dnsbl: src/dnsbl.cpp annotate

annotate src/dnsbl.cpp @ 36:95607fbef608

no message

author	carl
date	Sun, 30 May 2004 18:38:36 -0700
parents	d718dca81bc9
children	6e9d0b2d0720

rev	line source
0 96a9758165cd Initial revision carl parents: diff changeset	1 /*
96a9758165cd Initial revision carl parents: diff changeset	2
96a9758165cd Initial revision carl parents: diff changeset	3 Copyright (c) 2004 Carl Byington - 510 Software Group, released under
96a9758165cd Initial revision carl parents: diff changeset	4 the GPL version 2 or any later version at your choice available at
96a9758165cd Initial revision carl parents: diff changeset	5 http://www.fsf.org/licenses/gpl.txt
96a9758165cd Initial revision carl parents: diff changeset	6
96a9758165cd Initial revision carl parents: diff changeset	7 Based on a sample milter Copyright (c) 2000-2003 Sendmail, Inc. and its
96a9758165cd Initial revision carl parents: diff changeset	8 suppliers. Inspired by the DCC by Rhyolite Software
96a9758165cd Initial revision carl parents: diff changeset	9
96a9758165cd Initial revision carl parents: diff changeset	10 -p port The port through which the MTA will connect to this milter.
96a9758165cd Initial revision carl parents: diff changeset	11 -t sec The timeout value.
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	12 -c Check the config, and print a copy to stdout. Don't start the
4 15a7e942adec updates to use dcc conf files carl parents: 3 diff changeset	13 milter or do anything with the socket.
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	14 -d Add debug syslog entries
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	15
0 96a9758165cd Initial revision carl parents: diff changeset	16
13 2752e512fd32 finish documentation carl parents: 12 diff changeset	17 TODO:
2752e512fd32 finish documentation carl parents: 12 diff changeset	18 1) Add config for max_recipients for each mail domain. Recipients in
2752e512fd32 finish documentation carl parents: 12 diff changeset	19 excess of that limit will be rejected, and the entire data will be
2752e512fd32 finish documentation carl parents: 12 diff changeset	20 rejected if it is sent.
2752e512fd32 finish documentation carl parents: 12 diff changeset	21
2752e512fd32 finish documentation carl parents: 12 diff changeset	22 2) Add config for poison addresses. If any recipient is poison, all
2752e512fd32 finish documentation carl parents: 12 diff changeset	23 recipients are rejected even if they would be whitelisted, and the
2752e512fd32 finish documentation carl parents: 12 diff changeset	24 data is rejected if sent.
2752e512fd32 finish documentation carl parents: 12 diff changeset	25
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	26 3) Add option to only allow one recipient if the return path is empty.
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	27
0 96a9758165cd Initial revision carl parents: diff changeset	28 */
96a9758165cd Initial revision carl parents: diff changeset	29
96a9758165cd Initial revision carl parents: diff changeset	30
96a9758165cd Initial revision carl parents: diff changeset	31 // from sendmail sample
96a9758165cd Initial revision carl parents: diff changeset	32 #include <sys/types.h>
96a9758165cd Initial revision carl parents: diff changeset	33 #include <sys/stat.h>
96a9758165cd Initial revision carl parents: diff changeset	34 #include <errno.h>
96a9758165cd Initial revision carl parents: diff changeset	35 #include <sysexits.h>
96a9758165cd Initial revision carl parents: diff changeset	36 #include <unistd.h>
96a9758165cd Initial revision carl parents: diff changeset	37
96a9758165cd Initial revision carl parents: diff changeset	38 // needed for socket io
96a9758165cd Initial revision carl parents: diff changeset	39 #include <sys/ioctl.h>
96a9758165cd Initial revision carl parents: diff changeset	40 #include <net/if.h>
96a9758165cd Initial revision carl parents: diff changeset	41 #include <arpa/inet.h>
96a9758165cd Initial revision carl parents: diff changeset	42 #include <netinet/in.h>
96a9758165cd Initial revision carl parents: diff changeset	43 #include <netinet/tcp.h>
96a9758165cd Initial revision carl parents: diff changeset	44 #include <netdb.h>
96a9758165cd Initial revision carl parents: diff changeset	45 #include <sys/socket.h>
96a9758165cd Initial revision carl parents: diff changeset	46
96a9758165cd Initial revision carl parents: diff changeset	47 // needed for thread
96a9758165cd Initial revision carl parents: diff changeset	48 #include <pthread.h>
96a9758165cd Initial revision carl parents: diff changeset	49
96a9758165cd Initial revision carl parents: diff changeset	50 // needed for std c++ collections
96a9758165cd Initial revision carl parents: diff changeset	51 #include <set>
96a9758165cd Initial revision carl parents: diff changeset	52 #include <map>
96a9758165cd Initial revision carl parents: diff changeset	53 #include <list>
96a9758165cd Initial revision carl parents: diff changeset	54
96a9758165cd Initial revision carl parents: diff changeset	55 // for the dns resolver
96a9758165cd Initial revision carl parents: diff changeset	56 #include <netinet/in.h>
96a9758165cd Initial revision carl parents: diff changeset	57 #include <arpa/nameser.h>
96a9758165cd Initial revision carl parents: diff changeset	58 #include <resolv.h>
96a9758165cd Initial revision carl parents: diff changeset	59
96a9758165cd Initial revision carl parents: diff changeset	60 // misc stuff needed here
96a9758165cd Initial revision carl parents: diff changeset	61 #include <ctype.h>
96a9758165cd Initial revision carl parents: diff changeset	62 #include <fstream>
96a9758165cd Initial revision carl parents: diff changeset	63 #include <syslog.h>
96a9758165cd Initial revision carl parents: diff changeset	64
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	65 static char* dnsbl_version="$Id$";
0 96a9758165cd Initial revision carl parents: diff changeset	66
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	67 #define DEFAULT "default"
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	68 #define WHITE "white"
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	69 #define BLACK "black"
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	70 #define OK "ok"
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	71 #define MANY "many"
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	72
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	73 enum status {oksofar, // not rejected yet
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	74 white, // whitelisted by envelope from
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	75 black, // blacklisted by envelope from or to
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	76 reject, // rejected by a dns list
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	77 reject_tag, // too many bad html tags
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	78 reject_host}; // too many hosts/urls in body
1 bd0b1a153f67 no message carl parents: 0 diff changeset	79
0 96a9758165cd Initial revision carl parents: diff changeset	80 using namespace std;
96a9758165cd Initial revision carl parents: diff changeset	81
96a9758165cd Initial revision carl parents: diff changeset	82 extern "C" {
96a9758165cd Initial revision carl parents: diff changeset	83 #include "libmilter/mfapi.h"
96a9758165cd Initial revision carl parents: diff changeset	84 sfsistat mlfi_connect(SMFICTX ctx, char hostname, _SOCK_ADDR *hostaddr);
96a9758165cd Initial revision carl parents: diff changeset	85 sfsistat mlfi_envfrom(SMFICTX ctx, char *argv);
96a9758165cd Initial revision carl parents: diff changeset	86 sfsistat mlfi_envrcpt(SMFICTX ctx, char *argv);
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	87 sfsistat mlfi_body(SMFICTX ctx, u_char data, size_t len);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	88 sfsistat mlfi_eom(SMFICTX *ctx);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	89 sfsistat mlfi_abort(SMFICTX *ctx);
0 96a9758165cd Initial revision carl parents: diff changeset	90 sfsistat mlfi_close(SMFICTX *ctx);
96a9758165cd Initial revision carl parents: diff changeset	91 }
96a9758165cd Initial revision carl parents: diff changeset	92
96a9758165cd Initial revision carl parents: diff changeset	93 struct ltstr {
96a9758165cd Initial revision carl parents: diff changeset	94 bool operator()(char* s1, char* s2) const {
96a9758165cd Initial revision carl parents: diff changeset	95 return strcmp(s1, s2) < 0;
96a9758165cd Initial revision carl parents: diff changeset	96 }
96a9758165cd Initial revision carl parents: diff changeset	97 };
96a9758165cd Initial revision carl parents: diff changeset	98
96a9758165cd Initial revision carl parents: diff changeset	99 struct DNSBL {
96a9758165cd Initial revision carl parents: diff changeset	100 char *suffix; // blacklist suffix like blackholes.five-ten-sg.com
96a9758165cd Initial revision carl parents: diff changeset	101 char *message; // error message with one or two %s operators for the ip address replacement
96a9758165cd Initial revision carl parents: diff changeset	102 DNSBL(char s, char m);
96a9758165cd Initial revision carl parents: diff changeset	103 };
96a9758165cd Initial revision carl parents: diff changeset	104 DNSBL::DNSBL(char s, char m) {
96a9758165cd Initial revision carl parents: diff changeset	105 suffix = s;
96a9758165cd Initial revision carl parents: diff changeset	106 message = m;
96a9758165cd Initial revision carl parents: diff changeset	107 }
96a9758165cd Initial revision carl parents: diff changeset	108
96a9758165cd Initial revision carl parents: diff changeset	109 typedef DNSBL * DNSBLP;
96a9758165cd Initial revision carl parents: diff changeset	110 typedef list<DNSBLP> DNSBLL;
96a9758165cd Initial revision carl parents: diff changeset	111 typedef DNSBLL * DNSBLLP;
96a9758165cd Initial revision carl parents: diff changeset	112 typedef map<char , char , ltstr> string_map;
96a9758165cd Initial revision carl parents: diff changeset	113 typedef map<char , string_map , ltstr> from_map;
96a9758165cd Initial revision carl parents: diff changeset	114 typedef map<char *, DNSBLP, ltstr> dnsblp_map;
96a9758165cd Initial revision carl parents: diff changeset	115 typedef map<char *, DNSBLLP, ltstr> dnsbllp_map;
96a9758165cd Initial revision carl parents: diff changeset	116 typedef set<char *, ltstr> string_set;
96a9758165cd Initial revision carl parents: diff changeset	117 typedef list<char *> string_list;
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	118 typedef map<char *, int, ltstr> ns_map;
0 96a9758165cd Initial revision carl parents: diff changeset	119
96a9758165cd Initial revision carl parents: diff changeset	120 struct CONFIG {
96a9758165cd Initial revision carl parents: diff changeset	121 // the only mutable stuff once it has been loaded from the config file
96a9758165cd Initial revision carl parents: diff changeset	122 int reference_count; // protected by the global config_mutex
96a9758165cd Initial revision carl parents: diff changeset	123 // all the rest is constant after loading from the config file
29 4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	124 int generation;
0 96a9758165cd Initial revision carl parents: diff changeset	125 time_t load_time;
96a9758165cd Initial revision carl parents: diff changeset	126 string_list config_files;
96a9758165cd Initial revision carl parents: diff changeset	127 dnsblp_map dnsbls;
96a9758165cd Initial revision carl parents: diff changeset	128 dnsbllp_map dnsblls;
96a9758165cd Initial revision carl parents: diff changeset	129 from_map env_from;
96a9758165cd Initial revision carl parents: diff changeset	130 string_map env_to_dnsbll; // map recipient to a named dnsbll
96a9758165cd Initial revision carl parents: diff changeset	131 string_map env_to_chkfrom; // map recipient to a named from map
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	132 char * content_suffix; // for sbl url body filtering
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	133 char * content_message; // ""
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	134 char * host_limit_message; // error message for excessive host names
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	135 int host_limit; // limit on host names
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	136 char * tag_limit_message; // error message for excessive bad html tags
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	137 int tag_limit; // limit on bad html tags
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	138 string_set html_tags; // set of valid html tags
28 33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	139 string_set tlds; // set of valid tld components
0 96a9758165cd Initial revision carl parents: diff changeset	140 CONFIG();
96a9758165cd Initial revision carl parents: diff changeset	141 ~CONFIG();
96a9758165cd Initial revision carl parents: diff changeset	142 };
96a9758165cd Initial revision carl parents: diff changeset	143 CONFIG::CONFIG() {
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	144 reference_count = 0;
29 4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	145 generation = 0;
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	146 load_time = 0;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	147 content_suffix = NULL;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	148 content_message = NULL;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	149 host_limit_message = NULL;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	150 host_limit = 0;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	151 tag_limit_message = NULL;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	152 tag_limit = 0;
0 96a9758165cd Initial revision carl parents: diff changeset	153 }
96a9758165cd Initial revision carl parents: diff changeset	154 CONFIG::~CONFIG() {
96a9758165cd Initial revision carl parents: diff changeset	155 for (dnsblp_map::iterator i=dnsbls.begin(); i!=dnsbls.end(); i++) {
96a9758165cd Initial revision carl parents: diff changeset	156 DNSBLP d = (*i).second;
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	157 // delete the underlying DNSBL objects.
