-Based on patch by: James F. Hranicky (jfhcise.ufl.edu)
-
-diff -urN -x '*~' -x '*.orig' postfix-2.2.5/src/global/mail_params.h postfix-2.2.5-ident/src/global/mail_params.h
---- postfix-2.2.5/src/global/mail_params.h 2006-02-15 23:44:13.000000000 +0100
-+++ postfix-2.2.5-ident/src/global/mail_params.h 2006-02-15 23:30:50.000000000 +0100
+diff -urN -x '*~' postfix-2.2.5/src/global/mail_params.h postfix-2.2.5-ident/src/global/mail_params.h
+--- postfix-2.2.5/src/global/mail_params.h 2006-02-22 16:20:15.000000000 +0100
++++ postfix-2.2.5-ident/src/global/mail_params.h 2006-02-22 15:56:31.000000000 +0100
@@ -2346,6 +2346,9 @@
#define DEF_SMTP_EHLO_DIS_MAPS ""
extern char *var_smtp_ehlo_dis_maps;
+#define VAR_SMTPD_IDENT_LOOKUP "smtpd_ident_lookup"
-+#define DEF_SMTPD_IDENT_LOOKUP 0
-+extern bool var_smtpd_ident_lookup;
++#define DEF_SMTPD_IDENT_LOOKUP ""
++extern char *var_smtpd_ident_lookup;
/*
* SMTPD messages
*/
-Files postfix-2.2.5/src/smtpd/.smtpd_peer.c.swp and postfix-2.2.5-ident/src/smtpd/.smtpd_peer.c.swp differ
-diff -urN -x '*~' -x '*.orig' postfix-2.2.5/src/smtpd/Makefile.in postfix-2.2.5-ident/src/smtpd/Makefile.in
---- postfix-2.2.5/src/smtpd/Makefile.in 2005-04-29 23:12:28.000000000 +0200
-+++ postfix-2.2.5-ident/src/smtpd/Makefile.in 2006-02-15 22:09:42.000000000 +0100
-@@ -1,10 +1,10 @@
- SHELL = /bin/sh
- SRCS = smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.c smtpd_state.c \
- smtpd_peer.c smtpd_sasl_proto.c smtpd_sasl_glue.c smtpd_proxy.c \
-- smtpd_xforward.c
-+ smtpd_xforward.c smtpd_ident.c
- OBJS = smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o \
- smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o \
-- smtpd_xforward.o
-+ smtpd_xforward.o smtpd_ident.o
- HDRS = smtpd_token.h smtpd_check.h smtpd_chat.h smtpd_sasl_proto.h \
- smtpd_sasl_glue.h smtpd_proxy.h
- TESTSRC = smtpd_token_test.c
-diff -urN -x '*~' -x '*.orig' postfix-2.2.5/src/smtpd/smtpd.c postfix-2.2.5-ident/src/smtpd/smtpd.c
---- postfix-2.2.5/src/smtpd/smtpd.c 2006-02-15 23:44:13.000000000 +0100
-+++ postfix-2.2.5-ident/src/smtpd/smtpd.c 2006-02-15 22:31:33.000000000 +0100
-@@ -900,6 +900,7 @@
- char *var_local_rwr_clients;
- char *var_smtpd_ehlo_dis_words;
- char *var_smtpd_ehlo_dis_maps;
-+bool var_smtpd_ident_lookup;
-
- bool var_smtpd_use_tls;
- bool var_smtpd_enforce_tls;
-@@ -1951,10 +1952,18 @@
- * intermediate proxy.
