Mercurial > dnsbl
annotate src/context.cpp @ 176:4ec928b24bab stable-6-0-10
allow manual whitelisting with stamp 1 to remove a whitelist entry
author | carl |
---|---|
date | Sun, 23 Sep 2007 14:33:00 -0700 |
parents | e726e1a61ef9 |
children | d6531c702be3 |
rev | line source |
---|---|
94 | 1 /* |
2 | |
152 | 3 Copyright (c) 2007 Carl Byington - 510 Software Group, released under |
4 the GPL version 3 or any later version at your choice available at | |
5 http://www.gnu.org/licenses/gpl-3.0.txt | |
94 | 6 |
7 */ | |
8 | |
9 #include "includes.h" | |
10 | |
160 | 11 #include <arpa/inet.h> |
94 | 12 #include <net/if.h> |
160 | 13 #include <netdb.h> |
94 | 14 #include <netinet/in.h> |
15 #include <netinet/tcp.h> | |
160 | 16 #include <sys/ioctl.h> |
94 | 17 #include <sys/socket.h> |
160 | 18 #include <sys/stat.h> |
94 | 19 #include <sys/un.h> |
160 | 20 #include <unistd.h> |
94 | 21 |
22 static char* context_version="$Id$"; | |
23 | |
153 | 24 char *token_autowhite; |
94 | 25 char *token_black; |
26 char *token_content; | |
27 char *token_context; | |
28 char *token_dccfrom; | |
29 char *token_dccto; | |
30 char *token_default; | |
31 char *token_dnsbl; | |
32 char *token_dnsbll; | |
33 char *token_envfrom; | |
34 char *token_envto; | |
35 char *token_filter; | |
168 | 36 char *token_generic; |
94 | 37 char *token_host_limit; |
38 char *token_html_limit; | |
39 char *token_html_tags; | |
40 char *token_ignore; | |
41 char *token_include; | |
42 char *token_inherit; | |
43 char *token_lbrace; | |
44 char *token_mailhost; | |
45 char *token_many; | |
46 char *token_off; | |
47 char *token_ok2; | |
48 char *token_ok; | |
49 char *token_on; | |
136 | 50 char *token_rate; |
94 | 51 char *token_rbrace; |
52 char *token_semi; | |
53 char *token_soft; | |
163 | 54 char *token_spamassassin; |
94 | 55 char *token_substitute; |
56 char *token_tld; | |
117 | 57 char *token_cctld; |
94 | 58 char *token_unknown; |
119 | 59 char *token_uribl; |
94 | 60 char *token_verify; |
61 char *token_white; | |
62 | |
63 char *token_myhostname; | |
96
1edd4e8d3a60
fix missing include, not all systems define HOST_NAME_MAX
carl
parents:
94
diff
changeset
|
64 #ifndef HOST_NAME_MAX |
1edd4e8d3a60
fix missing include, not all systems define HOST_NAME_MAX
carl
parents:
94
diff
changeset
|
65 #define HOST_NAME_MAX 255 |
1edd4e8d3a60
fix missing include, not all systems define HOST_NAME_MAX
carl
parents:
94
diff
changeset
|
66 #endif |
94 | 67 char myhostname[HOST_NAME_MAX+1]; |
68 | |
153 | 69 pthread_mutex_t verifier_mutex; // protect the verifier map |
94 | 70 verify_map verifiers; |
153 | 71 |
173
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
72 pthread_mutex_t whitelister_mutex; // protect the whitelisters map |
153 | 73 whitelister_map whitelisters; |
74 | |
94 | 75 string_set all_strings; // owns all the strings, only modified by the config loader thread |
76 const int maxlen = 1000; // used for snprintf buffers | |
153 | 77 const int maxsmtp_age = 120;// smtp verify sockets older than this are ancient |
78 const int maxauto_age = 600;// auto whitelister delay before flushing to file | |
94 | 79 extern int NULL_SOCKET; |
129
c5cd1261394d
ignore smtp connection attempts for 10 minutes when getting connection errors on verify hosts
carl
parents:
119
diff
changeset
|
80 const time_t ERROR_SMTP_SOCKET_TIME = 600; // number of seconds between attempts to open a socket to an smtp server |
94 | 81 |
82 | |
83 int SMTP::writer() { | |
84 #ifdef VERIFY_DEBUG | |
85 log("writer() sees buffer with %s", buffer); | |
86 log("writer() sees error %d", (int)error); | |
87 #endif | |
88 int rs = 0; | |
89 if (!error) { | |
90 int len = strlen(buffer); | |
91 while (rs < len) { | |
92 int ws = write(fd, buffer+rs, len-rs); | |
93 if (ws > 0) { | |
94 rs += ws; | |
95 } | |
96 else { | |
97 // peer closed the socket! | |
98 rs = 0; | |
99 error = true; | |
100 break; | |
101 } | |
102 } | |
103 } | |
104 return rs; | |
105 } | |
106 | |
107 | |
108 int SMTP::reader() { | |
109 // read some bytes terminated by lf or end of buffer. | |
110 // we may have a multi line response or part thereof in the buffer. | |
111 #ifdef VERIFY_DEBUG | |
112 log("reader() sees error %d", (int)error); | |
113 #endif | |
114 if (error) return 0; | |
115 int len = maxlen-1; // room for null terminator | |
116 while (pending < len) { | |
117 int ws = read(fd, buffer+pending, len-pending); | |
118 if (ws > 0) { | |
119 pending += ws; | |
120 if (buffer[pending-1] == '\n') break; | |
121 } | |
122 else { | |
123 // peer closed the socket! | |
124 pending = 0; | |
125 error = true; | |
126 break; | |
127 } | |
128 } | |
129 buffer[pending] = '\0'; | |
130 #ifdef VERIFY_DEBUG | |
131 log("reader() sees buffer with %s", buffer); | |
132 #endif | |
133 return pending; | |
134 } | |
135 | |
136 | |
137 int SMTP::read_line() { | |
138 char *lf = strchr(buffer, '\n'); | |
139 if (!lf) { | |
140 reader(); // get a lf | |
141 lf = strchr(buffer, '\n'); | |
142 if (!lf) lf = buffer + pending - 1; | |
143 } | |
144 return (lf-buffer)+1; // number of bytes in this line | |
145 } | |
146 | |
147 | |
97 | 148 void SMTP::flush_line(int r) { |
94 | 149 if (pending > r) memmove(buffer, buffer+r, pending-r); |
150 pending -= r; | |
151 } | |
152 | |
153 | |
154 int SMTP::read_response() { | |
155 pending = 0; | |
156 buffer[pending] = '\0'; | |
157 while (true) { | |
158 int r = read_line(); | |
159 #ifdef VERIFY_DEBUG | |
160 log("read_response() sees line with %s", buffer); | |
161 log("read_response() sees line length %d", r); | |
162 #endif | |
163 if (r == 0) return 0; // failed to read any bytes | |
164 if ((r > 4) && (buffer[3] == '-')) { | |
165 flush_line(r); | |
166 continue; | |
167 } | |
168 return atoi(buffer); | |
169 } | |
170 return 0; | |
171 } | |
172 | |
173 | |
174 int SMTP::cmd(char *c) { | |
175 if (c) { | |
176 init(); | |
177 append(c); | |
178 } | |
179 append("\r\n"); | |
180 writer(); | |
181 return read_response(); | |
182 } | |
183 | |
184 | |
185 int SMTP::helo() { | |
186 if (read_response() != 220) return 0; | |
187 init(); | |
188 append("HELO "); | |
189 append(token_myhostname); | |
190 return cmd(NULL); | |
191 } | |
192 | |
193 | |
194 int SMTP::rset() { | |
195 int rc = cmd("RSET"); | |
196 efrom[0] = '\0'; | |
197 return rc; | |
198 } | |
199 | |
200 | |
201 int SMTP::from(char *f) { | |
101 | 202 // the mail from address was originally passed in from sendmail enclosed in |
203 // <>. to_lower_string() removed the <> and converted the rest to lowercase, | |
204 // except in the case of an empty return path, which was left as the two | |
205 // character string <>. | |
94 | 206 if (strncmp(efrom, f, maxlen)) { |
207 rset(); | |
208 strncpy(efrom, f, maxlen); | |
209 init(); | |
210 append("MAIL FROM:<"); | |
101 | 211 if (*f != '<') append(f); |
94 | 212 append(">"); |
213 return cmd(NULL); | |
214 } | |
215 return 250; // pretend it worked | |
216 } | |
217 | |
218 | |
219 int SMTP::rcpt(char *t) { | |
220 init(); | |
221 append("RCPT TO:<"); | |
222 append(t); | |
223 append(">"); | |
224 return cmd(NULL); | |
225 } | |
226 | |
227 | |
228 int SMTP::quit() { | |
229 return cmd("QUIT"); | |
230 } | |
231 | |
232 | |
233 void SMTP::closefd() { | |