0 96a9758165cd Initial revision carl parents: diff changeset	158 delete d;
96a9758165cd Initial revision carl parents: diff changeset	159 }
96a9758165cd Initial revision carl parents: diff changeset	160 for (dnsbllp_map::iterator i=dnsblls.begin(); i!=dnsblls.end(); i++) {
96a9758165cd Initial revision carl parents: diff changeset	161 DNSBLLP d = (*i).second;
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	162 // *d is a list of pointers to DNSBL objects, but
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	163 // the underlying objects have already been deleted above.
0 96a9758165cd Initial revision carl parents: diff changeset	164 delete d;
96a9758165cd Initial revision carl parents: diff changeset	165 }
96a9758165cd Initial revision carl parents: diff changeset	166 for (from_map::iterator i=env_from.begin(); i!=env_from.end(); i++) {
96a9758165cd Initial revision carl parents: diff changeset	167 string_map d = (i).second;
96a9758165cd Initial revision carl parents: diff changeset	168 delete d;
96a9758165cd Initial revision carl parents: diff changeset	169 }
96a9758165cd Initial revision carl parents: diff changeset	170 }
96a9758165cd Initial revision carl parents: diff changeset	171
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	172 static bool debug_syslog = false;
18 041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	173 static bool loader_run = true; // used to stop the config loader thread
0 96a9758165cd Initial revision carl parents: diff changeset	174 static string_set all_strings; // owns all the strings, only modified by the config loader thread
96a9758165cd Initial revision carl parents: diff changeset	175 static CONFIG * config = NULL; // protected by the config_mutex
29 4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	176 static int generation = 0; // protected by the config_mutex
0 96a9758165cd Initial revision carl parents: diff changeset	177
96a9758165cd Initial revision carl parents: diff changeset	178 static pthread_mutex_t config_mutex;
96a9758165cd Initial revision carl parents: diff changeset	179 static pthread_mutex_t syslog_mutex;
96a9758165cd Initial revision carl parents: diff changeset	180 static pthread_mutex_t resolve_mutex;
96a9758165cd Initial revision carl parents: diff changeset	181
96a9758165cd Initial revision carl parents: diff changeset	182
96a9758165cd Initial revision carl parents: diff changeset	183 ////////////////////////////////////////////////
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	184 // helper to discard the strings and objects held by an ns_map
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	185 //
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	186 static void discard(ns_map &s);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	187 static void discard(ns_map &s) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	188 for (ns_map::iterator i=s.begin(); i!=s.end(); i++) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	189 char x = (i).first;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	190 free(x);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	191 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	192 s.clear();
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	193 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	194
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	195 ////////////////////////////////////////////////
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	196 // helper to register a string in an ns_map
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	197 //
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	198 static void register_string(ns_map &s, char *name);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	199 static void register_string(ns_map &s, char *name) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	200 ns_map::iterator i = s.find(name);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	201 if (i != s.end()) return;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	202 char *x = strdup(name);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	203 s[x] = 0;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	204 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	205
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	206 ////////////////////////////////////////////////
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	207 // helper to discard the strings held by a string_set
0 96a9758165cd Initial revision carl parents: diff changeset	208 //
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	209 static void discard(string_set &s);
8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	210 static void discard(string_set &s) {
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	211 for (string_set::iterator i=s.begin(); i!=s.end(); i++) {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	212 free(*i);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	213 }
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	214 s.clear();
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	215 }
0 96a9758165cd Initial revision carl parents: diff changeset	216
12 6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	217 ////////////////////////////////////////////////
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	218 // helper to register a string in a string set
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	219 //
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	220 static char* register_string(string_set &s, char *name);
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	221 static char* register_string(string_set &s, char *name) {
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	222 string_set::iterator i = s.find(name);
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	223 if (i != s.end()) return *i;
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	224 char *x = strdup(name);
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	225 s.insert(x);
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	226 return x;
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	227 }
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	228
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	229 ////////////////////////////////////////////////
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	230 // syslog a message
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	231 //
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	232 static void my_syslog(char *text);
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	233 static void my_syslog(char *text) {
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	234 pthread_mutex_lock(&syslog_mutex);
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	235 openlog("dnsbl", LOG_PID, LOG_MAIL);
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	236 syslog(LOG_NOTICE, "%s", text);
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	237 closelog();
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	238 pthread_mutex_unlock(&syslog_mutex);
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	239 }
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	240
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	241
12 6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	242 // include the content scanner
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	243 #include "scanner.cpp"
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	244
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	245
0 96a9758165cd Initial revision carl parents: diff changeset	246 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	247 // mail filter private data, held for us by sendmail
96a9758165cd Initial revision carl parents: diff changeset	248 //
96a9758165cd Initial revision carl parents: diff changeset	249 struct mlfiPriv
96a9758165cd Initial revision carl parents: diff changeset	250 {
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	251 // connection specific data
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	252 CONFIG *pc; // global context with our maps
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	253 int ip; // ip4 address of the smtp client
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	254 map<DNSBLP, status> checked; // status from those lists
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	255 // message specific data
0 96a9758165cd Initial revision carl parents: diff changeset	256 char *mailaddr; // envelope from value
96a9758165cd Initial revision carl parents: diff changeset	257 bool authenticated; // client authenticated? if so, suppress all dnsbl checks
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	258 bool have_whites; // have at least one whitelisted recipient? need to accept content and remove all non-whitelisted recipients if it fails
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	259 bool only_whites; // every recipient is whitelisted?
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	260 string_set non_whites; // remember the non-whitelisted recipients so we can remove them if need be
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	261 recorder *memory; // memory for the content scanner
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	262 url_scanner *scanner; // object to handle body scanning
0 96a9758165cd Initial revision carl parents: diff changeset	263 mlfiPriv();
96a9758165cd Initial revision carl parents: diff changeset	264 ~mlfiPriv();
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	265 void reset(bool final = false); // for a new message
0 96a9758165cd Initial revision carl parents: diff changeset	266 };
96a9758165cd Initial revision carl parents: diff changeset	267 mlfiPriv::mlfiPriv() {
96a9758165cd Initial revision carl parents: diff changeset	268 pthread_mutex_lock(&config_mutex);
96a9758165cd Initial revision carl parents: diff changeset	269 pc = config;
96a9758165cd Initial revision carl parents: diff changeset	270 pc->reference_count++;
96a9758165cd Initial revision carl parents: diff changeset	271 pthread_mutex_unlock(&config_mutex);
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	272 ip = 0;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	273 mailaddr = NULL;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	274 authenticated = false;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	275 have_whites = false;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	276 only_whites = true;
28 33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	277 memory = new recorder(&pc->html_tags, &pc->tlds);
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	278 scanner = new url_scanner(memory);
0 96a9758165cd Initial revision carl parents: diff changeset	279 }
96a9758165cd Initial revision carl parents: diff changeset	280 mlfiPriv::~mlfiPriv() {
96a9758165cd Initial revision carl parents: diff changeset	281 pthread_mutex_lock(&config_mutex);
96a9758165cd Initial revision carl parents: diff changeset	282 pc->reference_count--;
96a9758165cd Initial revision carl parents: diff changeset	283 pthread_mutex_unlock(&config_mutex);
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	284 reset(true);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	285 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	286 void mlfiPriv::reset(bool final) {
0 96a9758165cd Initial revision carl parents: diff changeset	287 if (mailaddr) free(mailaddr);
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	288 discard(non_whites);
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	289 delete memory;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	290 delete scanner;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	291 if (!final) {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	292 mailaddr = NULL;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	293 authenticated = false;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	294 have_whites = false;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	295 only_whites = true;
28 33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	296 memory = new recorder(&pc->html_tags, &pc->tlds);
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	297 scanner = new url_scanner(memory);
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	298 }
0 96a9758165cd Initial revision carl parents: diff changeset	299 }
96a9758165cd Initial revision carl parents: diff changeset	300
96a9758165cd Initial revision carl parents: diff changeset	301 #define MLFIPRIV ((struct mlfiPriv *) smfi_getpriv(ctx))
96a9758165cd Initial revision carl parents: diff changeset	302
96a9758165cd Initial revision carl parents: diff changeset	303
96a9758165cd Initial revision carl parents: diff changeset	304 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	305 // register a global string
96a9758165cd Initial revision carl parents: diff changeset	306 //
96a9758165cd Initial revision carl parents: diff changeset	307 static char* register_string(char *name);
96a9758165cd Initial revision carl parents: diff changeset	308 static char* register_string(char *name) {
12 6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	309 return register_string(all_strings, name);
0 96a9758165cd Initial revision carl parents: diff changeset	310 }
96a9758165cd Initial revision carl parents: diff changeset	311
96a9758165cd Initial revision carl parents: diff changeset	312
96a9758165cd Initial revision carl parents: diff changeset	313 static char* next_token(char *delim);
96a9758165cd Initial revision carl parents: diff changeset	314 static char* next_token(char *delim) {
96a9758165cd Initial revision carl parents: diff changeset	315 char *name = strtok(NULL, delim);
96a9758165cd Initial revision carl parents: diff changeset	316 if (!name) return name;
96a9758165cd Initial revision carl parents: diff changeset	317 return register_string(name);
96a9758165cd Initial revision carl parents: diff changeset	318 }
96a9758165cd Initial revision carl parents: diff changeset	319
96a9758165cd Initial revision carl parents: diff changeset	320
96a9758165cd Initial revision carl parents: diff changeset	321 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	322 // lookup an email address in the env_from or env_to maps
96a9758165cd Initial revision carl parents: diff changeset	323 //
96a9758165cd Initial revision carl parents: diff changeset	324 static char* lookup1(char *email, string_map map);
96a9758165cd Initial revision carl parents: diff changeset	325 static char* lookup1(char *email, string_map map) {
96a9758165cd Initial revision carl parents: diff changeset	326 string_map::iterator i = map.find(email);
96a9758165cd Initial revision carl parents: diff changeset	327 if (i != map.end()) return (*i).second;
96a9758165cd Initial revision carl parents: diff changeset	328 char *x = strchr(email, '@');
96a9758165cd Initial revision carl parents: diff changeset	329 if (!x) return DEFAULT;
96a9758165cd Initial revision carl parents: diff changeset	330 x++;
96a9758165cd Initial revision carl parents: diff changeset	331 i = map.find(x);
96a9758165cd Initial revision carl parents: diff changeset	332 if (i != map.end()) return (*i).second;
96a9758165cd Initial revision carl parents: diff changeset	333 return DEFAULT;
96a9758165cd Initial revision carl parents: diff changeset	334 }
96a9758165cd Initial revision carl parents: diff changeset	335
96a9758165cd Initial revision carl parents: diff changeset	336
96a9758165cd Initial revision carl parents: diff changeset	337 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	338 // lookup an email address in the env_from or env_to maps
96a9758165cd Initial revision carl parents: diff changeset	339 // this email address is passed in from sendmail, and will
96a9758165cd Initial revision carl parents: diff changeset	340 // always be enclosed in <>. It may have mixed case, just
96a9758165cd Initial revision carl parents: diff changeset	341 // as the mail client sent it.
