtpd_check.h smtpd_chat.h smtpd_sasl_proto.h \
 	smtpd_sasl_glue.h smtpd_proxy.h smtpd_dsn_fix.h smtpd_milter.h \
 	smtpd_resolve.h smtpd_expand.h
--- postfix-2.9.0/src/smtpd/smtpd.c.orig	2012-02-04 19:34:17.737149536 +0100
+++ postfix-2.9.0/src/smtpd/smtpd.c	2012-02-04 19:36:43.414073592 +0100
@@ -1208,6 +1208,7 @@
 char   *var_local_rwr_clients;
 char   *var_smtpd_ehlo_dis_words;
 char   *var_smtpd_ehlo_dis_maps;
+char   *var_smtpd_ident_lookup;
 
 char   *var_smtpd_tls_level;
 bool    var_smtpd_use_tls;
@@ -1329,6 +1330,11 @@
 int     smtpd_input_transp_mask;
 
  /*
+  * Hosts that should be ident-queried
+  */
+NAMADR_LIST *smtpd_ident_lookup;
+
+ /*
   * Forward declarations.
   */
 static void helo_reset(SMTPD_STATE *);
@@ -2950,10 +2956,18 @@
      * intermediate proxy.
      */
     if (!proxy || state->xforward.flags == 0) {
-	out_fprintf(out_stream, REC_TYPE_NORM,
-		    "Received: from %s (%s [%s])",
-		    state->helo_name ? state->helo_name : state->name,
-		    state->name, state->rfc_addr);
+	if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) {
+		out_fprintf(out_stream, REC_TYPE_NORM,
+			"Received: from %s (%s [%s] ident=%s)",
+			state->helo_name ? state->helo_name : state->name,
+			state->name, state->rfc_addr,
+			state->ident_user);
+	} else {
+		out_fprintf(out_stream, REC_TYPE_NORM,
+			"Received: from %s (%s [%s])",
+			state->helo_name ? state->helo_name : state->name,
+			state->name, state->rfc_addr);
+	}
 
 #define VSTRING_STRDUP(s) vstring_strcpy(vstring_alloc(strlen(s) + 1), (s))
 
@@ -4954,6 +4968,9 @@
     xclient_hosts = namadr_list_init(MATCH_FLAG_RETURN, var_xclient_hosts);
     xforward_hosts = namadr_list_init(MATCH_FLAG_RETURN, var_xforward_hosts);
     hogger_list = namadr_list_init(MATCH_FLAG_RETURN, var_smtpd_hoggers);
+    smtpd_ident_lookup =
+           namadr_list_init(match_parent_style(VAR_SMTPD_IDENT_LOOKUP),
+                var_smtpd_ident_lookup);
 
     /*
      * Open maps before dropping privileges so we can read passwords etc.
@@ -5382,6 +5399,7 @@
 	VAR_MILT_V, DEF_MILT_V, &var_milt_v, 1, 0,
 	VAR_STRESS, DEF_STRESS, &var_stress, 0, 0,
 	VAR_REJECT_REPLY_MSG_ACCESS_DENIED, DEF_REJECT_REPLY_MSG_ACCESS_DENIED, &var_reject_reply_msg_access_denied, 1, 0,
+	VAR_SMTPD_IDENT_LOOKUP, DEF_SMTPD_IDENT_LOOKUP, &var_smtpd_ident_lookup, 0, 0,
 	VAR_UNV_FROM_WHY, DEF_UNV_FROM_WHY, &var_unv_from_why, 0, 0,
 	VAR_UNV_RCPT_WHY, DEF_UNV_RCPT_WHY, &var_unv_rcpt_why, 0, 0,
 	VAR_REJECT_TMPF_ACT, DEF_REJECT_TMPF_ACT, &var_reject_tmpf_act, 1, 0,
--- postfix-2.9.0/src/smtpd/smtpd_peer.c.orig	2012-02-04 19:34:17.294233547 +0100
+++ postfix-2.9.0/src/smtpd/smtpd_peer.c	2012-02-04 19:40:48.203777370 +0100
@@ -98,6 +98,7 @@
 
 #include <sys_defs.h>
 #include <sys/socket.h>
+#include <sys/types.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <stdio.h>			/* strerror() */
@@ -117,6 +118,7 @@
 
 /* Global library. */
 
+#include <namadr_list.h>
 #include <mail_proto.h>
 #include <valid_mailhost_addr.h>
 #include <mail_params.h>
@@ -125,6 +127,8 @@
     }
 }
 