- */
- if (!state->proxy || state->xforward.flags == 0) {
-- out_fprintf(out_stream, REC_TYPE_NORM,
-- "Received: from %s (%s [%s])",
-- state->helo_name ? state->helo_name : state->name,
-- state->name, state->rfc_addr);
-+ if (var_smtpd_ident_lookup) {
-+ out_fprintf(out_stream, REC_TYPE_NORM,
-+ "Received: from %s (%s [%s] ident=%s)",
-+ state->helo_name ? state->helo_name : state->name,
-+ state->name, state->rfc_addr,
-+ state->ident_user);
-+ } else {
-+ out_fprintf(out_stream, REC_TYPE_NORM,
-+ "Received: from %s (%s [%s])",
-+ state->helo_name ? state->helo_name : state->name,
-+ state->name, state->rfc_addr);
-+ }
- #ifdef USE_TLS
- if (var_smtpd_tls_received_header && state->tls_context) {
- out_fprintf(out_stream, REC_TYPE_NORM,
-@@ -3375,6 +3384,7 @@
- VAR_SMTPD_USE_TLS, DEF_SMTPD_USE_TLS, &var_smtpd_use_tls,
- VAR_SMTPD_ENFORCE_TLS, DEF_SMTPD_ENFORCE_TLS, &var_smtpd_enforce_tls,
- VAR_SMTPD_TLS_WRAPPER, DEF_SMTPD_TLS_WRAPPER, &var_smtpd_tls_wrappermode,
-+ VAR_SMTPD_IDENT_LOOKUP, DEF_SMTPD_IDENT_LOOKUP, &var_smtpd_ident_lookup,
- #ifdef USE_TLS
- VAR_SMTPD_TLS_AUTH_ONLY, DEF_SMTPD_TLS_AUTH_ONLY, &var_smtpd_tls_auth_only,
- VAR_SMTPD_TLS_ACERT, DEF_SMTPD_TLS_ACERT, &var_smtpd_tls_ask_ccert,
-diff -urN -x '*~' -x '*.orig' postfix-2.2.5/src/smtpd/smtpd.h postfix-2.2.5-ident/src/smtpd/smtpd.h
---- postfix-2.2.5/src/smtpd/smtpd.h 2005-01-30 22:45:31.000000000 +0100
-+++ postfix-2.2.5-ident/src/smtpd/smtpd.h 2006-02-15 21:11:46.000000000 +0100
-@@ -75,6 +75,7 @@
- char *addr; /* client host address string */
- char *namaddr; /* combined name and address */
- char *rfc_addr; /* address for RFC 2821 */
-+ char *ident_user; /* user name returned by ident RFC 1413 */
- struct sockaddr_storage sockaddr; /* binary client endpoint */
- int peer_code; /* 2=ok, 4=soft, 5=hard */
- int error_count; /* reset after DOT */
-@@ -232,6 +233,8 @@
- extern void smtpd_peer_init(SMTPD_STATE *state);
- extern void smtpd_peer_reset(SMTPD_STATE *state);
-
-+extern char *smtpd_ident(struct sockaddr_in *peer_addr, struct sockaddr_in *smtpd_addr);
-+
- #define SMTPD_PEER_CODE_OK 2
- #define SMTPD_PEER_CODE_TEMP 4
- #define SMTPD_PEER_CODE_PERM 5
-diff -urN -x '*~' -x '*.orig' postfix-2.2.5/src/smtpd/smtpd_ident.c postfix-2.2.5-ident/src/smtpd/smtpd_ident.c
+diff -urN -x '*~' postfix-2.2.5/src/smtpd/smtpd_ident.c postfix-2.2.5-ident/src/smtpd/smtpd_ident.c
--- postfix-2.2.5/src/smtpd/smtpd_ident.c 1970-01-01 01:00:00.000000000 +0100
-+++ postfix-2.2.5-ident/src/smtpd/smtpd_ident.c 2006-02-15 23:44:04.000000000 +0100
++++ postfix-2.2.5-ident/src/smtpd/smtpd_ident.c 2006-02-22 15:56:31.000000000 +0100
@@ -0,0 +1,138 @@
+#include <sys_defs.h>
+#include <sys/socket.h>
+ return_val = mystrdup(ident_user);
