Mercurial > dnsbl
annotate src/spamass.cpp.in @ 168:6bac960af6b4
add generic reverse dns filtering regex
author | carl |
---|---|
date | Thu, 30 Aug 2007 11:08:46 -0700 |
parents | 9b129ed78d7d |
children | bd33eaccfed8 |
rev | line source |
---|---|
163 | 1 /* |
2 | |
3 Copyright (c) 2007 Carl Byington - 510 Software Group, released under | |
4 the GPL version 3 or any later version at your choice available at | |
5 http://www.gnu.org/licenses/gpl-3.0.txt | |
6 | |
7 Based on spamass-milter by Georg C. F. Greve <greve@gnu.org> | |
8 | |
9 */ | |
10 | |
11 #include "config.h" | |
12 #include "dnsbl.h" | |
13 #include <errno.h> | |
14 #include <fcntl.h> | |
15 #include <poll.h> | |
16 #include <signal.h> | |
17 #include <string> | |
18 #include <sys/types.h> | |
19 #include <sys/wait.h> | |
20 #include <unistd.h> | |
21 | |
22 | |
23 static const char Id[] = "$Id$"; | |
24 | |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
25 char *spamc = "@SPAMC@"; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
26 char *spamc_empty = ""; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
27 bool warnedmacro = false; /* have we logged that we couldn't fetch a macro? */ |
163 | 28 const int maxlen = 1000; // used for snprintf buffers |
29 | |
30 | |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
31 SpamAssassin::SpamAssassin(mlfiPriv *priv_, int ip, char *helo_, char *from, char *qid) |
163 | 32 { |
33 error = false; | |
34 running = false; | |
35 first_recipient = true; | |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
36 priv = priv_; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
37 ip4 = ip; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
38 helo = helo_; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
39 envfrom = from; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
40 queueid = qid; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
41 pid = 0; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
42 pipe_io[0][0] = -1; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
43 pipe_io[0][1] = -1; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
44 pipe_io[1][0] = -1; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
45 pipe_io[1][1] = -1; |
163 | 46 } |
47 | |
48 | |
49 SpamAssassin::~SpamAssassin() | |
50 { | |
51 // close all pipes that are still open | |
52 if (pipe_io[0][0] > -1) close(pipe_io[0][0]); | |
53 if (pipe_io[0][1] > -1) close(pipe_io[0][1]); | |
54 if (pipe_io[1][0] > -1) close(pipe_io[1][0]); | |
55 if (pipe_io[1][1] > -1) close(pipe_io[1][1]); | |
56 // child still running? | |
57 if (running) { | |
58 // make sure the pid is valid | |
59 if (pid > 0) { | |
60 // slaughter child | |
61 kill(pid, SIGKILL); | |
62 // wait for child to terminate | |
63 int status; | |
64 waitpid(pid, &status, 0); | |
65 } | |
66 } | |
67 } | |
68 | |
69 | |
70 void SpamAssassin::mlfi_envrcpt(SMFICTX *ctx, char *envrcpt) | |
71 { | |
72 if (first_recipient) { | |
73 /* Send the envelope headers as X-Envelope-From: and | |
74 X-Envelope-To: so that SpamAssassin can use them in its | |
75 whitelist checks. Also forge as complete a dummy | |
76 Received: header as possible because SA gets a lot of | |
77 info from it. | |
78 | |
79 HReceived: $?sfrom $s $.$?_($?s$|from $.$_) | |
80 $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.) | |
81 $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version} | |
82 (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u | |
83 for $u; $|; | |
84 $.$b$?g | |
85 (envelope-from $g)$. | |
86 | |
87 */ | |
88 const char *macro_b, *macro_i, *macro_j, *macro_r, | |
89 *macro_s, *macro_v, *macro_Z, *macro__; | |
90 char date[32]; | |
91 time_t tval; | |
92 time(&tval); | |
93 strftime(date, sizeof(date), "%a, %d %b %Y %H:%M:%S %z", localtime(&tval)); | |
94 macro_b = date; | |
95 | |
168 | 96 // queue ID |
163 | 97 macro_i = queueid; |
98 | |
168 | 99 // FQDN of this site |
100 macro_j = getorwarnmacro(ctx, "j", "localhost", "ENVRCPT"); | |
163 | 101 |
168 | 102 // Protocol used to receive the message */ |
103 macro_r = getorwarnmacro(ctx, "r", "SMTP", "ENVRCPT"); | |
163 | 104 |
105 macro_s = helo; | |
106 | |
