annotate src/dnsbl.cpp @ 328:b4f766947202

allow multiple dkim signers in authentication results
author Carl Byington <carl@five-ten-sg.com>
date Sun, 18 Dec 2016 17:55:16 -0800
parents 51846836ec92
children c9932c4d8053
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1 /*
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
3 Copyright (c) 2013 Carl Byington - 510 Software Group, released under
152
c7fc218686f5 gpl3, block mail to recipients that cannot reply
carl
parents: 150
diff changeset
4 the GPL version 3 or any later version at your choice available at
c7fc218686f5 gpl3, block mail to recipients that cannot reply
carl
parents: 150
diff changeset
5 http://www.gnu.org/licenses/gpl-3.0.txt
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
6
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
7 Based on a sample milter Copyright (c) 2000-2003 Sendmail, Inc. and its
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
8 suppliers. Inspired by the DCC by Rhyolite Software
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
9
177
a4d313c2460b start embedded dcc filtering
carl
parents: 174
diff changeset
10 -b port The port used to talk to the dcc interface daemon
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
11 -r port The port used to talk to our internal dns resolver processes
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
12 -p port The port through which the MTA will connect to this milter.
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
13 -t sec The timeout value.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
14 -c Check the config, and print a copy to stdout. Don't start the
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
15 milter or do anything with the socket.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
16 -s Stress test by loading and deleting the current config in a loop.
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
17 -d level set the debug level
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
18 -e f|t Print the results of looking up from address f and to address
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
19 t in the current config
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
20
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
21 */
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
22
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
23
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
24 // from sendmail sample
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
25 #include <sys/types.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
26 #include <sys/stat.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
27 #include <errno.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
28 #include <sysexits.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
29 #include <unistd.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
30
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
31 // needed for socket io
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
32 #include <sys/ioctl.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
33 #include <net/if.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
34 #include <arpa/inet.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
35 #include <netinet/in.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
36 #include <netinet/tcp.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
37 #include <netdb.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
38 #include <sys/socket.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
39 #include <sys/un.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
40
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
41 // needed for thread
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
42 #include <pthread.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
43
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
44 // needed for std c++ collections
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
45 #include <set>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
46 #include <map>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
47 #include <list>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
48
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
49 // for the dns resolver
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
50 #include <netinet/in.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
51 #include <arpa/nameser.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
52 #include <resolv.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
53
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
54 // misc stuff needed here
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
55 #include <ctype.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
56 #include <syslog.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
57 #include <pwd.h>
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
58 #include <sys/wait.h> /* header for waitpid() and various macros */
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
59 #include <signal.h> /* header for signal functions */
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
60
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
61 #include "includes.h"
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
62
211
4db1457cd11a Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents: 203
diff changeset
63 #ifndef HAVE_DAEMON
4db1457cd11a Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents: 203
diff changeset
64 #include "daemon.h"
4db1457cd11a Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents: 203
diff changeset
65 #include "daemon.c"
4db1457cd11a Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents: 203
diff changeset
66 #endif
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
67
227
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
68 #ifndef HAVE_MEMRCHR
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
69 void *memrchr(const void *a, int c, size_t len);
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
70 void *memrchr(const void *a, int c, size_t len) {
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
71 const unsigned char *p = (const unsigned char *)a;
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
72 for (p += len-1; (const void *)p >= a; p--)
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
73 if (*p == c)
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
74 return (void *)p;
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
75 return (void *)0;
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
76 }
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
77 #endif
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
78
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
79 extern "C" {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
80 sfsistat mlfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
81 sfsistat mlfi_helo(SMFICTX * ctx, char *helohost);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
82 sfsistat mlfi_envfrom(SMFICTX *ctx, char **argv);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