+ return return_val;
+}
-diff -urN -x '*~' -x '*.orig' postfix-2.2.5/src/smtpd/smtpd_peer.c postfix-2.2.5-ident/src/smtpd/smtpd_peer.c
---- postfix-2.2.5/src/smtpd/smtpd_peer.c 2005-01-30 22:42:18.000000000 +0100
-+++ postfix-2.2.5-ident/src/smtpd/smtpd_peer.c 2006-02-15 23:29:08.000000000 +0100
-@@ -56,6 +56,7 @@
+--- postfix-2.3-RC9/src/smtpd/smtpd.h.orig 2006-07-09 21:49:21.000000000 +0200
++++ postfix-2.3-RC9/src/smtpd/smtpd.h 2006-07-11 20:30:43.993322048 +0200
+@@ -77,6 +77,7 @@
+ char *addr; /* client host address string */
+ char *namaddr; /* combined name and address */
+ char *rfc_addr; /* address for RFC 2821 */
++ char *ident_user; /* user name returned by ident RFC 1413 */
+ int addr_family; /* address family */
+ struct sockaddr_storage sockaddr; /* binary client endpoint */
+ int name_status; /* 2=ok 4=soft 5=hard 6=forged */
+@@ -266,6 +267,8 @@
+ extern void smtpd_peer_init(SMTPD_STATE *state);
+ extern void smtpd_peer_reset(SMTPD_STATE *state);
+
++extern char *smtpd_ident(struct sockaddr_in *peer_addr, struct sockaddr_in *smtpd_addr);
++
+ #define SMTPD_PEER_CODE_OK 2
+ #define SMTPD_PEER_CODE_TEMP 4
+ #define SMTPD_PEER_CODE_PERM 5
+--- postfix-2.8.3/src/smtpd/Makefile.in~ 2011-05-17 14:28:28.406666872 +0200
++++ postfix-2.8.3/src/smtpd/Makefile.in 2011-05-17 14:31:06.946666872 +0200
+@@ -2,11 +2,11 @@
+ SRCS = smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.c smtpd_state.c \
+ smtpd_peer.c smtpd_sasl_proto.c smtpd_sasl_glue.c smtpd_proxy.c \
+ smtpd_xforward.c smtpd_dsn_fix.c smtpd_milter.c smtpd_resolve.c \
+- smtpd_expand.c smtpd_haproxy.c
++ smtpd_expand.c smtpd_haproxy.c smtpd_ident.c
+ OBJS = smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o \
+ smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o \
+ smtpd_xforward.o smtpd_dsn_fix.o smtpd_milter.o smtpd_resolve.o \
+- smtpd_expand.o smtpd_haproxy.o
++ smtpd_expand.o smtpd_haproxy.o smtpd_ident.o
+ HDRS = smtpd_token.h smtpd_check.h smtpd_chat.h smtpd_sasl_proto.h \
+ smtpd_sasl_glue.h smtpd_proxy.h smtpd_dsn_fix.h smtpd_milter.h \
+ smtpd_resolve.h smtpd_expand.h
+--- postfix-2.9.0/src/smtpd/smtpd.c.orig 2012-02-04 19:34:17.737149536 +0100
++++ postfix-2.9.0/src/smtpd/smtpd.c 2012-02-04 19:36:43.414073592 +0100
+@@ -1208,6 +1208,7 @@
+ char *var_local_rwr_clients;
+ char *var_smtpd_ehlo_dis_words;
+ char *var_smtpd_ehlo_dis_maps;
++char *var_smtpd_ident_lookup;
+
+ char *var_smtpd_tls_level;
+ bool var_smtpd_use_tls;
+@@ -1329,6 +1330,11 @@
+ int smtpd_input_transp_mask;
+
+ /*
++ * Hosts that should be ident-queried
++ */
++NAMADR_LIST *smtpd_ident_lookup;
++
++ /*
+ * Forward declarations.
+ */
+ static void helo_reset(SMTPD_STATE *);
+@@ -2950,10 +2956,18 @@
+ * intermediate proxy.