+extern NAMADR_LIST *smtpd_ident_lookup;
+
 /* smtpd_peer_init - initialize peer information */
 
 void    smtpd_peer_init(SMTPD_STATE *state)
@@ -132,6 +136,9 @@
     const char *myname = "smtpd_peer_init";
     SOCKADDR_SIZE sa_length;
     struct sockaddr *sa;
+    struct sockaddr_in serv_sin;
+    char *ident_user = NULL;
+    SOCKADDR_SIZE sa_len;
     INET_PROTO_INFO *proto_info = inet_proto_info();
 
     sa = (struct sockaddr *) & (state->sockaddr);
@@ -171,6 +178,7 @@
 	state->addr_family = AF_UNSPEC;
 	state->name_status = SMTPD_PEER_CODE_PERM;
 	state->reverse_name_status = SMTPD_PEER_CODE_PERM;
+	state->ident_user = mystrdup("NO-USER");
 	state->port = mystrdup(CLIENT_PORT_UNKNOWN);
     }
 
@@ -342,6 +350,7 @@
 	    if (aierr) {
 		msg_warn("hostname %s does not resolve to address %s: %s",
 			 state->name, state->addr, MAI_STRERROR(aierr));
+                state->ident_user = mystrdup("NO-USER");
 		REJECT_PEER_NAME(state, (TEMP_AI_ERROR(aierr) ?
 			    SMTPD_PEER_CODE_TEMP : SMTPD_PEER_CODE_FORGED));
 	    } else {
@@ -363,6 +372,20 @@
 		freeaddrinfo(res0);
 	    }
 	}
+
+	if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) {
+	    /* If getsockname fails, just forget it */
+	    sa_len = sizeof(serv_sin);
+	    if (getsockname(vstream_fileno(state->client), (struct sockaddr *)&serv_sin, &sa_len) >= 0) {
+		ident_user = smtpd_ident((struct sockaddr_in *)sa, &serv_sin);
+		if (ident_user == NULL)
+		    state->ident_user = mystrdup("NO-USER");
+		else
+		    state->ident_user = ident_user;
+	    } else
+		msg_warn("getsockname failed while doing ident lookup: %s", strerror(errno));
+	} else
+	    state->ident_user = mystrdup("NO-USER");
     }
 
     /*
@@ -383,6 +406,7 @@
 	state->name_status = SMTPD_PEER_CODE_OK;
 	state->reverse_name_status = SMTPD_PEER_CODE_OK;
 	state->port = mystrdup("0");		/* XXX bogus. */
+	state->ident_user = mystrdup("NO-USER");
     }
 