234 shutdown(fd, SHUT_RDWR); | |
235 close(fd); | |
236 } | |
237 | |
238 | |
239 #ifdef VERIFY_DEBUG | |
240 void SMTP::log(char *m, int v) { | |
241 char buf[maxlen]; | |
242 snprintf(buf, maxlen, m, v); | |
243 my_syslog(buf); | |
244 } | |
245 | |
246 | |
247 void SMTP::log(char *m, char *v) { | |
248 char buf[maxlen]; | |
249 snprintf(buf, maxlen, m, v); | |
250 my_syslog(buf); | |
251 } | |
252 #endif | |
253 | |
254 | |
153 | 255 //////////////////////////////////////////////// |
256 // smtp verifier so backup mx machines can see the valid users | |
257 // | |
94 | 258 VERIFY::VERIFY(char *h) { |
259 host = h; | |
260 last_err = 0; | |
261 pthread_mutex_init(&mutex, 0); | |
262 } | |
263 | |
264 | |
265 void VERIFY::closer() { | |
266 bool ok = true; | |
267 while (ok) { | |
268 SMTP *conn = NULL; | |
269 pthread_mutex_lock(&mutex); | |
270 if (connections.empty()) { | |
271 ok = false; | |
272 } | |
273 else { | |
274 conn = connections.front(); | |
275 time_t now = time(NULL); | |
153 | 276 if ((now - conn->get_stamp()) > maxsmtp_age) { |
94 | 277 // this connection is ancient, remove it |
278 connections.pop_front(); | |
279 } | |
280 else { | |
281 ok = false; | |
282 conn = NULL; | |
283 } | |
284 } | |
285 pthread_mutex_unlock(&mutex); | |
286 // avoid doing this work inside the mutex lock | |
287 if (conn) { | |
288 #ifdef VERIFY_DEBUG | |
289 conn->log("closer() closes ancient %d", conn->get_fd()); | |
290 #endif | |
291 delete conn; | |
292 } | |
293 } | |
294 } | |
295 | |
296 | |
297 SMTP* VERIFY::get_connection() { | |
298 SMTP *conn = NULL; | |
299 pthread_mutex_lock(&mutex); | |
300 if (!connections.empty()) { | |
301 conn = connections.front(); | |
302 connections.pop_front(); | |
303 #ifdef VERIFY_DEBUG | |
304 conn->log("get_connection() %d from cache", conn->get_fd()); | |
305 #endif | |
306 } | |
307 pthread_mutex_unlock(&mutex); | |
308 if (conn) return conn; | |
309 int sock = NULL_SOCKET; | |
129
c5cd1261394d
ignore smtp connection attempts for 10 minutes when getting connection errors on verify hosts
carl
parents:
119
diff
changeset
|
310 if ((time(NULL) - last_err) > ERROR_SMTP_SOCKET_TIME) { |
94 | 311 // nothing recent, maybe this time it will work |
312 hostent *h = gethostbyname(host); | |
313 if (h) { | |
314 sockaddr_in server; | |
315 server.sin_family = h->h_addrtype; | |
316 server.sin_port = htons(25); | |
317 memcpy(&server.sin_addr, h->h_addr_list[0], h->h_length); | |
318 sock = socket(PF_INET, SOCK_STREAM, 0); | |
319 if (sock != NULL_SOCKET) { | |
320 bool rc = (connect(sock, (sockaddr *)&server, sizeof(server)) == 0); | |
321 if (!rc) { | |
322 shutdown(sock, SHUT_RDWR); | |
323 close(sock); | |
324 sock = NULL_SOCKET; | |
129
c5cd1261394d
ignore smtp connection attempts for 10 minutes when getting connection errors on verify hosts
carl
parents:
119
diff
changeset
|
325 last_err = time(NULL); |
94 | 326 } |
327 } | |
129
c5cd1261394d
ignore smtp connection attempts for 10 minutes when getting connection errors on verify hosts
carl
parents:
119
diff
changeset
|
328 else last_err = time(NULL); |
94 | 329 } |
129
c5cd1261394d
ignore smtp connection attempts for 10 minutes when getting connection errors on verify hosts
carl
parents:
119
diff
changeset
|
330 else last_err = time(NULL); |
94 | 331 } |
332 if (sock != NULL_SOCKET) { | |
333 conn = new SMTP(sock); | |
334 #ifdef VERIFY_DEBUG | |
335 conn->log("get_connection() %d new socket", conn->get_fd()); | |
336 #endif | |
337 if (conn->helo() == 250) return conn; | |
338 delete conn; | |
339 } | |
340 return NULL; | |
341 } | |
342 | |
343 | |
344 void VERIFY::put_connection(SMTP *conn) { | |
345 if (conn->err()) { | |
346 #ifdef VERIFY_DEBUG | |
347 conn->log("put_socket() %d with error, close it", conn->get_fd()); | |
348 #endif | |
349 delete conn; | |
350 last_err = time(NULL); | |
351 } | |
352 else { | |
353 #ifdef VERIFY_DEBUG | |
354 conn->log("put_socket() %d", conn->get_fd()); | |
355 #endif | |
356 conn->now(); | |
357 pthread_mutex_lock(&mutex); | |
358 connections.push_back(conn); | |
359 pthread_mutex_unlock(&mutex); | |
360 } | |
361 } | |
362 | |
363 | |
364 bool VERIFY::ok(char *from, char *to) { | |
365 if (host == token_myhostname) return true; | |
366 SMTP *conn = get_connection(); | |
367 if (!conn) return true; // cannot verify right now, we have socket errors | |
368 int rc; | |
369 rc = conn->from(from); | |
370 #ifdef VERIFY_DEBUG | |
371 conn->log("verify::ok() from sees %d", rc); | |
372 #endif | |
373 if (rc != 250) { | |
374 conn->rset(); | |
375 put_connection(conn); | |
376 return (rc >= 500) ? false : true; | |
377 } | |
378 rc = conn->rcpt(to); | |
379 #ifdef VERIFY_DEBUG | |
380 conn->log("verify::ok() rcpt sees %d", rc); | |
381 #endif | |
382 put_connection(conn); | |
383 return (rc >= 500) ? false : true; | |
384 } | |
385 | |
386 | |
153 | 387 //////////////////////////////////////////////// |
388 // setup a new smtp verify host | |
389 // | |
390 VERIFYP add_verify_host(char *host); | |
391 VERIFYP add_verify_host(char *host) { | |
392 VERIFYP rc = NULL; | |
393 pthread_mutex_lock(&verifier_mutex); | |
394 verify_map::iterator i = verifiers.find(host); | |
395 if (i == verifiers.end()) { | |
396 rc = new VERIFY(host); | |
397 verifiers[host] = rc; | |
398 } | |
399 else rc = (*i).second; | |
400 pthread_mutex_unlock(&verifier_mutex); | |
401 return rc; | |
402 } | |
403 | |
404 | |
405 //////////////////////////////////////////////// | |
406 // thread to check for verify hosts with old sockets that we can close | |
407 // | |
408 void* verify_closer(void *arg) { | |
409 while (true) { | |
410 sleep(maxsmtp_age); | |
411 pthread_mutex_lock(&verifier_mutex); | |
412 for (verify_map::iterator i=verifiers.begin(); i!=verifiers.end(); i++) { | |
413 VERIFYP v = (*i).second; | |
414 v->closer(); | |
415 } | |
416 pthread_mutex_unlock(&verifier_mutex); | |
417 } | |
418 return NULL; | |
419 } | |
420 | |
421 | |
422 //////////////////////////////////////////////// | |
423 // automatic whitelister | |
424 // | |
425 WHITELISTER::WHITELISTER(char *f, int d) { | |
426 fn = f; | |
427 days = d; | |
428 pthread_mutex_init(&mutex, 0); | |
429 need = false; | |
160 | 430 loaded = time(NULL); |
431 merge(); | |
432 } | |
433 | |
434 | |
435 void WHITELISTER::merge() { | |
436 time_t now = time(NULL); | |
154 | 437 ifstream ifs; |
438 ifs.open(fn); | |
439 if (!ifs.fail()) { | |
440 const int maxlen = 1000; | |
441 char buf[maxlen]; | |
442 while (ifs.getline(buf, maxlen)) { | |
443 char *p = strchr(buf, ' '); | |
444 if (p) { | |
445 *p = '\0'; | |
160 | 446 char *who = strdup(buf); |
447 time_t when = atoi(p+1); | |
448 if ((when == 0) || (when > now)) when = now; | |
449 autowhite_sent::iterator i = rcpts.find(who); | |
173
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
450 if (i == rcpts.end()) { |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
451 rcpts[who] = when; |
160 | 452 } |
453 else { | |
173
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
454 time_t wh = (*i).second; |
175
e726e1a61ef9
allow manual whitelisting with stamp 1 to remove a whitelist entry
carl
parents:
174
diff
changeset
|
455 if ((when == 1) || (when > wh)) (*i).second = when; |
173