83 sfsistat mlfi_envrcpt(SMFICTX *ctx, char **argv);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
84 sfsistat mlfi_header(SMFICTX* ctx, char* headerf, char* headerv);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
85 sfsistat mlfi_body(SMFICTX *ctx, u_char *data, size_t len);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
86 sfsistat mlfi_eom(SMFICTX *ctx);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
87 sfsistat mlfi_abort(SMFICTX *ctx);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
88 sfsistat mlfi_close(SMFICTX *ctx);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
89 void sig_chld(int signo);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
90 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
91
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
92 int debug_syslog = 0;
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
93 bool syslog_opened = false;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
94 bool use_syslog = true; // false to printf
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
95 bool loader_run = true; // used to stop the config loader thread
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
96 CONFIG *config = NULL; // protected by the config_mutex
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
97 int generation = 0; // protected by the config_mutex
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
98 const int maxlen = 1000; // used for snprintf buffers
235
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
99 regex_t srs_pattern; // used to detect srs coding in mail addresses
246
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
100 regex_t prvs_pattern; // used to detect prvs coding in mail addresses
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
101 regex_t dkim_pattern; // used to detect dkim signatures in authentication header generated by the upstream opendkim milter
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
102 regex_t from_pattern; // used to extract the senders mail domain from the body from: header
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
103
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
104 pthread_mutex_t config_mutex;
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
105 pthread_mutex_t syslog_mutex;
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
106 pthread_mutex_t resolve_mutex;
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
107 pthread_mutex_t fd_pool_mutex;
136
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
108 pthread_mutex_t rate_mutex;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
109
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
110 std::set<int> fd_pool;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
111 int NULL_SOCKET = -1;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
112 const time_t ERROR_SOCKET_TIME = 60; // number of seconds between attempts to open a socket to the dns resolver process
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
113 const char *resolver_port = NULL; // unix domain socket to talk to the dns resolver process
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
114 int resolver_socket = NULL_SOCKET; // socket used to listen for resolver requests
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
115 const char *dccifd_port = NULL; // unix domain socket to talk to the dcc interface daemon
248
b0738685bf51 latest tld list; fix uninitialized variable
Carl Byington <carl@five-ten-sg.com>
parents: 246
diff changeset
116 time_t last_error_time = 0;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
117 int resolver_sock_count = 0; // protected with fd_pool_mutex
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
118 int resolver_pool_size = 0; // protected with fd_pool_mutex
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
119 rates rcpt_hourly_counts; // protected with rate_mutex
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
120 rates rcpt_daily_counts; // protected with rate_mutex
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
121 auth_addresses auth_hourly_addresses; // protected with rate_mutex
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
122 auth_addresses auth_daily_addresses; // protected with rate_mutex
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
123
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
124
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
125 struct ns_map {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
126 // all the strings are owned by the keys/values in the ns_host string map
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
127 string_map ns_host; // nameserver name -> host name that uses this name server
242
d8ee4c97b9ab 64 bit fixes for libresolv.a
Carl Byington <carl@five-ten-sg.com>
parents: 238
diff changeset
128 ns_mapper ns_ip; // nameserver name -> ipv4 address of the name server
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
129 ~ns_map();
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
130 void add(const char *name, const char *refer);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
131 };
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
132
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
133
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
134 ns_map::~ns_map() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
135 for (string_map::iterator i=ns_host.begin(); i!=ns_host.end(); i++) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
136 const char *x = (*i).first;
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
137 const char *y = (*i).second;
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
138 free((void*)x);
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
139 free((void*)y);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
140 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
141 ns_ip.clear();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
142 ns_host.clear();
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
143 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
144
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
145
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
146 void ns_map::add(const char *name, const char *refer) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
147 string_map::iterator i = ns_host.find(name);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
148 if (i != ns_host.end()) return;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
149 char *x = strdup(name);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
150 char *y = strdup(refer);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
151 ns_ip[x] = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
152 ns_host[x] = y;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
153
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
154 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
155
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
156 // packed structure to allow a single socket write to dump the
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
157 // length and the following answer. The packing attribute is gcc specific.