96a9758165cd Initial revision carl parents: diff changeset	342 //
96a9758165cd Initial revision carl parents: diff changeset	343 static char* lookup(char* email, string_map map);
96a9758165cd Initial revision carl parents: diff changeset	344 static char* lookup(char* email, string_map map) {
96a9758165cd Initial revision carl parents: diff changeset	345 int n = strlen(email)-2;
96a9758165cd Initial revision carl parents: diff changeset	346 if (n < 1) return DEFAULT; // malformed
96a9758165cd Initial revision carl parents: diff changeset	347 char *key = strdup(email+1);
96a9758165cd Initial revision carl parents: diff changeset	348 key[n] = '\0';
96a9758165cd Initial revision carl parents: diff changeset	349 for (int i=0; i<n; i++) key[i] = tolower(key[i]);
96a9758165cd Initial revision carl parents: diff changeset	350 char *rc = lookup1(key, map);
96a9758165cd Initial revision carl parents: diff changeset	351 free(key);
96a9758165cd Initial revision carl parents: diff changeset	352 return rc;
96a9758165cd Initial revision carl parents: diff changeset	353 }
96a9758165cd Initial revision carl parents: diff changeset	354
96a9758165cd Initial revision carl parents: diff changeset	355
96a9758165cd Initial revision carl parents: diff changeset	356 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	357 // find the dnsbl with a specific name
96a9758165cd Initial revision carl parents: diff changeset	358 //
96a9758165cd Initial revision carl parents: diff changeset	359 static DNSBLP find_dnsbl(CONFIG &dc, char *name);
96a9758165cd Initial revision carl parents: diff changeset	360 static DNSBLP find_dnsbl(CONFIG &dc, char *name) {
96a9758165cd Initial revision carl parents: diff changeset	361 dnsblp_map::iterator i = dc.dnsbls.find(name);
96a9758165cd Initial revision carl parents: diff changeset	362 if (i == dc.dnsbls.end()) return NULL;
96a9758165cd Initial revision carl parents: diff changeset	363 return (*i).second;
96a9758165cd Initial revision carl parents: diff changeset	364 }
96a9758165cd Initial revision carl parents: diff changeset	365
96a9758165cd Initial revision carl parents: diff changeset	366
96a9758165cd Initial revision carl parents: diff changeset	367 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	368 // find the dnsbll with a specific name
96a9758165cd Initial revision carl parents: diff changeset	369 //
96a9758165cd Initial revision carl parents: diff changeset	370 static DNSBLLP find_dnsbll(CONFIG &dc, char *name);
96a9758165cd Initial revision carl parents: diff changeset	371 static DNSBLLP find_dnsbll(CONFIG &dc, char *name) {
96a9758165cd Initial revision carl parents: diff changeset	372 dnsbllp_map::iterator i = dc.dnsblls.find(name);
96a9758165cd Initial revision carl parents: diff changeset	373 if (i == dc.dnsblls.end()) return NULL;
96a9758165cd Initial revision carl parents: diff changeset	374 return (*i).second;
96a9758165cd Initial revision carl parents: diff changeset	375 }
96a9758165cd Initial revision carl parents: diff changeset	376
96a9758165cd Initial revision carl parents: diff changeset	377
96a9758165cd Initial revision carl parents: diff changeset	378 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	379 // find the envfrom map with a specific name
96a9758165cd Initial revision carl parents: diff changeset	380 //
96a9758165cd Initial revision carl parents: diff changeset	381 static string_map* find_from_map(CONFIG &dc, char *name);
96a9758165cd Initial revision carl parents: diff changeset	382 static string_map* find_from_map(CONFIG &dc, char *name) {
96a9758165cd Initial revision carl parents: diff changeset	383 from_map::iterator i = dc.env_from.find(name);
96a9758165cd Initial revision carl parents: diff changeset	384 if (i == dc.env_from.end()) return NULL;
96a9758165cd Initial revision carl parents: diff changeset	385 return (*i).second;
96a9758165cd Initial revision carl parents: diff changeset	386 }
96a9758165cd Initial revision carl parents: diff changeset	387
96a9758165cd Initial revision carl parents: diff changeset	388
96a9758165cd Initial revision carl parents: diff changeset	389 static string_map& really_find_from_map(CONFIG &dc, char *name);
96a9758165cd Initial revision carl parents: diff changeset	390 static string_map& really_find_from_map(CONFIG &dc, char *name) {
96a9758165cd Initial revision carl parents: diff changeset	391 string_map *sm = find_from_map(dc, name);
96a9758165cd Initial revision carl parents: diff changeset	392 if (!sm) {
96a9758165cd Initial revision carl parents: diff changeset	393 sm = new string_map;
96a9758165cd Initial revision carl parents: diff changeset	394 dc.env_from[name] = sm;
96a9758165cd Initial revision carl parents: diff changeset	395 }
96a9758165cd Initial revision carl parents: diff changeset	396 return *sm;
96a9758165cd Initial revision carl parents: diff changeset	397 }
96a9758165cd Initial revision carl parents: diff changeset	398
96a9758165cd Initial revision carl parents: diff changeset	399
96a9758165cd Initial revision carl parents: diff changeset	400 ////////////////////////////////////////////////
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	401 //
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	402 // ask a dns question and get an A record answer - we don't try
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	403 // very hard, just using the default resolver retry settings.
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	404 // If we cannot get an answer, we just accept the mail. The
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	405 // caller must ensure thread safety.
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	406 //
0 96a9758165cd Initial revision carl parents: diff changeset	407 //
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	408 static int dns_interface(char question, bool maybe_ip, ns_map nameservers);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	409 static int dns_interface(char question, bool maybe_ip, ns_map nameservers) {
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	410 #ifdef NS_PACKETSZ
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	411 u_char answer[NS_PACKETSZ];
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	412 int length = res_search(question, ns_c_in, ns_t_a, answer, sizeof(answer));
23 06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	413 if (length >= 0) { // no error yet
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	414 // parse the answer
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	415 ns_msg handle;
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	416 ns_rr rr;
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	417 if (ns_initparse(answer, length, &handle) == 0) {
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	418 // look for ns names
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	419 if (nameservers) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	420 ns_map &ns = *nameservers;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	421 int rrnum = 0;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	422 while (ns_parserr(&handle, ns_s_ns, rrnum++, &rr) == 0) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	423 if (ns_rr_type(rr) == ns_t_ns) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	424 char nam[NS_MAXDNAME+1];
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	425 char *n = nam;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	426 const u_char *p = ns_rr_rdata(rr);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	427 while (((n-nam) < NS_MAXDNAME) && ((p-answer) < length) && *p) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	428 size_t s = *(p++);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	429 if (s > 191) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	430 // compression pointer
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	431 s = (s-192)256 + (p++);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	432 if (s >= length) break; // pointer outside bounds of answer
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	433 p = answer + s;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	434 s = *(p++);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	435 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	436 if (s > 0) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	437 if ((n-nam) >= (NS_MAXDNAME-s)) break; // destination would overflow name buffer
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	438 if ((p-answer) >= (length-s)) break; // source outside bounds of answer
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	439 memcpy(n, p, s);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	440 n += s;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	441 p += s;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	442 *(n++) = '.';
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	443 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	444 }
36 95607fbef608 no message carl parents: 35 diff changeset	445 if (n-nam) n--; // remove trailing .
95607fbef608 no message carl parents: 35 diff changeset	446 *n = '\0'; // null terminate it
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	447 register_string(ns, nam); // ns host to lookup later
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	448 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	449 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	450 rrnum = 0;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	451 while (ns_parserr(&handle, ns_s_ar, rrnum++, &rr) == 0) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	452 if (ns_rr_type(rr) == ns_t_a) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	453 char* nam = (char*)ns_rr_name(rr);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	454 ns_map::iterator i = ns.find(nam);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	455 if (i != ns.end()) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	456 // we want this ip address
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	457 int address;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	458 memcpy(&address, ns_rr_rdata(rr), sizeof(address));
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	459 ns[nam] = address;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	460 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	461 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	462 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	463 }
23 06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	464 int rrnum = 0;
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	465 while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) {
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	466 if (ns_rr_type(rr) == ns_t_a) {
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	467 int address;
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	468 memcpy(&address, ns_rr_rdata(rr), sizeof(address));
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	469 return address;
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	470 }
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	471 }
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	472 }
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	473 }
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	474 if (maybe_ip) {
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	475 // might be a bare ip address
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	476 in_addr ip;
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	477 if (inet_aton(question, &ip)) {
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	478 return ip.s_addr;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	479 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	480 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	481 return 0;
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	482 #else
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	483 struct hostent *host = gethostbyname(question);
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	484 if (!host) return 0;
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	485 if (host->h_addrtype != AF_INET) return 0;
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	486 int address;
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	487 memcpy(&address, host->h_addr, sizeof(address));
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	488 return address;
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	489 #endif
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	490 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	491
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	492 static int protected_dns_interface(char question, bool maybe_ip, ns_map nameservers);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	493 static int protected_dns_interface(char question, bool maybe_ip, ns_map nameservers) {
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	494 int ans;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	495 pthread_mutex_lock(&resolve_mutex);
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	496 ans = dns_interface(question, maybe_ip, nameservers);
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	497 pthread_mutex_unlock(&resolve_mutex);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	498 return ans;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	499
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	500 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	501
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	502 ////////////////////////////////////////////////
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	503 // check a single dnsbl
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	504 //
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	505 static status check_single(int ip, char *suffix);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	506 static status check_single(int ip, char *suffix) {
0 96a9758165cd Initial revision carl parents: diff changeset	507 // make a dns question
96a9758165cd Initial revision carl parents: diff changeset	508 const u_char src = (const u_char )&ip;
96a9758165cd Initial revision carl parents: diff changeset	509 if (src[0] == 127) return oksofar; // don't do dns lookups on localhost
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	510 #ifdef NS_MAXDNAME
0 96a9758165cd Initial revision carl parents: diff changeset	511 char question[NS_MAXDNAME];
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	512 #else
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	513 char question[1000];
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	514 #endif
