annotate src/dnsbl.cpp @ 49:4f9e3dc55d38 stable-3-3

properly drop root privs
author carl
date Fri, 09 Jul 2004 14:09:02 -0700
parents 5ef10dc14457
children c2371bb6cf84
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1 /*
96a9758165cd Initial revision
carl
parents:
diff changeset
2
96a9758165cd Initial revision
carl
parents:
diff changeset
3 Copyright (c) 2004 Carl Byington - 510 Software Group, released under
96a9758165cd Initial revision
carl
parents:
diff changeset
4 the GPL version 2 or any later version at your choice available at
96a9758165cd Initial revision
carl
parents:
diff changeset
5 http://www.fsf.org/licenses/gpl.txt
96a9758165cd Initial revision
carl
parents:
diff changeset
6
96a9758165cd Initial revision
carl
parents:
diff changeset
7 Based on a sample milter Copyright (c) 2000-2003 Sendmail, Inc. and its
96a9758165cd Initial revision
carl
parents:
diff changeset
8 suppliers. Inspired by the DCC by Rhyolite Software
96a9758165cd Initial revision
carl
parents:
diff changeset
9
96a9758165cd Initial revision
carl
parents:
diff changeset
10 -p port The port through which the MTA will connect to this milter.
96a9758165cd Initial revision
carl
parents:
diff changeset
11 -t sec The timeout value.
9
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
12 -c Check the config, and print a copy to stdout. Don't start the
4
15a7e942adec updates to use dcc conf files
carl
parents: 3
diff changeset
13 milter or do anything with the socket.
16
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
14 -d Add debug syslog entries
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
15
0
96a9758165cd Initial revision
carl
parents:
diff changeset
16
13
2752e512fd32 finish documentation
carl
parents: 12
diff changeset
17 TODO:
2752e512fd32 finish documentation
carl
parents: 12
diff changeset
18 1) Add config for max_recipients for each mail domain. Recipients in
2752e512fd32 finish documentation
carl
parents: 12
diff changeset
19 excess of that limit will be rejected, and the entire data will be
2752e512fd32 finish documentation
carl
parents: 12
diff changeset
20 rejected if it is sent.
2752e512fd32 finish documentation
carl
parents: 12
diff changeset
21
2752e512fd32 finish documentation
carl
parents: 12
diff changeset
22 2) Add config for poison addresses. If any recipient is poison, all
2752e512fd32 finish documentation
carl
parents: 12
diff changeset
23 recipients are rejected even if they would be whitelisted, and the
2752e512fd32 finish documentation
carl
parents: 12
diff changeset
24 data is rejected if sent.
2752e512fd32 finish documentation
carl
parents: 12
diff changeset
25
34
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
26 3) Add option to only allow one recipient if the return path is empty.
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
27
0
96a9758165cd Initial revision
carl
parents:
diff changeset
28 */
96a9758165cd Initial revision
carl
parents:
diff changeset
29
96a9758165cd Initial revision
carl
parents:
diff changeset
30
96a9758165cd Initial revision
carl
parents:
diff changeset
31 // from sendmail sample
96a9758165cd Initial revision
carl
parents:
diff changeset
32 #include <sys/types.h>
96a9758165cd Initial revision
carl
parents:
diff changeset
33 #include <sys/stat.h>
96a9758165cd Initial revision
carl
parents:
diff changeset
34 #include <errno.h>
96a9758165cd Initial revision
carl
parents:
diff changeset
35 #include <sysexits.h>
96a9758165cd Initial revision
carl
parents:
diff changeset
36 #include <unistd.h>
96a9758165cd Initial revision
carl
parents:
diff changeset
37
96a9758165cd Initial revision
carl
parents:
diff changeset
38 // needed for socket io
96a9758165cd Initial revision
carl
parents:
diff changeset
39 #include <sys/ioctl.h>
96a9758165cd Initial revision
carl
parents:
diff changeset
40 #include <net/if.h>
96a9758165cd Initial revision
carl
parents:
diff changeset
41 #include <arpa/inet.h>
96a9758165cd Initial revision
carl
parents:
diff changeset
42 #include <netinet/in.h>
96a9758165cd Initial revision
carl
parents:
diff changeset
43 #include <netinet/tcp.h>
96a9758165cd Initial revision
carl
parents:
diff changeset
44 #include <netdb.h>
96a9758165cd Initial revision
carl
parents:
diff changeset
45 #include <sys/socket.h>
42
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
46 #include <sys/un.h>
0
96a9758165cd Initial revision
carl
parents:
diff changeset
47
96a9758165cd Initial revision
carl
parents:
diff changeset
48 // needed for thread
96a9758165cd Initial revision
carl
parents:
diff changeset
49 #include <pthread.h>
96a9758165cd Initial revision
carl
parents:
diff changeset
50
96a9758165cd Initial revision
carl
parents:
diff changeset
51 // needed for std c++ collections
96a9758165cd Initial revision
carl
parents:
diff changeset
52 #include <set>
96a9758165cd Initial revision
carl
parents:
diff changeset
53 #include <map>
96a9758165cd Initial revision
carl
parents:
diff changeset
54 #include <list>
96a9758165cd Initial revision
carl
parents:
diff changeset
55
96a9758165cd Initial revision
carl
parents:
diff changeset
56 // for the dns resolver
96a9758165cd Initial revision
carl
parents:
diff changeset
57 #include <netinet/in.h>
96a9758165cd Initial revision
carl
parents:
diff changeset
58 #include <arpa/nameser.h>
96a9758165cd Initial revision
carl
parents:
diff changeset
59 #include <resolv.h>
96a9758165cd Initial revision
carl
parents:
diff changeset
60
96a9758165cd Initial revision
carl
parents:
diff changeset
61 // misc stuff needed here
96a9758165cd Initial revision
carl
parents:
diff changeset
62 #include <ctype.h>
96a9758165cd Initial revision
carl
parents:
diff changeset
63 #include <fstream>
96a9758165cd Initial revision
carl
parents:
diff changeset
64 #include <syslog.h>
42
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
65 #include <pwd.h>
0
96a9758165cd Initial revision
carl
parents:
diff changeset
66
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
67 static char* dnsbl_version="$Id$";
0
96a9758165cd Initial revision
carl
parents:
diff changeset
68
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
69 #define DEFAULT "default"
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
70 #define WHITE "white"
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
71 #define BLACK "black"
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
72 #define OK "ok"
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
73 #define MANY "many"
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
74
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
75 enum status {oksofar, // not rejected yet
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
76 white, // whitelisted by envelope from
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
77 black, // blacklisted by envelope from or to
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
78 reject, // rejected by a dns list
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
79 reject_tag, // too many bad html tags
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
80 reject_host}; // too many hosts/urls in body
1
bd0b1a153f67 no message
carl
parents: 0
diff changeset
81
0
96a9758165cd Initial revision
carl
parents:
diff changeset
82 using namespace std;
96a9758165cd Initial revision
carl
parents:
diff changeset
83
96a9758165cd Initial revision
carl
parents:
diff changeset
84 extern "C" {
96a9758165cd Initial revision
carl
parents:
diff changeset
85 #include "libmilter/mfapi.h"
96a9758165cd Initial revision
carl
parents:
diff changeset
86 sfsistat mlfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr);
96a9758165cd Initial revision
carl
parents:
diff changeset
87 sfsistat mlfi_envfrom(SMFICTX *ctx, char **argv);
96a9758165cd Initial revision
carl
parents:
diff changeset
88 sfsistat mlfi_envrcpt(SMFICTX *ctx, char **argv);
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
89 sfsistat mlfi_body(SMFICTX *ctx, u_char *data, size_t len);
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
90 sfsistat mlfi_eom(SMFICTX *ctx);
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
91 sfsistat mlfi_abort(SMFICTX *ctx);
0
96a9758165cd Initial revision
carl
parents:
diff changeset
92 sfsistat mlfi_close(SMFICTX *ctx);
96a9758165cd Initial revision
carl
parents:
diff changeset
93 }
96a9758165cd Initial revision
carl
parents:
diff changeset
94
96a9758165cd Initial revision
carl
parents:
diff changeset
95 struct ltstr {
96a9758165cd Initial revision
carl
parents:
diff changeset
96 bool operator()(char* s1, char* s2) const {
96a9758165cd Initial revision
carl
parents:
diff changeset
97 return strcmp(s1, s2) < 0;
96a9758165cd Initial revision
carl
parents:
diff changeset
98 }
96a9758165cd Initial revision
carl
parents:
diff changeset
99 };
96a9758165cd Initial revision
carl
parents:
diff changeset
100
96a9758165cd Initial revision
carl
parents:
diff changeset
101 struct DNSBL {
96a9758165cd Initial revision
carl
parents:
diff changeset
102 char *suffix; // blacklist suffix like blackholes.five-ten-sg.com
96a9758165cd Initial revision
carl
parents:
diff changeset
103 char *message; // error message with one or two %s operators for the ip address replacement
96a9758165cd Initial revision
carl
parents:
diff changeset
104 DNSBL(char *s, char *m);
96a9758165cd Initial revision
carl
parents:
diff changeset
105 };
96a9758165cd Initial revision
carl
parents:
diff changeset
106 DNSBL::DNSBL(char *s, char *m) {
96a9758165cd Initial revision
carl
parents:
diff changeset
107 suffix = s;
96a9758165cd Initial revision
carl
parents:
diff changeset
108 message = m;
96a9758165cd Initial revision
carl
parents:
diff changeset
109 }
96a9758165cd Initial revision
carl
parents:
diff changeset
110
96a9758165cd Initial revision
carl
parents:
diff changeset
111 typedef DNSBL * DNSBLP;
96a9758165cd Initial revision
carl
parents:
diff changeset
112 typedef list<DNSBLP> DNSBLL;
96a9758165cd Initial revision
carl
parents:
diff changeset
113 typedef DNSBLL * DNSBLLP;
96a9758165cd Initial revision
carl
parents:
diff changeset
114 typedef map<char *, char *, ltstr> string_map;
96a9758165cd Initial revision
carl
parents:
diff changeset
115 typedef map<char *, string_map *, ltstr> from_map;
96a9758165cd Initial revision
carl
parents:
diff changeset
116 typedef map<char *, DNSBLP, ltstr> dnsblp_map;
96a9758165cd Initial revision
carl
parents:
diff changeset
117 typedef map<char *, DNSBLLP, ltstr> dnsbllp_map;
96a9758165cd Initial revision
carl
parents:
diff changeset
118 typedef set<char *, ltstr> string_set;
44
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
119 typedef set<int> int_set;
0
96a9758165cd Initial revision
carl
parents:
diff changeset
120 typedef list<char *> string_list;
34
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
121 typedef map<char *, int, ltstr> ns_map;
0
96a9758165cd Initial revision
carl
parents:
diff changeset
122
96a9758165cd Initial revision
carl
parents:
diff changeset
123 struct CONFIG {
96a9758165cd Initial revision
carl
parents:
diff changeset
124 // the only mutable stuff once it has been loaded from the config file
96a9758165cd Initial revision
carl
parents:
diff changeset
125 int reference_count; // protected by the global config_mutex
96a9758165cd Initial revision
carl
parents:
diff changeset
126 // all the rest is constant after loading from the config file
29
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
127 int generation;
0
96a9758165cd Initial revision
carl
parents:
diff changeset
128 time_t load_time;
96a9758165cd Initial revision
carl
parents:
diff changeset
129 string_list config_files;
96a9758165cd Initial revision
carl
parents:
diff changeset
130 dnsblp_map dnsbls;
96a9758165cd Initial revision
carl
parents:
diff changeset
131 dnsbllp_map dnsblls;
96a9758165cd Initial revision
carl
parents:
diff changeset
132 from_map env_from;
96a9758165cd Initial revision
carl
parents:
diff changeset
133 string_map env_to_dnsbll; // map recipient to a named dnsbll
96a9758165cd Initial revision
carl
parents:
diff changeset
134 string_map env_to_chkfrom; // map recipient to a named from map
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
135 char * content_suffix; // for sbl url body filtering
9
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
136 char * content_message; // ""
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
137 char * host_limit_message; // error message for excessive host names
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
138 int host_limit; // limit on host names
44
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
139 bool host_random; // pick a random selection of host names rather than error for excessive hosts
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
140 char * tag_limit_message; // error message for excessive bad html tags
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
141 int tag_limit; // limit on bad html tags
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
142 string_set html_tags; // set of valid html tags
28
33e1e3910506 add configurable list of tlds
carl
parents: 27
diff changeset
143 string_set tlds; // set of valid tld components
0
96a9758165cd Initial revision
carl
parents:
diff changeset
144 CONFIG();
96a9758165cd Initial revision
carl
parents:
diff changeset
145 ~CONFIG();
96a9758165cd Initial revision
carl
parents:
diff changeset
146 };
96a9758165cd Initial revision
carl
parents:
diff changeset
147 CONFIG::CONFIG() {
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
148 reference_count = 0;
29
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
149 generation = 0;
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
150 load_time = 0;
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
151 content_suffix = NULL;
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
152 content_message = NULL;
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
153 host_limit_message = NULL;
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
154 host_limit = 0;
44
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
155 host_random = false;
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
156 tag_limit_message = NULL;
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
157 tag_limit = 0;
0
96a9758165cd Initial revision
carl
parents:
diff changeset
158 }
96a9758165cd Initial revision
carl
parents:
diff changeset
159 CONFIG::~CONFIG() {
96a9758165cd Initial revision
carl
parents:
diff changeset
160 for (dnsblp_map::iterator i=dnsbls.begin(); i!=dnsbls.end(); i++) {
96a9758165cd Initial revision
carl
parents:
diff changeset
161 DNSBLP d = (*i).second;
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
162 // delete the underlying DNSBL objects.