     /*
@@ -401,6 +425,8 @@
 	myfree(state->namaddr);
     if (state->rfc_addr)
 	myfree(state->rfc_addr);
+    if (state->ident_user)
+	myfree(state->ident_user);
     if (state->port)
 	myfree(state->port);
     if (state->dest_addr)
Commit	Line	Data
06a490d4 JR	1	diff -urN -x '*~' postfix-2.2.5/src/global/mail_params.h postfix-2.2.5-ident/src/global/mail_params.h
	2	--- postfix-2.2.5/src/global/mail_params.h 2006-02-22 16:20:15.000000000 +0100
	3	+++ postfix-2.2.5-ident/src/global/mail_params.h 2006-02-22 15:56:31.000000000 +0100
949c99f8 JR	4	@@ -2346,6 +2346,9 @@
	5	#define DEF_SMTP_EHLO_DIS_MAPS ""
	6	extern char *var_smtp_ehlo_dis_maps;
	7
	8	+#define VAR_SMTPD_IDENT_LOOKUP "smtpd_ident_lookup"
06a490d4 JR	9	+#define DEF_SMTPD_IDENT_LOOKUP ""
06a490d4 JR	10	+extern char *var_smtpd_ident_lookup;
949c99f8 JR	11	/*
	12	* SMTPD messages
	13	*/
06a490d4	14	diff -urN -x '*~' postfix-2.2.5/src/smtpd/smtpd_ident.c postfix-2.2.5-ident/src/smtpd/smtpd_ident.c
949c99f8	15	--- postfix-2.2.5/src/smtpd/smtpd_ident.c 1970-01-01 01:00:00.000000000 +0100
06a490d4	16	+++ postfix-2.2.5-ident/src/smtpd/smtpd_ident.c 2006-02-22 15:56:31.000000000 +0100
949c99f8 JR	17	@@ -0,0 +1,138 @@
	18	+#include <sys_defs.h>
	19	+#include <sys/socket.h>
	20	+#include <netinet/in.h>
	21	+#include <arpa/inet.h>
	22	+#include <stdio.h> /* strerror() */
	23	+#include <errno.h>
	24	+#include <string.h>
	25	+#include <mymalloc.h>
	26	+#include <sys/types.h>
	27	+#include <sys/time.h>
	28	+#include <unistd.h>
	29	+#include <vstream.h>
	30	+
	31	+#include <iostuff.h>
	32	+#include "smtpd.h"
	33	+
	34	+#define IDENT_MSGSIZE 256
	35	+#define IDENT_TIMEOUT 10
	36	+
	37	+#define CHOMP(STR) { char tmp; tmp = STR; while (tmp) { \
	38	+ if (tmp == '\n' \|\| tmp == '\r') *tmp = '\0'; tmp++ ; } }
	39	+
	40	+char smtpd_ident(struct sockaddr_in peer_addr, struct sockaddr_in *smtpd_addr)
	41	+{
	42	+ int ident_sock;
	43	+ char ident_msg[IDENT_MSGSIZE + 1], *sp;
	44	+ char ident_user[IDENT_MSGSIZE + 1];
	45	+ struct sockaddr_in local_addr;
	46	+ struct sockaddr_in ident_addr;
	47	+ char *return_val;
	48	+ VSTREAM *ident_stream;
	49	+
	50	+ memset(ident_msg, 0, IDENT_MSGSIZE + 1);
	51	+ memset(ident_user, 0, IDENT_MSGSIZE + 1);
	52	+
	53	+ /*
	54	+ * Bind the local sockaddr to the same interface as smtpd before
	55	+ * connecting back to the auth port on the peer. This helps
	56	+ * with multihomed postfix servers. First, set up the address.
	57	+ */
	58	+
	59	+ /* Local sockname */
	60	+
	61	+ memset((char *) &local_addr, 0, sizeof(local_addr));
	62	+ local_addr.sin_family = AF_INET;
	63	+ memcpy((void ) &local_addr.sin_addr, (void ) &smtpd_addr->sin_addr, sizeof(local_addr.sin_addr));
	64	+
	65	+ /* Remote sockname + port */
	66	+
	67	+ memset((char *) &ident_addr, 0, sizeof(ident_addr));
	68	+ ident_addr.sin_family = AF_INET;
	69	+ memcpy((void ) &ident_addr.sin_addr, (void ) &peer_addr->sin_addr, sizeof(ident_addr.sin_addr));
	70	+ ident_addr.sin_port = htons(113);
	71	+
	72	+ do {
	73	+ /* socket call */
	74	+
	75	+ if ((ident_sock = socket(ident_addr.sin_family, SOCK_STREAM, 0)) < 0) {
	76	+ msg_warn("Can't allocate socket for ident lookup: %s", strerror(errno));
	77	+ break;
	78	+ }
	79	+
	80	+ /* Now bind the local sock to the interface */
81	+
82	+ if (bind(ident_sock, (struct sockaddr *)&local_addr, sizeof(local_addr)) < 0) {
83	+ msg_warn("local bind of ident sock failed: %s", strerror(errno));