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	515 snprintf(question, sizeof(question), "%u.%u.%u.%u.%s.", src[3], src[2], src[1], src[0], suffix);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	516 // ask the question, if we get an A record it implies a blacklisted ip address
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	517 return (protected_dns_interface(question, false, NULL)) ? reject : oksofar;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	518 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	519
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	520
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	521 ////////////////////////////////////////////////
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	522 // check a single dnsbl
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	523 //
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	524 static status check_single(int ip, DNSBL &bl);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	525 static status check_single(int ip, DNSBL &bl) {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	526 return check_single(ip, bl.suffix);
0 96a9758165cd Initial revision carl parents: diff changeset	527 }
96a9758165cd Initial revision carl parents: diff changeset	528
96a9758165cd Initial revision carl parents: diff changeset	529
96a9758165cd Initial revision carl parents: diff changeset	530 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	531 // check the dnsbls specified for this recipient
96a9758165cd Initial revision carl parents: diff changeset	532 //
96a9758165cd Initial revision carl parents: diff changeset	533 static status check_dnsbl(mlfiPriv &priv, DNSBLLP dnsbllp, DNSBLP &rejectlist);
96a9758165cd Initial revision carl parents: diff changeset	534 static status check_dnsbl(mlfiPriv &priv, DNSBLLP dnsbllp, DNSBLP &rejectlist) {
96a9758165cd Initial revision carl parents: diff changeset	535 if (priv.authenticated) return oksofar;
96a9758165cd Initial revision carl parents: diff changeset	536 if (!dnsbllp) return oksofar;
96a9758165cd Initial revision carl parents: diff changeset	537 DNSBLL &dnsbll = *dnsbllp;
96a9758165cd Initial revision carl parents: diff changeset	538 for (DNSBLL::iterator i=dnsbll.begin(); i!=dnsbll.end(); i++) {
96a9758165cd Initial revision carl parents: diff changeset	539 DNSBLP dp = *i; // non null by construction
96a9758165cd Initial revision carl parents: diff changeset	540 status st;
96a9758165cd Initial revision carl parents: diff changeset	541 map<DNSBLP, status>::iterator f = priv.checked.find(dp);
96a9758165cd Initial revision carl parents: diff changeset	542 if (f == priv.checked.end()) {
96a9758165cd Initial revision carl parents: diff changeset	543 // have not checked this list yet
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	544 st = check_single(priv.ip, *dp);
0 96a9758165cd Initial revision carl parents: diff changeset	545 rejectlist = dp;
96a9758165cd Initial revision carl parents: diff changeset	546 priv.checked[dp] = st;
96a9758165cd Initial revision carl parents: diff changeset	547 }
96a9758165cd Initial revision carl parents: diff changeset	548 else {
96a9758165cd Initial revision carl parents: diff changeset	549 st = (*f).second;
96a9758165cd Initial revision carl parents: diff changeset	550 rejectlist = (*f).first;
96a9758165cd Initial revision carl parents: diff changeset	551 }
96a9758165cd Initial revision carl parents: diff changeset	552 if (st == reject) return st;
96a9758165cd Initial revision carl parents: diff changeset	553 }
96a9758165cd Initial revision carl parents: diff changeset	554 return oksofar;
96a9758165cd Initial revision carl parents: diff changeset	555 }
96a9758165cd Initial revision carl parents: diff changeset	556
96a9758165cd Initial revision carl parents: diff changeset	557
96a9758165cd Initial revision carl parents: diff changeset	558 ////////////////////////////////////////////////
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	559 // check the dnsbls specified for this recipient
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	560 //
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	561 static status check_hosts(mlfiPriv &priv, char *&host, int &ip);
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	562 static status check_hosts(mlfiPriv &priv, char *&host, int &ip) {
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	563 CONFIG &dc = *priv.pc;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	564 if (!dc.content_suffix) return oksofar;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	565 int count = 0;
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	566 ns_map nameservers;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	567 int lim = priv.pc->host_limit;
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	568 for (string_set::iterator i=priv.memory->hosts.begin(); i!=priv.memory->hosts.end(); i++) {
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	569 count++;
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	570 if ((count > lim) && (lim > 0)) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	571 discard(nameservers);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	572 return reject_host;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	573 }
35 d718dca81bc9 fix dangling reference carl parents: 34 diff changeset	574 host = *i; // a reference into priv.memory->hosts, which will live until this smtp transaction is closed
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	575 ip = protected_dns_interface(host, true, &nameservers);
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	576 if (debug_syslog) {
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	577 char buf[200];
29 4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	578 if (ip) {
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	579 char adr[sizeof "255.255.255.255"];
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	580 adr[0] = '\0';
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	581 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	582 snprintf(buf, sizeof(buf), "host %s found at %s", host, adr);
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	583 }
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	584 else {
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	585 snprintf(buf, sizeof(buf), "host %s not found", host);
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	586 }
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	587 my_syslog(buf);
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	588 }
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	589 if (ip) {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	590 status st = check_single(ip, dc.content_suffix);
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	591 if (st == reject) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	592 discard(nameservers);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	593 return st;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	594 }
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	595 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	596 }
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	597 lim *= 4; // allow average of 3 ns per host name
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	598 for (ns_map::iterator i=nameservers.begin(); i!=nameservers.end(); i++) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	599 count++;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	600 if ((count > lim) && (lim > 0)) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	601 discard(nameservers);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	602 return reject_host;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	603 }
36 95607fbef608 no message carl parents: 35 diff changeset	604 host = (*i).first; // a transient reference that needs to be replaced before we return it
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	605 ip = (*i).second;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	606 if (!ip) ip = protected_dns_interface(host, false, NULL);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	607 if (debug_syslog) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	608 char buf[200];
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	609 if (ip) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	610 char adr[sizeof "255.255.255.255"];
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	611 adr[0] = '\0';
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	612 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	613 snprintf(buf, sizeof(buf), "ns %s found at %s", host, adr);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	614 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	615 else {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	616 snprintf(buf, sizeof(buf), "ns %s not found", host);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	617 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	618 my_syslog(buf);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	619 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	620 if (ip) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	621 status st = check_single(ip, dc.content_suffix);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	622 if (st == reject) {
36 95607fbef608 no message carl parents: 35 diff changeset	623 host = register_string(priv.memory->hosts, host); // put a copy into priv.memory->hosts, and return that reference
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	624 discard(nameservers);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	625 return st;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	626 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	627 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	628 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	629 discard(nameservers);
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	630 host = NULL;
26 fdae7ab30cfc allow normal and terminator versions of tags carl parents: 24 diff changeset	631 int bin = priv.memory->binary_tags;
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	632 int bad = priv.memory->bad_html_tags;
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	633 lim = priv.pc->tag_limit;
26 fdae7ab30cfc allow normal and terminator versions of tags carl parents: 24 diff changeset	634 if (bin > bad) return oksofar; // probably .zip or .tar.gz with random content
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	635 if ((bad > lim) && (lim > 0)) return reject_tag;
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	636 return oksofar;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	637 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	638
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	639
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	640 ////////////////////////////////////////////////
0 96a9758165cd Initial revision carl parents: diff changeset	641 // start of sendmail milter interfaces
96a9758165cd Initial revision carl parents: diff changeset	642 //
96a9758165cd Initial revision carl parents: diff changeset	643 sfsistat mlfi_connect(SMFICTX ctx, char hostname, _SOCK_ADDR *hostaddr)
96a9758165cd Initial revision carl parents: diff changeset	644 {
96a9758165cd Initial revision carl parents: diff changeset	645 // allocate some private memory
96a9758165cd Initial revision carl parents: diff changeset	646 mlfiPriv *priv = new mlfiPriv;
96a9758165cd Initial revision carl parents: diff changeset	647 if (hostaddr->sa_family == AF_INET) {
96a9758165cd Initial revision carl parents: diff changeset	648 priv->ip = ((struct sockaddr_in *)hostaddr)->sin_addr.s_addr;
96a9758165cd Initial revision carl parents: diff changeset	649 }
96a9758165cd Initial revision carl parents: diff changeset	650
96a9758165cd Initial revision carl parents: diff changeset	651 // save the private data
96a9758165cd Initial revision carl parents: diff changeset	652 smfi_setpriv(ctx, (void*)priv);
96a9758165cd Initial revision carl parents: diff changeset	653
96a9758165cd Initial revision carl parents: diff changeset	654 // continue processing
96a9758165cd Initial revision carl parents: diff changeset	655 return SMFIS_CONTINUE;
96a9758165cd Initial revision carl parents: diff changeset	656 }
96a9758165cd Initial revision carl parents: diff changeset	657
96a9758165cd Initial revision carl parents: diff changeset	658 sfsistat mlfi_envfrom(SMFICTX ctx, char *from)
96a9758165cd Initial revision carl parents: diff changeset	659 {
96a9758165cd Initial revision carl parents: diff changeset	660 mlfiPriv &priv = *MLFIPRIV;
96a9758165cd Initial revision carl parents: diff changeset	661 priv.mailaddr = strdup(from[0]);
96a9758165cd Initial revision carl parents: diff changeset	662 priv.authenticated = (smfi_getsymval(ctx, "{auth_authen}") != NULL);
96a9758165cd Initial revision carl parents: diff changeset	663 return SMFIS_CONTINUE;
96a9758165cd Initial revision carl parents: diff changeset	664 }
96a9758165cd Initial revision carl parents: diff changeset	665
96a9758165cd Initial revision carl parents: diff changeset	666 sfsistat mlfi_envrcpt(SMFICTX ctx, char *rcpt)
96a9758165cd Initial revision carl parents: diff changeset	667 {
96a9758165cd Initial revision carl parents: diff changeset	668 DNSBLP rejectlist = NULL; // list that caused the reject
96a9758165cd Initial revision carl parents: diff changeset	669 status st = oksofar;
96a9758165cd Initial revision carl parents: diff changeset	670 mlfiPriv &priv = *MLFIPRIV;
96a9758165cd Initial revision carl parents: diff changeset	671 CONFIG &dc = *priv.pc;
96a9758165cd Initial revision carl parents: diff changeset	672 char *rcptaddr = rcpt[0];
96a9758165cd Initial revision carl parents: diff changeset	673 char *dnsname = lookup(rcptaddr, dc.env_to_dnsbll);
96a9758165cd Initial revision carl parents: diff changeset	674 char *fromname = lookup(rcptaddr, dc.env_to_chkfrom);
96a9758165cd Initial revision carl parents: diff changeset	675 if ((strcmp(dnsname, BLACK) == 0) \|\|
96a9758165cd Initial revision carl parents: diff changeset	676 (strcmp(fromname, BLACK) == 0)) {
96a9758165cd Initial revision carl parents: diff changeset	677 st = black; // two options to blacklist this recipient
96a9758165cd Initial revision carl parents: diff changeset	678 }
96a9758165cd Initial revision carl parents: diff changeset	679 else if (strcmp(fromname, WHITE) == 0) {
96a9758165cd Initial revision carl parents: diff changeset	680 st = white;
96a9758165cd Initial revision carl parents: diff changeset	681 }
96a9758165cd Initial revision carl parents: diff changeset	682 else {
96a9758165cd Initial revision carl parents: diff changeset	683 // check an env_from map
96a9758165cd Initial revision carl parents: diff changeset	684 string_map *sm = find_from_map(dc, fromname);
96a9758165cd Initial revision carl parents: diff changeset	685 if (sm != NULL) {