168 | 107 // Sendmail binary version |
108 macro_v = getorwarnmacro(ctx, "v", "8.13.0", "ENVRCPT"); | |
163 | 109 |
168 | 110 // Sendmail .cf version |
111 macro_Z = getorwarnmacro(ctx, "Z", "8.13.0", "ENVRCPT"); | |
163 | 112 |
168 | 113 // Validated sending site's address |
114 macro__ = getorwarnmacro(ctx, "_", "unknown", "ENVRCPT"); | |
163 | 115 |
116 output(string("Received: from ") + macro_s + " (" + macro__+ ")\r\n\t" + | |
117 "by " + macro_j + " (" + macro_v + "/" + macro_Z + ") with " + macro_r + " id " + macro_i + "\r\n\t" + | |
118 "for " + envfrom + ";\r\n\t" + | |
119 macro_b + "\r\n"); | |
120 | |
121 output(string("X-Envelope-From: ") + envfrom + "\r\n"); | |
122 } | |
123 output(string("X-Envelope-To: ") + envrcpt + "\r\n"); | |
124 first_recipient = false; | |
125 } | |
126 | |
127 | |
128 void SpamAssassin::mlfi_header(char* headerf, char* headerv) | |
129 { | |
130 if (!running) Connect(); | |
131 output(spamc_input); | |
132 output(headerf); | |
133 output(": "); | |
134 output(headerv); | |
135 output("\r\n"); | |
136 spamc_input.empty(); | |
137 } | |
138 | |
139 | |
140 void SpamAssassin::mlfi_eoh() | |
141 { | |
142 output("\r\n"); | |
143 } | |
144 | |
145 | |
146 void SpamAssassin::mlfi_body(u_char *bodyp, size_t bodylen) | |
147 { | |
148 output((char *)bodyp, bodylen); | |
149 } | |
150 | |
151 | |
152 int SpamAssassin::mlfi_eom() | |
153 { | |
154 close_output(); // signal EOF to SpamAssassin | |
155 input(); // read what the Assassin is telling us | |
156 my_syslog(priv, "spamc returned " + spamc_output); | |
157 return atoi(spamc_output.c_str()); | |
158 } | |
159 | |
160 | |
161 void SpamAssassin::Connect() | |
162 { | |
163 if (error) return; | |
164 // set up pipes for in- and output | |
165 error |= (pipe(pipe_io[0])); | |
166 error |= (pipe(pipe_io[1])); | |
167 if (error) return; | |
168 | |
169 // now execute SpamAssassin client for contact with SpamAssassin spamd | |
170 // start child process | |
171 pid = fork(); | |
172 switch (pid) { | |
173 case -1: | |
174 // forking trouble. | |
175 my_syslog(priv, "unable to fork for spamc"); | |
176 error = true; | |
177 close(pipe_io[0][0]); | |
178 close(pipe_io[0][1]); | |
179 close(pipe_io[1][0]); | |
180 close(pipe_io[1][1]); | |
181 pipe_io[0][0] = -1; | |
182 pipe_io[0][1] = -1; | |
183 pipe_io[1][0] = -1; | |
184 pipe_io[1][1] = -1; | |
185 return; | |
186 case 0: | |
187 // +++ CHILD +++ | |
188 | |
189 // close unused pipes | |
190 close(pipe_io[1][0]); | |
191 close(pipe_io[0][1]); | |
192 | |
193 // redirect stdin(0), stdout(1) and stderr(2) | |
194 dup2(pipe_io[0][0],0); | |
195 dup2(pipe_io[1][1],1); | |
196 dup2(pipe_io[1][1],2); | |
197 | |
198 closeall(3); | |
199 | |
200 // execute spamc | |
201 char* argv[3]; | |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
202 argv[0] = spamc; |
163 | 203 argv[1] = "-c"; |
204 argv[2] = NULL; | |
205 execvp(argv[0] , argv); // does not return! | |
206 _exit(1); // exec failed | |
207 break; | |
208 } | |
209 | |
210 // +++ PARENT +++ | |
211 | |
212 // close unused pipes | |
213 close(pipe_io[0][0]); | |
214 close(pipe_io[1][1]); | |
215 pipe_io[0][0] = -1; | |
216 pipe_io[1][1] = -1; | |
217 | |
218 // mark the pipes non-blocking | |
219 if (fcntl(pipe_io[0][1], F_SETFL, O_NONBLOCK) == -1) | |
220 error = true; | |
221 #if 0 /* don't really need to make the sink pipe nonblocking */ | |
222 if (fcntl(pipe_io[1][0], F_SETFL, O_NONBLOCK) == -1) | |
223 error = true; | |
224 #endif | |
225 | |
226 // we have to assume the client is running now. | |
227 running = true; | |
228 } | |
229 | |
230 | |
231 void SpamAssassin::output(const char* buffer, size_t size) | |
232 { | |
233 // if there are problems, fail. | |
234 if (error) return; | |
235 | |
236 if (!running) { | |
237 // buffer it | |
238 spamc_input.append(buffer, size); | |
239 return; | |
240 } | |
241 | |
242 // send to SpamAssassin | |
243 long total = 0; | |
244 long wsize = 0; | |
245 string reason; | |
246 int status; | |
247 do { | |
248 struct pollfd fds[2]; | |
249 int nfds = 2, nready; | |
250 fds[0].fd = pipe_io[0][1]; | |
251 fds[0].events = POLLOUT; | |
252 fds[0].revents = 0; | |
253 fds[1].fd = pipe_io[1][0]; | |