84	+ break;
85	+ }
86	+
87	+ /* connect() back to the smtp client host on port 113 */
88	+
89	+ if (connect(ident_sock, (struct sockaddr *) &ident_addr, sizeof(ident_addr )) < 0) {
90	+ msg_warn( "ident connect to %s: %s", inet_ntoa(peer_addr->sin_addr),
91	+ strerror(errno));
92	+ break;
93	+ }
94	+
95	+ /* Ok, make this a vstream */
96	+
97	+ ident_stream = vstream_fdopen(ident_sock, O_RDWR);
98	+ ident_stream->timeout = IDENT_TIMEOUT;
99	+
100	+ /* Print the ident message to the remote host */
101	+
102	+ vstream_fprintf(ident_stream, "%d, %d\n", ntohs(peer_addr->sin_port), ntohs(smtpd_addr->sin_port));
103	+ if (vstream_ftimeout(ident_stream)) {
104	+ msg_warn( "ident write timed out to %s", inet_ntoa(peer_addr->sin_addr));
105	+ break;
106	+ }
107	+
108	+ /* Read back the result */
109	+
110	+ vstream_fread(ident_stream, ident_msg, IDENT_MSGSIZE);
111	+ if (vstream_ftimeout(ident_stream)) {
112	+ msg_warn( "ident read timed out to %s", inet_ntoa(peer_addr->sin_addr));
113	+ break;
114	+ }
115	+
116	+ /*
117	+ * Should I even bother with this?
118	+ *
119	+ * Even if so, don't worry about this failing, set the timeout low
120	+ */
121	+
122	+ ident_stream->timeout = 2;
123	+ vstream_fwrite(ident_stream, "quit\n", strlen("quit\n"));
124	+
125	+ if (strlen(ident_msg) == 0) {
126	+ msg_warn( "Failed to get ident string from %s", inet_ntoa(peer_addr->sin_addr));
127	+ break;
128	+ }
129	+
130	+ if ((sp = strrchr(ident_msg, ':')) == NULL) {
131	+ msg_warn( "Invalid ident string from %s", inet_ntoa(peer_addr->sin_addr));
132	+ break;
133	+ }
134	+ sp++;
135	+ CHOMP(sp);
136	+ while (sp && (sp == ' ' \|\| *sp == '\t')) {
137	+ sp++;
138	+ }
139	+
140	+ /* If we break before this line, we know we had some sort of bad error */
141	+
142	+ strncpy(ident_user, sp, IDENT_MSGSIZE);
143	+ msg_info( "Received ident string %s from %s", sp, inet_ntoa(peer_addr->sin_addr));
144	+
145	+ } while (0);
146	+
147	+ if (strlen(ident_user) == 0) {
148	+ msg_warn( "Failed to get ident user for %s", inet_ntoa(peer_addr->sin_addr));
149	+ return NULL;
150	+ }
151	+
152	+ vstream_fclose(ident_stream);
153	+ return_val = mystrdup(ident_user);
154	+ return return_val;
155	+}
5a9aead1 AG	156	--- postfix-2.3-RC9/src/smtpd/smtpd.h.orig 2006-07-09 21:49:21.000000000 +0200
	157	+++ postfix-2.3-RC9/src/smtpd/smtpd.h 2006-07-11 20:30:43.993322048 +0200
	158	@@ -77,6 +77,7 @@
	159	char addr; / client host address string */
	160	char namaddr; / combined name and address */
	161	char rfc_addr; / address for RFC 2821 */
	162	+ char ident_user; / user name returned by ident RFC 1413 */
	163	int addr_family; /* address family */
	164	struct sockaddr_storage sockaddr; /* binary client endpoint */
	165	int name_status; /* 2=ok 4=soft 5=hard 6=forged */
	166	@@ -266,6 +267,8 @@
	167	extern void smtpd_peer_init(SMTPD_STATE *state);
	168	extern void smtpd_peer_reset(SMTPD_STATE *state);
	169
	170	+extern char smtpd_ident(struct sockaddr_in peer_addr, struct sockaddr_in *smtpd_addr);
	171	+
	172	#define SMTPD_PEER_CODE_OK 2
	173	#define SMTPD_PEER_CODE_TEMP 4
	174	#define SMTPD_PEER_CODE_PERM 5
	175	--- postfix-2.8.3/src/smtpd/Makefile.in~ 2011-05-17 14:28:28.406666872 +0200
	176	+++ postfix-2.8.3/src/smtpd/Makefile.in 2011-05-17 14:31:06.946666872 +0200
	177	@@ -2,11 +2,11 @@
	178	SRCS = smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.c smtpd_state.c \