96a9758165cd Initial revision carl parents: diff changeset	686 fromname = lookup(priv.mailaddr, *sm); // returns default if name not in map
96a9758165cd Initial revision carl parents: diff changeset	687 if (strcmp(fromname, BLACK) == 0) {
96a9758165cd Initial revision carl parents: diff changeset	688 st = black; // blacklist this envelope from value
96a9758165cd Initial revision carl parents: diff changeset	689 }
96a9758165cd Initial revision carl parents: diff changeset	690 if (strcmp(fromname, WHITE) == 0) {
96a9758165cd Initial revision carl parents: diff changeset	691 st = white; // blacklist this envelope from value
96a9758165cd Initial revision carl parents: diff changeset	692 }
96a9758165cd Initial revision carl parents: diff changeset	693 }
96a9758165cd Initial revision carl parents: diff changeset	694 }
96a9758165cd Initial revision carl parents: diff changeset	695 if ((st == oksofar) && (strcmp(dnsname, WHITE) != 0)) {
96a9758165cd Initial revision carl parents: diff changeset	696 // check dns lists
96a9758165cd Initial revision carl parents: diff changeset	697 st = check_dnsbl(priv, find_dnsbll(dc, dnsname), rejectlist);
96a9758165cd Initial revision carl parents: diff changeset	698 }
96a9758165cd Initial revision carl parents: diff changeset	699
96a9758165cd Initial revision carl parents: diff changeset	700 if (st == reject) {
96a9758165cd Initial revision carl parents: diff changeset	701 // reject the recipient based on some dnsbl
96a9758165cd Initial revision carl parents: diff changeset	702 char adr[sizeof "255.255.255.255"];
96a9758165cd Initial revision carl parents: diff changeset	703 adr[0] = '\0';
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	704 inet_ntop(AF_INET, (const u_char *)&priv.ip, adr, sizeof(adr));
0 96a9758165cd Initial revision carl parents: diff changeset	705 char buf[2000];
96a9758165cd Initial revision carl parents: diff changeset	706 snprintf(buf, sizeof(buf), rejectlist->message, adr, adr);
96a9758165cd Initial revision carl parents: diff changeset	707 smfi_setreply(ctx, "550", "5.7.1", buf);
96a9758165cd Initial revision carl parents: diff changeset	708 return SMFIS_REJECT;
96a9758165cd Initial revision carl parents: diff changeset	709 }
96a9758165cd Initial revision carl parents: diff changeset	710 else if (st == black) {
96a9758165cd Initial revision carl parents: diff changeset	711 // reject the recipient based on blacklisting either from or to
96a9758165cd Initial revision carl parents: diff changeset	712 smfi_setreply(ctx, "550", "5.7.1", "no such user");
96a9758165cd Initial revision carl parents: diff changeset	713 return SMFIS_REJECT;
96a9758165cd Initial revision carl parents: diff changeset	714 }
96a9758165cd Initial revision carl parents: diff changeset	715 else {
96a9758165cd Initial revision carl parents: diff changeset	716 // accept the recipient
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	717 if (st == oksofar) {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	718 // but remember the non-whites
12 6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	719 register_string(priv.non_whites, rcptaddr);
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	720 priv.only_whites = false;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	721 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	722 if (st == white) {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	723 priv.have_whites = true;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	724 }
0 96a9758165cd Initial revision carl parents: diff changeset	725 return SMFIS_CONTINUE;
96a9758165cd Initial revision carl parents: diff changeset	726 }
96a9758165cd Initial revision carl parents: diff changeset	727 }
96a9758165cd Initial revision carl parents: diff changeset	728
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	729 sfsistat mlfi_body(SMFICTX ctx, u_char data, size_t len)
0 96a9758165cd Initial revision carl parents: diff changeset	730 {
96a9758165cd Initial revision carl parents: diff changeset	731 mlfiPriv &priv = *MLFIPRIV;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	732 if (priv.authenticated) return SMFIS_CONTINUE;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	733 if (priv.only_whites) return SMFIS_CONTINUE;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	734 priv.scanner->scan(data, len);
11 2c206836b4cc integration work on url scanner carl parents: 9 diff changeset	735 return SMFIS_CONTINUE;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	736 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	737
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	738 sfsistat mlfi_eom(SMFICTX *ctx)
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	739 {
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	740 sfsistat rc;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	741 mlfiPriv &priv = *MLFIPRIV;
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	742 char *host = NULL;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	743 int ip;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	744 status st;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	745 // process end of message
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	746 if (priv.authenticated \|\|
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	747 priv.only_whites \|\|
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	748 ((st=check_hosts(priv, host, ip)) == oksofar)) rc = SMFIS_CONTINUE;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	749 else {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	750 if (!priv.have_whites) {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	751 // can reject the entire message
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	752 char buf[2000];
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	753 if (st == reject_tag) {
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	754 // rejected due to excessive bad html tags
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	755 snprintf(buf, sizeof(buf), priv.pc->tag_limit_message);
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	756 }
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	757 else if (st == reject_host) {
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	758 // rejected due to excessive unique host/urls
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	759 snprintf(buf, sizeof(buf), priv.pc->host_limit_message);
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	760 }
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	761 else {
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	762 char adr[sizeof "255.255.255.255"];
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	763 adr[0] = '\0';
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	764 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	765 snprintf(buf, sizeof(buf), priv.pc->content_message, host, adr);
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	766 }
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	767 smfi_setreply(ctx, "550", "5.7.1", buf);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	768 rc = SMFIS_REJECT;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	769 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	770 else {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	771 // need to accept it but remove the recipients that don't want it
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	772 for (string_set::iterator i=priv.non_whites.begin(); i!=priv.non_whites.end(); i++) {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	773 char rcpt = i;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	774 smfi_delrcpt(ctx, rcpt);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	775 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	776 rc = SMFIS_CONTINUE;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	777 }
0 96a9758165cd Initial revision carl parents: diff changeset	778 }
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	779 // reset for a new message on the same connection
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	780 mlfi_abort(ctx);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	781 return rc;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	782 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	783
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	784 sfsistat mlfi_abort(SMFICTX *ctx)
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	785 {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	786 mlfiPriv &priv = *MLFIPRIV;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	787 priv.reset();
0 96a9758165cd Initial revision carl parents: diff changeset	788 return SMFIS_CONTINUE;
96a9758165cd Initial revision carl parents: diff changeset	789 }
96a9758165cd Initial revision carl parents: diff changeset	790
96a9758165cd Initial revision carl parents: diff changeset	791 sfsistat mlfi_close(SMFICTX *ctx)
96a9758165cd Initial revision carl parents: diff changeset	792 {
96a9758165cd Initial revision carl parents: diff changeset	793 mlfiPriv *priv = MLFIPRIV;
96a9758165cd Initial revision carl parents: diff changeset	794 if (!priv) return SMFIS_CONTINUE;
96a9758165cd Initial revision carl parents: diff changeset	795 delete priv;
96a9758165cd Initial revision carl parents: diff changeset	796 smfi_setpriv(ctx, NULL);
96a9758165cd Initial revision carl parents: diff changeset	797 return SMFIS_CONTINUE;
96a9758165cd Initial revision carl parents: diff changeset	798 }
96a9758165cd Initial revision carl parents: diff changeset	799
96a9758165cd Initial revision carl parents: diff changeset	800 struct smfiDesc smfilter =
96a9758165cd Initial revision carl parents: diff changeset	801 {
96a9758165cd Initial revision carl parents: diff changeset	802 "DNSBL", // filter name
96a9758165cd Initial revision carl parents: diff changeset	803 SMFI_VERSION, // version code -- do not change
96a9758165cd Initial revision carl parents: diff changeset	804 SMFIF_DELRCPT, // flags
96a9758165cd Initial revision carl parents: diff changeset	805 mlfi_connect, // connection info filter
96a9758165cd Initial revision carl parents: diff changeset	806 NULL, // SMTP HELO command filter
96a9758165cd Initial revision carl parents: diff changeset	807 mlfi_envfrom, // envelope sender filter
96a9758165cd Initial revision carl parents: diff changeset	808 mlfi_envrcpt, // envelope recipient filter
96a9758165cd Initial revision carl parents: diff changeset	809 NULL, // header filter
96a9758165cd Initial revision carl parents: diff changeset	810 NULL, // end of header
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	811 mlfi_body, // body block filter
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	812 mlfi_eom, // end of message
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	813 mlfi_abort, // message aborted
0 96a9758165cd Initial revision carl parents: diff changeset	814 mlfi_close, // connection cleanup
96a9758165cd Initial revision carl parents: diff changeset	815 };
96a9758165cd Initial revision carl parents: diff changeset	816
96a9758165cd Initial revision carl parents: diff changeset	817
96a9758165cd Initial revision carl parents: diff changeset	818 static void dumpit(char *name, string_map map);
96a9758165cd Initial revision carl parents: diff changeset	819 static void dumpit(char *name, string_map map) {
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	820 fprintf(stdout, "\n");
0 96a9758165cd Initial revision carl parents: diff changeset	821 for (string_map::iterator i=map.begin(); i!=map.end(); i++) {
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	822 fprintf(stdout, "%s %s->%s\n", name, (i).first, (i).second);
0 96a9758165cd Initial revision carl parents: diff changeset	823 }
96a9758165cd Initial revision carl parents: diff changeset	824 }
96a9758165cd Initial revision carl parents: diff changeset	825
96a9758165cd Initial revision carl parents: diff changeset	826
96a9758165cd Initial revision carl parents: diff changeset	827 static void dumpit(from_map map);
96a9758165cd Initial revision carl parents: diff changeset	828 static void dumpit(from_map map) {
96a9758165cd Initial revision carl parents: diff changeset	829 for (from_map::iterator i=map.begin(); i!=map.end(); i++) {
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	830 char buf[2000];
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	831 snprintf(buf, sizeof(buf), "envelope from map for %s", (*i).first);
0 96a9758165cd Initial revision carl parents: diff changeset	832 string_map sm = (i).second;
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	833 dumpit(buf, *sm);
0 96a9758165cd Initial revision carl parents: diff changeset	834 }
96a9758165cd Initial revision carl parents: diff changeset	835 }
96a9758165cd Initial revision carl parents: diff changeset	836
96a9758165cd Initial revision carl parents: diff changeset	837
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	838 static void dumpit(CONFIG &dc);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	839 static void dumpit(CONFIG &dc) {
5 793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	840 dumpit(dc.env_from);
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	841 dumpit("envelope to (dnsbl list)", dc.env_to_dnsbll);
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	842 dumpit("envelope to (from map)", dc.env_to_chkfrom);
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	843 fprintf(stdout, "\ndnsbls\n");
0 96a9758165cd Initial revision carl parents: diff changeset	844 for (dnsblp_map::iterator i=dc.dnsbls.begin(); i!=dc.dnsbls.end(); i++) {
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	845 fprintf(stdout, "%s %s %s\n", (i).first, (i).second->suffix, (*i).second->message);
0 96a9758165cd Initial revision carl parents: diff changeset	846 }
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	847 fprintf(stdout, "\ndnsbl_lists\n");
0 96a9758165cd Initial revision carl parents: diff changeset	848 for (dnsbllp_map::iterator i=dc.dnsblls.begin(); i!=dc.dnsblls.end(); i++) {
96a9758165cd Initial revision carl parents: diff changeset	849 char name = (i).first;
96a9758165cd Initial revision carl parents: diff changeset	850 DNSBLL &dl = ((i).second);
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	851 fprintf(stdout, "%s", name);
0 96a9758165cd Initial revision carl parents: diff changeset	852 for (DNSBLL::iterator j=dl.begin(); j!=dl.end(); j++) {
96a9758165cd Initial revision carl parents: diff changeset	853 DNSBL &d = **j;
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	854 fprintf(stdout, " %s", d.suffix);
0 96a9758165cd Initial revision carl parents: diff changeset	855 }
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	856 fprintf(stdout, "\n");
0 96a9758165cd Initial revision carl parents: diff changeset	857 }