+ */
+ if (!proxy || state->xforward.flags == 0) {
+- out_fprintf(out_stream, REC_TYPE_NORM,
+- "Received: from %s (%s [%s])",
+- state->helo_name ? state->helo_name : state->name,
+- state->name, state->rfc_addr);
++ if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) {
++ out_fprintf(out_stream, REC_TYPE_NORM,
++ "Received: from %s (%s [%s] ident=%s)",
++ state->helo_name ? state->helo_name : state->name,
++ state->name, state->rfc_addr,
++ state->ident_user);
++ } else {
++ out_fprintf(out_stream, REC_TYPE_NORM,
++ "Received: from %s (%s [%s])",
++ state->helo_name ? state->helo_name : state->name,
++ state->name, state->rfc_addr);
++ }
+
+ #define VSTRING_STRDUP(s) vstring_strcpy(vstring_alloc(strlen(s) + 1), (s))
+
+@@ -4954,6 +4968,9 @@
+ xclient_hosts = namadr_list_init(MATCH_FLAG_RETURN, var_xclient_hosts);
+ xforward_hosts = namadr_list_init(MATCH_FLAG_RETURN, var_xforward_hosts);
+ hogger_list = namadr_list_init(MATCH_FLAG_RETURN, var_smtpd_hoggers);
++ smtpd_ident_lookup =
++ namadr_list_init(match_parent_style(VAR_SMTPD_IDENT_LOOKUP),
++ var_smtpd_ident_lookup);
+
+ /*
+ * Open maps before dropping privileges so we can read passwords etc.
+@@ -5382,6 +5399,7 @@
+ VAR_MILT_V, DEF_MILT_V, &var_milt_v, 1, 0,
+ VAR_STRESS, DEF_STRESS, &var_stress, 0, 0,
+ VAR_REJECT_REPLY_MSG_ACCESS_DENIED, DEF_REJECT_REPLY_MSG_ACCESS_DENIED, &var_reject_reply_msg_access_denied, 1, 0,
++ VAR_SMTPD_IDENT_LOOKUP, DEF_SMTPD_IDENT_LOOKUP, &var_smtpd_ident_lookup, 0, 0,
+ VAR_UNV_FROM_WHY, DEF_UNV_FROM_WHY, &var_unv_from_why, 0, 0,
+ VAR_UNV_RCPT_WHY, DEF_UNV_RCPT_WHY, &var_unv_rcpt_why, 0, 0,
+ VAR_REJECT_TMPF_ACT, DEF_REJECT_TMPF_ACT, &var_reject_tmpf_act, 1, 0,
+--- postfix-2.9.0/src/smtpd/smtpd_peer.c.orig 2012-02-04 19:34:17.294233547 +0100
++++ postfix-2.9.0/src/smtpd/smtpd_peer.c 2012-02-04 19:40:48.203777370 +0100
+@@ -103,6 +103,7 @@
#include <sys_defs.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdio.h> /* strerror() */
-@@ -75,6 +76,7 @@
+@@ -123,6 +124,7 @@
+
/* Global library. */
++#include <namadr_list.h>
#include <mail_proto.h>
-+#include <mail_params.h>
#include <valid_mailhost_addr.h>
+ #include <mail_params.h>
+@@ -132,6 +134,8 @@
- /* Application-specific. */
-@@ -88,6 +90,8 @@
- char *myname = "smtpd_peer_init";
- SOCKADDR_SIZE sa_len;
- struct sockaddr *sa;
-+ struct sockaddr_in serv_sin;
-+ char *ident_user = NULL;
- INET_PROTO_INFO *proto_info = inet_proto_info();
+ #include "smtpd.h"
- sa = (struct sockaddr *) & (state->sockaddr);
-@@ -108,6 +112,9 @@
- state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
- state->rfc_addr = mystrdup(CLIENT_ADDR_UNKNOWN);
- state->peer_code = SMTPD_PEER_CODE_PERM;
-+ if (var_smtpd_ident_lookup) {
-+ state->ident_user = mystrdup("NO-USER");
-+ }
- }
++extern NAMADR_LIST *smtpd_ident_lookup;
++
+ static INET_PROTO_INFO *proto_info;
- /*
-@@ -218,6 +225,9 @@
- if (aierr) {
- msg_warn("%s: hostname %s verification failed: %s",
- state->addr, state->name, MAI_STRERROR(aierr));
-+ if (var_smtpd_ident_lookup) {
+ /*
+@@ -345,6 +352,7 @@
+ if (aierr) {
+ msg_warn("hostname %s does not resolve to address %s: %s",
+ state->name, state->addr, MAI_STRERROR(aierr));
++ state->ident_user = mystrdup("NO-USER");
+ REJECT_PEER_NAME(state, (TEMP_AI_ERROR(aierr) ?