	179	smtpd_peer.c smtpd_sasl_proto.c smtpd_sasl_glue.c smtpd_proxy.c \
	180	smtpd_xforward.c smtpd_dsn_fix.c smtpd_milter.c smtpd_resolve.c \
9f3d4e6e JR	181	- smtpd_expand.c smtpd_haproxy.c
9f3d4e6e JR	182	+ smtpd_expand.c smtpd_haproxy.c smtpd_ident.c
5a9aead1 AG	183	OBJS = smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o \
	184	smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o \
	185	smtpd_xforward.o smtpd_dsn_fix.o smtpd_milter.o smtpd_resolve.o \
9f3d4e6e JR	186	- smtpd_expand.o smtpd_haproxy.o
9f3d4e6e JR	187	+ smtpd_expand.o smtpd_haproxy.o smtpd_ident.o
5a9aead1 AG	188	HDRS = smtpd_token.h smtpd_check.h smtpd_chat.h smtpd_sasl_proto.h \
	189	smtpd_sasl_glue.h smtpd_proxy.h smtpd_dsn_fix.h smtpd_milter.h \
	190	smtpd_resolve.h smtpd_expand.h
	191	--- postfix-2.9.0/src/smtpd/smtpd.c.orig 2012-02-04 19:34:17.737149536 +0100
	192	+++ postfix-2.9.0/src/smtpd/smtpd.c 2012-02-04 19:36:43.414073592 +0100
	193	@@ -1208,6 +1208,7 @@
e6742683	194	char *var_local_rwr_clients;
	195	char *var_smtpd_ehlo_dis_words;
	196	char *var_smtpd_ehlo_dis_maps;
	197	+char *var_smtpd_ident_lookup;
	198
	199	char *var_smtpd_tls_level;
	200	bool var_smtpd_use_tls;
5a9aead1	201	@@ -1329,6 +1330,11 @@
e6742683	202	int smtpd_input_transp_mask;
	203
	204	/*
	205	+ * Hosts that should be ident-queried
	206	+ */
	207	+NAMADR_LIST *smtpd_ident_lookup;
	208	+
	209	+ /*
	210	* Forward declarations.
	211	*/
	212	static void helo_reset(SMTPD_STATE *);
5a9aead1	213	@@ -2950,10 +2956,18 @@
e6742683	214	* intermediate proxy.
e6742683	215	*/
a9621843	216	if (!proxy \|\| state->xforward.flags == 0) {
e6742683	217	- out_fprintf(out_stream, REC_TYPE_NORM,
	218	- "Received: from %s (%s [%s])",
	219	- state->helo_name ? state->helo_name : state->name,
	220	- state->name, state->rfc_addr);
	221	+ if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) {
	222	+ out_fprintf(out_stream, REC_TYPE_NORM,
	223	+ "Received: from %s (%s [%s] ident=%s)",
	224	+ state->helo_name ? state->helo_name : state->name,
	225	+ state->name, state->rfc_addr,
	226	+ state->ident_user);
	227	+ } else {
	228	+ out_fprintf(out_stream, REC_TYPE_NORM,
	229	+ "Received: from %s (%s [%s])",
	230	+ state->helo_name ? state->helo_name : state->name,
	231	+ state->name, state->rfc_addr);
	232	+ }
	233
	234	#define VSTRING_STRDUP(s) vstring_strcpy(vstring_alloc(strlen(s) + 1), (s))
	235
5a9aead1 AG	236	@@ -4954,6 +4968,9 @@
	237	xclient_hosts = namadr_list_init(MATCH_FLAG_RETURN, var_xclient_hosts);
	238	xforward_hosts = namadr_list_init(MATCH_FLAG_RETURN, var_xforward_hosts);
	239	hogger_list = namadr_list_init(MATCH_FLAG_RETURN, var_smtpd_hoggers);
e6742683	240	+ smtpd_ident_lookup =
ce5d3fb8 ER	241	+ namadr_list_init(match_parent_style(VAR_SMTPD_IDENT_LOOKUP),
	242	+ var_smtpd_ident_lookup);
	243
	244	/*
	245	* Open maps before dropping privileges so we can read passwords etc.
5a9aead1	246	@@ -5382,6 +5399,7 @@
e6742683	247	VAR_MILT_V, DEF_MILT_V, &var_milt_v, 1, 0,
0a41a8cf	248	VAR_STRESS, DEF_STRESS, &var_stress, 0, 0,
e6742683	249	VAR_REJECT_REPLY_MSG_ACCESS_DENIED, DEF_REJECT_REPLY_MSG_ACCESS_DENIED, &var_reject_reply_msg_access_denied, 1, 0,
e6742683	250	+ VAR_SMTPD_IDENT_LOOKUP, DEF_SMTPD_IDENT_LOOKUP, &var_smtpd_ident_lookup, 0, 0,
0a41a8cf	251	VAR_UNV_FROM_WHY, DEF_UNV_FROM_WHY, &var_unv_from_why, 0, 0,
	252	VAR_UNV_RCPT_WHY, DEF_UNV_RCPT_WHY, &var_unv_rcpt_why, 0, 0,
	253	VAR_REJECT_TMPF_ACT, DEF_REJECT_TMPF_ACT, &var_reject_tmpf_act, 1, 0,