0
96a9758165cd Initial revision
carl
parents:
diff changeset
163 delete d;
96a9758165cd Initial revision
carl
parents:
diff changeset
164 }
96a9758165cd Initial revision
carl
parents:
diff changeset
165 for (dnsbllp_map::iterator i=dnsblls.begin(); i!=dnsblls.end(); i++) {
96a9758165cd Initial revision
carl
parents:
diff changeset
166 DNSBLLP d = (*i).second;
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
167 // *d is a list of pointers to DNSBL objects, but
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
168 // the underlying objects have already been deleted above.
0
96a9758165cd Initial revision
carl
parents:
diff changeset
169 delete d;
96a9758165cd Initial revision
carl
parents:
diff changeset
170 }
96a9758165cd Initial revision
carl
parents:
diff changeset
171 for (from_map::iterator i=env_from.begin(); i!=env_from.end(); i++) {
96a9758165cd Initial revision
carl
parents:
diff changeset
172 string_map *d = (*i).second;
96a9758165cd Initial revision
carl
parents:
diff changeset
173 delete d;
96a9758165cd Initial revision
carl
parents:
diff changeset
174 }
96a9758165cd Initial revision
carl
parents:
diff changeset
175 }
96a9758165cd Initial revision
carl
parents:
diff changeset
176
16
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
177 static bool debug_syslog = false;
18
041ea016b684 add scanning for bare hostnames
carl
parents: 16
diff changeset
178 static bool loader_run = true; // used to stop the config loader thread
0
96a9758165cd Initial revision
carl
parents:
diff changeset
179 static string_set all_strings; // owns all the strings, only modified by the config loader thread
96a9758165cd Initial revision
carl
parents:
diff changeset
180 static CONFIG * config = NULL; // protected by the config_mutex
29
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
181 static int generation = 0; // protected by the config_mutex
0
96a9758165cd Initial revision
carl
parents:
diff changeset
182
96a9758165cd Initial revision
carl
parents:
diff changeset
183 static pthread_mutex_t config_mutex;
96a9758165cd Initial revision
carl
parents:
diff changeset
184 static pthread_mutex_t syslog_mutex;
96a9758165cd Initial revision
carl
parents:
diff changeset
185 static pthread_mutex_t resolve_mutex;
96a9758165cd Initial revision
carl
parents:
diff changeset
186
41
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
187 struct mlfiPriv;
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
188
0
96a9758165cd Initial revision
carl
parents:
diff changeset
189
96a9758165cd Initial revision
carl
parents:
diff changeset
190 ////////////////////////////////////////////////
34
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
191 // helper to discard the strings and objects held by an ns_map
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
192 //
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
193 static void discard(ns_map &s);
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
194 static void discard(ns_map &s) {
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
195 for (ns_map::iterator i=s.begin(); i!=s.end(); i++) {
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
196 char *x = (*i).first;
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
197 free(x);
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
198 }
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
199 s.clear();
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
200 }
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
201
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
202 ////////////////////////////////////////////////
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
203 // helper to register a string in an ns_map
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
204 //
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
205 static void register_string(ns_map &s, char *name);
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
206 static void register_string(ns_map &s, char *name) {
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
207 ns_map::iterator i = s.find(name);
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
208 if (i != s.end()) return;
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
209 char *x = strdup(name);
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
210 s[x] = 0;
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
211 }
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
212
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
213 ////////////////////////////////////////////////
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
214 // helper to discard the strings held by a string_set
0
96a9758165cd Initial revision
carl
parents:
diff changeset
215 //
9
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
216 static void discard(string_set &s);
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
217 static void discard(string_set &s) {
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
218 for (string_set::iterator i=s.begin(); i!=s.end(); i++) {
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
219 free(*i);
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
220 }
9
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
221 s.clear();
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
222 }
0
96a9758165cd Initial revision
carl
parents:
diff changeset
223
12
6ac6d6b822ce fix memory leak with duplicate url host names,
carl
parents: 11
diff changeset
224 ////////////////////////////////////////////////
6ac6d6b822ce fix memory leak with duplicate url host names,
carl
parents: 11
diff changeset
225 // helper to register a string in a string set
6ac6d6b822ce fix memory leak with duplicate url host names,
carl
parents: 11
diff changeset
226 //
6ac6d6b822ce fix memory leak with duplicate url host names,
carl
parents: 11
diff changeset
227 static char* register_string(string_set &s, char *name);
6ac6d6b822ce fix memory leak with duplicate url host names,
carl
parents: 11
diff changeset
228 static char* register_string(string_set &s, char *name) {
6ac6d6b822ce fix memory leak with duplicate url host names,
carl
parents: 11
diff changeset
229 string_set::iterator i = s.find(name);
6ac6d6b822ce fix memory leak with duplicate url host names,
carl
parents: 11
diff changeset
230 if (i != s.end()) return *i;
6ac6d6b822ce fix memory leak with duplicate url host names,
carl
parents: 11
diff changeset
231 char *x = strdup(name);
6ac6d6b822ce fix memory leak with duplicate url host names,
carl
parents: 11
diff changeset
232 s.insert(x);
6ac6d6b822ce fix memory leak with duplicate url host names,
carl
parents: 11
diff changeset
233 return x;
6ac6d6b822ce fix memory leak with duplicate url host names,
carl
parents: 11
diff changeset
234 }
6ac6d6b822ce fix memory leak with duplicate url host names,
carl
parents: 11
diff changeset
235
16
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
236 ////////////////////////////////////////////////
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
237 // syslog a message
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
238 //
41
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
239 static void my_syslog(mlfiPriv *priv, char *text);
16
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
240
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
241
12
6ac6d6b822ce fix memory leak with duplicate url host names,
carl
parents: 11
diff changeset
242 // include the content scanner
6ac6d6b822ce fix memory leak with duplicate url host names,
carl
parents: 11
diff changeset
243 #include "scanner.cpp"
6ac6d6b822ce fix memory leak with duplicate url host names,
carl
parents: 11
diff changeset
244
6ac6d6b822ce fix memory leak with duplicate url host names,
carl
parents: 11
diff changeset
245
0
96a9758165cd Initial revision
carl
parents:
diff changeset
246 ////////////////////////////////////////////////
96a9758165cd Initial revision
carl
parents:
diff changeset
247 // mail filter private data, held for us by sendmail
96a9758165cd Initial revision
carl
parents:
diff changeset
248 //
96a9758165cd Initial revision
carl
parents:
diff changeset
249 struct mlfiPriv
96a9758165cd Initial revision
carl
parents:
diff changeset
250 {
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
251 // connection specific data
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
252 CONFIG *pc; // global context with our maps
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
253 int ip; // ip4 address of the smtp client
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
254 map<DNSBLP, status> checked; // status from those lists
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
255 // message specific data
0
96a9758165cd Initial revision
carl
parents:
diff changeset
256 char *mailaddr; // envelope from value
41
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
257 char *queueid; // sendmail queue id
0
96a9758165cd Initial revision
carl
parents:
diff changeset
258 bool authenticated; // client authenticated? if so, suppress all dnsbl checks
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
259 bool have_whites; // have at least one whitelisted recipient? need to accept content and remove all non-whitelisted recipients if it fails
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
260 bool only_whites; // every recipient is whitelisted?
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
261 string_set non_whites; // remember the non-whitelisted recipients so we can remove them if need be
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
262 recorder *memory; // memory for the content scanner
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
263 url_scanner *scanner; // object to handle body scanning
0
96a9758165cd Initial revision
carl
parents:
diff changeset
264 mlfiPriv();
96a9758165cd Initial revision
carl
parents:
diff changeset
265 ~mlfiPriv();
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
266 void reset(bool final = false); // for a new message
0
96a9758165cd Initial revision
carl
parents:
diff changeset
267 };
96a9758165cd Initial revision
carl
parents:
diff changeset
268 mlfiPriv::mlfiPriv() {
96a9758165cd Initial revision
carl
parents:
diff changeset
269 pthread_mutex_lock(&config_mutex);
96a9758165cd Initial revision
carl
parents:
diff changeset
270 pc = config;
96a9758165cd Initial revision
carl
parents:
diff changeset
271 pc->reference_count++;
96a9758165cd Initial revision
carl
parents:
diff changeset
272 pthread_mutex_unlock(&config_mutex);
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
273 ip = 0;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
274 mailaddr = NULL;
41
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
275 queueid = NULL;
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
276 authenticated = false;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
277 have_whites = false;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
278 only_whites = true;
41
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
279 memory = new recorder(this, &pc->html_tags, &pc->tlds);
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
280 scanner = new url_scanner(memory);
0
96a9758165cd Initial revision
carl
parents:
diff changeset
281 }
96a9758165cd Initial revision
carl
parents:
diff changeset
282 mlfiPriv::~mlfiPriv() {
96a9758165cd Initial revision
carl
parents:
diff changeset
283 pthread_mutex_lock(&config_mutex);
96a9758165cd Initial revision
carl
parents:
diff changeset
284 pc->reference_count--;
96a9758165cd Initial revision
carl
parents:
diff changeset
285 pthread_mutex_unlock(&config_mutex);
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
286 reset(true);
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
287 }
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
288 void mlfiPriv::reset(bool final) {
0
96a9758165cd Initial revision
carl
parents:
diff changeset
289 if (mailaddr) free(mailaddr);
41
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
290 if (queueid) free(queueid);
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
291 discard(non_whites);
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
292 delete memory;
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
293 delete scanner;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
294 if (!final) {
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
295 mailaddr = NULL;
41
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
296 queueid = NULL;
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
297 authenticated = false;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
298 have_whites = false;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
299 only_whites = true;
41
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
300 memory = new recorder(this, &pc->html_tags, &pc->tlds);
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
301 scanner = new url_scanner(memory);
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
302 }
0
96a9758165cd Initial revision
carl
parents:
diff changeset
303 }
96a9758165cd Initial revision
carl
parents:
diff changeset
304
96a9758165cd Initial revision
carl
parents:
diff changeset
305 #define MLFIPRIV ((struct mlfiPriv *) smfi_getpriv(ctx))
96a9758165cd Initial revision
carl
parents:
diff changeset
306
96a9758165cd Initial revision
carl
parents:
diff changeset
307
96a9758165cd Initial revision
carl
parents:
diff changeset
308 ////////////////////////////////////////////////
41
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
309 // syslog a message
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
310 //
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
311 static void my_syslog(mlfiPriv *priv, char *text) {
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
312 char buf[1000];
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
313 if (priv) {
42
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
314 snprintf(buf, sizeof(buf), "%s: %s", priv->queueid, text);
41
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
315 text = buf;
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
316 }
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
317 pthread_mutex_lock(&syslog_mutex);
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
318 openlog("dnsbl", LOG_PID, LOG_MAIL);
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
319 syslog(LOG_NOTICE, "%s", text);
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
320 closelog();
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
321 pthread_mutex_unlock(&syslog_mutex);
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
322 }
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
323
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
324 static void my_syslog(char *text);
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
325 static void my_syslog(char *text) {
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
326 my_syslog(NULL, text);
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
327 }
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
328
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
329 ////////////////////////////////////////////////
0
96a9758165cd Initial revision
carl
parents:
diff changeset
330 // register a global string
96a9758165cd Initial revision
carl
parents:
diff changeset
331 //
96a9758165cd Initial revision
carl
parents:
diff changeset
332 static char* register_string(char *name);
96a9758165cd Initial revision
carl
parents:
diff changeset
333 static char* register_string(char *name) {
12
6ac6d6b822ce fix memory leak with duplicate url host names,
carl
parents: 11
diff changeset
334 return register_string(all_strings, name);
0
96a9758165cd Initial revision
carl
parents:
diff changeset
335 }
96a9758165cd Initial revision
carl
parents:
diff changeset
336
96a9758165cd Initial revision
carl
parents:
diff changeset
337
96a9758165cd Initial revision
carl
parents:
diff changeset
338 static char* next_token(char *delim);
96a9758165cd Initial revision
carl
parents:
diff changeset
339 static char* next_token(char *delim) {
96a9758165cd Initial revision
carl
parents:
diff changeset
340 char *name = strtok(NULL, delim);
96a9758165cd Initial revision
carl
parents:
diff changeset
341 if (!name) return name;
96a9758165cd Initial revision
carl
parents:
diff changeset
342 return register_string(name);
96a9758165cd Initial revision
carl
parents:
diff changeset
343 }
96a9758165cd Initial revision
carl
parents:
diff changeset
344
96a9758165cd Initial revision
carl
parents:
diff changeset
345
96a9758165cd Initial revision
carl
parents:
diff changeset
346 ////////////////////////////////////////////////
96a9758165cd Initial revision
carl
parents:
diff changeset
347 // lookup an email address in the env_from or env_to maps
96a9758165cd Initial revision
carl
parents:
diff changeset
348 //
96a9758165cd Initial revision
carl
parents:
diff changeset
349 static char* lookup1(char *email, string_map map);
96a9758165cd Initial revision
carl
parents:
diff changeset
350 static char* lookup1(char *email, string_map map) {
96a9758165cd Initial revision
carl
parents:
diff changeset
351 string_map::iterator i = map.find(email);
96a9758165cd Initial revision
carl
parents:
diff changeset
352 if (i != map.end()) return (*i).second;
96a9758165cd Initial revision
carl
parents:
diff changeset
353 char *x = strchr(email, '@');
96a9758165cd Initial revision
carl
parents:
diff changeset
354 if (!x) return DEFAULT;
96a9758165cd Initial revision
carl
parents:
diff changeset
355 x++;
96a9758165cd Initial revision
carl
parents:
diff changeset
356 i = map.find(x);
96a9758165cd Initial revision
carl
parents:
diff changeset
357 if (i != map.end()) return (*i).second;
96a9758165cd Initial revision
carl
parents:
diff changeset
358 return DEFAULT;
96a9758165cd Initial revision
carl
parents:
diff changeset
359 }
96a9758165cd Initial revision
carl
parents:
diff changeset
360
96a9758165cd Initial revision
carl
parents:
diff changeset
361
96a9758165cd Initial revision
carl
parents:
diff changeset
362 ////////////////////////////////////////////////
96a9758165cd Initial revision
carl
parents:
diff changeset
363 // lookup an email address in the env_from or env_to maps
96a9758165cd Initial revision
carl
parents:
diff changeset
364 // this email address is passed in from sendmail, and will
96a9758165cd Initial revision
carl
parents:
diff changeset
365 // always be enclosed in <>. It may have mixed case, just
96a9758165cd Initial revision
carl
parents:
diff changeset
366 // as the mail client sent it.