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
158 struct glommer {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
159 size_t length;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
160 #ifdef NS_PACKETSZ
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
161 u_char answer[NS_PACKETSZ*4]; // with a resolver, we return resolver answers
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
162 #else
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
163 uint32_t answer; // without a resolver, we return a single ipv4 address in network byte order, 0 == no answer
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
164 #endif
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
165 } __attribute__ ((packed));
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
166
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
167
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
168 ////////////////////////////////////////////////
136
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
169 // helper to manipulate recipient counts
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
170 //
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
171 void incr_rcpt_count(const char *user, int &hourly, int &daily);
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
172 void incr_rcpt_count(const char *user, int &hourly, int &daily) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
173 pthread_mutex_lock(&rate_mutex);
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
174 rates::iterator i = rcpt_hourly_counts.find(user);
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
175 hourly = 1;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
176 if (i == rcpt_hourly_counts.end()) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
177 user = strdup(user);
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
178 rcpt_hourly_counts[user] = hourly;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
179 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
180 else {
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
181 hourly = ++((*i).second);
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
182 }
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
183
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
184 rates::iterator j = rcpt_daily_counts.find(user);
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
185 daily = 1;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
186 if (j == rcpt_daily_counts.end()) {
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
187 user = strdup(user);
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
188 rcpt_daily_counts[user] = daily;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
189 }
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
190 else {
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
191 daily = ++((*j).second);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
192 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
193 pthread_mutex_unlock(&rate_mutex);
136
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
194 }
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
195
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
196
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
197 void add_auth_address(const char *user, int &hourly, int &daily, int32_t ip);
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
198 void add_auth_address(const char *user, int &hourly, int &daily, int32_t ip) {
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
199 pthread_mutex_lock(&rate_mutex);
280
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
200 auth_addresses::iterator i = auth_hourly_addresses.find(user);
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
201 if (i == auth_hourly_addresses.end()) {
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
202 user = strdup(user);
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
203 auth_hourly_addresses[user] = new int32_t_set;
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
204 auth_hourly_addresses[user]->insert(ip);
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
205 hourly = 1;
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
206 }
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
207 else {
280
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
208 int32_t_set::iterator k = ((*i).second)->find(ip);
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
209 if (k == ((*i).second)->end()) ((*i).second)->insert(ip);
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
210 hourly = ((*i).second)->size();
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
211 }
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
212
280
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
213 auth_addresses::iterator j = auth_daily_addresses.find(user);
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
214 if (j == auth_daily_addresses.end()) {
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
215 user = strdup(user);
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
216 auth_daily_addresses[user] = new int32_t_set;
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
217 auth_daily_addresses[user]->insert(ip);
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
218 daily = 1;
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
219 }
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
220 else {
280
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
221 int32_t_set::iterator k = ((*j).second)->find(ip);
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
222 if (k == ((*j).second)->end()) ((*j).second)->insert(ip);
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
223 daily = ((*j).second)->size();
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
224 }
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
225 pthread_mutex_unlock(&rate_mutex);
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
226 }
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
227
136
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
228 ////////////////////////////////////////////////
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
229 // helper to discard the strings held by a context_map
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
230 //
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
231 void discard(context_map &cm);
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
232 void discard(context_map &cm) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
233 for (context_map::iterator i=cm.begin(); i!=cm.end(); i++) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
234 const char *x = (*i).first;
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
235 free((void*)x);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
236 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
237 cm.clear();
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
238 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
239
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
240
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
241 ////////////////////////////////////////////////
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
242 // helper to register a string in a context_map
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
243 //
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
244 void register_string(context_map &cm, const char *name, CONTEXT *con);
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
245 void register_string(context_map &cm, const char *name, CONTEXT *con) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
246 context_map::iterator i = cm.find(name);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
247 if (i != cm.end()) return;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
248 char *x = strdup(name);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
249 cm[x] = con;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
250 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
251
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
252
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
253 ////////////////////////////////////////////////
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
254 // disconnect the fd from the dns resolver process
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
255 //
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
256 void my_disconnect(int sock, bool decrement = true);
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
257 void my_disconnect(int sock, bool decrement) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
258 if (sock != NULL_SOCKET) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
259 if (decrement) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
260 pthread_mutex_lock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
261 resolver_sock_count--;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
262 pthread_mutex_unlock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
263 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
264 shutdown(sock, SHUT_RDWR);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
265 close(sock);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
266 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
267 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
268
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
269
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
270 ////////////////////////////////////////////////
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
271 // return fd connected to the dns resolver process
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
272 //
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
273 int my_connect();
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
274 int my_connect() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
275 // if we have had recent errors, don't even try to open the socket
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
276 if ((time(NULL) - last_error_time) < ERROR_SOCKET_TIME) return NULL_SOCKET;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
277
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
278 // nothing recent, maybe this time it will work
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
279 int sock = NULL_SOCKET;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
280 sockaddr_un server;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
281 memset(&server, '\0', sizeof(server));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
282 server.sun_family = AF_UNIX;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
283 strncpy(server.sun_path, resolver_port, sizeof(server.sun_path)-1);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
284 sock = socket(AF_UNIX, SOCK_STREAM, 0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
285 if (sock != NULL_SOCKET) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
286 bool rc = (connect(sock, (sockaddr *)&server, sizeof(server)) == 0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
287 if (!rc) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
288 my_disconnect(sock, false);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
289 sock = NULL_SOCKET;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
290 last_error_time = time(NULL);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
291 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
292 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
293 else last_error_time = time(NULL);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
294 if (sock != NULL_SOCKET) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
295 pthread_mutex_lock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
296 resolver_sock_count++;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
297 pthread_mutex_unlock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
298 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
299 return sock;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
300 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
301
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
302
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
303 ////////////////////////////////////////////////
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
304 // ask a dns question and get an A record answer in network byte order
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
305 // we don't try very hard, just using the default resolver retry settings.