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	858 if (dc.content_suffix) {
8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	859 fprintf(stdout, "\ncontent filtering enabled with %s %s\n", dc.content_suffix, dc.content_message);
8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	860 }
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	861 if (dc.host_limit) {
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	862 fprintf(stdout, "\ncontent filtering for host names enabled with limit %d %s\n", dc.host_limit, dc.host_limit_message);
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	863 }
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	864 if (dc.tag_limit) {
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	865 fprintf(stdout, "\ncontent filtering for excessive html tags enabled with limit %d %s\n", dc.tag_limit, dc.tag_limit_message);
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	866 }
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	867 fprintf(stdout, "\nfiles\n");
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	868 for (string_list::iterator i=dc.config_files.begin(); i!=dc.config_files.end(); i++) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	869 char f = i;
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	870 fprintf(stdout, "config includes %s\n", f);
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	871 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	872 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	873
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	874
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	875 ////////////////////////////////////////////////
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	876 // check for redundant or recursive include files
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	877 //
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	878 static bool ok_to_include(CONFIG &dc, char *fn);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	879 static bool ok_to_include(CONFIG &dc, char *fn) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	880 if (!fn) return false;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	881 bool ok = true;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	882 for (string_list::iterator i=dc.config_files.begin(); i!=dc.config_files.end(); i++) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	883 char f = i;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	884 if (strcmp(f, fn) == 0) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	885 my_syslog("redundant or recursive include file detected");
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	886 ok = false;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	887 break;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	888 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	889 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	890 return ok;
0 96a9758165cd Initial revision carl parents: diff changeset	891 }
96a9758165cd Initial revision carl parents: diff changeset	892
96a9758165cd Initial revision carl parents: diff changeset	893
96a9758165cd Initial revision carl parents: diff changeset	894 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	895 // load a single config file
96a9758165cd Initial revision carl parents: diff changeset	896 //
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	897 static void load_conf_dcc(CONFIG &dc, char name, char fn);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	898 static void load_conf_dcc(CONFIG &dc, char name, char fn) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	899 dc.config_files.push_back(fn);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	900 char *list = BLACK;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	901 const int LINE_SIZE = 2000;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	902 ifstream is(fn);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	903 if (is.fail()) return;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	904 char line[LINE_SIZE];
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	905 char *delim = " \t";
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	906 int curline = 0;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	907 while (!is.eof()) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	908 is.getline(line, LINE_SIZE);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	909 curline++;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	910 int n = strlen(line);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	911 if (!n) continue;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	912 for (int i=0; i<n; i++) line[i] = tolower(line[i]);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	913 if (line[0] == '#') continue;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	914 char *head = line;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	915 if (strspn(line, delim) == 0) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	916 // have a leading ok/many tag to fetch
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	917 char *cmd = strtok(line, delim);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	918 if (strcmp(cmd, MANY) == 0) list = BLACK;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	919 else if (strcmp(cmd, OK) == 0) list = WHITE;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	920 head = cmd + strlen(cmd) + 1;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	921 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	922 char *cmd = strtok(head, delim);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	923 if (!cmd) continue;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	924 if (strcmp(cmd, "env_from") == 0) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	925 char *from = next_token(delim);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	926 if (from) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	927 string_map &fm = really_find_from_map(dc, name);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	928 fm[from] = list;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	929 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	930 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	931 else if (strcmp(cmd, "env_to") == 0) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	932 char *to = next_token(delim);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	933 if (to) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	934 dc.env_to_dnsbll[to] = list;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	935 dc.env_to_chkfrom[to] = list;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	936 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	937 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	938 else if (strcmp(cmd, "substitute") == 0) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	939 char *tag = next_token(delim);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	940 if (tag && (strcmp(tag, "mail_host") == 0)) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	941 char *from = next_token(delim);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	942 if (from) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	943 string_map &fm = really_find_from_map(dc, name);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	944 fm[from] = list;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	945 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	946 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	947 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	948 else if (strcmp(cmd, "include") == 0) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	949 char *fn = next_token(delim);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	950 if (ok_to_include(dc, fn)) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	951 load_conf_dcc(dc, name, fn);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	952 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	953 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	954
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	955 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	956 is.close();
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	957 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	958
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	959
0 96a9758165cd Initial revision carl parents: diff changeset	960 static void load_conf(CONFIG &dc, char *fn);
96a9758165cd Initial revision carl parents: diff changeset	961 static void load_conf(CONFIG &dc, char *fn) {
96a9758165cd Initial revision carl parents: diff changeset	962 dc.config_files.push_back(fn);
96a9758165cd Initial revision carl parents: diff changeset	963 map<char*, int, ltstr> commands;
28 33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	964 enum {dummy, tld, content, hostlimit, htmllimit, htmltag, dnsbl, dnsbll, envfrom, envto, include, includedcc};
33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	965 commands["tld" ] = tld;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	966 commands["content" ] = content;
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	967 commands["host_limit" ] = hostlimit;
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	968 commands["html_limit" ] = htmllimit;
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	969 commands["html_tag" ] = htmltag;
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	970 commands["dnsbl" ] = dnsbl;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	971 commands["dnsbl_list" ] = dnsbll;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	972 commands["env_from" ] = envfrom;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	973 commands["env_to" ] = envto;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	974 commands["include" ] = include;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	975 commands["include_dcc"] = includedcc;
0 96a9758165cd Initial revision carl parents: diff changeset	976 const int LINE_SIZE = 2000;
96a9758165cd Initial revision carl parents: diff changeset	977 ifstream is(fn);
96a9758165cd Initial revision carl parents: diff changeset	978 if (is.fail()) return;
96a9758165cd Initial revision carl parents: diff changeset	979 char line[LINE_SIZE];
96a9758165cd Initial revision carl parents: diff changeset	980 char orig[LINE_SIZE];
96a9758165cd Initial revision carl parents: diff changeset	981 char *delim = " \t";
96a9758165cd Initial revision carl parents: diff changeset	982 int curline = 0;
96a9758165cd Initial revision carl parents: diff changeset	983 while (!is.eof()) {
96a9758165cd Initial revision carl parents: diff changeset	984 is.getline(line, LINE_SIZE);
96a9758165cd Initial revision carl parents: diff changeset	985 snprintf(orig, sizeof(orig), "%s", line);
96a9758165cd Initial revision carl parents: diff changeset	986 curline++;
96a9758165cd Initial revision carl parents: diff changeset	987 int n = strlen(line);
96a9758165cd Initial revision carl parents: diff changeset	988 for (int i=0; i<n; i++) line[i] = tolower(line[i]);
96a9758165cd Initial revision carl parents: diff changeset	989 char *cmd = strtok(line, delim);
96a9758165cd Initial revision carl parents: diff changeset	990 if (cmd && (cmd[0] != '#') && (cmd[0] != '\0')) {
96a9758165cd Initial revision carl parents: diff changeset	991 // have a decent command
96a9758165cd Initial revision carl parents: diff changeset	992 bool processed = false;
96a9758165cd Initial revision carl parents: diff changeset	993 switch (commands[cmd]) {
28 33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	994 case tld: {
29 4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	995 char *tld = next_token(delim);
28 33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	996 if (!tld) break; // no tld value
29 4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	997 dc.tlds.insert(tld);
28 33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	998 processed = true;
33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	999 } break;
33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	1000
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1001 case content: {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1002 char *suff = strtok(NULL, delim);
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1003 if (!suff) break; // no dns suffix
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1004 char *msg = suff + strlen(suff);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1005 if ((msg - line) >= strlen(orig)) break; // line ended with the dns suffix
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1006 msg = strchr(msg+1, '\'');
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1007 if (!msg) break; // no reply message template
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1008 msg++; // move over the leading '
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1009 if ((msg - line) >= strlen(orig)) break; // line ended with the leading quote
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1010 char *last = strchr(msg, '\'');
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1011 if (!last) break; // no trailing quote
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1012 *last = '\0'; // make it a null terminator
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1013 dc.content_suffix = register_string(suff);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1014 dc.content_message = register_string(msg);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1015 processed = true;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1016 } break;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1017
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1018 case hostlimit: {
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1019 char *limit = strtok(NULL, delim);
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1020 if (!limit) break; // no integer limit
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1021 char *msg = limit + strlen(limit);
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1022 if ((msg - line) >= strlen(orig)) break; // line ended with the limit
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1023 msg = strchr(msg+1, '\'');
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1024 if (!msg) break; // no reply message template
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1025 msg++; // move over the leading '
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1026 if ((msg - line) >= strlen(orig)) break; // line ended with the leading quote
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1027 char *last = strchr(msg, '\'');
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1028 if (!last) break; // no trailing quote