96a9758165cd Initial revision
carl
parents:
diff changeset
367 //
96a9758165cd Initial revision
carl
parents:
diff changeset
368 static char* lookup(char* email, string_map map);
96a9758165cd Initial revision
carl
parents:
diff changeset
369 static char* lookup(char* email, string_map map) {
96a9758165cd Initial revision
carl
parents:
diff changeset
370 int n = strlen(email)-2;
96a9758165cd Initial revision
carl
parents:
diff changeset
371 if (n < 1) return DEFAULT; // malformed
96a9758165cd Initial revision
carl
parents:
diff changeset
372 char *key = strdup(email+1);
96a9758165cd Initial revision
carl
parents:
diff changeset
373 key[n] = '\0';
96a9758165cd Initial revision
carl
parents:
diff changeset
374 for (int i=0; i<n; i++) key[i] = tolower(key[i]);
96a9758165cd Initial revision
carl
parents:
diff changeset
375 char *rc = lookup1(key, map);
96a9758165cd Initial revision
carl
parents:
diff changeset
376 free(key);
96a9758165cd Initial revision
carl
parents:
diff changeset
377 return rc;
96a9758165cd Initial revision
carl
parents:
diff changeset
378 }
96a9758165cd Initial revision
carl
parents:
diff changeset
379
96a9758165cd Initial revision
carl
parents:
diff changeset
380
96a9758165cd Initial revision
carl
parents:
diff changeset
381 ////////////////////////////////////////////////
96a9758165cd Initial revision
carl
parents:
diff changeset
382 // find the dnsbl with a specific name
96a9758165cd Initial revision
carl
parents:
diff changeset
383 //
96a9758165cd Initial revision
carl
parents:
diff changeset
384 static DNSBLP find_dnsbl(CONFIG &dc, char *name);
96a9758165cd Initial revision
carl
parents:
diff changeset
385 static DNSBLP find_dnsbl(CONFIG &dc, char *name) {
96a9758165cd Initial revision
carl
parents:
diff changeset
386 dnsblp_map::iterator i = dc.dnsbls.find(name);
96a9758165cd Initial revision
carl
parents:
diff changeset
387 if (i == dc.dnsbls.end()) return NULL;
96a9758165cd Initial revision
carl
parents:
diff changeset
388 return (*i).second;
96a9758165cd Initial revision
carl
parents:
diff changeset
389 }
96a9758165cd Initial revision
carl
parents:
diff changeset
390
96a9758165cd Initial revision
carl
parents:
diff changeset
391
96a9758165cd Initial revision
carl
parents:
diff changeset
392 ////////////////////////////////////////////////
96a9758165cd Initial revision
carl
parents:
diff changeset
393 // find the dnsbll with a specific name
96a9758165cd Initial revision
carl
parents:
diff changeset
394 //
96a9758165cd Initial revision
carl
parents:
diff changeset
395 static DNSBLLP find_dnsbll(CONFIG &dc, char *name);
96a9758165cd Initial revision
carl
parents:
diff changeset
396 static DNSBLLP find_dnsbll(CONFIG &dc, char *name) {
96a9758165cd Initial revision
carl
parents:
diff changeset
397 dnsbllp_map::iterator i = dc.dnsblls.find(name);
96a9758165cd Initial revision
carl
parents:
diff changeset
398 if (i == dc.dnsblls.end()) return NULL;
96a9758165cd Initial revision
carl
parents:
diff changeset
399 return (*i).second;
96a9758165cd Initial revision
carl
parents:
diff changeset
400 }
96a9758165cd Initial revision
carl
parents:
diff changeset
401
96a9758165cd Initial revision
carl
parents:
diff changeset
402
96a9758165cd Initial revision
carl
parents:
diff changeset
403 ////////////////////////////////////////////////
96a9758165cd Initial revision
carl
parents:
diff changeset
404 // find the envfrom map with a specific name
96a9758165cd Initial revision
carl
parents:
diff changeset
405 //
96a9758165cd Initial revision
carl
parents:
diff changeset
406 static string_map* find_from_map(CONFIG &dc, char *name);
96a9758165cd Initial revision
carl
parents:
diff changeset
407 static string_map* find_from_map(CONFIG &dc, char *name) {
96a9758165cd Initial revision
carl
parents:
diff changeset
408 from_map::iterator i = dc.env_from.find(name);
96a9758165cd Initial revision
carl
parents:
diff changeset
409 if (i == dc.env_from.end()) return NULL;
96a9758165cd Initial revision
carl
parents:
diff changeset
410 return (*i).second;
96a9758165cd Initial revision
carl
parents:
diff changeset
411 }
96a9758165cd Initial revision
carl
parents:
diff changeset
412
96a9758165cd Initial revision
carl
parents:
diff changeset
413
96a9758165cd Initial revision
carl
parents:
diff changeset
414 static string_map& really_find_from_map(CONFIG &dc, char *name);
96a9758165cd Initial revision
carl
parents:
diff changeset
415 static string_map& really_find_from_map(CONFIG &dc, char *name) {
96a9758165cd Initial revision
carl
parents:
diff changeset
416 string_map *sm = find_from_map(dc, name);
96a9758165cd Initial revision
carl
parents:
diff changeset
417 if (!sm) {
96a9758165cd Initial revision
carl
parents:
diff changeset
418 sm = new string_map;
96a9758165cd Initial revision
carl
parents:
diff changeset
419 dc.env_from[name] = sm;
96a9758165cd Initial revision
carl
parents:
diff changeset
420 }
96a9758165cd Initial revision
carl
parents:
diff changeset
421 return *sm;
96a9758165cd Initial revision
carl
parents:
diff changeset
422 }
96a9758165cd Initial revision
carl
parents:
diff changeset
423
96a9758165cd Initial revision
carl
parents:
diff changeset
424
96a9758165cd Initial revision
carl
parents:
diff changeset
425 ////////////////////////////////////////////////
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
426 //
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
427 // ask a dns question and get an A record answer - we don't try
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
428 // very hard, just using the default resolver retry settings.
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
429 // If we cannot get an answer, we just accept the mail. The
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
430 // caller must ensure thread safety.
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
431 //
0
96a9758165cd Initial revision
carl
parents:
diff changeset
432 //
34
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
433 static int dns_interface(char *question, bool maybe_ip, ns_map *nameservers);
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
434 static int dns_interface(char *question, bool maybe_ip, ns_map *nameservers) {
16
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
435 #ifdef NS_PACKETSZ
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
436 u_char answer[NS_PACKETSZ];
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
437 int length = res_search(question, ns_c_in, ns_t_a, answer, sizeof(answer));
23
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
438 if (length >= 0) { // no error yet
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
439 // parse the answer
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
440 ns_msg handle;
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
441 ns_rr rr;
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
442 if (ns_initparse(answer, length, &handle) == 0) {
34
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
443 // look for ns names
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
444 if (nameservers) {
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
445 ns_map &ns = *nameservers;
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
446 int rrnum = 0;
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
447 while (ns_parserr(&handle, ns_s_ns, rrnum++, &rr) == 0) {
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
448 if (ns_rr_type(rr) == ns_t_ns) {
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
449 char nam[NS_MAXDNAME+1];
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
450 char *n = nam;
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
451 const u_char *p = ns_rr_rdata(rr);
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
452 while (((n-nam) < NS_MAXDNAME) && ((p-answer) < length) && *p) {
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
453 size_t s = *(p++);
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
454 if (s > 191) {
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
455 // compression pointer
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
456 s = (s-192)*256 + *(p++);
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
457 if (s >= length) break; // pointer outside bounds of answer
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
458 p = answer + s;
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
459 s = *(p++);
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
460 }
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
461 if (s > 0) {
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
462 if ((n-nam) >= (NS_MAXDNAME-s)) break; // destination would overflow name buffer
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
463 if ((p-answer) >= (length-s)) break; // source outside bounds of answer
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
464 memcpy(n, p, s);
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
465 n += s;
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
466 p += s;
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
467 *(n++) = '.';
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
468 }
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
469 }
36
95607fbef608 no message
carl
parents: 35
diff changeset
470 if (n-nam) n--; // remove trailing .
95607fbef608 no message
carl
parents: 35
diff changeset
471 *n = '\0'; // null terminate it
34
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
472 register_string(ns, nam); // ns host to lookup later
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
473 }
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
474 }
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
475 rrnum = 0;
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
476 while (ns_parserr(&handle, ns_s_ar, rrnum++, &rr) == 0) {
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
477 if (ns_rr_type(rr) == ns_t_a) {
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
478 char* nam = (char*)ns_rr_name(rr);
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
479 ns_map::iterator i = ns.find(nam);
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
480 if (i != ns.end()) {
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
481 // we want this ip address
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
482 int address;
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
483 memcpy(&address, ns_rr_rdata(rr), sizeof(address));
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
484 ns[nam] = address;
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
485 }
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
486 }
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
487 }
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
488 }
23
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
489 int rrnum = 0;
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
490 while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) {
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
491 if (ns_rr_type(rr) == ns_t_a) {
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
492 int address;
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
493 memcpy(&address, ns_rr_rdata(rr), sizeof(address));
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
494 return address;
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
495 }
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
496 }
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
497 }
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
498 }
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
499 if (maybe_ip) {
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
500 // might be a bare ip address
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
501 in_addr ip;
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
502 if (inet_aton(question, &ip)) {
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
carl
parents: 22
diff changeset
503 return ip.s_addr;
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
504 }
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
505 }
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
506 return 0;
16
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
507 #else
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
508 struct hostent *host = gethostbyname(question);
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
509 if (!host) return 0;
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
510 if (host->h_addrtype != AF_INET) return 0;
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
511 int address;
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
512 memcpy(&address, host->h_addr, sizeof(address));
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
513 return address;
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
514 #endif
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
515 }
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
516
34
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
517 static int protected_dns_interface(char *question, bool maybe_ip, ns_map *nameservers);
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
518 static int protected_dns_interface(char *question, bool maybe_ip, ns_map *nameservers) {
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
519 int ans;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
520 pthread_mutex_lock(&resolve_mutex);
34
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
521 ans = dns_interface(question, maybe_ip, nameservers);
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
522 pthread_mutex_unlock(&resolve_mutex);
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
523 return ans;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
524
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
525 }
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
526
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
527 ////////////////////////////////////////////////
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
528 // check a single dnsbl
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
529 //
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
530 static status check_single(int ip, char *suffix);
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
531 static status check_single(int ip, char *suffix) {
0
96a9758165cd Initial revision
carl
parents:
diff changeset
532 // make a dns question
96a9758165cd Initial revision
carl
parents:
diff changeset
533 const u_char *src = (const u_char *)&ip;
96a9758165cd Initial revision
carl
parents:
diff changeset
534 if (src[0] == 127) return oksofar; // don't do dns lookups on localhost
16
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
535 #ifdef NS_MAXDNAME
0
96a9758165cd Initial revision
carl
parents:
diff changeset
536 char question[NS_MAXDNAME];
16
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
537 #else
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
538 char question[1000];
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
539 #endif
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
540 snprintf(question, sizeof(question), "%u.%u.%u.%u.%s.", src[3], src[2], src[1], src[0], suffix);
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
541 // ask the question, if we get an A record it implies a blacklisted ip address
34
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
542 return (protected_dns_interface(question, false, NULL)) ? reject : oksofar;
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
543 }
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
544
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
545
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
546 ////////////////////////////////////////////////
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
547 // check a single dnsbl
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
548 //
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
549 static status check_single(int ip, DNSBL &bl);
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
550 static status check_single(int ip, DNSBL &bl) {
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
551 return check_single(ip, bl.suffix);
0
96a9758165cd Initial revision
carl
parents:
diff changeset
552 }
96a9758165cd Initial revision
carl
parents:
diff changeset
553
96a9758165cd Initial revision
carl
parents:
diff changeset
554
96a9758165cd Initial revision
carl
parents:
diff changeset
555 ////////////////////////////////////////////////