254 fds[1].events = POLLIN; | |
255 fds[1].revents = 0; | |
256 | |
257 nready = poll(fds, nfds, 1000); | |
258 if (nready == -1) { | |
259 my_syslog(priv, "poll failed"); | |
260 error = true; | |
261 return; | |
262 } | |
263 | |
264 if (fds[1].revents & (POLLERR|POLLNVAL|POLLHUP)) { | |
265 my_syslog(priv, "poll says my read pipe is busted"); | |
266 error = true; | |
267 return; | |
268 } | |
269 | |
270 if (fds[0].revents & (POLLERR|POLLNVAL|POLLHUP)) { | |
271 my_syslog(priv, "poll says my write pipe is busted"); | |
272 error = true; | |
273 return; | |
274 } | |
275 | |
276 if (fds[1].revents & POLLIN) { | |
277 read_pipe(); | |
278 } | |
279 | |
280 if (fds[0].revents & POLLOUT) { | |
281 switch(wsize = write(pipe_io[0][1], (char *)buffer + total, size - total)) { | |
282 case -1: | |
283 if (errno == EAGAIN) continue; | |
284 reason = string(strerror(errno)); | |
285 // close the pipes | |
286 close(pipe_io[0][1]); | |
287 close(pipe_io[1][0]); | |
288 pipe_io[0][1] = -1; | |
289 pipe_io[1][0] = -1; | |
290 // Slaughter child | |
291 kill(pid, SIGKILL); | |
292 // wait for child to terminate | |
293 waitpid(pid, &status, 0); | |
294 my_syslog(priv, "write error: " + reason); | |
295 error = true; | |
296 running = false; | |
297 return; | |
298 default: | |
299 total += wsize; | |
300 break; | |
301 } | |
302 } | |
303 } while ( total < size ); | |
304 } | |
305 | |
306 | |
307 void SpamAssassin::output(const char* buffer) | |
308 { | |
309 output(buffer, strlen(buffer)); | |
310 } | |
311 | |
312 | |
313 void SpamAssassin::output(string buffer) | |
314 { | |
315 output(buffer.c_str(), buffer.size()); | |
316 } | |
317 | |
318 | |
319 void SpamAssassin::close_output() | |
320 { | |
321 if (close(pipe_io[0][1])) | |
322 my_syslog(priv, "close error: " + string(strerror(errno))); | |
323 pipe_io[0][1] = -1; | |
324 } | |
325 | |
326 | |
327 void SpamAssassin::input() | |
328 { | |
329 if (!running || error) return; | |
330 empty_and_close_pipe(); | |
331 if (running) { | |
332 // wait until child is dead | |
333 int status; | |
334 if (waitpid(pid, &status, 0) < 0) { | |
335 error = true; | |
336 }; | |
337 } | |
338 running = false; | |
339 } | |
340 | |
341 | |
342 int SpamAssassin::read_pipe() | |
343 { | |
344 long size; | |
345 int status; | |
346 char iobuff[1024]; | |
347 string reason; | |
348 | |
349 if (pipe_io[1][0] == -1) return 0; | |
350 | |
351 size = read(pipe_io[1][0], iobuff, 1024); | |
352 | |
353 if (size < 0) { | |
354 reason = string(strerror(errno)); | |
355 // Close remaining pipe. | |
356 close(pipe_io[1][0]); | |
357 pipe_io[1][0] = -1; | |
358 // Slaughter child | |
359 kill(pid, SIGKILL); | |
360 // wait for child to terminate | |
361 waitpid(pid, &status, 0); | |
362 my_syslog(priv, "read error: " + reason); | |
363 size = 0; | |
364 error = true; | |
365 running = false; | |
366 } else if (size == 0) { | |
367 // EOF. Close the pipe | |
368 if (close(pipe_io[1][0])) { | |
369 error = true; | |
370 my_syslog(priv, "close error: " + string(strerror(errno))); | |
371 } | |
372 pipe_io[1][0] = -1; | |
373 } else { | |
374 // append to mail buffer | |
375 spamc_output.append(iobuff, size); | |
376 } | |
377 return size; | |
378 } | |
379 | |
380 | |
381 void SpamAssassin::empty_and_close_pipe() | |
382 { | |
383 while (read_pipe()) | |
384 ; | |
385 } | |
386 | |
387 | |
388 void SpamAssassin::closeall(int fd) | |
389 { | |
390 int fdlimit = sysconf(_SC_OPEN_MAX); | |
391 while (fd < fdlimit) | |
392 close(fd++); | |
393 } | |
394 | |
395 | |
168 | 396 char *SpamAssassin::getorwarnmacro(SMFICTX *ctx, char *macro, char *def, char *scope) |
397 { | |
398 char *rc = smfi_getsymval(ctx, macro); | |
399 if (!rc) { | |
400 rc = def; | |
401 warnmacro(macro, scope); | |
402 } | |
403 return rc; | |
404 } | |
405 | |
406 | |
163 | 407 void SpamAssassin::warnmacro(char *macro, char *scope) |
408 { | |
409 if (warnedmacro) return; | |
410 char buf[maxlen]; | |
411 snprintf(buf, sizeof(buf), "Could not retrieve sendmail macro %s. Add it to confMILTER_MACROS_%s for better results.", macro, scope); | |
412 my_syslog(priv, buf); | |
413 warnedmacro = true; | |
414 } | |
415 |