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
456 free(who); |
160 | 457 } |
154 | 458 } |
459 } | |
460 } | |
461 ifs.close(); | |
153 | 462 } |
463 | |
464 | |
465 void WHITELISTER::writer() { | |
466 pthread_mutex_lock(&mutex); | |
467 time_t limit = time(NULL) - days*86400; | |
160 | 468 |
469 // check for manually modified autowhitelist file | |
470 struct stat st; | |
471 if (stat(fn, &st)) need = true; // file has disappeared | |
472 else if (st.st_mtime > loaded) { | |
473 // file has been manually updated, merge new entries | |
474 merge(); | |
475 need = true; | |
476 } | |
477 | |
478 // purge old entries | |
153 | 479 for (autowhite_sent::iterator i=rcpts.begin(); i!=rcpts.end();) { |
480 time_t when = (*i).second; | |
481 if (when < limit) { | |
154 | 482 char *who = (*i).first; |
483 free(who); | |
153 | 484 autowhite_sent::iterator j = i; |
485 j++; | |
486 rcpts.erase(i); | |
487 i = j; | |
488 need = true; | |
489 } | |
490 else i++; | |
491 } | |
160 | 492 |
153 | 493 if (need) { |
494 // dump the file | |
154 | 495 ofstream ofs; |
496 ofs.open(fn); | |
497 if (!ofs.fail()) { | |
153 | 498 for (autowhite_sent::iterator i=rcpts.begin(); i!=rcpts.end(); i++) { |
499 char *who = (*i).first; | |
500 int when = (*i).second; | |
174 | 501 if (!strchr(who, ' ')) { |
502 ofs << who << " " << when << endl; | |
503 } | |
153 | 504 } |
505 } | |
154 | 506 ofs.close(); |
156 | 507 need = false; |
160 | 508 loaded = time(NULL); // update load time |
153 | 509 } |
510 pthread_mutex_unlock(&mutex); | |
511 } | |
512 | |
513 | |
514 void WHITELISTER::sent(char *to) { | |
154 | 515 // we take ownership of the string |
153 | 516 pthread_mutex_lock(&mutex); |
517 need = true; | |
173
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
518 autowhite_sent::iterator i = rcpts.find(to); |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
519 if (i == rcpts.end()) { |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
520 rcpts[to] = time(NULL); |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
521 } |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
522 else { |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
523 (*i).second = time(NULL); |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
524 free(to); |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
525 } |
153 | 526 pthread_mutex_unlock(&mutex); |
527 } | |
528 | |
529 | |
530 bool WHITELISTER::is_white(char *from) { | |
531 pthread_mutex_lock(&mutex); | |
532 autowhite_sent::iterator i = rcpts.find(from); | |
162 | 533 bool rc = (i != rcpts.end()); |
153 | 534 pthread_mutex_unlock(&mutex); |
535 return rc; | |
536 } | |
537 | |
538 | |
539 //////////////////////////////////////////////// | |
540 // setup a new auto whitelister file | |
541 // | |
542 WHITELISTERP add_whitelister_file(char *fn, int days); | |
543 WHITELISTERP add_whitelister_file(char *fn, int days) { | |
544 WHITELISTERP rc = NULL; | |
545 pthread_mutex_lock(&whitelister_mutex); | |
546 whitelister_map::iterator i = whitelisters.find(fn); | |
547 if (i == whitelisters.end()) { | |
548 rc = new WHITELISTER(fn, days); | |
549 whitelisters[fn] = rc; | |
550 } | |
156 | 551 else { |
552 rc = (*i).second; | |
553 rc->set_days(days); | |
554 } | |
153 | 555 pthread_mutex_unlock(&whitelister_mutex); |
556 return rc; | |
557 } | |
558 | |
559 | |
560 //////////////////////////////////////////////// | |
561 // thread to check for whitelister hosts with old sockets that we can close | |
562 // | |
563 void* whitelister_writer(void *arg) { | |
564 while (true) { | |
565 sleep(maxauto_age); | |
566 pthread_mutex_lock(&whitelister_mutex); | |
567 for (whitelister_map::iterator i=whitelisters.begin(); i!=whitelisters.end(); i++) { | |
568 WHITELISTERP v = (*i).second; | |
569 v->writer(); | |
570 } | |
571 pthread_mutex_unlock(&whitelister_mutex); | |
572 } | |
573 return NULL; | |
574 } | |
575 | |
576 | |
94 | 577 DNSBL::DNSBL(char *n, char *s, char *m) { |
578 name = n; | |
579 suffix = s; | |
580 message = m; | |
581 } | |
582 | |
583 | |
584 bool DNSBL::operator==(const DNSBL &rhs) { | |
585 return (strcmp(name, rhs.name) == 0) && | |
586 (strcmp(suffix, rhs.suffix) == 0) && | |
587 (strcmp(message, rhs.message) == 0); | |
588 } | |
589 | |
590 | |
591 CONFIG::CONFIG() { | |
592 reference_count = 0; | |
593 generation = 0; | |
594 load_time = 0; | |
595 default_context = NULL; | |
596 } | |
597 | |
598 | |
599 CONFIG::~CONFIG() { | |
146 | 600 if (debug_syslog) { |
601 char buf[maxlen]; | |
602 snprintf(buf, sizeof(buf), "freeing memory for old configuration generation %d", generation); | |
603 my_syslog(buf); | |
604 } | |
94 | 605 for (context_list::iterator i=contexts.begin(); i!=contexts.end(); i++) { |
606 CONTEXT *c = *i; | |
607 delete c; | |
608 } | |
609 } | |
610 | |
611 | |
612 void CONFIG::add_context(CONTEXTP con) { | |
613 contexts.push_back(con); | |
614 if (!default_context && !con->get_parent()) { | |
615 // first global context | |
616 default_context = con; | |
617 } | |
618 } | |
619 | |
620 | |
621 void CONFIG::add_to(char *to, CONTEXTP con) { | |
622 context_map::iterator i = env_to.find(to); | |
623 if (i != env_to.end()) { | |
624 CONTEXTP c = (*i).second; | |
625 if ((c != con) && (c != con->get_parent())) { | |
626 if (debug_syslog) { | |
627 char oldname[maxlen]; | |
628 char newname[maxlen]; | |
629 char *oldn = c->get_full_name(oldname, maxlen); | |
630 char *newn = con->get_full_name(newname, maxlen); | |
631 char buf[maxlen*3]; | |
632 snprintf(buf, maxlen*3, "both %s and %s claim envelope to %s, the second one wins", oldn, newn, to); | |
633 my_syslog(buf); | |
634 } | |
635 } | |
636 } | |
637 env_to[to] = con; | |
638 } | |
639 | |
640 | |
641 CONTEXTP CONFIG::find_context(char *to) { | |
642 context_map::iterator i = env_to.find(to); | |
117 | 643 if (i != env_to.end()) return (*i).second; // found user@domain key |
94 | 644 char *x = strchr(to, '@'); |
645 if (x) { | |
646 x++; | |
647 i = env_to.find(x); | |
117 | 648 if (i != env_to.end()) return (*i).second; // found domain key |
94 | 649 char y = *x; |
650 *x = '\0'; | |
651 i = env_to.find(to); | |
652 *x = y; | |
653 if (i != env_to.end()) return (*i).second; // found user@ key | |
654 } | |
655 return default_context; | |
656 } | |
657 | |
658 | |
659 void CONFIG::dump() { | |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
660 bool spamass = false; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
661 if (default_context) default_context->dump(true, spamass); |
94 | 662 for (context_list::iterator i=contexts.begin(); i!=contexts.end(); i++) { |
663 CONTEXTP c = *i; | |
664 CONTEXTP p = c->get_parent(); | |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
665 if (!p && (c != default_context)) c->dump(false, spamass); |
94 | 666 } |
667 char buf[maxlen]; | |
668 for (context_map::iterator i=env_to.begin(); i!=env_to.end(); i++) { | |
669 char *to = (*i).first; | |
670 CONTEXTP con = (*i).second; | |
671 printf("// envelope to %s \t-> context %s \n", to, con->get_full_name(buf,maxlen)); | |
672 } | |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
673 if (spamass && (spamc == spamc_empty)) { |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