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1029 *last = '\0'; // make it a null terminator
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1030 dc.host_limit = atoi(limit);
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1031 dc.host_limit_message = register_string(msg);
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1032 processed = true;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1033 } break;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1034
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1035 case htmllimit: {
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1036 char *limit = strtok(NULL, delim);
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1037 if (!limit) break; // no integer limit
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1038 char *msg = limit + strlen(limit);
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1039 if ((msg - line) >= strlen(orig)) break; // line ended with the limit
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1040 msg = strchr(msg+1, '\'');
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1041 if (!msg) break; // no reply message template
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1042 msg++; // move over the leading '
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1043 if ((msg - line) >= strlen(orig)) break; // line ended with the leading quote
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1044 char *last = strchr(msg, '\'');
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1045 if (!last) break; // no trailing quote
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1046 *last = '\0'; // make it a null terminator
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1047 dc.tag_limit = atoi(limit);
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1048 dc.tag_limit_message = register_string(msg);
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1049 processed = true;
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1050 } break;
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1051
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1052 case htmltag: {
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1053 char *tag = next_token(delim);
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1054 if (!tag) break; // no html tag value
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1055 dc.html_tags.insert(tag); // base version
26 fdae7ab30cfc allow normal and terminator versions of tags carl parents: 24 diff changeset	1056 char buf[200];
fdae7ab30cfc allow normal and terminator versions of tags carl parents: 24 diff changeset	1057 snprintf(buf, sizeof(buf), "/%s", tag);
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1058 dc.html_tags.insert(register_string(buf)); // leading /
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1059 snprintf(buf, sizeof(buf), "%s/", tag);
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1060 dc.html_tags.insert(register_string(buf)); // trailing /
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1061 processed = true;
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1062 } break;
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1063
0 96a9758165cd Initial revision carl parents: diff changeset	1064 case dnsbl: {
96a9758165cd Initial revision carl parents: diff changeset	1065 // have a new dnsbl to use
96a9758165cd Initial revision carl parents: diff changeset	1066 char *name = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1067 if (!name) break; // no name name
96a9758165cd Initial revision carl parents: diff changeset	1068 if (find_dnsbl(dc, name)) break; // duplicate entry
96a9758165cd Initial revision carl parents: diff changeset	1069 char *suff = strtok(NULL, delim);
96a9758165cd Initial revision carl parents: diff changeset	1070 if (!suff) break; // no dns suffic
96a9758165cd Initial revision carl parents: diff changeset	1071 char *msg = suff + strlen(suff);
96a9758165cd Initial revision carl parents: diff changeset	1072 if ((msg - line) >= strlen(orig)) break; // line ended with the dns suffix
96a9758165cd Initial revision carl parents: diff changeset	1073 msg = strchr(msg+1, '\'');
96a9758165cd Initial revision carl parents: diff changeset	1074 if (!msg) break; // no reply message template
96a9758165cd Initial revision carl parents: diff changeset	1075 msg++; // move over the leading '
96a9758165cd Initial revision carl parents: diff changeset	1076 if ((msg - line) >= strlen(orig)) break; // line ended with the leading quote
96a9758165cd Initial revision carl parents: diff changeset	1077 char *last = strchr(msg, '\'');
96a9758165cd Initial revision carl parents: diff changeset	1078 if (!last) break; // no trailing quote
96a9758165cd Initial revision carl parents: diff changeset	1079 *last = '\0'; // make it a null terminator
96a9758165cd Initial revision carl parents: diff changeset	1080 dc.dnsbls[name] = new DNSBL(register_string(suff), register_string(msg));
96a9758165cd Initial revision carl parents: diff changeset	1081 processed = true;
96a9758165cd Initial revision carl parents: diff changeset	1082 } break;
96a9758165cd Initial revision carl parents: diff changeset	1083
96a9758165cd Initial revision carl parents: diff changeset	1084 case dnsbll: {
96a9758165cd Initial revision carl parents: diff changeset	1085 // define a new combination of dnsbls
96a9758165cd Initial revision carl parents: diff changeset	1086 char *name = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1087 if (!name) break;
96a9758165cd Initial revision carl parents: diff changeset	1088 if (find_dnsbll(dc, name)) break; // duplicate entry
96a9758165cd Initial revision carl parents: diff changeset	1089 char *list = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1090 if (!list \|\| (list == '\0') \|\| (list == '#')) break;
96a9758165cd Initial revision carl parents: diff changeset	1091 DNSBLLP d = new DNSBLL;
96a9758165cd Initial revision carl parents: diff changeset	1092 DNSBLP p = find_dnsbl(dc, list);
96a9758165cd Initial revision carl parents: diff changeset	1093 if (p) d->push_back(p);
96a9758165cd Initial revision carl parents: diff changeset	1094 while (true) {
96a9758165cd Initial revision carl parents: diff changeset	1095 list = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1096 if (!list \|\| (list == '\0') \|\| (list == '#')) break;
96a9758165cd Initial revision carl parents: diff changeset	1097 DNSBLP p = find_dnsbl(dc, list);
96a9758165cd Initial revision carl parents: diff changeset	1098 if (p) d->push_back(p);
96a9758165cd Initial revision carl parents: diff changeset	1099 }
96a9758165cd Initial revision carl parents: diff changeset	1100 dc.dnsblls[name] = d;
96a9758165cd Initial revision carl parents: diff changeset	1101 processed = true;
96a9758165cd Initial revision carl parents: diff changeset	1102 } break;
96a9758165cd Initial revision carl parents: diff changeset	1103
96a9758165cd Initial revision carl parents: diff changeset	1104 case envfrom: {
96a9758165cd Initial revision carl parents: diff changeset	1105 // add an entry into the named string_map
96a9758165cd Initial revision carl parents: diff changeset	1106 char *name = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1107 if (!name) break;
96a9758165cd Initial revision carl parents: diff changeset	1108 char *from = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1109 if (!from) break;
96a9758165cd Initial revision carl parents: diff changeset	1110 char *list = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1111 if (!list) break;
96a9758165cd Initial revision carl parents: diff changeset	1112 if ((strcmp(list, WHITE) == 0) \|\|
96a9758165cd Initial revision carl parents: diff changeset	1113 (strcmp(list, BLACK) == 0)) {
96a9758165cd Initial revision carl parents: diff changeset	1114 string_map &fm = really_find_from_map(dc, name);
96a9758165cd Initial revision carl parents: diff changeset	1115 fm[from] = list;
96a9758165cd Initial revision carl parents: diff changeset	1116 processed = true;
96a9758165cd Initial revision carl parents: diff changeset	1117 }
96a9758165cd Initial revision carl parents: diff changeset	1118 else {
96a9758165cd Initial revision carl parents: diff changeset	1119 // list may be the name of a previously defined from_map
96a9758165cd Initial revision carl parents: diff changeset	1120 string_map *m = find_from_map(dc, list);
96a9758165cd Initial revision carl parents: diff changeset	1121 if (m && (strcmp(list,name) != 0)) {
96a9758165cd Initial revision carl parents: diff changeset	1122 string_map &pm = *m;
96a9758165cd Initial revision carl parents: diff changeset	1123 string_map &fm = really_find_from_map(dc, name);
96a9758165cd Initial revision carl parents: diff changeset	1124 fm.insert(pm.begin(), pm.end());
96a9758165cd Initial revision carl parents: diff changeset	1125 processed = true;
96a9758165cd Initial revision carl parents: diff changeset	1126 }
96a9758165cd Initial revision carl parents: diff changeset	1127 }
96a9758165cd Initial revision carl parents: diff changeset	1128 } break;
96a9758165cd Initial revision carl parents: diff changeset	1129
96a9758165cd Initial revision carl parents: diff changeset	1130 case envto: {
96a9758165cd Initial revision carl parents: diff changeset	1131 // define the dnsbl_list and env_from maps to use for this recipient
96a9758165cd Initial revision carl parents: diff changeset	1132 char *to = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1133 if (!to) break;
96a9758165cd Initial revision carl parents: diff changeset	1134 char *list = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1135 if (!list) break;
96a9758165cd Initial revision carl parents: diff changeset	1136 char *from = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1137 if (!from) break;
96a9758165cd Initial revision carl parents: diff changeset	1138 dc.env_to_dnsbll[to] = list;
96a9758165cd Initial revision carl parents: diff changeset	1139 dc.env_to_chkfrom[to] = from;
96a9758165cd Initial revision carl parents: diff changeset	1140 processed = true;
96a9758165cd Initial revision carl parents: diff changeset	1141 } break;
96a9758165cd Initial revision carl parents: diff changeset	1142
96a9758165cd Initial revision carl parents: diff changeset	1143 case include: {
96a9758165cd Initial revision carl parents: diff changeset	1144 char *fn = next_token(delim);
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1145 if (ok_to_include(dc, fn)) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1146 load_conf(dc, fn);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1147 processed = true;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1148 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1149 } break;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1150
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1151 case includedcc: {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1152 char *name = next_token(delim);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1153 if (!name) break;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1154 char *fn = next_token(delim);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1155 if (ok_to_include(dc, fn)) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1156 load_conf_dcc(dc, name, fn);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1157 processed = true;
0 96a9758165cd Initial revision carl parents: diff changeset	1158 }
96a9758165cd Initial revision carl parents: diff changeset	1159 } break;
96a9758165cd Initial revision carl parents: diff changeset	1160
96a9758165cd Initial revision carl parents: diff changeset	1161 default: {
96a9758165cd Initial revision carl parents: diff changeset	1162 } break;
96a9758165cd Initial revision carl parents: diff changeset	1163 }
96a9758165cd Initial revision carl parents: diff changeset	1164 if (!processed) {
96a9758165cd Initial revision carl parents: diff changeset	1165 pthread_mutex_lock(&syslog_mutex);
96a9758165cd Initial revision carl parents: diff changeset	1166 openlog("dnsbl", LOG_PID, LOG_MAIL);
96a9758165cd Initial revision carl parents: diff changeset	1167 syslog(LOG_ERR, "ignoring file %s line %d : %s\n", fn, curline, orig);
96a9758165cd Initial revision carl parents: diff changeset	1168 closelog();
96a9758165cd Initial revision carl parents: diff changeset	1169 pthread_mutex_unlock(&syslog_mutex);
96a9758165cd Initial revision carl parents: diff changeset	1170 }
96a9758165cd Initial revision carl parents: diff changeset	1171 }
96a9758165cd Initial revision carl parents: diff changeset	1172 }
96a9758165cd Initial revision carl parents: diff changeset	1173 is.close();
96a9758165cd Initial revision carl parents: diff changeset	1174 }
96a9758165cd Initial revision carl parents: diff changeset	1175
96a9758165cd Initial revision carl parents: diff changeset	1176
96a9758165cd Initial revision carl parents: diff changeset	1177 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	1178 // reload the config
96a9758165cd Initial revision carl parents: diff changeset	1179 //
96a9758165cd Initial revision carl parents: diff changeset	1180 static CONFIG* new_conf();
96a9758165cd Initial revision carl parents: diff changeset	1181 static CONFIG* new_conf() {
96a9758165cd Initial revision carl parents: diff changeset	1182 CONFIG *newc = new CONFIG;
29 4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	1183 pthread_mutex_lock(&config_mutex);
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	1184 newc->generation = generation++;
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	1185 pthread_mutex_unlock(&config_mutex);
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	1186 char buf[200];
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	1187 snprintf(buf, sizeof(buf), "loading configuration generation %d", newc->generation);
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	1188 my_syslog(buf);
0 96a9758165cd Initial revision carl parents: diff changeset	1189 load_conf(*newc, "dnsbl.conf");
96a9758165cd Initial revision carl parents: diff changeset	1190 newc->load_time = time(NULL);
96a9758165cd Initial revision carl parents: diff changeset	1191 return newc;
96a9758165cd Initial revision carl parents: diff changeset	1192 }
96a9758165cd Initial revision carl parents: diff changeset	1193
96a9758165cd Initial revision carl parents: diff changeset	1194
96a9758165cd Initial revision carl parents: diff changeset	1195 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	1196 // thread to watch the old config files for changes
96a9758165cd Initial revision carl parents: diff changeset	1197 // and reload when needed. we also cleanup old
96a9758165cd Initial revision carl parents: diff changeset	1198 // configs whose reference count has gone to zero.
