Commits (2)
2019-02-25 Sam Varshavchik <mrsam@courier-mta.com>
* courier/doc/testmxlookup.sgml: Minor editing to the testmxlookup
man page.
2019-02-24 Sam Varshavchik <mrsam@courier-mta.com>
* courier/libs/comsts.c (sts_download2): Specify --max-redirect 0
for STS policy downloads, as per STS spec.
* pop3dserver.c (do_retr): Use the new MIME_UNICODE_MESSAGE_TYPE
setting to set the type of the wrapped MIME attachment.
2019-02-05 Sam Varshavchik <mrsam@courier-mta.com>
* courier/libs/comsts.c (open_and_lock_cached_policy_file): Fix
errno getting clobbered by isatty().
* courier/filters/verifyfilter.c: -n option explicitly suppresses
* courier/filters/verifysender: Pass the -n option to verifysmtp.
2019-02-03 Sam Varshavchik <mrsam@courier-mta.com>
* testmxlookup: implement the Strict Transport Security policy for
......@@ -12,7 +12,7 @@
<refpurpose>Look up mail relays for a domain</refpurpose>
<refpurpose>Look up mail servers for a domain</refpurpose>
......@@ -44,8 +44,8 @@
<command>testmxlookup</command> reports the names and IP addresses of mail
relays that receive mail for the <replaceable>domain</replaceable>,
as well as the <replaceable>domain</replaceable> published
servers that receive mail for the <replaceable>domain</replaceable>,
as well as the <replaceable>domain</replaceable>'s published
<acronym>STS</acronym> policy.
This is useful in diagnosing mail delivery problems.
......@@ -54,10 +54,10 @@
<command>testmxlookup</command> sends a DNS MX query for the specified
domain, followed by A/AAAA queries, if needed.
<command>testmxlookup</command> lists the
hostname and the IP address of every mail relay, and its MX priority.
hostname and the IP address of every mail server, and its MX priority.
The domain's strict transport security
(<acronym>STS</acronym>) policy status, if one is published,
precedes the mail relay list.
precedes the mail server list.
......@@ -66,26 +66,26 @@
The error message <quote>Hard error</quote> indicates that the
domain does not exist,
or does not have any mail relays. The error message "Soft error"
or does not have any mail servers. The error message "Soft error"
indicates a temporary error condition (usually a network failure of
some sorts, or the local DNS server is down).
<quote>STS: testing</quote> or
<quote>STS: enforcing</quote> preceding the list of mail relays
<quote>STS: enforcing</quote> preceding the list of mail servers
indicates that the domain publishes an <acronym>STS</acronym>
<quote>ERROR: STS Policy verification failed</quote> appearing
after an individual mail relay
indicates that the mail relay's name does not meet the domain's
after an individual mail server
indicates that the mail server's name does not meet the domain's
<acronym>STS</acronym> policy.
<quote>STS: testing</quote> or
<quote>STS: enforcing</quote> by itself, with no further messages,
indicates that all listed mail relays comply with the listed
indicates that all listed mail servers comply with the listed
<acronym>STS</acronym> policy. If you are attempting to install
your own STS policy this is a simple means of checking its
......@@ -243,7 +243,7 @@
automatically downloads and caches domains'
<acronym>STS</acronym> policy files by default, an an internal
<acronym>STS</acronym> policy files by default, in an internal
cache with a default size of 1000 domains.
......@@ -465,11 +465,15 @@ void lookup(int argc, char **argv)
memset(&my_env, 0, sizeof(my_env));
while ((opt=getopt(argc, argv, "cm:t:")) != -1)
while ((opt=getopt(argc, argv, "cnm:t:")) != -1)
switch (opt) {
case 'c':
case 'n':
open("/dev/null", O_WRONLY);
case 't':
......@@ -478,7 +482,7 @@ void lookup(int argc, char **argv)
"Usage: verifysmtp [-t trackingdirectory] [-m full|base|domain]\n");
"Usage: verifysmtp [-t trackingdirectory] [-m full|base]\n");
......@@ -32,11 +32,6 @@
<arg choice="plain">verifyfilter</arg>
<cmdsynopsis sepchar=" ">
<arg choice="req">user@domain</arg>
......@@ -89,10 +84,14 @@
<title>The <command>verifysmtp</command> command</title>
<cmdsynopsis sepchar=" ">
<arg choice="opt">-n</arg>
<arg choice="opt">-t <replaceable>directory</replaceable></arg>
<arg choice="opt">-m {full|base}</arg>
<arg choice="req">user@domain</arg>
The <command>verifysmtp</command> command creates a network connection
......@@ -108,6 +107,21 @@
all given E-mail addresses passed. A non-zero exit code indicates that
one or more of the given addresses were rejected.
The <option>-m</option> option is analogous to the
<filename>verifyfilter-logmode</filename> setting, described below,
that specifies how E-mail addresses are compared against the cached
verification results.
The <option>-t</option> enables caching of verification results,
and specifies the directory for storing the cached results.
The <option>-n</option> option suppresses internal error messages
from getting logged to standard error. This is used in the
<command>verifyfilter</command> global mail filter.
......@@ -11,7 +11,7 @@
# Must mkdir $HOME/.trackdir before using this.
import SENDER
system '@bindir@/verifysmtp -t $HOME/.trackdir'
system '@bindir@/verifysmtp -n -t $HOME/.trackdir'
if ($RETURNCODE != 0)
......@@ -8,7 +8,7 @@
# Must mkdir $HOME/.trackdir before using this.
import SENDER
system '@bindir@/verifysmtp -m full -t $HOME/.trackdir'
system '@bindir@/verifysmtp -n -m full -t $HOME/.trackdir'
if ($RETURNCODE != 0)
......@@ -19,6 +19,7 @@
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <errno.h>
static char *policy_filename_for_domain(const char *domain);
static FILE *open_and_lock_cached_policy_file(const char *filename,
......@@ -350,6 +351,7 @@ static FILE *open_and_lock_cached_policy_file(const char *filename,
int *readwrite)
int fd;
int save_errno;
fd=open(filename, O_RDWR | O_CREAT, 0644);
......@@ -369,10 +371,12 @@ static FILE *open_and_lock_cached_policy_file(const char *filename,
** script let's bark this somewhere where someone will hopefully
** notice this.
if (!isatty(2))
if (fd >= 0)
......@@ -662,6 +666,7 @@ static int sts_download2(const char *url, pid_t *pidptr)
execl(WGET, WGET, "-O", "-",
"--timeout", "60",
"--max-redirect", "0",
"-q", url, NULL);