674 printf("// *** warning - spamassassin filtering requested, but spamc not found by autoconf.\n"); |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
675 } |
94 | 676 } |
677 | |
678 | |
679 CONTEXT::CONTEXT(CONTEXTP parent_, char *name_) { | |
680 parent = parent_; | |
681 name = name_; | |
682 verify_host = NULL; | |
153 | 683 verifier = NULL; |
168 | 684 generic_regx = NULL; |
685 generic_message = NULL; | |
153 | 686 autowhite_file = NULL; |
687 whitelister = NULL; | |
94 | 688 env_from_default = (parent) ? token_inherit : token_unknown; |
689 content_filtering = (parent) ? parent->content_filtering : false; | |
690 content_suffix = NULL; | |
691 content_message = NULL; | |
119 | 692 uribl_suffix = NULL; |
693 uribl_message = NULL; | |
94 | 694 host_limit = (parent) ? parent->host_limit : 0; |
695 host_limit_message = NULL; | |
696 host_random = (parent) ? parent->host_random : false; | |
697 tag_limit = (parent) ? parent->tag_limit : 0; | |
698 tag_limit_message = NULL; | |
163 | 699 spamassassin_limit = (parent) ? parent->spamassassin_limit : 0; |
140 | 700 default_rcpt_rate = INT_MAX; |
94 | 701 } |
702 | |
703 | |
704 CONTEXT::~CONTEXT() { | |
705 for (dnsblp_map::iterator i=dnsbl_names.begin(); i!=dnsbl_names.end(); i++) { | |
706 DNSBLP d = (*i).second; | |
707 // delete the underlying DNSBL objects. | |
708 delete d; | |
709 } | |
170 | 710 if (generic_regx) regfree(&generic_pattern); |
94 | 711 } |
712 | |
713 | |
714 bool CONTEXT::is_parent(CONTEXTP p) { | |
715 if (p == parent) return true; | |
716 if (!parent) return false; | |
717 return parent->is_parent(p); | |
718 } | |
719 | |
720 | |
721 char *CONTEXT::get_full_name(char *buffer, int size) { | |
722 if (!parent) return name; | |
723 char buf[maxlen]; | |
724 snprintf(buffer, size, "%s.%s", parent->get_full_name(buf, maxlen), name); | |
725 return buffer; | |
726 } | |
727 | |
728 | |
168 | 729 bool CONTEXT::set_generic(char *regx, char *msg) |
730 { | |
731 int rc = 0; | |
170 | 732 if (generic_regx) regfree(&generic_pattern); |
168 | 733 generic_regx = regx; |
734 generic_message = msg; | |
170 | 735 if (generic_regx) { |
168 | 736 rc = regcomp(&generic_pattern, regx, REG_NOSUB | REG_ICASE | REG_EXTENDED); |
737 } | |
738 return rc; // true iff bad pattern | |
739 } | |
740 | |
741 | |
742 char *CONTEXT::generic_match(char *client) | |
743 { | |
744 if (parent && !generic_regx) return parent->generic_match(client); | |
170 | 745 if (!generic_regx) return NULL; |
168 | 746 if (0 == regexec(&generic_pattern, client, 0, NULL, 0)) { |
747 return generic_message; | |
748 } | |
749 return NULL; | |
750 } | |
751 | |
752 | |
94 | 753 bool CONTEXT::cover_env_to(char *to) { |
754 char buffer[maxlen]; | |
755 char *x = strchr(to, '@'); | |
756 if (x) x++; | |
757 else x = to; | |
144
31ff00ea6bfb
allow parent/child to share a fully qualified env_to address
carl
parents:
143
diff
changeset
|
758 if (*x == '\0') return true; // always allow covering addresses with no domain name, eg abuse@ |
100
63e8633abc34
allow empty env_to at global context to remove all restrictions on child contexts
carl
parents:
99
diff
changeset
|
759 if (!parent && env_to.empty()) return true; // empty env_to at global level covers everything |
94 | 760 string_set::iterator i = env_to.find(x); |
144
31ff00ea6bfb
allow parent/child to share a fully qualified env_to address
carl
parents:
143
diff
changeset
|
761 if (i != env_to.end()) return true; // we cover the entire domain |
31ff00ea6bfb
allow parent/child to share a fully qualified env_to address
carl
parents:
143
diff
changeset
|
762 if (x != to) { |
31ff00ea6bfb
allow parent/child to share a fully qualified env_to address
carl
parents:
143
diff
changeset
|
763 i = env_to.find(to); |
31ff00ea6bfb
allow parent/child to share a fully qualified env_to address
carl
parents:
143
diff
changeset
|
764 if (i != env_to.end()) return true; // we cover the specific email address |
31ff00ea6bfb
allow parent/child to share a fully qualified env_to address
carl
parents:
143
diff
changeset
|
765 } |
94 | 766 return false; |
767 } | |
768 | |
769 | |
770 VERIFYP CONTEXT::find_verify(char *to) { | |
153 | 771 if (verifier && (verify_host != token_myhostname) && cover_env_to(to)) |
772 return verifier; | |
773 else if (parent) | |
774 return parent->find_verify(to); | |
775 else | |
776 return NULL; | |
777 } | |
94 | 778 |
153 | 779 |
162 | 780 WHITELISTERP CONTEXT::find_autowhite(char *from, char *to) { |
781 if (whitelister && cover_env_to(to) && !cover_env_to(from)) | |
153 | 782 return whitelister; |
783 else if (parent) | |
162 | 784 return parent->find_autowhite(from, to); |
153 | 785 else |
786 return NULL; | |
94 | 787 } |
788 | |
789 | |
136 | 790 int CONTEXT::find_rate(char *user) { |
140 | 791 if (rcpt_per_hour.empty()) return default_rcpt_rate; |
136 | 792 rcpt_rates::iterator i = rcpt_per_hour.find(user); |
140 | 793 return (i == rcpt_per_hour.end()) ? default_rcpt_rate : (*i).second; |
136 | 794 } |
795 | |
796 | |
173
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
797 char *CONTEXT::find_from(char *from, bool update_white) { |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
798 if (whitelister && whitelister->is_white(from)) { |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
799 if (update_white) { |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
800 // update senders timestamp to extend the whitelisting period |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
801 if (debug_syslog > 1) { |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
802 char buf[maxlen]; |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
803 char msg[maxlen]; |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
804 snprintf(msg, sizeof(msg), "extend whitelist reply from <%s> in context %s", from, get_full_name(buf,maxlen)); |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
805 my_syslog(msg); |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
806 } |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
807 whitelister->sent(strdup(from)); |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
808 } |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
809 return token_white; |
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
170
diff
changeset
|
810 } |
148
9330b8d6a56b
add documentation fixes, allow env_from target of inherit
carl
parents:
146
diff
changeset
|
811 char *rc = env_from_default; |
94 | 812 string_map::iterator i = env_from.find(from); |
117 | 813 if (i != env_from.end()) rc = (*i).second; // found user@domain key |
94 | 814 else { |
815 char *x = strchr(from, '@'); | |
816 if (x) { | |
817 x++; | |
818 i = env_from.find(x); | |
117 | 819 if (i != env_from.end()) rc = (*i).second; // found domain key |
94 | 820 else { |
821 char y = *x; | |
822 *x = '\0'; | |
823 i = env_from.find(from); | |
824 *x = y; | |
825 if (i != env_from.end()) rc = (*i).second; // found user@ key | |
826 } | |
827 } | |
828 } | |
829 if ((rc == token_inherit) && parent) return parent->find_from(from); | |
830 return (rc == token_inherit) ? token_unknown : rc; | |
831 } | |
832 | |
833 | |
834 CONTEXTP CONTEXT::find_context(char *from) { | |
835 context_map::iterator i = env_from_context.find(from); | |