96a9758165cd Initial revision
carl
parents:
diff changeset
556 // check the dnsbls specified for this recipient
96a9758165cd Initial revision
carl
parents:
diff changeset
557 //
96a9758165cd Initial revision
carl
parents:
diff changeset
558 static status check_dnsbl(mlfiPriv &priv, DNSBLLP dnsbllp, DNSBLP &rejectlist);
96a9758165cd Initial revision
carl
parents:
diff changeset
559 static status check_dnsbl(mlfiPriv &priv, DNSBLLP dnsbllp, DNSBLP &rejectlist) {
96a9758165cd Initial revision
carl
parents:
diff changeset
560 if (priv.authenticated) return oksofar;
96a9758165cd Initial revision
carl
parents:
diff changeset
561 if (!dnsbllp) return oksofar;
96a9758165cd Initial revision
carl
parents:
diff changeset
562 DNSBLL &dnsbll = *dnsbllp;
96a9758165cd Initial revision
carl
parents:
diff changeset
563 for (DNSBLL::iterator i=dnsbll.begin(); i!=dnsbll.end(); i++) {
96a9758165cd Initial revision
carl
parents:
diff changeset
564 DNSBLP dp = *i; // non null by construction
96a9758165cd Initial revision
carl
parents:
diff changeset
565 status st;
96a9758165cd Initial revision
carl
parents:
diff changeset
566 map<DNSBLP, status>::iterator f = priv.checked.find(dp);
96a9758165cd Initial revision
carl
parents:
diff changeset
567 if (f == priv.checked.end()) {
96a9758165cd Initial revision
carl
parents:
diff changeset
568 // have not checked this list yet
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
569 st = check_single(priv.ip, *dp);
0
96a9758165cd Initial revision
carl
parents:
diff changeset
570 rejectlist = dp;
96a9758165cd Initial revision
carl
parents:
diff changeset
571 priv.checked[dp] = st;
96a9758165cd Initial revision
carl
parents:
diff changeset
572 }
96a9758165cd Initial revision
carl
parents:
diff changeset
573 else {
96a9758165cd Initial revision
carl
parents:
diff changeset
574 st = (*f).second;
96a9758165cd Initial revision
carl
parents:
diff changeset
575 rejectlist = (*f).first;
96a9758165cd Initial revision
carl
parents:
diff changeset
576 }
96a9758165cd Initial revision
carl
parents:
diff changeset
577 if (st == reject) return st;
96a9758165cd Initial revision
carl
parents:
diff changeset
578 }
96a9758165cd Initial revision
carl
parents:
diff changeset
579 return oksofar;
96a9758165cd Initial revision
carl
parents:
diff changeset
580 }
96a9758165cd Initial revision
carl
parents:
diff changeset
581
96a9758165cd Initial revision
carl
parents:
diff changeset
582
96a9758165cd Initial revision
carl
parents:
diff changeset
583 ////////////////////////////////////////////////
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
584 // check the dnsbls specified for this recipient
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
585 //
16
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
586 static status check_hosts(mlfiPriv &priv, char *&host, int &ip);
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
587 static status check_hosts(mlfiPriv &priv, char *&host, int &ip) {
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
588 CONFIG &dc = *priv.pc;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
589 if (!dc.content_suffix) return oksofar;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
590 int count = 0;
34
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
591 ns_map nameservers;
44
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
592 bool ran = priv.pc->host_random;
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
593 int lim = priv.pc->host_limit; // we should not look at more than this many hosts
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
594 int cnt = priv.memory->hosts.size(); // number of hosts we could look at
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
595 int_set ips; // remove duplicate ip addresses
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
596 for (string_set::iterator i=priv.memory->hosts.begin(); i!=priv.memory->hosts.end(); i++) {
44
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
597 host = *i; // a reference into priv.memory->hosts, which will live until this smtp transaction is closed
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
598 if ((cnt > lim) && (lim > 0) && ran) {
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
599 // try to only look at lim/cnt fraction of the available cnt host names
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
600 int r = rand() % cnt;
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
601 if (r >= lim) {
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
602 char buf[1000];
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
603 snprintf(buf, sizeof(buf), "host %s skipped", host);
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
604 my_syslog(&priv, buf);
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
605 continue;
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
606 }
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
607 }
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
608 count++;
44
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
609 if ((count > lim) && (lim > 0) && (!ran)) {
34
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
610 discard(nameservers);
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
611 return reject_host;
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
612 }
44
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
613 ip = protected_dns_interface(host, true, &nameservers);
16
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
614 if (debug_syslog) {
44
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
615 char buf[1000];
29
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
616 if (ip) {
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
617 char adr[sizeof "255.255.255.255"];
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
618 adr[0] = '\0';
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
619 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
620 snprintf(buf, sizeof(buf), "host %s found at %s", host, adr);
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
621 }
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
622 else {
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
623 snprintf(buf, sizeof(buf), "host %s not found", host);
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
624 }
41
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
625 my_syslog(&priv, buf);
16
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
626 }
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
627 if (ip) {
44
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
628 int_set::iterator i = ips.find(ip);
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
629 if (i == ips.end()) {
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
630 ips.insert(ip);
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
631 status st = check_single(ip, dc.content_suffix);
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
632 if (st == reject) {
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
633 discard(nameservers);
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
634 return st;
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
635 }
34
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
636 }
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
637 }
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
638 }
34
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
639 lim *= 4; // allow average of 3 ns per host name
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
640 for (ns_map::iterator i=nameservers.begin(); i!=nameservers.end(); i++) {
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
641 count++;
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
642 if ((count > lim) && (lim > 0)) {
44
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
643 if (ran) continue; // don't complain
34
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
644 discard(nameservers);
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
645 return reject_host;
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
646 }
36
95607fbef608 no message
carl
parents: 35
diff changeset
647 host = (*i).first; // a transient reference that needs to be replaced before we return it
34
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
648 ip = (*i).second;
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
649 if (!ip) ip = protected_dns_interface(host, false, NULL);
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
650 if (debug_syslog) {
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
651 char buf[200];
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
652 if (ip) {
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
653 char adr[sizeof "255.255.255.255"];
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
654 adr[0] = '\0';
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
655 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
656 snprintf(buf, sizeof(buf), "ns %s found at %s", host, adr);
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
657 }
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
658 else {
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
659 snprintf(buf, sizeof(buf), "ns %s not found", host);
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
660 }
41
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
661 my_syslog(&priv, buf);
34
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
662 }
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
663 if (ip) {
44
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
664 int_set::iterator i = ips.find(ip);
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
665 if (i == ips.end()) {
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
666 ips.insert(ip);
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
667 status st = check_single(ip, dc.content_suffix);
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
668 if (st == reject) {
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
669 host = register_string(priv.memory->hosts, host); // put a copy into priv.memory->hosts, and return that reference
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
670 discard(nameservers);
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
671 return st;
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
672 }
34
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
673 }
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
674 }
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
675 }
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
676 discard(nameservers);
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
677 host = NULL;
26
fdae7ab30cfc allow normal and terminator versions of tags
carl
parents: 24
diff changeset
678 int bin = priv.memory->binary_tags;
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
679 int bad = priv.memory->bad_html_tags;
34
fc7f8f3ea90f look for NS records on the SBL also
carl
parents: 29
diff changeset
680 lim = priv.pc->tag_limit;
41
d95af8129dfa updates for 3.2, changing file layout, add queueid to messages
carl
parents: 40
diff changeset
681 if (3*bin > bad) return oksofar; // probably .zip or .tar.gz with random content
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
682 if ((bad > lim) && (lim > 0)) return reject_tag;
9
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
683 return oksofar;
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
684 }
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
685
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
686
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
687 ////////////////////////////////////////////////
0
96a9758165cd Initial revision
carl
parents:
diff changeset
688 // start of sendmail milter interfaces
96a9758165cd Initial revision
carl
parents:
diff changeset
689 //
96a9758165cd Initial revision
carl
parents:
diff changeset
690 sfsistat mlfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr)
96a9758165cd Initial revision
carl
parents:
diff changeset
691 {
96a9758165cd Initial revision
carl
parents:
diff changeset
692 // allocate some private memory
96a9758165cd Initial revision
carl
parents:
diff changeset
693 mlfiPriv *priv = new mlfiPriv;
96a9758165cd Initial revision
carl
parents:
diff changeset
694 if (hostaddr->sa_family == AF_INET) {
96a9758165cd Initial revision
carl
parents:
diff changeset
695 priv->ip = ((struct sockaddr_in *)hostaddr)->sin_addr.s_addr;
96a9758165cd Initial revision
carl
parents:
diff changeset
696 }
96a9758165cd Initial revision
carl
parents:
diff changeset
697
96a9758165cd Initial revision
carl
parents:
diff changeset
698 // save the private data
96a9758165cd Initial revision
carl
parents:
diff changeset
699 smfi_setpriv(ctx, (void*)priv);
96a9758165cd Initial revision
carl
parents:
diff changeset
700
96a9758165cd Initial revision
carl
parents:
diff changeset
701 // continue processing
96a9758165cd Initial revision
carl
parents:
diff changeset
702 return SMFIS_CONTINUE;
96a9758165cd Initial revision
carl
parents:
diff changeset
703 }
96a9758165cd Initial revision
carl
parents:
diff changeset
704
96a9758165cd Initial revision
carl
parents:
diff changeset
705 sfsistat mlfi_envfrom(SMFICTX *ctx, char **from)
96a9758165cd Initial revision
carl
parents:
diff changeset
706 {
96a9758165cd Initial revision
carl
parents:
diff changeset
707 mlfiPriv &priv = *MLFIPRIV;
96a9758165cd Initial revision
carl
parents:
diff changeset
708 priv.mailaddr = strdup(from[0]);
96a9758165cd Initial revision
carl
parents:
diff changeset
709 priv.authenticated = (smfi_getsymval(ctx, "{auth_authen}") != NULL);
96a9758165cd Initial revision
carl
parents:
diff changeset
710 return SMFIS_CONTINUE;
96a9758165cd Initial revision
carl
parents:
diff changeset
711 }
96a9758165cd Initial revision
carl
parents:
diff changeset
712
96a9758165cd Initial revision
carl
parents:
diff changeset
713 sfsistat mlfi_envrcpt(SMFICTX *ctx, char **rcpt)
96a9758165cd Initial revision
carl
parents:
diff changeset
714 {
96a9758165cd Initial revision
carl
parents:
diff changeset
715 DNSBLP rejectlist = NULL; // list that caused the reject
96a9758165cd Initial revision
carl
parents:
diff changeset
716 status st = oksofar;
96a9758165cd Initial revision
carl
parents:
diff changeset
717 mlfiPriv &priv = *MLFIPRIV;
96a9758165cd Initial revision
carl
parents:
diff changeset
718 CONFIG &dc = *priv.pc;
42
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
719 if (!priv.queueid) priv.queueid = strdup(smfi_getsymval(ctx, "i"));
0
96a9758165cd Initial revision
carl
parents:
diff changeset
720 char *rcptaddr = rcpt[0];
96a9758165cd Initial revision
carl
parents:
diff changeset
721 char *dnsname = lookup(rcptaddr, dc.env_to_dnsbll);
96a9758165cd Initial revision
carl
parents:
diff changeset
722 char *fromname = lookup(rcptaddr, dc.env_to_chkfrom);
96a9758165cd Initial revision
carl
parents:
diff changeset
723 if ((strcmp(dnsname, BLACK) == 0) ||
96a9758165cd Initial revision
carl
parents:
diff changeset
724 (strcmp(fromname, BLACK) == 0)) {
96a9758165cd Initial revision
carl
parents:
diff changeset
725 st = black; // two options to blacklist this recipient
96a9758165cd Initial revision
carl
parents:
diff changeset
726 }
96a9758165cd Initial revision
carl
parents:
diff changeset
727 else if (strcmp(fromname, WHITE) == 0) {
96a9758165cd Initial revision
carl
parents:
diff changeset
728 st = white;
96a9758165cd Initial revision
carl
parents:
diff changeset
729 }
96a9758165cd Initial revision
carl
parents:
diff changeset
730 else {
96a9758165cd Initial revision
carl
parents:
diff changeset
731 // check an env_from map
96a9758165cd Initial revision
carl
parents:
diff changeset
732 string_map *sm = find_from_map(dc, fromname);
96a9758165cd Initial revision
carl
parents:
diff changeset
733 if (sm != NULL) {
96a9758165cd Initial revision
carl
parents:
diff changeset
734 fromname = lookup(priv.mailaddr, *sm); // returns default if name not in map
96a9758165cd Initial revision
carl
parents:
diff changeset
735 if (strcmp(fromname, BLACK) == 0) {
96a9758165cd Initial revision
carl
parents:
diff changeset
736 st = black; // blacklist this envelope from value
96a9758165cd Initial revision
carl
parents:
diff changeset
737 }
96a9758165cd Initial revision
carl
parents:
diff changeset
738 if (strcmp(fromname, WHITE) == 0) {
96a9758165cd Initial revision
carl
parents:
diff changeset
739 st = white; // blacklist this envelope from value
96a9758165cd Initial revision
