Documant the non-support of header manipulation in post-RCPT ACLs in combination with cuttrhough.

Add check and paniclog attempts to do so.  Bug 1411 (WONTFIX).

2 files changed, 30 insertions, 10 deletions

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 0ed811ab5..88308ba23 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -27292,7 +27292,9 @@ It is usable in the RCPT ACL and valid only for single-recipient mails forwarded
 from one SMTP connection to another.  If a recipient-verify callout connection is
 requested in the same ACL it is held open and used for the data, otherwise one is made
 after the ACL completes.
-Note that routers are used in verify mode.
+
+Note that routers are used in verify mode.  Note also that headers cannot be
+modified by any of the post-data ACLs (DATA, MIME and DKIM).
 
 Should the ultimate destination system positively accept or reject the mail,
 a corresponding indication is given to the source system and nothing is queued.
@@ -27547,12 +27549,15 @@ warn dnslists = sbl.spamhaus.org : \
      add_header = X-blacklisted-at: $dnslist_domain
 .endd
 The &%add_header%& modifier is permitted in the MAIL, RCPT, PREDATA, DATA,
-MIME, and non-SMTP ACLs (in other words, those that are concerned with
+MIME, DKIM, and non-SMTP ACLs (in other words, those that are concerned with
 receiving a message). The message must ultimately be accepted for
 &%add_header%& to have any significant effect. You can use &%add_header%& with
 any ACL verb, including &%deny%& (though this is potentially useful only in a
 RCPT ACL).
 
+Headers will not be added to the message if the modifier is used in
+DATA, MIME or DKIM ACLs for messages delivered by cutthrough routing.
+
 Leading and trailing newlines are removed from
 the data for the &%add_header%& modifier; if it then
 contains one or more newlines that
@@ -27646,12 +27651,15 @@ warn   message        = Remove internal headers
        remove_header  = x-route-mail1 : x-route-mail2
 .endd
 The &%remove_header%& modifier is permitted in the MAIL, RCPT, PREDATA, DATA,
-MIME, and non-SMTP ACLs (in other words, those that are concerned with
+MIME, DKIM, and non-SMTP ACLs (in other words, those that are concerned with
 receiving a message). The message must ultimately be accepted for
 &%remove_header%& to have any significant effect. You can use &%remove_header%&
 with any ACL verb, including &%deny%&, though this is really not useful for
 any verb that doesn't result in a delivered message.
 
+Headers will not be removed to the message if the modifier is used in
+DATA, MIME or DKIM ACLs for messages delivered by cutthrough routing.
+
 More than one header can be removed at the same time by using a colon separated
 list of header names. The header matching is case insensitive. Wildcards are
 not permitted, nor is list expansion performed, so you cannot use hostlists to
diff --git a/src/src/receive.c b/src/src/receive.c
index 0295b7e54..15eb1291d 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -984,11 +984,23 @@ Returns:     nothing
 */
 
 static void
-add_acl_headers(uschar *acl_name)
+add_acl_headers(int where, uschar *acl_name)
 {
 header_line *h, *next;
 header_line *last_received = NULL;
 
+switch(where)
+  {
+  case ACL_WHERE_DKIM:
+  case ACL_WHERE_MIME:
+  case ACL_WHERE_DATA: if (cutthrough_fd >= 0 && (acl_removed_headers || acl_added_headers))
+    {
+    log_write(0, LOG_MAIN|LOG_PANIC, "Header modification in data ACLs"
+			"will not take effect on cutthrough deliveries");
+    return;
+    }
+  }
+
 if (acl_removed_headers != NULL)
   {
   DEBUG(D_receive|D_acl) debug_printf(">>Headers removed by %s ACL:\n", acl_name);
@@ -1264,7 +1276,7 @@ if (rc == OK)
   }
 
 END_MIME_ACL:
-add_acl_headers(US"MIME");
+add_acl_headers(ACL_WHERE_MIME, US"MIME");
 if (rc == DISCARD)
   {
   recipients_count = 0;
@@ -2826,7 +2838,7 @@ if (cutthrough_fd >= 0)
     goto TIDYUP;                             /* Skip to end of function */
     }
   received_header_gen();
-  add_acl_headers(US"MAIL or RCPT");
+  add_acl_headers(ACL_WHERE_RCPT, US"MAIL or RCPT");
   (void) cutthrough_headers_send();
   }
 
@@ -3118,7 +3130,7 @@ if (received_header->text == NULL)	/* Non-cutthrough case */
   /* If an ACL from any RCPT commands set up any warning headers to add, do so
   now, before running the DATA ACL. */
 
-  add_acl_headers(US"MAIL or RCPT");
+  add_acl_headers(ACL_WHERE_RCPT, US"MAIL or RCPT");
   }
 else
   message_body_size = (fstat(data_fd, &statbuf) == 0)?
@@ -3231,7 +3243,7 @@ else
                 break;
               }
             }
-          add_acl_headers(US"DKIM");
+          add_acl_headers(ACL_WHERE_DKIM, US"DKIM");
           if (rc == DISCARD)
             {
             recipients_count = 0;
@@ -3341,7 +3353,7 @@ else
     if (acl_smtp_data != NULL && recipients_count > 0)
       {
       rc = acl_check(ACL_WHERE_DATA, NULL, acl_smtp_data, &user_msg, &log_msg);
-      add_acl_headers(US"DATA");
+      add_acl_headers(ACL_WHERE_DATA, US"DATA");
       if (rc == DISCARD)
         {
         recipients_count = 0;
@@ -3424,7 +3436,7 @@ else
           /* Does not return */
           }
         }
-      add_acl_headers(US"non-SMTP");
+      add_acl_headers(ACL_WHERE_NOTSMTP, US"non-SMTP");
       }
     }