117 | 836 if (i != env_from_context.end()) return (*i).second; // found user@domain key |
94 | 837 char *x = strchr(from, '@'); |
838 if (x) { | |
839 x++; | |
840 i = env_from_context.find(x); | |
117 | 841 if (i != env_from_context.end()) return (*i).second; // found domain key |
94 | 842 char y = *x; |
843 *x = '\0'; | |
844 i = env_from_context.find(from); | |
845 *x = y; | |
846 if (i != env_from_context.end()) return (*i).second; // found user@ key | |
847 } | |
848 return this; | |
849 } | |
850 | |
851 | |
852 CONTEXTP CONTEXT::find_from_context_name(char *name) { | |
853 context_map::iterator i = children.find(name); | |
854 if (i != children.end()) return (*i).second; | |
855 return NULL; | |
856 } | |
857 | |
858 | |
859 DNSBLP CONTEXT::find_dnsbl(char *name) { | |
860 dnsblp_map::iterator i = dnsbl_names.find(name); | |
861 if (i != dnsbl_names.end()) return (*i).second; | |
862 if (parent) return parent->find_dnsbl(name); | |
863 return NULL; | |
864 } | |
865 | |
866 | |
867 char* CONTEXT::get_content_suffix() { | |
868 if (!content_suffix && parent) return parent->get_content_suffix(); | |
869 return content_suffix; | |
870 } | |
871 | |
872 | |
119 | 873 char* CONTEXT::get_uribl_suffix() { |
874 if (!uribl_suffix && parent) return parent->get_uribl_suffix(); | |
875 return uribl_suffix; | |
876 } | |
877 | |
878 | |
94 | 879 char* CONTEXT::get_content_message() { |
880 if (!content_message && parent) return parent->get_content_message(); | |
881 return content_message; | |
882 } | |
883 | |
884 | |
119 | 885 char* CONTEXT::get_uribl_message() { |
886 if (!uribl_message && parent) return parent->get_uribl_message(); | |
887 return uribl_message; | |
888 } | |
889 | |
890 | |
94 | 891 string_set& CONTEXT::get_content_host_ignore() { |
892 if (content_host_ignore.empty() && parent) return parent->get_content_host_ignore(); | |
893 return content_host_ignore; | |
894 } | |
895 | |
896 | |
117 | 897 string_set& CONTEXT::get_content_cctlds() { |
898 if (content_cctlds.empty() && parent) return parent->get_content_cctlds(); | |
899 return content_cctlds; | |
900 } | |
901 | |
94 | 902 string_set& CONTEXT::get_content_tlds() { |
903 if (content_tlds.empty() && parent) return parent->get_content_tlds(); | |
904 return content_tlds; | |
905 } | |
906 | |
907 | |
908 string_set& CONTEXT::get_html_tags() { | |
909 if (html_tags.empty() && parent) return parent->get_html_tags(); | |
910 return html_tags; | |
911 } | |
912 | |
913 | |
914 dnsblp_list& CONTEXT::get_dnsbl_list() { | |
915 if (dnsbl_list.empty() && parent) return parent->get_dnsbl_list(); | |
916 return dnsbl_list; | |
917 } | |
918 | |
919 | |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
920 bool CONTEXT::acceptable_content(recorder &memory, int score, string& msg) { |
163 | 921 if (spamassassin_limit && (score > spamassassin_limit)) { |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
922 char buf[maxlen]; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
923 snprintf(buf, sizeof(buf), "Mail rejected - spam assassin score %d", score); |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
924 msg = string(buf); |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
925 return false; |
163 | 926 } |
94 | 927 if (memory.excessive_bad_tags(tag_limit)) { |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
928 msg = string(tag_limit_message); |
94 | 929 return false; |
930 } | |
931 if (!host_random && memory.excessive_hosts(host_limit)) { | |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
932 msg = string(host_limit_message); |
94 | 933 return false; |
934 } | |
935 return true; | |
936 } | |
937 | |
938 | |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
939 void CONTEXT::dump(bool isdefault, bool &spamass, int level) { |
94 | 940 char indent[maxlen]; |
941 int i = min(maxlen-1, level*4); | |
942 memset(indent, ' ', i); | |
943 indent[i] = '\0'; | |
944 char buf[maxlen]; | |
945 char *fullname = get_full_name(buf,maxlen); | |
946 printf("%s context %s { \t// %s\n", indent, name, fullname); | |
947 | |
948 for (dnsblp_map::iterator i=dnsbl_names.begin(); i!=dnsbl_names.end(); i++) { | |
949 char *n = (*i).first; | |
950 DNSBL &d = *(*i).second; | |
951 printf("%s dnsbl %s %s \"%s\"; \n", indent, n, d.suffix, d.message); | |
952 } | |
953 | |
145 | 954 dnsblp_list dl = get_dnsbl_list(); |
955 if (!dl.empty()) { | |
94 | 956 printf("%s dnsbl_list", indent); |
145 | 957 for (dnsblp_list::iterator i=dl.begin(); i!=dl.end(); i++) { |
94 | 958 DNSBL &d = *(*i); |
959 printf(" %s", d.name); | |
960 } | |
961 printf("; \n"); | |
962 } | |
963 | |
964 if (content_filtering) { | |
965 printf("%s content on { \n", indent, env_from_default); | |
966 if (content_suffix) { | |
967 printf("%s filter %s \"%s\"; \n", indent, content_suffix, content_message); | |
968 } | |
119 | 969 if (uribl_suffix) { |
970 printf("%s uribl %s \"%s\"; \n", indent, uribl_suffix, uribl_message); | |
971 } | |
94 | 972 if (!content_host_ignore.empty()) { |
973 printf("%s ignore { \n", indent); | |
974 for (string_set::iterator i=content_host_ignore.begin(); i!=content_host_ignore.end(); i++) { | |
975 printf("%s %s; \n", indent, *i); | |
976 } | |
977 printf("%s }; \n", indent); | |
978 } | |
117 | 979 if (!content_cctlds.empty()) { |
980 printf("%s cctld { \n", indent); | |
981 printf("%s ", indent); | |
982 for (string_set::iterator i=content_cctlds.begin(); i!=content_cctlds.end(); i++) { | |
983 printf("%s; ", *i); | |
984 } | |
985 printf("\n%s }; \n", indent); | |
986 } | |
94 | 987 if (!content_tlds.empty()) { |
988 printf("%s tld { \n", indent); | |
989 printf("%s ", indent); | |
990 for (string_set::iterator i=content_tlds.begin(); i!=content_tlds.end(); i++) { | |
991 printf("%s; ", *i); | |
992 } | |
993 printf("\n%s }; \n", indent); | |
994 } | |
995 if (!html_tags.empty()) { | |
996 printf("%s html_tags { \n", indent); | |
997 printf("%s ", indent); | |
998 for (string_set::iterator i=html_tags.begin(); i!=html_tags.end(); i++) { | |
999 printf("%s; ", *i); | |
1000 } | |
1001 printf("\n%s }; \n", indent); | |
1002 } | |
1003 if (host_limit_message) { | |
1004 printf("%s host_limit on %d \"%s\"; \n", indent, host_limit, host_limit_message); | |
1005 } | |
1006 else if (host_random) { | |
1007 printf("%s host_limit soft %d; \n", indent, host_limit); | |
1008 } | |
1009 else { | |
1010 printf("%s host_limit off; \n", indent); | |
1011 } | |
1012 if (tag_limit_message) { | |
1013 printf("%s html_limit on %d \"%s\"; \n", indent, tag_limit, tag_limit_message); | |
1014 } | |
1015 else { | |
1016 printf("%s html_limit off; \n", indent); | |
1017 } | |
163 | 1018 printf("%s spamassassin %d; \n", indent, spamassassin_limit); |
94 | 1019 printf("%s }; \n", indent); |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
1020 spamass |= (spamassassin_limit != 0); |
94 | 1021 } |
1022 else { | |
1023 printf("%s content off {}; \n", indent, env_from_default); | |
1024 } | |
1025 | |
1026 printf("%s env_to { \t// %s\n", indent, fullname); | |
1027 for (string_set::iterator i=env_to.begin(); i!=env_to.end(); i++) { | |
1028 printf("%s %s; \n", indent, *i); | |
1029 } | |
1030 printf("%s }; \n", indent); | |
1031 | |
1032 if (verify_host) { | |
1033 printf("%s verify %s; \n", indent, verify_host); | |