carl
parents:
diff changeset
740 }
96a9758165cd Initial revision
carl
parents:
diff changeset
741 }
96a9758165cd Initial revision
carl
parents:
diff changeset
742 }
96a9758165cd Initial revision
carl
parents:
diff changeset
743 if ((st == oksofar) && (strcmp(dnsname, WHITE) != 0)) {
96a9758165cd Initial revision
carl
parents:
diff changeset
744 // check dns lists
96a9758165cd Initial revision
carl
parents:
diff changeset
745 st = check_dnsbl(priv, find_dnsbll(dc, dnsname), rejectlist);
96a9758165cd Initial revision
carl
parents:
diff changeset
746 }
96a9758165cd Initial revision
carl
parents:
diff changeset
747
96a9758165cd Initial revision
carl
parents:
diff changeset
748 if (st == reject) {
96a9758165cd Initial revision
carl
parents:
diff changeset
749 // reject the recipient based on some dnsbl
96a9758165cd Initial revision
carl
parents:
diff changeset
750 char adr[sizeof "255.255.255.255"];
96a9758165cd Initial revision
carl
parents:
diff changeset
751 adr[0] = '\0';
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
752 inet_ntop(AF_INET, (const u_char *)&priv.ip, adr, sizeof(adr));
0
96a9758165cd Initial revision
carl
parents:
diff changeset
753 char buf[2000];
96a9758165cd Initial revision
carl
parents:
diff changeset
754 snprintf(buf, sizeof(buf), rejectlist->message, adr, adr);
96a9758165cd Initial revision
carl
parents:
diff changeset
755 smfi_setreply(ctx, "550", "5.7.1", buf);
96a9758165cd Initial revision
carl
parents:
diff changeset
756 return SMFIS_REJECT;
96a9758165cd Initial revision
carl
parents:
diff changeset
757 }
96a9758165cd Initial revision
carl
parents:
diff changeset
758 else if (st == black) {
96a9758165cd Initial revision
carl
parents:
diff changeset
759 // reject the recipient based on blacklisting either from or to
96a9758165cd Initial revision
carl
parents:
diff changeset
760 smfi_setreply(ctx, "550", "5.7.1", "no such user");
96a9758165cd Initial revision
carl
parents:
diff changeset
761 return SMFIS_REJECT;
96a9758165cd Initial revision
carl
parents:
diff changeset
762 }
96a9758165cd Initial revision
carl
parents:
diff changeset
763 else {
96a9758165cd Initial revision
carl
parents:
diff changeset
764 // accept the recipient
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
765 if (st == oksofar) {
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
766 // but remember the non-whites
12
6ac6d6b822ce fix memory leak with duplicate url host names,
carl
parents: 11
diff changeset
767 register_string(priv.non_whites, rcptaddr);
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
768 priv.only_whites = false;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
769 }
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
770 if (st == white) {
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
771 priv.have_whites = true;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
772 }
0
96a9758165cd Initial revision
carl
parents:
diff changeset
773 return SMFIS_CONTINUE;
96a9758165cd Initial revision
carl
parents:
diff changeset
774 }
96a9758165cd Initial revision
carl
parents:
diff changeset
775 }
96a9758165cd Initial revision
carl
parents:
diff changeset
776
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
777 sfsistat mlfi_body(SMFICTX *ctx, u_char *data, size_t len)
0
96a9758165cd Initial revision
carl
parents:
diff changeset
778 {
96a9758165cd Initial revision
carl
parents:
diff changeset
779 mlfiPriv &priv = *MLFIPRIV;
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
780 if (priv.authenticated) return SMFIS_CONTINUE;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
781 if (priv.only_whites) return SMFIS_CONTINUE;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
782 priv.scanner->scan(data, len);
11
2c206836b4cc integration work on url scanner
carl
parents: 9
diff changeset
783 return SMFIS_CONTINUE;
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
784 }
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
785
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
786 sfsistat mlfi_eom(SMFICTX *ctx)
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
787 {
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
788 sfsistat rc;
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
789 mlfiPriv &priv = *MLFIPRIV;
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
790 char *host = NULL;
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
791 int ip;
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
792 status st;
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
793 // process end of message
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
794 if (priv.authenticated ||
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
795 priv.only_whites ||
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
796 ((st=check_hosts(priv, host, ip)) == oksofar)) rc = SMFIS_CONTINUE;
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
797 else {
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
798 if (!priv.have_whites) {
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
799 // can reject the entire message
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
800 char buf[2000];
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
801 if (st == reject_tag) {
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
802 // rejected due to excessive bad html tags
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
803 snprintf(buf, sizeof(buf), priv.pc->tag_limit_message);
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
804 }
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
805 else if (st == reject_host) {
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
806 // rejected due to excessive unique host/urls
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
807 snprintf(buf, sizeof(buf), priv.pc->host_limit_message);
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
808 }
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
809 else {
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
810 char adr[sizeof "255.255.255.255"];
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
811 adr[0] = '\0';
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
812 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
813 snprintf(buf, sizeof(buf), priv.pc->content_message, host, adr);
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
814 }
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
815 smfi_setreply(ctx, "550", "5.7.1", buf);
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
816 rc = SMFIS_REJECT;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
817 }
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
818 else {
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
819 // need to accept it but remove the recipients that don't want it
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
820 for (string_set::iterator i=priv.non_whites.begin(); i!=priv.non_whites.end(); i++) {
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
821 char *rcpt = *i;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
822 smfi_delrcpt(ctx, rcpt);
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
823 }
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
824 rc = SMFIS_CONTINUE;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
825 }
0
96a9758165cd Initial revision
carl
parents:
diff changeset
826 }
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
827 // reset for a new message on the same connection
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
828 mlfi_abort(ctx);
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
829 return rc;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
830 }
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
831
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
832 sfsistat mlfi_abort(SMFICTX *ctx)
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
833 {
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
834 mlfiPriv &priv = *MLFIPRIV;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
835 priv.reset();
0
96a9758165cd Initial revision
carl
parents:
diff changeset
836 return SMFIS_CONTINUE;
96a9758165cd Initial revision
carl
parents:
diff changeset
837 }
96a9758165cd Initial revision
carl
parents:
diff changeset
838
96a9758165cd Initial revision
carl
parents:
diff changeset
839 sfsistat mlfi_close(SMFICTX *ctx)
96a9758165cd Initial revision
carl
parents:
diff changeset
840 {
96a9758165cd Initial revision
carl
parents:
diff changeset
841 mlfiPriv *priv = MLFIPRIV;
96a9758165cd Initial revision
carl
parents:
diff changeset
842 if (!priv) return SMFIS_CONTINUE;
96a9758165cd Initial revision
carl
parents:
diff changeset
843 delete priv;
96a9758165cd Initial revision
carl
parents:
diff changeset
844 smfi_setpriv(ctx, NULL);
96a9758165cd Initial revision
carl
parents:
diff changeset
845 return SMFIS_CONTINUE;
96a9758165cd Initial revision
carl
parents:
diff changeset
846 }
96a9758165cd Initial revision
carl
parents:
diff changeset
847
96a9758165cd Initial revision
carl
parents:
diff changeset
848 struct smfiDesc smfilter =
96a9758165cd Initial revision
carl
parents:
diff changeset
849 {
96a9758165cd Initial revision
carl
parents:
diff changeset
850 "DNSBL", // filter name
96a9758165cd Initial revision
carl
parents:
diff changeset
851 SMFI_VERSION, // version code -- do not change
96a9758165cd Initial revision
carl
parents:
diff changeset
852 SMFIF_DELRCPT, // flags
96a9758165cd Initial revision
carl
parents:
diff changeset
853 mlfi_connect, // connection info filter
96a9758165cd Initial revision
carl
parents:
diff changeset
854 NULL, // SMTP HELO command filter
96a9758165cd Initial revision
carl
parents:
diff changeset
855 mlfi_envfrom, // envelope sender filter
96a9758165cd Initial revision
carl
parents:
diff changeset
856 mlfi_envrcpt, // envelope recipient filter
96a9758165cd Initial revision
carl
parents:
diff changeset
857 NULL, // header filter
96a9758165cd Initial revision
carl
parents:
diff changeset
858 NULL, // end of header
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
859 mlfi_body, // body block filter
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
860 mlfi_eom, // end of message
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
861 mlfi_abort, // message aborted
0
96a9758165cd Initial revision
carl
parents:
diff changeset
862 mlfi_close, // connection cleanup
96a9758165cd Initial revision
carl
parents:
diff changeset
863 };
96a9758165cd Initial revision
carl
parents:
diff changeset
864
96a9758165cd Initial revision
carl
parents:
diff changeset
865
96a9758165cd Initial revision
carl
parents:
diff changeset
866 static void dumpit(char *name, string_map map);
96a9758165cd Initial revision
carl
parents:
diff changeset
867 static void dumpit(char *name, string_map map) {
9
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
868 fprintf(stdout, "\n");
0
96a9758165cd Initial revision
carl
parents:
diff changeset
869 for (string_map::iterator i=map.begin(); i!=map.end(); i++) {
9
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
870 fprintf(stdout, "%s %s->%s\n", name, (*i).first, (*i).second);
0
96a9758165cd Initial revision
carl
parents:
diff changeset
871 }
96a9758165cd Initial revision
carl
parents:
diff changeset
872 }
96a9758165cd Initial revision
carl
parents:
diff changeset
873
96a9758165cd Initial revision
carl
parents:
diff changeset
874
96a9758165cd Initial revision
carl
parents:
diff changeset
875 static void dumpit(from_map map);
96a9758165cd Initial revision
carl
parents:
diff changeset
876 static void dumpit(from_map map) {
96a9758165cd Initial revision
carl
parents:
diff changeset
877 for (from_map::iterator i=map.begin(); i!=map.end(); i++) {
3
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
878 char buf[2000];
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
879 snprintf(buf, sizeof(buf), "envelope from map for %s", (*i).first);
0
96a9758165cd Initial revision
carl
parents:
diff changeset
880 string_map *sm = (*i).second;
3
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
881 dumpit(buf, *sm);
0
96a9758165cd Initial revision
carl
parents:
diff changeset
882 }
96a9758165cd Initial revision
carl
parents:
diff changeset
883 }
96a9758165cd Initial revision
carl
parents:
diff changeset
884
96a9758165cd Initial revision
carl
parents:
diff changeset
885
3
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
886 static void dumpit(CONFIG &dc);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
887 static void dumpit(CONFIG &dc) {
5
793ac9cc114d updates to use dcc conf files
carl
parents: 4
diff changeset
888 dumpit(dc.env_from);
793ac9cc114d updates to use dcc conf files
carl
parents: 4
diff changeset
889 dumpit("envelope to (dnsbl list)", dc.env_to_dnsbll);
793ac9cc114d updates to use dcc conf files
carl
parents: 4
diff changeset
890 dumpit("envelope to (from map)", dc.env_to_chkfrom);
9
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
891 fprintf(stdout, "\ndnsbls\n");
0
96a9758165cd Initial revision
carl
parents:
diff changeset
892 for (dnsblp_map::iterator i=dc.dnsbls.begin(); i!=dc.dnsbls.end(); i++) {
9
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
893 fprintf(stdout, "%s %s %s\n", (*i).first, (*i).second->suffix, (*i).second->message);
0
96a9758165cd Initial revision
carl
parents:
diff changeset
894 }
9
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
895 fprintf(stdout, "\ndnsbl_lists\n");
0
96a9758165cd Initial revision
carl
parents:
diff changeset
896 for (dnsbllp_map::iterator i=dc.dnsblls.begin(); i!=dc.dnsblls.end(); i++) {
96a9758165cd Initial revision
carl
parents:
diff changeset
897 char *name = (*i).first;
96a9758165cd Initial revision
carl
parents:
diff changeset
898 DNSBLL &dl = *((*i).second);
9
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
899 fprintf(stdout, "%s", name);
0
96a9758165cd Initial revision
carl
parents:
diff changeset
900 for (DNSBLL::iterator j=dl.begin(); j!=dl.end(); j++) {
96a9758165cd Initial revision
carl
parents:
diff changeset
901 DNSBL &d = **j;
9
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
902 fprintf(stdout, " %s", d.suffix);
0
96a9758165cd Initial revision
carl
parents:
diff changeset
903 }
9
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
904 fprintf(stdout, "\n");
0
96a9758165cd Initial revision
carl
parents:
diff changeset
905 }
9
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
906 if (dc.content_suffix) {
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
907 fprintf(stdout, "\ncontent filtering enabled with %s %s\n", dc.content_suffix, dc.content_message);
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
908 }
46
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
909 if (dc.host_limit && !dc.host_random) {
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
910 fprintf(stdout, "\ncontent filtering for host names hard limit %d %s\n", dc.host_limit, dc.host_limit_message);
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
911 }
46
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
912 if (dc.host_limit && dc.host_random) {
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
913 fprintf(stdout, "\ncontent filtering for host names soft limit %d\n", dc.host_limit);
44
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
914 }
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
915 if (dc.tag_limit) {
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
916 fprintf(stdout, "\ncontent filtering for excessive html tags enabled with limit %d %s\n", dc.tag_limit, dc.tag_limit_message);
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
917 }
9
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
918 fprintf(stdout, "\nfiles\n");
3
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
919 for (string_list::iterator i=dc.config_files.begin(); i!=dc.config_files.end(); i++) {
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
920 char *f = *i;
9
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
921 fprintf(stdout, "config includes %s\n", f);
3
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
922 }
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
923 }
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
924
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
925
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
926 ////////////////////////////////////////////////
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
927 // check for redundant or recursive include files
