Mercurial > dnsbl
annotate src/spamass.cpp.in @ 182:2b06183b9b25
embedded dcc filtering
author | carl |
---|---|
date | Sat, 06 Oct 2007 17:10:13 -0700 |
parents | a4d313c2460b |
children | 92a5c866bdfa |
rev | line source |
---|---|
163 | 1 /* |
2 | |
3 Copyright (c) 2007 Carl Byington - 510 Software Group, released under | |
4 the GPL version 3 or any later version at your choice available at | |
5 http://www.gnu.org/licenses/gpl-3.0.txt | |
6 | |
7 Based on spamass-milter by Georg C. F. Greve <greve@gnu.org> | |
8 | |
9 */ | |
10 | |
177 | 11 #include "includes.h" |
163 | 12 #include <errno.h> |
13 #include <fcntl.h> | |
14 #include <poll.h> | |
15 #include <signal.h> | |
16 #include <string> | |
17 #include <sys/types.h> | |
18 #include <sys/wait.h> | |
19 #include <unistd.h> | |
20 | |
21 | |
22 static const char Id[] = "$Id$"; | |
23 | |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
24 char *spamc = "@SPAMC@"; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
25 char *spamc_empty = ""; |
177 | 26 static bool warnedmacro = false; // have we logged that we couldn't fetch a macro? |
27 const int maxlen = 1000; // used for snprintf buffers | |
163 | 28 |
29 | |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
30 SpamAssassin::SpamAssassin(mlfiPriv *priv_, int ip, char *helo_, char *from, char *qid) |
163 | 31 { |
32 error = false; | |
33 running = false; | |
34 first_recipient = true; | |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
35 priv = priv_; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
36 ip4 = ip; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
37 helo = helo_; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
38 envfrom = from; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
39 queueid = qid; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
40 pid = 0; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
41 pipe_io[0][0] = -1; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
42 pipe_io[0][1] = -1; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
43 pipe_io[1][0] = -1; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
44 pipe_io[1][1] = -1; |
163 | 45 } |
46 | |
47 | |
48 SpamAssassin::~SpamAssassin() | |
49 { | |
50 // close all pipes that are still open | |
51 if (pipe_io[0][0] > -1) close(pipe_io[0][0]); | |
52 if (pipe_io[0][1] > -1) close(pipe_io[0][1]); | |
53 if (pipe_io[1][0] > -1) close(pipe_io[1][0]); | |
54 if (pipe_io[1][1] > -1) close(pipe_io[1][1]); | |
55 // child still running? | |
56 if (running) { | |
57 // make sure the pid is valid | |
58 if (pid > 0) { | |
59 // slaughter child | |
60 kill(pid, SIGKILL); | |
61 // wait for child to terminate | |
62 int status; | |
63 waitpid(pid, &status, 0); | |
64 } | |
65 } | |
66 } | |
67 | |
68 | |
69 void SpamAssassin::mlfi_envrcpt(SMFICTX *ctx, char *envrcpt) | |
70 { | |
71 if (first_recipient) { | |
177 | 72 first_recipient = false; |
163 | 73 /* Send the envelope headers as X-Envelope-From: and |
74 X-Envelope-To: so that SpamAssassin can use them in its | |
75 whitelist checks. Also forge as complete a dummy | |
76 Received: header as possible because SA gets a lot of | |
77 info from it. | |
78 | |
79 HReceived: $?sfrom $s $.$?_($?s$|from $.$_) | |
80 $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.) | |
81 $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version} | |
82 (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u | |
83 for $u; $|; | |
84 $.$b$?g | |
85 (envelope-from $g)$. | |
86 | |
87 */ | |
88 const char *macro_b, *macro_i, *macro_j, *macro_r, | |
89 *macro_s, *macro_v, *macro_Z, *macro__; | |
90 char date[32]; | |
91 time_t tval; | |
92 time(&tval); | |
93 strftime(date, sizeof(date), "%a, %d %b %Y %H:%M:%S %z", localtime(&tval)); | |
94 macro_b = date; | |
95 | |
168 | 96 // queue ID |
163 | 97 macro_i = queueid; |
98 | |
168 | 99 // FQDN of this site |
100 macro_j = getorwarnmacro(ctx, "j", "localhost", "ENVRCPT"); | |
163 | 101 |
170 | 102 // Protocol used to receive the message, not really needed by spam assassin |
103 macro_r = "SMTP"; | |
163 | 104 |
170 | 105 // helo value we already have |
163 | 106 macro_s = helo; |
107 | |