5a9aead1 AG	254	--- postfix-2.9.0/src/smtpd/smtpd_peer.c.orig 2012-02-04 19:34:17.294233547 +0100
5a9aead1 AG	255	+++ postfix-2.9.0/src/smtpd/smtpd_peer.c 2012-02-04 19:40:48.203777370 +0100
e6742683	256	@@ -98,6 +98,7 @@
949c99f8 JR	257
	258	#include <sys_defs.h>
	259	#include <sys/socket.h>
	260	+#include <sys/types.h>
	261	#include <netinet/in.h>
	262	#include <arpa/inet.h>
	263	#include <stdio.h> /* strerror() */
5a9aead1	264	@@ -117,6 +118,7 @@
06a490d4	265
949c99f8 JR	266	/* Global library. */
949c99f8 JR	267
06a490d4	268	+#include <namadr_list.h>
949c99f8	269	#include <mail_proto.h>
949c99f8	270	#include <valid_mailhost_addr.h>
e6742683	271	#include <mail_params.h>
5a9aead1	272	@@ -125,6 +127,8 @@
9f3d4e6e JR	273	}
9f3d4e6e JR	274	}
06a490d4 JR	275
	276	+extern NAMADR_LIST *smtpd_ident_lookup;
	277	+
	278	/* smtpd_peer_init - initialize peer information */
	279
	280	void smtpd_peer_init(SMTPD_STATE *state)
5a9aead1	281	@@ -132,6 +136,9 @@
e6742683	282	const char *myname = "smtpd_peer_init";
e6742683	283	SOCKADDR_SIZE sa_length;
949c99f8 JR	284	struct sockaddr *sa;
	285	+ struct sockaddr_in serv_sin;
	286	+ char *ident_user = NULL;
afe23fca	287	+ SOCKADDR_SIZE sa_len;
949c99f8 JR	288	INET_PROTO_INFO *proto_info = inet_proto_info();
	289
	290	sa = (struct sockaddr *) & (state->sockaddr);
5a9aead1	291	@@ -171,6 +178,7 @@
e6742683	292	state->addr_family = AF_UNSPEC;
	293	state->name_status = SMTPD_PEER_CODE_PERM;
	294	state->reverse_name_status = SMTPD_PEER_CODE_PERM;
06a490d4	295	+ state->ident_user = mystrdup("NO-USER");
5a9aead1	296	state->port = mystrdup(CLIENT_PORT_UNKNOWN);
949c99f8	297	}
5a9aead1 AG	298
5a9aead1 AG	299	@@ -342,6 +350,7 @@
949c99f8	300	if (aierr) {
5a9aead1 AG	301	msg_warn("hostname %s does not resolve to address %s: %s",
	302	state->name, state->addr, MAI_STRERROR(aierr));
	303	+ state->ident_user = mystrdup("NO-USER");
949c99f8	304	REJECT_PEER_NAME(state, (TEMP_AI_ERROR(aierr) ?
e6742683	305	SMTPD_PEER_CODE_TEMP : SMTPD_PEER_CODE_FORGED));
949c99f8	306	} else {
5a9aead1	307	@@ -363,6 +372,20 @@
949c99f8 JR	308	freeaddrinfo(res0);
	309	}
	310	}
	311	+
06a490d4	312	+ if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) {
949c99f8 JR	313	+ /* If getsockname fails, just forget it */
	314	+ sa_len = sizeof(serv_sin);
	315	+ if (getsockname(vstream_fileno(state->client), (struct sockaddr *)&serv_sin, &sa_len) >= 0) {
	316	+ ident_user = smtpd_ident((struct sockaddr_in *)sa, &serv_sin);
	317	+ if (ident_user == NULL)
	318	+ state->ident_user = mystrdup("NO-USER");
	319	+ else
	320	+ state->ident_user = ident_user;
	321	+ } else
	322	+ msg_warn("getsockname failed while doing ident lookup: %s", strerror(errno));
06a490d4 JR	323	+ } else
06a490d4 JR	324	+ state->ident_user = mystrdup("NO-USER");
949c99f8 JR	325	}
	326
	327	/*
5a9aead1	328	@@ -383,6 +406,7 @@
e6742683	329	state->name_status = SMTPD_PEER_CODE_OK;
e6742683	330	state->reverse_name_status = SMTPD_PEER_CODE_OK;
ce5d3fb8	331	state->port = mystrdup("0"); /* XXX bogus. */
06a490d4	332	+ state->ident_user = mystrdup("NO-USER");
5a9aead1	333	}
949c99f8 JR	334
949c99f8 JR	335	/*
9f3d4e6e JR	336	@@ -401,6 +425,8 @@
	337	myfree(state->namaddr);
	338	if (state->rfc_addr)
	339	myfree(state->rfc_addr);
	340	+ if (state->ident_user)
	341	+ myfree(state->ident_user);
	342	if (state->port)
	343	myfree(state->port);
	344	if (state->dest_addr)