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
928 //
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
929 static bool ok_to_include(CONFIG &dc, char *fn);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
930 static bool ok_to_include(CONFIG &dc, char *fn) {
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
931 if (!fn) return false;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
932 bool ok = true;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
933 for (string_list::iterator i=dc.config_files.begin(); i!=dc.config_files.end(); i++) {
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
934 char *f = *i;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
935 if (strcmp(f, fn) == 0) {
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
936 my_syslog("redundant or recursive include file detected");
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
937 ok = false;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
938 break;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
939 }
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
940 }
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
941 return ok;
0
96a9758165cd Initial revision
carl
parents:
diff changeset
942 }
96a9758165cd Initial revision
carl
parents:
diff changeset
943
96a9758165cd Initial revision
carl
parents:
diff changeset
944
96a9758165cd Initial revision
carl
parents:
diff changeset
945 ////////////////////////////////////////////////
96a9758165cd Initial revision
carl
parents:
diff changeset
946 // load a single config file
96a9758165cd Initial revision
carl
parents:
diff changeset
947 //
3
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
948 static void load_conf_dcc(CONFIG &dc, char *name, char *fn);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
949 static void load_conf_dcc(CONFIG &dc, char *name, char *fn) {
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
950 ifstream is(fn);
40
dc3d8d1aa2d2 fix handling of missing include files
carl
parents: 39
diff changeset
951 if (is.fail()) {
dc3d8d1aa2d2 fix handling of missing include files
carl
parents: 39
diff changeset
952 char buf[1000];
dc3d8d1aa2d2 fix handling of missing include files
carl
parents: 39
diff changeset
953 snprintf(buf, sizeof(buf), "include file %s not found", fn);
dc3d8d1aa2d2 fix handling of missing include files
carl
parents: 39
diff changeset
954 my_syslog(buf);
dc3d8d1aa2d2 fix handling of missing include files
carl
parents: 39
diff changeset
955 return;
dc3d8d1aa2d2 fix handling of missing include files
carl
parents: 39
diff changeset
956 }
39
6e9d0b2d0720 fix handling of missing include files
carl
parents: 36
diff changeset
957 dc.config_files.push_back(fn);
6e9d0b2d0720 fix handling of missing include files
carl
parents: 36
diff changeset
958 const int LINE_SIZE = 2000;
3
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
959 char line[LINE_SIZE];
39
6e9d0b2d0720 fix handling of missing include files
carl
parents: 36
diff changeset
960 char *list = BLACK;
3
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
961 char *delim = " \t";
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
962 int curline = 0;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
963 while (!is.eof()) {
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
964 is.getline(line, LINE_SIZE);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
965 curline++;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
966 int n = strlen(line);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
967 if (!n) continue;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
968 for (int i=0; i<n; i++) line[i] = tolower(line[i]);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
969 if (line[0] == '#') continue;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
970 char *head = line;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
971 if (strspn(line, delim) == 0) {
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
972 // have a leading ok/many tag to fetch
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
973 char *cmd = strtok(line, delim);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
974 if (strcmp(cmd, MANY) == 0) list = BLACK;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
975 else if (strcmp(cmd, OK) == 0) list = WHITE;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
976 head = cmd + strlen(cmd) + 1;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
977 }
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
978 char *cmd = strtok(head, delim);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
979 if (!cmd) continue;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
980 if (strcmp(cmd, "env_from") == 0) {
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
981 char *from = next_token(delim);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
982 if (from) {
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
983 string_map &fm = really_find_from_map(dc, name);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
984 fm[from] = list;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
985 }
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
986 }
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
987 else if (strcmp(cmd, "env_to") == 0) {
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
988 char *to = next_token(delim);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
989 if (to) {
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
990 dc.env_to_dnsbll[to] = list;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
991 dc.env_to_chkfrom[to] = list;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
992 }
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
993 }
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
994 else if (strcmp(cmd, "substitute") == 0) {
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
995 char *tag = next_token(delim);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
996 if (tag && (strcmp(tag, "mail_host") == 0)) {
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
997 char *from = next_token(delim);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
998 if (from) {
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
999 string_map &fm = really_find_from_map(dc, name);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1000 fm[from] = list;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1001 }
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1002 }
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1003 }
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1004 else if (strcmp(cmd, "include") == 0) {
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1005 char *fn = next_token(delim);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1006 if (ok_to_include(dc, fn)) {
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1007 load_conf_dcc(dc, name, fn);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1008 }
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1009 }
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1010
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1011 }
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1012 is.close();
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1013 }
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1014
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1015
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1016 static void load_conf(CONFIG &dc, char *fn);
96a9758165cd Initial revision
carl
parents:
diff changeset
1017 static void load_conf(CONFIG &dc, char *fn) {
39
6e9d0b2d0720 fix handling of missing include files
carl
parents: 36
diff changeset
1018 ifstream is(fn);
40
dc3d8d1aa2d2 fix handling of missing include files
carl
parents: 39
diff changeset
1019 if (is.fail()) {
dc3d8d1aa2d2 fix handling of missing include files
carl
parents: 39
diff changeset
1020 char buf[1000];
dc3d8d1aa2d2 fix handling of missing include files
carl
parents: 39
diff changeset
1021 snprintf(buf, sizeof(buf), "include file %s not found", fn);
dc3d8d1aa2d2 fix handling of missing include files
carl
parents: 39
diff changeset
1022 my_syslog(buf);
dc3d8d1aa2d2 fix handling of missing include files
carl
parents: 39
diff changeset
1023 return;
dc3d8d1aa2d2 fix handling of missing include files
carl
parents: 39
diff changeset
1024 }
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1025 dc.config_files.push_back(fn);
96a9758165cd Initial revision
carl
parents:
diff changeset
1026 map<char*, int, ltstr> commands;
46
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
1027 enum {dummy, tld, content, hostlimit, hostslimit, htmllimit, htmltag, dnsbl, dnsbll, envfrom, envto, include, includedcc};
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
1028 commands["tld" ] = tld;
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
1029 commands["content" ] = content;
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
1030 commands["host_limit" ] = hostlimit;
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
1031 commands["host_soft_limit"] = hostslimit;
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
1032 commands["html_limit" ] = htmllimit;
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
1033 commands["html_tag" ] = htmltag;
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
1034 commands["dnsbl" ] = dnsbl;
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
1035 commands["dnsbl_list" ] = dnsbll;
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
1036 commands["env_from" ] = envfrom;
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
1037 commands["env_to" ] = envto;
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
1038 commands["include" ] = include;
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
1039 commands["include_dcc" ] = includedcc;
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1040 const int LINE_SIZE = 2000;
96a9758165cd Initial revision
carl
parents:
diff changeset
1041 char line[LINE_SIZE];
96a9758165cd Initial revision
carl
parents:
diff changeset
1042 char orig[LINE_SIZE];
96a9758165cd Initial revision
carl
parents:
diff changeset
1043 char *delim = " \t";
96a9758165cd Initial revision
carl
parents:
diff changeset
1044 int curline = 0;
96a9758165cd Initial revision
carl
parents:
diff changeset
1045 while (!is.eof()) {
96a9758165cd Initial revision
carl
parents:
diff changeset
1046 is.getline(line, LINE_SIZE);
96a9758165cd Initial revision
carl
parents:
diff changeset
1047 snprintf(orig, sizeof(orig), "%s", line);
96a9758165cd Initial revision
carl
parents:
diff changeset
1048 curline++;
96a9758165cd Initial revision
carl
parents:
diff changeset
1049 int n = strlen(line);
96a9758165cd Initial revision
carl
parents:
diff changeset
1050 for (int i=0; i<n; i++) line[i] = tolower(line[i]);
96a9758165cd Initial revision
carl
parents:
diff changeset
1051 char *cmd = strtok(line, delim);
96a9758165cd Initial revision
carl
parents:
diff changeset
1052 if (cmd && (cmd[0] != '#') && (cmd[0] != '\0')) {
96a9758165cd Initial revision
carl
parents:
diff changeset
1053 // have a decent command
96a9758165cd Initial revision
carl
parents:
diff changeset
1054 bool processed = false;
96a9758165cd Initial revision
carl
parents:
diff changeset
1055 switch (commands[cmd]) {
28
33e1e3910506 add configurable list of tlds
carl
parents: 27
diff changeset
1056 case tld: {
29
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
1057 char *tld = next_token(delim);
28
33e1e3910506 add configurable list of tlds
carl
parents: 27
diff changeset
1058 if (!tld) break; // no tld value
29
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
1059 dc.tlds.insert(tld);
28
33e1e3910506 add configurable list of tlds
carl
parents: 27
diff changeset
1060 processed = true;
33e1e3910506 add configurable list of tlds
carl
parents: 27
diff changeset
1061 } break;
33e1e3910506 add configurable list of tlds
carl
parents: 27
diff changeset
1062
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
1063 case content: {
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
1064 char *suff = strtok(NULL, delim);
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1065 if (!suff) break; // no dns suffix
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
1066 char *msg = suff + strlen(suff);
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
1067 if ((msg - line) >= strlen(orig)) break; // line ended with the dns suffix
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
1068 msg = strchr(msg+1, '\'');
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
1069 if (!msg) break; // no reply message template
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
1070 msg++; // move over the leading '
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
1071 if ((msg - line) >= strlen(orig)) break; // line ended with the leading quote
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
1072 char *last = strchr(msg, '\'');
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
1073 if (!last) break; // no trailing quote
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
1074 *last = '\0'; // make it a null terminator
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
1075 dc.content_suffix = register_string(suff);
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
1076 dc.content_message = register_string(msg);
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
1077 processed = true;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
1078 } break;
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
1079
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1080 case hostlimit: {
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1081 char *limit = strtok(NULL, delim);
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1082 if (!limit) break; // no integer limit
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1083 char *msg = limit + strlen(limit);
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1084 if ((msg - line) >= strlen(orig)) break; // line ended with the limit
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1085 msg = strchr(msg+1, '\'');
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1086 if (!msg) break; // no reply message template
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1087 msg++; // move over the leading '
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1088 if ((msg - line) >= strlen(orig)) break; // line ended with the leading quote
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1089 char *last = strchr(msg, '\'');
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1090 if (!last) break; // no trailing quote
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1091 *last = '\0'; // make it a null terminator
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1092 dc.host_limit = atoi(limit);
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1093 dc.host_limit_message = register_string(msg);
46
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
1094 dc.host_random = false;
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1095 processed = true;
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1096 } break;
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1097
46
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
1098 case hostslimit: {
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
1099 char *limit = next_token(delim);
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
1100 if (!limit) break; // no integer limit
66c66a6ee65f changes for 3.2
carl
parents: 44
diff changeset
1101 dc.host_limit = atoi(limit);
44
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
1102 dc.host_random = true;
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
1103 processed = true;
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
1104 } break;
6b79046b18c2 changes for 3.2
carl
parents: 43
diff changeset
1105
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1106 case htmllimit: {
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1107 char *limit = strtok(NULL, delim);
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1108 if (!limit) break; // no integer limit
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1109 char *msg = limit + strlen(limit);
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1110 if ((msg - line) >= strlen(orig)) break; // line ended with the limit
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1111 msg = strchr(msg+1, '\'');