96a9758165cd Initial revision carl parents: diff changeset	1199 //
96a9758165cd Initial revision carl parents: diff changeset	1200 static void* config_loader(void *arg);
96a9758165cd Initial revision carl parents: diff changeset	1201 static void* config_loader(void *arg) {
96a9758165cd Initial revision carl parents: diff changeset	1202 typedef set<CONFIG *> configp_set;
96a9758165cd Initial revision carl parents: diff changeset	1203 configp_set old_configs;
18 041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1204 while (loader_run) {
0 96a9758165cd Initial revision carl parents: diff changeset	1205 sleep(180); // look for modifications every 3 minutes
18 041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1206 if (!loader_run) break;
0 96a9758165cd Initial revision carl parents: diff changeset	1207 CONFIG &dc = *config;
96a9758165cd Initial revision carl parents: diff changeset	1208 time_t then = dc.load_time;
96a9758165cd Initial revision carl parents: diff changeset	1209 struct stat st;
96a9758165cd Initial revision carl parents: diff changeset	1210 bool reload = false;
96a9758165cd Initial revision carl parents: diff changeset	1211 for (string_list::iterator i=dc.config_files.begin(); i!=dc.config_files.end(); i++) {
96a9758165cd Initial revision carl parents: diff changeset	1212 char fn = i;
96a9758165cd Initial revision carl parents: diff changeset	1213 if (stat(fn, &st)) reload = true; // file disappeared
96a9758165cd Initial revision carl parents: diff changeset	1214 else if (st.st_mtime > then) reload = true; // file modified
96a9758165cd Initial revision carl parents: diff changeset	1215 if (reload) break;
96a9758165cd Initial revision carl parents: diff changeset	1216 }
96a9758165cd Initial revision carl parents: diff changeset	1217 if (reload) {
96a9758165cd Initial revision carl parents: diff changeset	1218 CONFIG *newc = new_conf();
96a9758165cd Initial revision carl parents: diff changeset	1219 // replace the global config pointer
96a9758165cd Initial revision carl parents: diff changeset	1220 pthread_mutex_lock(&config_mutex);
96a9758165cd Initial revision carl parents: diff changeset	1221 CONFIG *old = config;
96a9758165cd Initial revision carl parents: diff changeset	1222 config = newc;
96a9758165cd Initial revision carl parents: diff changeset	1223 pthread_mutex_unlock(&config_mutex);
96a9758165cd Initial revision carl parents: diff changeset	1224 if (old) old_configs.insert(old);
96a9758165cd Initial revision carl parents: diff changeset	1225 }
96a9758165cd Initial revision carl parents: diff changeset	1226 // now look for old configs with zero ref counts
96a9758165cd Initial revision carl parents: diff changeset	1227 for (configp_set::iterator i=old_configs.begin(); i!=old_configs.end(); ) {
96a9758165cd Initial revision carl parents: diff changeset	1228 CONFIG old = i;
96a9758165cd Initial revision carl parents: diff changeset	1229 if (!old->reference_count) {
29 4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	1230 char buf[200];
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	1231 snprintf(buf, sizeof(buf), "freeing memory for old configuration generation %d", old->generation);
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	1232 my_syslog(buf);
0 96a9758165cd Initial revision carl parents: diff changeset	1233 delete old; // destructor does all the work
96a9758165cd Initial revision carl parents: diff changeset	1234 old_configs.erase(i++);
96a9758165cd Initial revision carl parents: diff changeset	1235 }
96a9758165cd Initial revision carl parents: diff changeset	1236 else i++;
96a9758165cd Initial revision carl parents: diff changeset	1237 }
96a9758165cd Initial revision carl parents: diff changeset	1238 }
18 041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1239 return NULL;
0 96a9758165cd Initial revision carl parents: diff changeset	1240 }
96a9758165cd Initial revision carl parents: diff changeset	1241
96a9758165cd Initial revision carl parents: diff changeset	1242
96a9758165cd Initial revision carl parents: diff changeset	1243 static void usage(char *prog);
96a9758165cd Initial revision carl parents: diff changeset	1244 static void usage(char *prog)
96a9758165cd Initial revision carl parents: diff changeset	1245 {
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	1246 fprintf(stderr, "Usage: %s [-d] [-c] -p socket-addr [-t timeout]\n", prog);
0 96a9758165cd Initial revision carl parents: diff changeset	1247 fprintf(stderr, "where socket-addr is for the connection to sendmail and should be one of\n");
96a9758165cd Initial revision carl parents: diff changeset	1248 fprintf(stderr, " inet:port@local-ip-address\n");
96a9758165cd Initial revision carl parents: diff changeset	1249 fprintf(stderr, " local:local-domain-socket-file-name\n");
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	1250 fprintf(stderr, "-c will load and dump the config to stdout\n");
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	1251 fprintf(stderr, "-d will add some syslog debug messages\n");
0 96a9758165cd Initial revision carl parents: diff changeset	1252 }
96a9758165cd Initial revision carl parents: diff changeset	1253
96a9758165cd Initial revision carl parents: diff changeset	1254
96a9758165cd Initial revision carl parents: diff changeset	1255 int main(int argc, char**argv)
96a9758165cd Initial revision carl parents: diff changeset	1256 {
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1257 bool check = false;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1258 bool setconn = false;
0 96a9758165cd Initial revision carl parents: diff changeset	1259 int c;
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	1260 const char *args = "p:t:hcd";
0 96a9758165cd Initial revision carl parents: diff changeset	1261 extern char *optarg;
96a9758165cd Initial revision carl parents: diff changeset	1262
96a9758165cd Initial revision carl parents: diff changeset	1263 // Process command line options
96a9758165cd Initial revision carl parents: diff changeset	1264 while ((c = getopt(argc, argv, args)) != -1) {
96a9758165cd Initial revision carl parents: diff changeset	1265 switch (c) {
96a9758165cd Initial revision carl parents: diff changeset	1266 case 'p':
96a9758165cd Initial revision carl parents: diff changeset	1267 if (optarg == NULL \|\| *optarg == '\0') {
96a9758165cd Initial revision carl parents: diff changeset	1268 fprintf(stderr, "Illegal conn: %s\n", optarg);
96a9758165cd Initial revision carl parents: diff changeset	1269 exit(EX_USAGE);
96a9758165cd Initial revision carl parents: diff changeset	1270 }
96a9758165cd Initial revision carl parents: diff changeset	1271 if (smfi_setconn(optarg) == MI_FAILURE) {
96a9758165cd Initial revision carl parents: diff changeset	1272 fprintf(stderr, "smfi_setconn failed\n");
96a9758165cd Initial revision carl parents: diff changeset	1273 exit(EX_SOFTWARE);
96a9758165cd Initial revision carl parents: diff changeset	1274 }
96a9758165cd Initial revision carl parents: diff changeset	1275
96a9758165cd Initial revision carl parents: diff changeset	1276 if (strncasecmp(optarg, "unix:", 5) == 0) unlink(optarg + 5);
96a9758165cd Initial revision carl parents: diff changeset	1277 else if (strncasecmp(optarg, "local:", 6) == 0) unlink(optarg + 6);
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1278 setconn = true;
0 96a9758165cd Initial revision carl parents: diff changeset	1279 break;
96a9758165cd Initial revision carl parents: diff changeset	1280
96a9758165cd Initial revision carl parents: diff changeset	1281 case 't':
96a9758165cd Initial revision carl parents: diff changeset	1282 if (optarg == NULL \|\| *optarg == '\0') {
96a9758165cd Initial revision carl parents: diff changeset	1283 fprintf(stderr, "Illegal timeout: %s\n", optarg);
96a9758165cd Initial revision carl parents: diff changeset	1284 exit(EX_USAGE);
96a9758165cd Initial revision carl parents: diff changeset	1285 }
96a9758165cd Initial revision carl parents: diff changeset	1286 if (smfi_settimeout(atoi(optarg)) == MI_FAILURE) {
96a9758165cd Initial revision carl parents: diff changeset	1287 fprintf(stderr, "smfi_settimeout failed\n");
96a9758165cd Initial revision carl parents: diff changeset	1288 exit(EX_SOFTWARE);
96a9758165cd Initial revision carl parents: diff changeset	1289 }
96a9758165cd Initial revision carl parents: diff changeset	1290 break;
96a9758165cd Initial revision carl parents: diff changeset	1291
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1292 case 'c':
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1293 check = true;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1294 break;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1295
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	1296 case 'd':
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	1297 debug_syslog = true;
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	1298 break;
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	1299
0 96a9758165cd Initial revision carl parents: diff changeset	1300 case 'h':
96a9758165cd Initial revision carl parents: diff changeset	1301 default:
96a9758165cd Initial revision carl parents: diff changeset	1302 usage(argv[0]);
96a9758165cd Initial revision carl parents: diff changeset	1303 exit(EX_USAGE);
96a9758165cd Initial revision carl parents: diff changeset	1304 }
96a9758165cd Initial revision carl parents: diff changeset	1305 }
5 793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	1306
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	1307 if (check) {
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	1308 CONFIG &dc = *new_conf();
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	1309 dumpit(dc);
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	1310 return 0;
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	1311 }
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	1312
0 96a9758165cd Initial revision carl parents: diff changeset	1313 if (!setconn) {
96a9758165cd Initial revision carl parents: diff changeset	1314 fprintf(stderr, "%s: Missing required -p argument\n", argv[0]);
96a9758165cd Initial revision carl parents: diff changeset	1315 usage(argv[0]);
96a9758165cd Initial revision carl parents: diff changeset	1316 exit(EX_USAGE);
96a9758165cd Initial revision carl parents: diff changeset	1317 }
5 793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	1318
0 96a9758165cd Initial revision carl parents: diff changeset	1319 if (smfi_register(smfilter) == MI_FAILURE) {
96a9758165cd Initial revision carl parents: diff changeset	1320 fprintf(stderr, "smfi_register failed\n");
96a9758165cd Initial revision carl parents: diff changeset	1321 exit(EX_UNAVAILABLE);
96a9758165cd Initial revision carl parents: diff changeset	1322 }
96a9758165cd Initial revision carl parents: diff changeset	1323
96a9758165cd Initial revision carl parents: diff changeset	1324 // switch to background mode
96a9758165cd Initial revision carl parents: diff changeset	1325 if (daemon(1,0) < 0) {
96a9758165cd Initial revision carl parents: diff changeset	1326 fprintf(stderr, "daemon() call failed\n");
96a9758165cd Initial revision carl parents: diff changeset	1327 exit(EX_UNAVAILABLE);
96a9758165cd Initial revision carl parents: diff changeset	1328 }
96a9758165cd Initial revision carl parents: diff changeset	1329
96a9758165cd Initial revision carl parents: diff changeset	1330 // initialize the thread sync objects
96a9758165cd Initial revision carl parents: diff changeset	1331 pthread_mutex_init(&config_mutex, 0);
96a9758165cd Initial revision carl parents: diff changeset	1332 pthread_mutex_init(&syslog_mutex, 0);
96a9758165cd Initial revision carl parents: diff changeset	1333 pthread_mutex_init(&resolve_mutex, 0);
96a9758165cd Initial revision carl parents: diff changeset	1334
96a9758165cd Initial revision carl parents: diff changeset	1335 // load the initial config
96a9758165cd Initial revision carl parents: diff changeset	1336 config = new_conf();
96a9758165cd Initial revision carl parents: diff changeset	1337
96a9758165cd Initial revision carl parents: diff changeset	1338 // only create threads after the fork() in daemon
96a9758165cd Initial revision carl parents: diff changeset	1339 pthread_t tid;
96a9758165cd Initial revision carl parents: diff changeset	1340 if (pthread_create(&tid, 0, config_loader, 0))
96a9758165cd Initial revision carl parents: diff changeset	1341 my_syslog("failed to create config loader thread");
96a9758165cd Initial revision carl parents: diff changeset	1342 if (pthread_detach(tid))
96a9758165cd Initial revision carl parents: diff changeset	1343 my_syslog("failed to detach config loader thread");
96a9758165cd Initial revision carl parents: diff changeset	1344
96a9758165cd Initial revision carl parents: diff changeset	1345 // write the pid
96a9758165cd Initial revision carl parents: diff changeset	1346 const char *pidpath = "/var/run/dnsbl.pid";
96a9758165cd Initial revision carl parents: diff changeset	1347 unlink(pidpath);
96a9758165cd Initial revision carl parents: diff changeset	1348 FILE *f = fopen(pidpath, "w");
96a9758165cd Initial revision carl parents: diff changeset	1349 if (f) {
22 c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1350 #ifdef linux
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1351 // from a comment in the DCC source code:
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1352 // Linux threads are broken. Signals given the
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1353 // original process are delivered to only the
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1354 // thread that happens to have that PID. The
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1355 // sendmail libmilter thread that needs to hear
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1356 // SIGINT and other signals does not, and that breaks
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1357 // scripts that need to stop milters.
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1358 // However, signaling the process group works.
0 96a9758165cd Initial revision carl parents: diff changeset	1359 fprintf(f, "-%d\n", (u_int)getpgrp());
22 c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1360 #else
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1361 fprintf(f, "%d\n", (u_int)getpid());
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1362 #endif
0 96a9758165cd Initial revision carl parents: diff changeset	1363 fclose(f);
96a9758165cd Initial revision carl parents: diff changeset	1364 }
96a9758165cd Initial revision carl parents: diff changeset	1365
18 041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1366 time_t starting = time(NULL);
041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1367 int rc = smfi_main();
22 c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1368 if ((rc != MI_SUCCESS) && (time(NULL) > starting+5*60)) {
18 041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1369 my_syslog("trying to restart after smfi_main()");
041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1370 loader_run = false; // eventually the config loader thread will terminate
041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1371 execvp(argv[0], argv);
041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1372 }
041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1373 exit((rc == MI_SUCCESS) ? 0 : EX_UNAVAILABLE);
0 96a9758165cd Initial revision carl parents: diff changeset	1374 }
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1375

Mercurial > dnsbl

annotate src/dnsbl.cpp @ 36:95607fbef608