+ SMTPD_PEER_CODE_TEMP : SMTPD_PEER_CODE_FORGED));
+ } else {
+@@ -352,6 +360,7 @@
+ if (res == 0) {
+ msg_warn("hostname %s does not resolve to address %s",
+ state->name, state->addr);
+ state->ident_user = mystrdup("NO-USER");
-+ }
- REJECT_PEER_NAME(state, (TEMP_AI_ERROR(aierr) ?
- SMTPD_PEER_CODE_TEMP : SMTPD_PEER_CODE_PERM));
- } else {
-@@ -239,6 +249,19 @@
- freeaddrinfo(res0);
- }
+ REJECT_PEER_NAME(state, SMTPD_PEER_CODE_FORGED);
+ break;
+ }
+@@ -366,6 +375,22 @@
+ freeaddrinfo(res0);
}
-+
-+ if (var_smtpd_ident_lookup) {
-+ /* If getsockname fails, just forget it */
-+ sa_len = sizeof(serv_sin);
-+ if (getsockname(vstream_fileno(state->client), (struct sockaddr *)&serv_sin, &sa_len) >= 0) {
-+ ident_user = smtpd_ident((struct sockaddr_in *)sa, &serv_sin);
-+ if (ident_user == NULL)
-+ state->ident_user = mystrdup("NO-USER");
-+ else
-+ state->ident_user = ident_user;
-+ } else
-+ msg_warn("getsockname failed while doing ident lookup: %s", strerror(errno));
-+ }
}
-
- /*
-@@ -250,6 +273,9 @@
- state->addr = mystrdup("127.0.0.1"); /* XXX bogus. */
- state->rfc_addr = mystrdup("127.0.0.1");/* XXX bogus. */
- state->peer_code = SMTPD_PEER_CODE_OK;
-+ if (var_smtpd_ident_lookup) {
++ if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) {
++ struct sockaddr_in serv_sin;
++ char *ident_user = NULL;
++
++ /* If getsockname fails, just forget it */
++ sa_length = sizeof(serv_sin);
++ if (getsockname(vstream_fileno(state->client), (struct sockaddr *)&serv_sin, &sa_length) >= 0) {
++ ident_user = smtpd_ident((struct sockaddr_in *)sa, &serv_sin);
++ if (ident_user == NULL)
++ state->ident_user = mystrdup("NO-USER");
++ else
++ state->ident_user = ident_user;
++ } else
++ msg_warn("getsockname failed while doing ident lookup: %s", strerror(errno));
++ } else
+ state->ident_user = mystrdup("NO-USER");
-+ }
- }
+ }
- /*
-@@ -267,4 +293,7 @@
- myfree(state->addr);
- myfree(state->namaddr);
- myfree(state->rfc_addr);
-+ if (var_smtpd_ident_lookup) {
-+ myfree(state->ident_user);
-+ }
+ /* smtpd_peer_hostaddr_to_sockaddr - convert numeric string to binary */
+@@ -411,6 +433,7 @@
+ state->addr_family = AF_UNSPEC;
+ state->name_status = SMTPD_PEER_CODE_OK;
+ state->reverse_name_status = SMTPD_PEER_CODE_OK;
++ state->ident_user = mystrdup("NO-USER");
+ state->port = mystrdup("0"); /* XXX bogus. */
+ }
+
+@@ -426,6 +449,7 @@
+ state->addr_family = AF_UNSPEC;
+ state->name_status = SMTPD_PEER_CODE_PERM;
+ state->reverse_name_status = SMTPD_PEER_CODE_PERM;
++ state->ident_user = mystrdup("NO-USER");
+ state->port = mystrdup(CLIENT_PORT_UNKNOWN);
}
+
+@@ -554,6 +578,7 @@
+ state->addr = 0;
+ state->namaddr = 0;
+ state->rfc_addr = 0;
++ state->ident_user = 0;
+ state->port = 0;
+ state->dest_addr = 0;
+
+@@ -604,6 +629,8 @@
+ myfree(state->namaddr);
+ if (state->rfc_addr)
+ myfree(state->rfc_addr);
++ if (state->ident_user)
++ myfree(state->ident_user);
+ if (state->port)
+ myfree(state->port);
+ if (state->dest_addr)