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1112 if (!msg) break; // no reply message template
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1113 msg++; // move over the leading '
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1114 if ((msg - line) >= strlen(orig)) break; // line ended with the leading quote
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1115 char *last = strchr(msg, '\'');
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1116 if (!last) break; // no trailing quote
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1117 *last = '\0'; // make it a null terminator
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1118 dc.tag_limit = atoi(limit);
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1119 dc.tag_limit_message = register_string(msg);
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1120 processed = true;
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1121 } break;
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1122
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1123 case htmltag: {
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1124 char *tag = next_token(delim);
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1125 if (!tag) break; // no html tag value
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1126 dc.html_tags.insert(tag); // base version
26
fdae7ab30cfc allow normal and terminator versions of tags
carl
parents: 24
diff changeset
1127 char buf[200];
fdae7ab30cfc allow normal and terminator versions of tags
carl
parents: 24
diff changeset
1128 snprintf(buf, sizeof(buf), "/%s", tag);
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1129 dc.html_tags.insert(register_string(buf)); // leading /
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1130 snprintf(buf, sizeof(buf), "%s/", tag);
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 26
diff changeset
1131 dc.html_tags.insert(register_string(buf)); // trailing /
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1132 processed = true;
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1133 } break;
2e23b7184d2b start coding for bad html tag detection
carl
parents: 23
diff changeset
1134
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1135 case dnsbl: {
96a9758165cd Initial revision
carl
parents:
diff changeset
1136 // have a new dnsbl to use
96a9758165cd Initial revision
carl
parents:
diff changeset
1137 char *name = next_token(delim);
96a9758165cd Initial revision
carl
parents:
diff changeset
1138 if (!name) break; // no name name
96a9758165cd Initial revision
carl
parents:
diff changeset
1139 if (find_dnsbl(dc, name)) break; // duplicate entry
96a9758165cd Initial revision
carl
parents:
diff changeset
1140 char *suff = strtok(NULL, delim);
96a9758165cd Initial revision
carl
parents:
diff changeset
1141 if (!suff) break; // no dns suffic
96a9758165cd Initial revision
carl
parents:
diff changeset
1142 char *msg = suff + strlen(suff);
96a9758165cd Initial revision
carl
parents:
diff changeset
1143 if ((msg - line) >= strlen(orig)) break; // line ended with the dns suffix
96a9758165cd Initial revision
carl
parents:
diff changeset
1144 msg = strchr(msg+1, '\'');
96a9758165cd Initial revision
carl
parents:
diff changeset
1145 if (!msg) break; // no reply message template
96a9758165cd Initial revision
carl
parents:
diff changeset
1146 msg++; // move over the leading '
96a9758165cd Initial revision
carl
parents:
diff changeset
1147 if ((msg - line) >= strlen(orig)) break; // line ended with the leading quote
96a9758165cd Initial revision
carl
parents:
diff changeset
1148 char *last = strchr(msg, '\'');
96a9758165cd Initial revision
carl
parents:
diff changeset
1149 if (!last) break; // no trailing quote
96a9758165cd Initial revision
carl
parents:
diff changeset
1150 *last = '\0'; // make it a null terminator
96a9758165cd Initial revision
carl
parents:
diff changeset
1151 dc.dnsbls[name] = new DNSBL(register_string(suff), register_string(msg));
96a9758165cd Initial revision
carl
parents:
diff changeset
1152 processed = true;
96a9758165cd Initial revision
carl
parents:
diff changeset
1153 } break;
96a9758165cd Initial revision
carl
parents:
diff changeset
1154
96a9758165cd Initial revision
carl
parents:
diff changeset
1155 case dnsbll: {
96a9758165cd Initial revision
carl
parents:
diff changeset
1156 // define a new combination of dnsbls
96a9758165cd Initial revision
carl
parents:
diff changeset
1157 char *name = next_token(delim);
96a9758165cd Initial revision
carl
parents:
diff changeset
1158 if (!name) break;
96a9758165cd Initial revision
carl
parents:
diff changeset
1159 if (find_dnsbll(dc, name)) break; // duplicate entry
96a9758165cd Initial revision
carl
parents:
diff changeset
1160 char *list = next_token(delim);
96a9758165cd Initial revision
carl
parents:
diff changeset
1161 if (!list || (*list == '\0') || (*list == '#')) break;
96a9758165cd Initial revision
carl
parents:
diff changeset
1162 DNSBLLP d = new DNSBLL;
96a9758165cd Initial revision
carl
parents:
diff changeset
1163 DNSBLP p = find_dnsbl(dc, list);
96a9758165cd Initial revision
carl
parents:
diff changeset
1164 if (p) d->push_back(p);
96a9758165cd Initial revision
carl
parents:
diff changeset
1165 while (true) {
96a9758165cd Initial revision
carl
parents:
diff changeset
1166 list = next_token(delim);
96a9758165cd Initial revision
carl
parents:
diff changeset
1167 if (!list || (*list == '\0') || (*list == '#')) break;
96a9758165cd Initial revision
carl
parents:
diff changeset
1168 DNSBLP p = find_dnsbl(dc, list);
96a9758165cd Initial revision
carl
parents:
diff changeset
1169 if (p) d->push_back(p);
96a9758165cd Initial revision
carl
parents:
diff changeset
1170 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1171 dc.dnsblls[name] = d;
96a9758165cd Initial revision
carl
parents:
diff changeset
1172 processed = true;
96a9758165cd Initial revision
carl
parents:
diff changeset
1173 } break;
96a9758165cd Initial revision
carl
parents:
diff changeset
1174
96a9758165cd Initial revision
carl
parents:
diff changeset
1175 case envfrom: {
96a9758165cd Initial revision
carl
parents:
diff changeset
1176 // add an entry into the named string_map
96a9758165cd Initial revision
carl
parents:
diff changeset
1177 char *name = next_token(delim);
96a9758165cd Initial revision
carl
parents:
diff changeset
1178 if (!name) break;
96a9758165cd Initial revision
carl
parents:
diff changeset
1179 char *from = next_token(delim);
96a9758165cd Initial revision
carl
parents:
diff changeset
1180 if (!from) break;
96a9758165cd Initial revision
carl
parents:
diff changeset
1181 char *list = next_token(delim);
96a9758165cd Initial revision
carl
parents:
diff changeset
1182 if (!list) break;
96a9758165cd Initial revision
carl
parents:
diff changeset
1183 if ((strcmp(list, WHITE) == 0) ||
96a9758165cd Initial revision
carl
parents:
diff changeset
1184 (strcmp(list, BLACK) == 0)) {
96a9758165cd Initial revision
carl
parents:
diff changeset
1185 string_map &fm = really_find_from_map(dc, name);
96a9758165cd Initial revision
carl
parents:
diff changeset
1186 fm[from] = list;
96a9758165cd Initial revision
carl
parents:
diff changeset
1187 processed = true;
96a9758165cd Initial revision
carl
parents:
diff changeset
1188 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1189 else {
96a9758165cd Initial revision
carl
parents:
diff changeset
1190 // list may be the name of a previously defined from_map
96a9758165cd Initial revision
carl
parents:
diff changeset
1191 string_map *m = find_from_map(dc, list);
96a9758165cd Initial revision
carl
parents:
diff changeset
1192 if (m && (strcmp(list,name) != 0)) {
96a9758165cd Initial revision
carl
parents:
diff changeset
1193 string_map &pm = *m;
96a9758165cd Initial revision
carl
parents:
diff changeset
1194 string_map &fm = really_find_from_map(dc, name);
96a9758165cd Initial revision
carl
parents:
diff changeset
1195 fm.insert(pm.begin(), pm.end());
96a9758165cd Initial revision
carl
parents:
diff changeset
1196 processed = true;
96a9758165cd Initial revision
carl
parents:
diff changeset
1197 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1198 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1199 } break;
96a9758165cd Initial revision
carl
parents:
diff changeset
1200
96a9758165cd Initial revision
carl
parents:
diff changeset
1201 case envto: {
96a9758165cd Initial revision
carl
parents:
diff changeset
1202 // define the dnsbl_list and env_from maps to use for this recipient
96a9758165cd Initial revision
carl
parents:
diff changeset
1203 char *to = next_token(delim);
96a9758165cd Initial revision
carl
parents:
diff changeset
1204 if (!to) break;
96a9758165cd Initial revision
carl
parents:
diff changeset
1205 char *list = next_token(delim);
96a9758165cd Initial revision
carl
parents:
diff changeset
1206 if (!list) break;
96a9758165cd Initial revision
carl
parents:
diff changeset
1207 char *from = next_token(delim);
96a9758165cd Initial revision
carl
parents:
diff changeset
1208 if (!from) break;
96a9758165cd Initial revision
carl
parents:
diff changeset
1209 dc.env_to_dnsbll[to] = list;
96a9758165cd Initial revision
carl
parents:
diff changeset
1210 dc.env_to_chkfrom[to] = from;
96a9758165cd Initial revision
carl
parents:
diff changeset
1211 processed = true;
96a9758165cd Initial revision
carl
parents:
diff changeset
1212 } break;
96a9758165cd Initial revision
carl
parents:
diff changeset
1213
96a9758165cd Initial revision
carl
parents:
diff changeset
1214 case include: {
96a9758165cd Initial revision
carl
parents:
diff changeset
1215 char *fn = next_token(delim);
3
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1216 if (ok_to_include(dc, fn)) {
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1217 load_conf(dc, fn);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1218 processed = true;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1219 }
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1220 } break;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1221
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1222 case includedcc: {
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1223 char *name = next_token(delim);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1224 if (!name) break;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1225 char *fn = next_token(delim);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1226 if (ok_to_include(dc, fn)) {
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1227 load_conf_dcc(dc, name, fn);
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1228 processed = true;
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1229 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1230 } break;
96a9758165cd Initial revision
carl
parents:
diff changeset
1231
96a9758165cd Initial revision
carl
parents:
diff changeset
1232 default: {
96a9758165cd Initial revision
carl
parents:
diff changeset
1233 } break;
96a9758165cd Initial revision
carl
parents:
diff changeset
1234 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1235 if (!processed) {
96a9758165cd Initial revision
carl
parents:
diff changeset
1236 pthread_mutex_lock(&syslog_mutex);
96a9758165cd Initial revision
carl
parents:
diff changeset
1237 openlog("dnsbl", LOG_PID, LOG_MAIL);
96a9758165cd Initial revision
carl
parents:
diff changeset
1238 syslog(LOG_ERR, "ignoring file %s line %d : %s\n", fn, curline, orig);
96a9758165cd Initial revision
carl
parents:
diff changeset
1239 closelog();
96a9758165cd Initial revision
carl
parents:
diff changeset
1240 pthread_mutex_unlock(&syslog_mutex);
96a9758165cd Initial revision
carl
parents:
diff changeset
1241 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1242 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1243 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1244 is.close();
96a9758165cd Initial revision
carl
parents:
diff changeset
1245 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1246
96a9758165cd Initial revision
carl
parents:
diff changeset
1247
96a9758165cd Initial revision
carl
parents:
diff changeset
1248 ////////////////////////////////////////////////
96a9758165cd Initial revision
carl
parents:
diff changeset
1249 // reload the config
96a9758165cd Initial revision
carl
parents:
diff changeset
1250 //
96a9758165cd Initial revision
carl
parents:
diff changeset
1251 static CONFIG* new_conf();
96a9758165cd Initial revision
carl
parents:
diff changeset
1252 static CONFIG* new_conf() {
96a9758165cd Initial revision
carl
parents:
diff changeset
1253 CONFIG *newc = new CONFIG;
29
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
1254 pthread_mutex_lock(&config_mutex);
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
1255 newc->generation = generation++;
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
1256 pthread_mutex_unlock(&config_mutex);
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
1257 char buf[200];
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
1258 snprintf(buf, sizeof(buf), "loading configuration generation %d", newc->generation);
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
1259 my_syslog(buf);
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1260 load_conf(*newc, "dnsbl.conf");
96a9758165cd Initial revision
carl
parents:
diff changeset
1261 newc->load_time = time(NULL);
96a9758165cd Initial revision
carl
parents:
diff changeset
1262 return newc;
96a9758165cd Initial revision
carl
parents:
diff changeset
1263 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1264
96a9758165cd Initial revision
carl
parents:
diff changeset
1265
96a9758165cd Initial revision
carl
parents:
diff changeset
1266 ////////////////////////////////////////////////
96a9758165cd Initial revision
carl
parents:
diff changeset
1267 // thread to watch the old config files for changes
96a9758165cd Initial revision
carl
parents:
diff changeset
1268 // and reload when needed. we also cleanup old
96a9758165cd Initial revision
carl
parents:
diff changeset
1269 // configs whose reference count has gone to zero.
96a9758165cd Initial revision
carl
parents:
diff changeset
1270 //
96a9758165cd Initial revision
carl
parents:
diff changeset
1271 static void* config_loader(void *arg);
96a9758165cd Initial revision
carl
parents:
diff changeset
1272 static void* config_loader(void *arg) {
96a9758165cd Initial revision
carl
parents:
diff changeset
1273 typedef set<CONFIG *> configp_set;
96a9758165cd Initial revision
carl
parents:
diff changeset
1274 configp_set old_configs;
18
041ea016b684 add scanning for bare hostnames
carl
parents: 16
diff changeset
1275 while (loader_run) {
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1276 sleep(180); // look for modifications every 3 minutes
18
041ea016b684 add scanning for bare hostnames
carl
parents: 16
diff changeset
1277 if (!loader_run) break;
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1278 CONFIG &dc = *config;
96a9758165cd Initial revision
carl
parents:
diff changeset
1279 time_t then = dc.load_time;
96a9758165cd Initial revision
carl
parents:
diff changeset
1280 struct stat st;
96a9758165cd Initial revision
carl
parents:
diff changeset
1281 bool reload = false;
96a9758165cd Initial revision
carl
parents:
diff changeset
1282 for (string_list::iterator i=dc.config_files.begin(); i!=dc.config_files.end(); i++) {
96a9758165cd Initial revision
carl
parents:
diff changeset
1283 char *fn = *i;
96a9758165cd Initial revision
carl
parents:
diff changeset
1284 if (stat(fn, &st)) reload = true; // file disappeared
96a9758165cd Initial revision
carl
parents:
diff changeset
1285 else if (st.st_mtime > then) reload = true; // file modified
96a9758165cd Initial revision
carl
parents:
diff changeset
1286 if (reload) break;
96a9758165cd Initial revision
carl
parents:
diff changeset
1287 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1288 if (reload) {
96a9758165cd Initial revision
carl
parents:
diff changeset
1289 CONFIG *newc = new_conf();
96a9758165cd Initial revision
carl
parents:
diff changeset
1290 // replace the global config pointer
96a9758165cd Initial revision
carl
parents:
diff changeset
1291 pthread_mutex_lock(&config_mutex);
96a9758165cd Initial revision
carl
parents:
diff changeset
1292 CONFIG *old = config;
96a9758165cd Initial revision
carl
parents:
diff changeset
1293 config = newc;
96a9758165cd Initial revision
carl
parents:
diff changeset
1294 pthread_mutex_unlock(&config_mutex);