1034 } | |
1035 | |
168 | 1036 if (generic_regx) { |
1037 printf("%s generic \"%s\" \n", indent, generic_regx); | |
1038 printf("%s \"%s\"; \n", indent, generic_message); | |
1039 } | |
1040 | |
153 | 1041 if (autowhite_file && whitelister) { |
1042 printf("%s autowhite %d %s; \n", indent, whitelister->get_days(), autowhite_file); | |
1043 } | |
1044 | |
94 | 1045 for (context_map::iterator i=children.begin(); i!=children.end(); i++) { |
1046 CONTEXTP c = (*i).second; | |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
1047 c->dump(false, spamass, level+1); |
94 | 1048 } |
1049 | |
1050 printf("%s env_from %s { \t// %s\n", indent, env_from_default, fullname); | |
1051 if (!env_from.empty()) { | |
1052 printf("%s // white/black/unknown \n", indent); | |
1053 for (string_map::iterator i=env_from.begin(); i!=env_from.end(); i++) { | |
1054 char *f = (*i).first; | |
1055 char *t = (*i).second; | |
1056 printf("%s %s \t%s; \n", indent, f, t); | |
1057 } | |
1058 } | |
1059 if (!env_from_context.empty()) { | |
1060 printf("%s // child contexts \n", indent); | |
1061 for (context_map::iterator j=env_from_context.begin(); j!=env_from_context.end(); j++) { | |
1062 char *f = (*j).first; | |
1063 CONTEXTP t = (*j).second; | |
1064 printf("%s %s \t%s; \n", indent, f, t->name); | |
1065 } | |
1066 } | |
1067 printf("%s }; \n", indent); | |
1068 | |
144
31ff00ea6bfb
allow parent/child to share a fully qualified env_to address
carl
parents:
143
diff
changeset
|
1069 if (isdefault) { |
31ff00ea6bfb
allow parent/child to share a fully qualified env_to address
carl
parents:
143
diff
changeset
|
1070 printf("%s rate_limit %d { \n", indent, default_rcpt_rate); |
31ff00ea6bfb
allow parent/child to share a fully qualified env_to address
carl
parents:
143
diff
changeset
|
1071 for (rcpt_rates::iterator j=rcpt_per_hour.begin(); j!=rcpt_per_hour.end(); j++) { |
31ff00ea6bfb
allow parent/child to share a fully qualified env_to address
carl
parents:
143
diff
changeset
|
1072 char *u = (*j).first; |
31ff00ea6bfb
allow parent/child to share a fully qualified env_to address
carl
parents:
143
diff
changeset
|
1073 int l = (*j).second; |
31ff00ea6bfb
allow parent/child to share a fully qualified env_to address
carl
parents:
143
diff
changeset
|
1074 printf("%s \"%s\" \t%d; \n", indent, u, l); |
31ff00ea6bfb
allow parent/child to share a fully qualified env_to address
carl
parents:
143
diff
changeset
|
1075 } |
31ff00ea6bfb
allow parent/child to share a fully qualified env_to address
carl
parents:
143
diff
changeset
|
1076 printf("%s }; \n", indent); |
136 | 1077 } |
1078 | |
94 | 1079 printf("%s }; \n", indent); |
1080 } | |
1081 | |
1082 | |
1083 //////////////////////////////////////////////// | |
1084 // helper to discard the strings held by a string_set | |
1085 // | |
1086 void discard(string_set &s) { | |
1087 for (string_set::iterator i=s.begin(); i!=s.end(); i++) { | |
1088 free(*i); | |
1089 } | |
1090 s.clear(); | |
1091 } | |
1092 | |
1093 | |
1094 //////////////////////////////////////////////// | |
1095 // helper to register a string in a string set | |
1096 // | |
1097 char* register_string(string_set &s, char *name) { | |
1098 string_set::iterator i = s.find(name); | |
1099 if (i != s.end()) return *i; | |
1100 char *x = strdup(name); | |
1101 s.insert(x); | |
1102 return x; | |
1103 } | |
1104 | |
1105 | |
1106 //////////////////////////////////////////////// | |
1107 // register a global string | |
1108 // | |
1109 char* register_string(char *name) { | |
1110 return register_string(all_strings, name); | |
1111 } | |
1112 | |
1113 | |
1114 //////////////////////////////////////////////// | |
164 | 1115 // clear all global strings, helper for valgrind checking |
1116 // | |
1117 void clear_strings() { | |
1118 discard(all_strings); | |
1119 } | |
1120 | |
1121 | |
1122 //////////////////////////////////////////////// | |
94 | 1123 // |
1124 bool tsa(TOKEN &tok, char *token); | |
1125 bool tsa(TOKEN &tok, char *token) { | |
1126 char *have = tok.next(); | |
1127 if (have == token) return true; | |
1128 tok.token_error(token, have); | |
1129 return false; | |
1130 } | |
1131 | |
1132 | |
1133 //////////////////////////////////////////////// | |
1134 // | |
1135 bool parse_dnsbl(TOKEN &tok, CONFIG &dc, CONTEXT &me); | |
1136 bool parse_dnsbl(TOKEN &tok, CONFIG &dc, CONTEXT &me) { | |
1137 char *name = tok.next(); | |
1138 char *suf = tok.next(); | |
1139 char *msg = tok.next(); | |
1140 if (!tsa(tok, token_semi)) return false; | |
1141 DNSBLP dnsnew = new DNSBL(name, suf, msg); | |
1142 DNSBLP dnsold = me.find_dnsbl(name); | |
1143 if (dnsold && (*dnsold == *dnsnew)) { | |
1144 // duplicate redefinition, ignore it | |
1145 delete dnsnew; | |
1146 return true; | |
1147 } | |
1148 me.add_dnsbl(name, dnsnew); | |
1149 return true; | |
1150 } | |
1151 | |
1152 | |
1153 //////////////////////////////////////////////// | |
1154 // | |
1155 bool parse_dnsbll(TOKEN &tok, CONFIG &dc, CONTEXT &me); | |
1156 bool parse_dnsbll(TOKEN &tok, CONFIG &dc, CONTEXT &me) { | |
1157 while (true) { | |
1158 char *have = tok.next(); | |
1159 if (!have) break; | |
1160 if (have == token_semi) break; | |
1161 DNSBLP dns = me.find_dnsbl(have); | |
1162 if (dns) { | |
1163 me.add_dnsbl(dns); | |
1164 } | |
1165 else { | |
1166 tok.token_error("dnsbl name", have); | |
1167 return false; | |
1168 } | |
1169 } | |
1170 return true; | |
1171 } | |
1172 | |
1173 | |
1174 //////////////////////////////////////////////// | |
1175 // | |
1176 bool parse_content(TOKEN &tok, CONFIG &dc, CONTEXT &me); | |
1177 bool parse_content(TOKEN &tok, CONFIG &dc, CONTEXT &me) { | |
1178 char *setting = tok.next(); | |
1179 if (setting == token_on) { | |
1180 me.set_content_filtering(true); | |
1181 } | |
1182 else if (setting == token_off) { | |
1183 me.set_content_filtering(false); | |
1184 } | |
1185 else { | |
1186 tok.token_error("on/off", setting); | |
1187 return false; | |
1188 } | |
1189 if (!tsa(tok, token_lbrace)) return false; | |
1190 while (true) { | |
1191 char *have = tok.next(); | |
1192 if (!have) break; | |
1193 if (have == token_filter) { | |
1194 char *suffix = tok.next(); | |
1195 char *messag = tok.next(); | |
1196 me.set_content_suffix(suffix); | |
1197 me.set_content_message(messag); | |
1198 if (!tsa(tok, token_semi)) return false; | |
1199 } | |
119 | 1200 else if (have == token_uribl) { |
1201 char *suffix = tok.next(); | |
1202 char *messag = tok.next(); | |
1203 me.set_uribl_suffix(suffix); | |
1204 me.set_uribl_message(messag); | |
1205 if (!tsa(tok, token_semi)) return false; | |
1206 } | |
94 | 1207 else if (have == token_ignore) { |
1208 if (!tsa(tok, token_lbrace)) return false; | |
1209 while (true) { | |
1210 if (!have) break; | |
1211 char *have = tok.next(); | |
1212 if (have == token_rbrace) break; // done | |
1213 me.add_ignore(have); | |
1214 } | |
1215 if (!tsa(tok, token_semi)) return false; | |
1216 } | |
117 | 1217 else if (have == token_cctld) { |
1218 if (!tsa(tok, token_lbrace)) return false; | |
1219 while (true) { | |
1220 char *have = tok.next(); | |
1221 if (!have) break; | |
1222 if (have == token_rbrace) break; // done | |
1223 me.add_cctld(have); | |
1224 } | |
1225 if (!tsa(tok, token_semi)) return false; | |