170 | 108 // Sendmail binary version, not really needed by spam assassin |
109 macro_v = "8.13.0"; | |
163 | 110 |
170 | 111 // Sendmail .cf version, not really needed by spam assassin |
112 macro_Z = "8.13.0"; | |
163 | 113 |
168 | 114 // Validated sending site's address |
170 | 115 macro__ = getorwarnmacro(ctx, "_", "unknown", "ENVRCPT"); |
163 | 116 |
117 output(string("Received: from ") + macro_s + " (" + macro__+ ")\r\n\t" + | |
118 "by " + macro_j + " (" + macro_v + "/" + macro_Z + ") with " + macro_r + " id " + macro_i + "\r\n\t" + | |
119 "for " + envfrom + ";\r\n\t" + | |
120 macro_b + "\r\n"); | |
121 | |
122 output(string("X-Envelope-From: ") + envfrom + "\r\n"); | |
123 } | |
124 output(string("X-Envelope-To: ") + envrcpt + "\r\n"); | |
125 } | |
126 | |
127 | |
128 void SpamAssassin::mlfi_header(char* headerf, char* headerv) | |
129 { | |
130 if (!running) Connect(); | |
177 | 131 if (running) { |
132 output(spamc_input); | |
133 spamc_input.empty(); | |
134 } | |
135 | |
163 | 136 output(headerf); |
137 output(": "); | |
138 output(headerv); | |
139 output("\r\n"); | |
140 } | |
141 | |
142 | |
143 void SpamAssassin::mlfi_eoh() | |
144 { | |
145 output("\r\n"); | |
146 } | |
147 | |
148 | |
149 void SpamAssassin::mlfi_body(u_char *bodyp, size_t bodylen) | |
150 { | |
151 output((char *)bodyp, bodylen); | |
152 } | |
153 | |
154 | |
155 int SpamAssassin::mlfi_eom() | |
156 { | |
157 close_output(); // signal EOF to SpamAssassin | |
158 input(); // read what the Assassin is telling us | |
159 my_syslog(priv, "spamc returned " + spamc_output); | |
160 return atoi(spamc_output.c_str()); | |
161 } | |
162 | |
163 | |
164 void SpamAssassin::Connect() | |
165 { | |
166 if (error) return; | |
167 // set up pipes for in- and output | |
168 error |= (pipe(pipe_io[0])); | |
169 error |= (pipe(pipe_io[1])); | |
170 if (error) return; | |
171 | |
172 // now execute SpamAssassin client for contact with SpamAssassin spamd | |
173 // start child process | |
174 pid = fork(); | |
175 switch (pid) { | |
176 case -1: | |
177 // forking trouble. | |
178 my_syslog(priv, "unable to fork for spamc"); | |
179 error = true; | |
180 close(pipe_io[0][0]); | |
181 close(pipe_io[0][1]); | |
182 close(pipe_io[1][0]); | |
183 close(pipe_io[1][1]); | |
184 pipe_io[0][0] = -1; | |
185 pipe_io[0][1] = -1; | |
186 pipe_io[1][0] = -1; | |
187 pipe_io[1][1] = -1; | |
188 return; | |
189 case 0: | |
190 // +++ CHILD +++ | |
191 | |
192 // close unused pipes | |
193 close(pipe_io[1][0]); | |
194 close(pipe_io[0][1]); | |
195 | |
196 // redirect stdin(0), stdout(1) and stderr(2) | |
197 dup2(pipe_io[0][0],0); | |
198 dup2(pipe_io[1][1],1); | |
199 dup2(pipe_io[1][1],2); | |
200 | |
201 closeall(3); | |
202 | |
203 // execute spamc | |
204 char* argv[3]; | |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
205 argv[0] = spamc; |
163 | 206 argv[1] = "-c"; |
207 argv[2] = NULL; | |
208 execvp(argv[0] , argv); // does not return! | |
209 _exit(1); // exec failed | |
210 break; | |
211 } | |
212 | |
213 // +++ PARENT +++ | |
214 | |
215 // close unused pipes | |
216 close(pipe_io[0][0]); | |
217 close(pipe_io[1][1]); | |
218 pipe_io[0][0] = -1; | |
219 pipe_io[1][1] = -1; | |
220 | |
221 // mark the pipes non-blocking | |
222 if (fcntl(pipe_io[0][1], F_SETFL, O_NONBLOCK) == -1) | |
223 error = true; | |
224 #if 0 /* don't really need to make the sink pipe nonblocking */ | |
225 if (fcntl(pipe_io[1][0], F_SETFL, O_NONBLOCK) == -1) | |
226 error = true; | |
227 #endif | |
228 | |
229 // we have to assume the client is running now. | |
230 running = true; | |
231 } | |
232 | |
233 | |
234 void SpamAssassin::output(const char* buffer, size_t size) | |
235 { | |
236 // if there are problems, fail. | |
237 if (error) return; | |
238 | |
239 if (!running) { | |
240 // buffer it | |
241 spamc_input.append(buffer, size); | |
242 return; | |
243 } | |
244 | |
245 // send to SpamAssassin | |
246 long total = 0; | |
247 long wsize = 0; | |
248 string reason; | |
249 int status; | |
250 do { | |
251 struct pollfd fds[2]; | |
252 int nfds = 2, nready; | |
253 fds[0].fd = pipe_io[0][1]; | |
254 fds[0].events = POLLOUT; | |
255 fds[0].revents = 0; | |