96a9758165cd Initial revision
carl
parents:
diff changeset
1295 if (old) old_configs.insert(old);
96a9758165cd Initial revision
carl
parents:
diff changeset
1296 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1297 // now look for old configs with zero ref counts
96a9758165cd Initial revision
carl
parents:
diff changeset
1298 for (configp_set::iterator i=old_configs.begin(); i!=old_configs.end(); ) {
96a9758165cd Initial revision
carl
parents:
diff changeset
1299 CONFIG *old = *i;
96a9758165cd Initial revision
carl
parents:
diff changeset
1300 if (!old->reference_count) {
29
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
1301 char buf[200];
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
1302 snprintf(buf, sizeof(buf), "freeing memory for old configuration generation %d", old->generation);
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period
carl
parents: 28
diff changeset
1303 my_syslog(buf);
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1304 delete old; // destructor does all the work
96a9758165cd Initial revision
carl
parents:
diff changeset
1305 old_configs.erase(i++);
96a9758165cd Initial revision
carl
parents:
diff changeset
1306 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1307 else i++;
96a9758165cd Initial revision
carl
parents:
diff changeset
1308 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1309 }
18
041ea016b684 add scanning for bare hostnames
carl
parents: 16
diff changeset
1310 return NULL;
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1311 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1312
96a9758165cd Initial revision
carl
parents:
diff changeset
1313
96a9758165cd Initial revision
carl
parents:
diff changeset
1314 static void usage(char *prog);
96a9758165cd Initial revision
carl
parents:
diff changeset
1315 static void usage(char *prog)
96a9758165cd Initial revision
carl
parents:
diff changeset
1316 {
16
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
1317 fprintf(stderr, "Usage: %s [-d] [-c] -p socket-addr [-t timeout]\n", prog);
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1318 fprintf(stderr, "where socket-addr is for the connection to sendmail and should be one of\n");
96a9758165cd Initial revision
carl
parents:
diff changeset
1319 fprintf(stderr, " inet:port@local-ip-address\n");
96a9758165cd Initial revision
carl
parents:
diff changeset
1320 fprintf(stderr, " local:local-domain-socket-file-name\n");
9
8c65411cd7ab integration work on url scanner
carl
parents: 8
diff changeset
1321 fprintf(stderr, "-c will load and dump the config to stdout\n");
16
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
1322 fprintf(stderr, "-d will add some syslog debug messages\n");
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1323 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1324
96a9758165cd Initial revision
carl
parents:
diff changeset
1325
42
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
1326
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
1327 static void setup_socket(char *sock);
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
1328 static void setup_socket(char *sock) {
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
1329 unlink(sock);
43
acbe44bbba22 seems to drop root privs ok now
carl
parents: 42
diff changeset
1330 // sockaddr_un addr;
acbe44bbba22 seems to drop root privs ok now
carl
parents: 42
diff changeset
1331 // memset(&addr, '\0', sizeof addr);
acbe44bbba22 seems to drop root privs ok now
carl
parents: 42
diff changeset
1332 // addr.sun_family = AF_UNIX;
acbe44bbba22 seems to drop root privs ok now
carl
parents: 42
diff changeset
1333 // strncpy(addr.sun_path, sock, sizeof(addr.sun_path)-1);
acbe44bbba22 seems to drop root privs ok now
carl
parents: 42
diff changeset
1334 // int s = socket(AF_UNIX, SOCK_STREAM, 0);
acbe44bbba22 seems to drop root privs ok now
carl
parents: 42
diff changeset
1335 // bind(s, (sockaddr*)&addr, sizeof(addr));
acbe44bbba22 seems to drop root privs ok now
carl
parents: 42
diff changeset
1336 // close(s);
42
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
1337 }
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
1338
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
1339
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1340 int main(int argc, char**argv)
96a9758165cd Initial revision
carl
parents:
diff changeset
1341 {
3
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1342 bool check = false;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1343 bool setconn = false;
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1344 int c;
16
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
1345 const char *args = "p:t:hcd";
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1346 extern char *optarg;
96a9758165cd Initial revision
carl
parents:
diff changeset
1347
96a9758165cd Initial revision
carl
parents:
diff changeset
1348 // Process command line options
96a9758165cd Initial revision
carl
parents:
diff changeset
1349 while ((c = getopt(argc, argv, args)) != -1) {
96a9758165cd Initial revision
carl
parents:
diff changeset
1350 switch (c) {
96a9758165cd Initial revision
carl
parents:
diff changeset
1351 case 'p':
96a9758165cd Initial revision
carl
parents:
diff changeset
1352 if (optarg == NULL || *optarg == '\0') {
96a9758165cd Initial revision
carl
parents:
diff changeset
1353 fprintf(stderr, "Illegal conn: %s\n", optarg);
96a9758165cd Initial revision
carl
parents:
diff changeset
1354 exit(EX_USAGE);
96a9758165cd Initial revision
carl
parents:
diff changeset
1355 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1356 if (smfi_setconn(optarg) == MI_FAILURE) {
96a9758165cd Initial revision
carl
parents:
diff changeset
1357 fprintf(stderr, "smfi_setconn failed\n");
96a9758165cd Initial revision
carl
parents:
diff changeset
1358 exit(EX_SOFTWARE);
96a9758165cd Initial revision
carl
parents:
diff changeset
1359 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1360
42
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
1361 if (strncasecmp(optarg, "unix:", 5) == 0) setup_socket(optarg + 5);
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
1362 else if (strncasecmp(optarg, "local:", 6) == 0) setup_socket(optarg + 6);
3
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1363 setconn = true;
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1364 break;
96a9758165cd Initial revision
carl
parents:
diff changeset
1365
96a9758165cd Initial revision
carl
parents:
diff changeset
1366 case 't':
96a9758165cd Initial revision
carl
parents:
diff changeset
1367 if (optarg == NULL || *optarg == '\0') {
96a9758165cd Initial revision
carl
parents:
diff changeset
1368 fprintf(stderr, "Illegal timeout: %s\n", optarg);
96a9758165cd Initial revision
carl
parents:
diff changeset
1369 exit(EX_USAGE);
96a9758165cd Initial revision
carl
parents:
diff changeset
1370 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1371 if (smfi_settimeout(atoi(optarg)) == MI_FAILURE) {
96a9758165cd Initial revision
carl
parents:
diff changeset
1372 fprintf(stderr, "smfi_settimeout failed\n");
96a9758165cd Initial revision
carl
parents:
diff changeset
1373 exit(EX_SOFTWARE);
96a9758165cd Initial revision
carl
parents:
diff changeset
1374 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1375 break;
96a9758165cd Initial revision
carl
parents:
diff changeset
1376
3
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1377 case 'c':
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1378 check = true;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1379 break;
7e1eb343a825 updates to use dcc conf files
carl
parents: 2
diff changeset
1380
16
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
1381 case 'd':
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
1382 debug_syslog = true;
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
1383 break;
2ae8d953f1d0 add scanning for bare hostnames
carl
parents: 14
diff changeset
1384
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1385 case 'h':
96a9758165cd Initial revision
carl
parents:
diff changeset
1386 default:
96a9758165cd Initial revision
carl
parents:
diff changeset
1387 usage(argv[0]);
96a9758165cd Initial revision
carl
parents:
diff changeset
1388 exit(EX_USAGE);
96a9758165cd Initial revision
carl
parents:
diff changeset
1389 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1390 }
5
793ac9cc114d updates to use dcc conf files
carl
parents: 4
diff changeset
1391
793ac9cc114d updates to use dcc conf files
carl
parents: 4
diff changeset
1392 if (check) {
793ac9cc114d updates to use dcc conf files
carl
parents: 4
diff changeset
1393 CONFIG &dc = *new_conf();
793ac9cc114d updates to use dcc conf files
carl
parents: 4
diff changeset
1394 dumpit(dc);
793ac9cc114d updates to use dcc conf files
carl
parents: 4
diff changeset
1395 return 0;
793ac9cc114d updates to use dcc conf files
carl
parents: 4
diff changeset
1396 }
793ac9cc114d updates to use dcc conf files
carl
parents: 4
diff changeset
1397
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1398 if (!setconn) {
96a9758165cd Initial revision
carl
parents:
diff changeset
1399 fprintf(stderr, "%s: Missing required -p argument\n", argv[0]);
96a9758165cd Initial revision
carl
parents:
diff changeset
1400 usage(argv[0]);
96a9758165cd Initial revision
carl
parents:
diff changeset
1401 exit(EX_USAGE);
96a9758165cd Initial revision
carl
parents:
diff changeset
1402 }
5
793ac9cc114d updates to use dcc conf files
carl
parents: 4
diff changeset
1403
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1404 if (smfi_register(smfilter) == MI_FAILURE) {
96a9758165cd Initial revision
carl
parents:
diff changeset
1405 fprintf(stderr, "smfi_register failed\n");
96a9758165cd Initial revision
carl
parents:
diff changeset
1406 exit(EX_UNAVAILABLE);
96a9758165cd Initial revision
carl
parents:
diff changeset
1407 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1408
96a9758165cd Initial revision
carl
parents:
diff changeset
1409 // switch to background mode
96a9758165cd Initial revision
carl
parents:
diff changeset
1410 if (daemon(1,0) < 0) {
96a9758165cd Initial revision
carl
parents:
diff changeset
1411 fprintf(stderr, "daemon() call failed\n");
96a9758165cd Initial revision
carl
parents:
diff changeset
1412 exit(EX_UNAVAILABLE);
96a9758165cd Initial revision
carl
parents:
diff changeset
1413 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1414
96a9758165cd Initial revision
carl
parents:
diff changeset
1415 // write the pid
96a9758165cd Initial revision
carl
parents:
diff changeset
1416 const char *pidpath = "/var/run/dnsbl.pid";
96a9758165cd Initial revision
carl
parents:
diff changeset
1417 unlink(pidpath);
96a9758165cd Initial revision
carl
parents:
diff changeset
1418 FILE *f = fopen(pidpath, "w");
96a9758165cd Initial revision
carl
parents:
diff changeset
1419 if (f) {
22
c21b888cc175 fix restart code, add ifdef for linux pid issues
carl
parents: 18
diff changeset
1420 #ifdef linux
c21b888cc175 fix restart code, add ifdef for linux pid issues
carl
parents: 18
diff changeset
1421 // from a comment in the DCC source code:
c21b888cc175 fix restart code, add ifdef for linux pid issues
carl
parents: 18
diff changeset
1422 // Linux threads are broken. Signals given the
c21b888cc175 fix restart code, add ifdef for linux pid issues
carl
parents: 18
diff changeset
1423 // original process are delivered to only the
c21b888cc175 fix restart code, add ifdef for linux pid issues
carl
parents: 18
diff changeset
1424 // thread that happens to have that PID. The
c21b888cc175 fix restart code, add ifdef for linux pid issues
carl
parents: 18
diff changeset
1425 // sendmail libmilter thread that needs to hear
c21b888cc175 fix restart code, add ifdef for linux pid issues
carl
parents: 18
diff changeset
1426 // SIGINT and other signals does not, and that breaks
c21b888cc175 fix restart code, add ifdef for linux pid issues
carl
parents: 18
diff changeset
1427 // scripts that need to stop milters.
c21b888cc175 fix restart code, add ifdef for linux pid issues
carl
parents: 18
diff changeset
1428 // However, signaling the process group works.
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1429 fprintf(f, "-%d\n", (u_int)getpgrp());
22
c21b888cc175 fix restart code, add ifdef for linux pid issues
carl
parents: 18
diff changeset
1430 #else
c21b888cc175 fix restart code, add ifdef for linux pid issues
carl
parents: 18
diff changeset
1431 fprintf(f, "%d\n", (u_int)getpid());
c21b888cc175 fix restart code, add ifdef for linux pid issues
carl
parents: 18
diff changeset
1432 #endif
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1433 fclose(f);
96a9758165cd Initial revision
carl
parents:
diff changeset
1434 }
96a9758165cd Initial revision
carl
parents:
diff changeset
1435
42
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
1436 // drop root privs
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
1437 struct passwd *pw = getpwnam("dnsbl");
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
1438 if (pw) {
48
5ef10dc14457 properly drop root privs
carl
parents: 46
diff changeset
1439 if (setgid(pw->pw_gid) == -1) {
5ef10dc14457 properly drop root privs
carl
parents: 46
diff changeset
1440 my_syslog("failed to switch to group dnsbl");
5ef10dc14457 properly drop root privs
carl
parents: 46
diff changeset
1441 }
42
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
1442 if (setuid(pw->pw_uid) == -1) {
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
1443 my_syslog("failed to switch to user dnsbl");
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
1444 }
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
1445 }
afcf403709ef updates for 3.2, try to drop root privileges
carl
parents: 41
diff changeset
1446
48
5ef10dc14457 properly drop root privs
carl
parents: 46
diff changeset
1447 // initialize the thread sync objects
5ef10dc14457 properly drop root privs
carl
parents: 46
diff changeset
1448 pthread_mutex_init(&config_mutex, 0);
5ef10dc14457 properly drop root privs
carl
parents: 46
diff changeset
1449 pthread_mutex_init(&syslog_mutex, 0);
5ef10dc14457 properly drop root privs
carl
parents: 46
diff changeset
1450 pthread_mutex_init(&resolve_mutex, 0);
5ef10dc14457 properly drop root privs
carl
parents: 46
diff changeset
1451
5ef10dc14457 properly drop root privs
carl
parents: 46
diff changeset
1452 // load the initial config
5ef10dc14457 properly drop root privs
carl
parents: 46
diff changeset
1453 config = new_conf();
5ef10dc14457 properly drop root privs
carl
parents: 46
diff changeset
1454
5ef10dc14457 properly drop root privs
carl
parents: 46
diff changeset
1455 // only create threads after the fork() in daemon
5ef10dc14457 properly drop root privs
carl
parents: 46
diff changeset
1456 pthread_t tid;
5ef10dc14457 properly drop root privs
carl
parents: 46
diff changeset
1457 if (pthread_create(&tid, 0, config_loader, 0))
5ef10dc14457 properly drop root privs
carl
parents: 46
diff changeset
1458 my_syslog("failed to create config loader thread");
5ef10dc14457 properly drop root privs
carl
parents: 46
diff changeset
1459 if (pthread_detach(tid))
5ef10dc14457 properly drop root privs
carl
parents: 46
diff changeset
1460 my_syslog("failed to detach config loader thread");
5ef10dc14457 properly drop root privs
carl
parents: 46
diff changeset
1461
18
041ea016b684 add scanning for bare hostnames
carl
parents: 16
diff changeset
1462 time_t starting = time(NULL);
041ea016b684 add scanning for bare hostnames
carl
parents: 16
diff changeset
1463 int rc = smfi_main();
22
c21b888cc175 fix restart code, add ifdef for linux pid issues
carl
parents: 18
diff changeset
1464 if ((rc != MI_SUCCESS) && (time(NULL) > starting+5*60)) {
18
041ea016b684 add scanning for bare hostnames
carl
parents: 16
diff changeset
1465 my_syslog("trying to restart after smfi_main()");
041ea016b684 add scanning for bare hostnames
carl
parents: 16
diff changeset
1466 loader_run = false; // eventually the config loader thread will terminate
041ea016b684 add scanning for bare hostnames
carl
parents: 16
diff changeset
1467 execvp(argv[0], argv);
041ea016b684 add scanning for bare hostnames
carl
parents: 16
diff changeset
1468 }
041ea016b684 add scanning for bare hostnames
carl
parents: 16
diff changeset
1469 exit((rc == MI_SUCCESS) ? 0 : EX_UNAVAILABLE);
0
96a9758165cd Initial revision
carl
parents:
diff changeset
1470 }
8
dbe18921f741 integration work on url scanner
carl
parents: 5
diff changeset
1471