1226 } | |
94 | 1227 else if (have == token_tld) { |
1228 if (!tsa(tok, token_lbrace)) return false; | |
1229 while (true) { | |
1230 char *have = tok.next(); | |
1231 if (!have) break; | |
1232 if (have == token_rbrace) break; // done | |
1233 me.add_tld(have); | |
1234 } | |
1235 if (!tsa(tok, token_semi)) return false; | |
1236 } | |
1237 else if (have == token_html_limit) { | |
1238 have = tok.next(); | |
1239 if (have == token_on) { | |
1240 me.set_tag_limit(tok.nextint()); | |
1241 me.set_tag_message(tok.next()); | |
1242 } | |
1243 else if (have == token_off) { | |
1244 me.set_tag_limit(0); | |
1245 me.set_tag_message(NULL); | |
1246 } | |
1247 else { | |
1248 tok.token_error("on/off", have); | |
1249 return false; | |
1250 } | |
1251 if (!tsa(tok, token_semi)) return false; | |
1252 } | |
1253 else if (have == token_html_tags) { | |
1254 if (!tsa(tok, token_lbrace)) return false; | |
1255 while (true) { | |
1256 char *have = tok.next(); | |
1257 if (!have) break; | |
1258 if (have == token_rbrace) { | |
1259 break; // done | |
1260 } | |
1261 else { | |
1262 me.add_tag(have); // base version | |
1263 char buf[200]; | |
1264 snprintf(buf, sizeof(buf), "/%s", have); | |
1265 me.add_tag(register_string(buf)); // leading / | |
1266 snprintf(buf, sizeof(buf), "%s/", have); | |
1267 me.add_tag(register_string(buf)); // trailing / | |
1268 } | |
1269 } | |
1270 if (!tsa(tok, token_semi)) return false; | |
1271 } | |
1272 else if (have == token_host_limit) { | |
1273 have = tok.next(); | |
1274 if (have == token_on) { | |
1275 me.set_host_limit(tok.nextint()); | |
1276 me.set_host_message(tok.next()); | |
1277 me.set_host_random(false); | |
1278 } | |
1279 else if (have == token_off) { | |
1280 me.set_host_limit(0); | |
1281 me.set_host_message(NULL); | |
1282 me.set_host_random(false); | |
1283 } | |
1284 else if (have == token_soft) { | |
1285 me.set_host_limit(tok.nextint()); | |
1286 me.set_host_message(NULL); | |
1287 me.set_host_random(true); | |
1288 } | |
1289 else { | |
1290 tok.token_error("on/off/soft", have); | |
1291 return false; | |
1292 } | |
1293 if (!tsa(tok, token_semi)) return false; | |
1294 } | |
163 | 1295 else if (have == token_spamassassin) { |
1296 me.set_spamassassin_limit(tok.nextint()); | |
1297 if (!tsa(tok, token_semi)) return false; | |
1298 } | |
94 | 1299 else if (have == token_rbrace) { |
1300 break; // done | |
1301 } | |
1302 else { | |
1303 tok.token_error("content keyword", have); | |
1304 return false; | |
1305 } | |
1306 } | |
1307 return tsa(tok, token_semi); | |
1308 } | |
1309 | |
1310 | |
1311 //////////////////////////////////////////////// | |
1312 // | |
1313 bool parse_envto(TOKEN &tok, CONFIG &dc, CONTEXT &me); | |
1314 bool parse_envto(TOKEN &tok, CONFIG &dc, CONTEXT &me) { | |
1315 if (!tsa(tok, token_lbrace)) return false; | |
1316 while (true) { | |
1317 char *have = tok.next(); | |
1318 if (!have) break; | |
1319 if (have == token_rbrace) break; | |
1320 if (have == token_semi) { | |
1321 // optional separators | |
1322 } | |
1323 else if (have == token_dccto) { | |
1324 char *flavor = tok.next(); | |
1325 if (!tsa(tok, token_lbrace)) return false; | |
1326 bool keeping = false; | |
1327 while (true) { | |
1328 char *have = tok.next(); | |
1329 if (!have) break; | |
1330 if (have == token_rbrace) break; | |
1331 if (have == flavor) { | |
1332 keeping = true; | |
1333 continue; | |
1334 } | |
1335 else if ((have == token_ok) || (have == token_ok2) || (have == token_many)) { | |
1336 keeping = false; | |
1337 continue; | |
1338 } | |
1339 if (have == token_envto) { | |
1340 have = tok.next(); | |
1341 if (keeping) { | |
1342 if (me.allow_env_to(have)) { | |
1343 me.add_to(have); | |
1344 dc.add_to(have, &me); | |
1345 } | |
1346 } | |
1347 } | |
1348 //else if (have == token_substitute) { | |
1349 // if (tok.next() == token_mailhost) { | |
1350 // have = tok.next(); | |
1351 // if (keeping) { | |
1352 // if (me.allow_env_to(have)) { | |
1353 // me.add_to(have); | |
1354 // dc.add_to(have, &me); | |
1355 // } | |
1356 // } | |
1357 // } | |
1358 //} | |
1359 tok.skipeol(); | |
1360 } | |
1361 } | |
1362 else if (me.allow_env_to(have)) { | |
1363 me.add_to(have); | |
1364 dc.add_to(have, &me); | |
1365 } | |
1366 else { | |
1367 tok.token_error("user@ or user@domain.tld or domain.tld where domain.tld allowed by parent context", have); | |
1368 return false; | |
1369 } | |
1370 } | |
1371 return tsa(tok, token_semi); | |
1372 } | |
1373 | |
1374 | |
1375 //////////////////////////////////////////////// | |
1376 // | |
1377 bool parse_verify(TOKEN &tok, CONFIG &dc, CONTEXT &me); | |
1378 bool parse_verify(TOKEN &tok, CONFIG &dc, CONTEXT &me) { | |
1379 char *host = tok.next(); | |
1380 if (!tsa(tok, token_semi)) return false; | |
1381 me.set_verify(host); | |
153 | 1382 me.set_verifier(add_verify_host(host)); |
1383 return true; | |
1384 } | |
1385 | |
1386 | |
1387 //////////////////////////////////////////////// | |
1388 // | |
168 | 1389 bool parse_generic(TOKEN &tok, CONFIG &dc, CONTEXT &me); |
1390 bool parse_generic(TOKEN &tok, CONFIG &dc, CONTEXT &me) { | |
1391 char *regx = tok.next(); | |
1392 char *msg = tok.next(); | |
1393 if (!tsa(tok, token_semi)) return false; | |
1394 if (me.set_generic(regx, msg)) { | |
1395 tok.token_error("invalid regular expression %s", regx, regx); | |
1396 return false; | |
1397 } | |
1398 return true; | |
1399 } | |
1400 | |
1401 | |
1402 //////////////////////////////////////////////// | |
1403 // | |
153 | 1404 bool parse_autowhite(TOKEN &tok, CONFIG &dc, CONTEXT &me); |
1405 bool parse_autowhite(TOKEN &tok, CONFIG &dc, CONTEXT &me) { | |
1406 int days = tok.nextint(); | |
1407 char *fn = tok.next(); | |
1408 if (!tsa(tok, token_semi)) return false; | |
1409 me.set_autowhite(fn); | |
1410 me.set_whitelister(add_whitelister_file(fn, days)); | |
99 | 1411 return true; |
94 | 1412 } |
1413 | |
1414 | |
1415 //////////////////////////////////////////////// | |
1416 // | |
1417 bool parse_envfrom(TOKEN &tok, CONFIG &dc, CONTEXT &me); | |
1418 bool parse_envfrom(TOKEN &tok, CONFIG &dc, CONTEXT &me) { | |
1419 char *st = tok.next(); | |
1420 if ((st == token_black) || (st == token_white) || (st == token_unknown) || (st == token_inherit)) { | |
1421 me.set_from_default(st); | |
1422 } | |
1423 else { | |
1424 tok.push(st); | |
1425 } | |
1426 if (!tsa(tok, token_lbrace)) return false; | |
1427 while (true) { | |
1428 char *have = tok.next(); | |
1429 if (!have) break; | |
1430 if (have == token_rbrace) break; | |
1431 if (have == token_semi) { | |
1432 // optional separators | |
1433 } | |
1434 else if (have == token_dccfrom) { | |
1435 if (!tsa(tok, token_lbrace)) return false; | |
1436 bool keeping = false; | |
1437 bool many = false; | |
1438 while (true) { | |
1439 char *have = tok.next(); | |
1440 if (!have) break; | |
1441 if (have == token_rbrace) break; | |
1442 if (have == token_ok) { | |
1443 keeping = true; | |
1444 many = false; | |
1445 continue; | |
1446 } | |
1447 else if (have == token_many) { | |
1448 keeping = true; | |
1449 many = true; | |
1450 continue; | |
1451 } | |
1452 else if (have == token_ok2) { | |
1453 keeping = false; | |
1454 continue; | |
1455 } | |
1456 if (have == token_envfrom) { | |