256 fds[1].fd = pipe_io[1][0]; | |
257 fds[1].events = POLLIN; | |
258 fds[1].revents = 0; | |
259 | |
260 nready = poll(fds, nfds, 1000); | |
261 if (nready == -1) { | |
262 my_syslog(priv, "poll failed"); | |
263 error = true; | |
264 return; | |
265 } | |
266 | |
267 if (fds[1].revents & (POLLERR|POLLNVAL|POLLHUP)) { | |
268 my_syslog(priv, "poll says my read pipe is busted"); | |
269 error = true; | |
270 return; | |
271 } | |
272 | |
273 if (fds[0].revents & (POLLERR|POLLNVAL|POLLHUP)) { | |
274 my_syslog(priv, "poll says my write pipe is busted"); | |
275 error = true; | |
276 return; | |
277 } | |
278 | |
279 if (fds[1].revents & POLLIN) { | |
280 read_pipe(); | |
281 } | |
282 | |
283 if (fds[0].revents & POLLOUT) { | |
284 switch(wsize = write(pipe_io[0][1], (char *)buffer + total, size - total)) { | |
285 case -1: | |
286 if (errno == EAGAIN) continue; | |
287 reason = string(strerror(errno)); | |
288 // close the pipes | |
289 close(pipe_io[0][1]); | |
290 close(pipe_io[1][0]); | |
291 pipe_io[0][1] = -1; | |
292 pipe_io[1][0] = -1; | |
293 // Slaughter child | |
294 kill(pid, SIGKILL); | |
295 // wait for child to terminate | |
296 waitpid(pid, &status, 0); | |
297 my_syslog(priv, "write error: " + reason); | |
298 error = true; | |
299 running = false; | |
300 return; | |
301 default: | |
302 total += wsize; | |
303 break; | |
304 } | |
305 } | |
306 } while ( total < size ); | |
307 } | |
308 | |
309 | |
310 void SpamAssassin::output(const char* buffer) | |
311 { | |
312 output(buffer, strlen(buffer)); | |
313 } | |
314 | |
315 | |
316 void SpamAssassin::output(string buffer) | |
317 { | |
318 output(buffer.c_str(), buffer.size()); | |
319 } | |
320 | |
321 | |
322 void SpamAssassin::close_output() | |
323 { | |
324 if (close(pipe_io[0][1])) | |
325 my_syslog(priv, "close error: " + string(strerror(errno))); | |
326 pipe_io[0][1] = -1; | |
327 } | |
328 | |
329 | |
330 void SpamAssassin::input() | |
331 { | |
332 if (!running || error) return; | |
333 empty_and_close_pipe(); | |
334 if (running) { | |
335 // wait until child is dead | |
336 int status; | |
337 if (waitpid(pid, &status, 0) < 0) { | |
338 error = true; | |
339 }; | |
340 } | |
341 running = false; | |
342 } | |
343 | |
344 | |
345 int SpamAssassin::read_pipe() | |
346 { | |
347 long size; | |
348 int status; | |
349 char iobuff[1024]; | |
350 string reason; | |
351 | |
352 if (pipe_io[1][0] == -1) return 0; | |
353 | |
354 size = read(pipe_io[1][0], iobuff, 1024); | |
355 | |
356 if (size < 0) { | |
357 reason = string(strerror(errno)); | |
358 // Close remaining pipe. | |
359 close(pipe_io[1][0]); | |
360 pipe_io[1][0] = -1; | |
361 // Slaughter child | |
362 kill(pid, SIGKILL); | |
363 // wait for child to terminate | |
364 waitpid(pid, &status, 0); | |
365 my_syslog(priv, "read error: " + reason); | |
366 size = 0; | |
367 error = true; | |
368 running = false; | |
369 } else if (size == 0) { | |
370 // EOF. Close the pipe | |
371 if (close(pipe_io[1][0])) { | |
372 error = true; | |
373 my_syslog(priv, "close error: " + string(strerror(errno))); | |
374 } | |
375 pipe_io[1][0] = -1; | |
376 } else { | |
377 // append to mail buffer | |
378 spamc_output.append(iobuff, size); | |
379 } | |
380 return size; | |
381 } | |
382 | |
383 | |
384 void SpamAssassin::empty_and_close_pipe() | |
385 { | |
386 while (read_pipe()) | |
387 ; | |
388 } | |
389 | |
390 | |
391 void SpamAssassin::closeall(int fd) | |
392 { | |
393 int fdlimit = sysconf(_SC_OPEN_MAX); | |
394 while (fd < fdlimit) | |
395 close(fd++); | |
396 } | |
397 | |
398 | |
168 | 399 char *SpamAssassin::getorwarnmacro(SMFICTX *ctx, char *macro, char *def, char *scope) |
400 { | |
401 char *rc = smfi_getsymval(ctx, macro); | |
402 if (!rc) { | |
403 rc = def; | |
404 warnmacro(macro, scope); | |
405 } | |
406 return rc; | |
407 } | |
408 | |
409 | |
163 | 410 void SpamAssassin::warnmacro(char *macro, char *scope) |
411 { | |
412 if (warnedmacro) return; | |
413 char buf[maxlen]; | |
414 snprintf(buf, sizeof(buf), "Could not retrieve sendmail macro %s. Add it to confMILTER_MACROS_%s for better results.", macro, scope); | |
415 my_syslog(priv, buf); | |
416 warnedmacro = true; | |
417 } | |
418 |