1457 have = tok.next(); | |
1458 if (keeping) { | |
1459 me.add_from(have, (many) ? token_black : token_white); | |
1460 } | |
1461 } | |
1462 else if (have == token_substitute) { | |
1463 if (tok.next() == token_mailhost) { | |
1464 have = tok.next(); | |
1465 me.add_from(have, (many) ? token_black : token_white); | |
1466 } | |
1467 } | |
1468 tok.skipeol(); | |
1469 } | |
1470 } | |
1471 else { | |
1472 // may be a valid email address or domain name | |
1473 char *st = tok.next(); | |
148
9330b8d6a56b
add documentation fixes, allow env_from target of inherit
carl
parents:
146
diff
changeset
|
1474 if ((st == token_white) || (st == token_black) || (st == token_unknown) || (st == token_inherit)) { |
94 | 1475 me.add_from(have, st); |
1476 } | |
1477 else { | |
1478 CONTEXTP con = me.find_from_context_name(st); | |
1479 if (con) { | |
1480 me.add_from_context(have, con); | |
1481 } | |
1482 else { | |
148
9330b8d6a56b
add documentation fixes, allow env_from target of inherit
carl
parents:
146
diff
changeset
|
1483 tok.token_error("white/black/unknown/inherit or child context name", st); |
94 | 1484 return false; |
1485 } | |
1486 } | |
1487 } | |
1488 } | |
1489 return tsa(tok, token_semi); | |
1490 } | |
1491 | |
1492 | |
1493 //////////////////////////////////////////////// | |
1494 // | |
136 | 1495 bool parse_rate(TOKEN &tok, CONFIG &dc, CONTEXT &me); |
1496 bool parse_rate(TOKEN &tok, CONFIG &dc, CONTEXT &me) { | |
140 | 1497 char *def = tok.next(); |
141 | 1498 tok.push(def); |
1499 if (def != token_lbrace) me.set_default_rate(tok.nextint()); | |
136 | 1500 if (!tsa(tok, token_lbrace)) return false; |
1501 while (true) { | |
1502 char *have = tok.next(); | |
1503 if (!have) break; | |
1504 if (have == token_rbrace) break; | |
1505 if (have == token_semi) { | |
1506 // optional separators | |
1507 } | |
1508 else { | |
140 | 1509 me.add_rate(have, tok.nextint()); |
136 | 1510 } |
1511 } | |
1512 return tsa(tok, token_semi); | |
1513 } | |
1514 | |
1515 | |
1516 //////////////////////////////////////////////// | |
1517 // | |
94 | 1518 bool parse_context(TOKEN &tok, CONFIG &dc, CONTEXTP parent); |
1519 bool parse_context(TOKEN &tok, CONFIG &dc, CONTEXTP parent) { | |
1520 char *name = tok.next(); | |
1521 if (!tsa(tok, token_lbrace)) return false; | |
1522 CONTEXTP con = new CONTEXT(parent, name); | |
1523 | |
1524 while (true) { | |
1525 char *have = tok.next(); | |
1526 if (!have) break; | |
1527 if (have == token_rbrace) break; // done | |
1528 if (have == token_dnsbl) { | |
1529 if (!parse_dnsbl(tok, dc, *con)) return false; | |
1530 } | |
1531 else if (have == token_dnsbll) { | |
1532 if (!parse_dnsbll(tok, dc, *con)) return false; | |
1533 } | |
1534 else if (have == token_content) { | |
1535 if (!parse_content(tok, dc, *con)) return false; | |
1536 } | |
1537 else if (have == token_envto) { | |
1538 if (!parse_envto(tok, dc, *con)) return false; | |
1539 } | |
1540 else if (have == token_verify) { | |
1541 if (!parse_verify(tok, dc, *con)) return false; | |
1542 } | |
168 | 1543 else if (have == token_generic) { |
1544 if (!parse_generic(tok, dc, *con)) return false; | |
1545 } | |
153 | 1546 else if (have == token_autowhite) { |
1547 if (!parse_autowhite(tok, dc, *con)) return false; | |
1548 } | |
94 | 1549 else if (have == token_envfrom) { |
1550 if (!parse_envfrom(tok, dc, *con)) return false; | |
1551 } | |
140 | 1552 else if (have == token_rate) { |
1553 if (parent || dc.default_context) tok.token_error("rate limit ignored in non default context"); | |
136 | 1554 if (!parse_rate(tok, dc, *con)) return false; |
1555 } | |
94 | 1556 else if (have == token_context) { |
1557 if (!parse_context(tok, dc, con)) return false; | |
1558 } | |
1559 else { | |
1560 tok.token_error("context keyword", have); | |
1561 return false; | |
1562 } | |
1563 } | |
1564 | |
1565 if (!tsa(tok, token_semi)) { | |
1566 delete con; | |
1567 return false; | |
1568 } | |
1569 dc.add_context(con); | |
1570 if (parent) parent->add_context(con); | |
1571 return true; | |
1572 } | |
1573 | |
1574 | |
1575 //////////////////////////////////////////////// | |
1576 // parse a config file | |
1577 // | |
1578 bool load_conf(CONFIG &dc, char *fn) { | |
99 | 1579 int count = 0; |
94 | 1580 TOKEN tok(fn, &dc.config_files); |
1581 while (true) { | |
1582 char *have = tok.next(); | |
1583 if (!have) break; | |
1584 if (have == token_context) { | |
1585 if (!parse_context(tok, dc, NULL)) { | |
99 | 1586 tok.token_error("load_conf() failed to parse context"); |
94 | 1587 return false; |
1588 } | |
99 | 1589 else count++; |
94 | 1590 } |
1591 else { | |
1592 tok.token_error(token_context, have); | |
1593 return false; | |
1594 } | |
1595 } | |
99 | 1596 tok.token_error("load_conf() found %d contexts in %s", count, fn); |
94 | 1597 return (dc.default_context) ? true : false; |
1598 } | |
1599 | |
1600 | |
1601 //////////////////////////////////////////////// | |
1602 // init the tokens | |
1603 // | |
1604 void token_init() { | |
163 | 1605 token_autowhite = register_string("autowhite"); |
1606 token_black = register_string("black"); | |
1607 token_cctld = register_string("cctld"); | |
1608 token_content = register_string("content"); | |
1609 token_context = register_string("context"); | |
1610 token_dccfrom = register_string("dcc_from"); | |
1611 token_dccto = register_string("dcc_to"); | |
1612 token_default = register_string("default"); | |
1613 token_dnsbl = register_string("dnsbl"); | |
1614 token_dnsbll = register_string("dnsbl_list"); | |
1615 token_envfrom = register_string("env_from"); | |
1616 token_envto = register_string("env_to"); | |
1617 token_filter = register_string("filter"); | |
168 | 1618 token_generic = register_string("generic"); |
163 | 1619 token_host_limit = register_string("host_limit"); |
1620 token_html_limit = register_string("html_limit"); | |
1621 token_html_tags = register_string("html_tags"); | |
1622 token_ignore = register_string("ignore"); | |
1623 token_include = register_string("include"); | |
1624 token_inherit = register_string("inherit"); | |
1625 token_lbrace = register_string("{"); | |
1626 token_mailhost = register_string("mail_host"); | |
1627 token_many = register_string("many"); | |
1628 token_off = register_string("off"); | |
1629 token_ok = register_string("ok"); | |
1630 token_ok2 = register_string("ok2"); | |
1631 token_on = register_string("on"); | |
1632 token_rate = register_string("rate_limit"); | |
1633 token_rbrace = register_string("}"); | |
1634 token_semi = register_string(";"); | |
1635 token_soft = register_string("soft"); | |
1636 token_spamassassin = register_string("spamassassin"); | |
1637 token_substitute = register_string("substitute"); | |
1638 token_tld = register_string("tld"); | |
1639 token_unknown = register_string("unknown"); | |
1640 token_uribl = register_string("uribl"); | |
1641 token_verify = register_string("verify"); | |
1642 token_white = register_string("white"); | |
94 | 1643 |
1644 if (gethostname(myhostname, HOST_NAME_MAX+1) != 0) { | |
1645 strncpy(myhostname, "localhost", HOST_NAME_MAX+1); | |
1646 } | |
1647 myhostname[HOST_NAME_MAX] = '\0'; // ensure null termination | |
1648 token_myhostname = register_string(myhostname); | |
1649 } |