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
306 // If we cannot get an answer, we just accept the mail.
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
307 //
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
308 //
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
309 uint32_t dns_interface(mlfiPriv &priv, const char *question, bool maybe_ip, ns_map *nameservers);
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
310 uint32_t dns_interface(mlfiPriv &priv, const char *question, bool maybe_ip, ns_map *nameservers) {
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
311 // tell sendmail we are still working
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
312 #if _FFR_SMFI_PROGRESS
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
313 if (priv.eom) smfi_progress(priv.ctx);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
314 #endif
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
315
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
316 // this part can be done without locking the resolver mutex. Each
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
317 // milter thread is talking over its own socket to a separate resolver
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
318 // process, which does the actual dns resolution.
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
319 if (priv.err) return 0; // cannot ask more questions on this socket.
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
320 if (maybe_ip) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
321 // might be a bare ip address, try this first to avoid dns lookups that may not be needed
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
322 in_addr ip;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
323 if (inet_aton(question, &ip)) {
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
324 return ip.s_addr;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
325 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
326 }
328
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
327 size_t n = strlen(question);
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
328 if (question[n-1] == '.') {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
329 priv.my_write(question, n+1); // write the question including the null terminator
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
330 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
331 else {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
332 priv.my_write(question, n); // write the question
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
333 priv.my_write(".", 2); // and the fully qualified . terminator and null string terminator
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
334 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
335 glommer glom;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
336 char *buf = (char *)&glom;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
337 priv.my_read(buf, sizeof(glom.length));
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
338 buf += sizeof(glom.length);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
339 #ifdef RESOLVER_DEBUG
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
340 char text[1000];
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
341 snprintf(text, sizeof(text), "dns_interface() wrote question %s and has answer length %d", question, glom.length);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
342 my_syslog(text);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
343 #endif
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
344 if (glom.length == 0) return 0;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
345 if (glom.length > sizeof(glom.answer)) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
346 priv.err = true;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
347 return 0; // cannot process overlarge answers
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
348 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
349 priv.my_read(buf, glom.length);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
350
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
351 #ifdef NS_PACKETSZ
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
352 // now we need to lock the resolver mutex to keep the milter threads from
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
353 // stepping on each other while parsing the dns answer.
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
354 uint32_t ret_address = 0;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
355 pthread_mutex_lock(&resolve_mutex);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
356 // parse the answer
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
357 ns_msg handle;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
358 ns_rr rr;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
359 if (ns_initparse(glom.answer, glom.length, &handle) == 0) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
360 // look for ns names
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
361 if (nameservers) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
362 ns_map &ns = *nameservers;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
363 int rrnum = 0;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
364 while (ns_parserr(&handle, ns_s_ns, rrnum++, &rr) == 0) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
365 if (ns_rr_type(rr) == ns_t_ns) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
366 char nam[NS_MAXDNAME+1];
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
367 char *n = nam;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
368 const u_char *p = ns_rr_rdata(rr);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
369 while (((n-nam) < NS_MAXDNAME) && ((size_t)(p-glom.answer) < glom.length) && *p) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
370 size_t s = *(p++);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
371 if (s > 191) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
372 // compression pointer
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
373 s = (s-192)*256 + *(p++);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
374 if (s >= glom.length) break; // pointer outside bounds of answer
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
375 p = glom.answer + s;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
376 s = *(p++);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
377 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
378 if (s > 0) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
379 if ((size_t)(n-nam) >= (NS_MAXDNAME-s)) break; // destination would overflow name buffer
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
380 if ((size_t)(p-glom.answer) >= (glom.length-s)) break; // source outside bounds of answer
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
381 memcpy(n, p, s);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
382 n += s;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
383 p += s;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
384 *(n++) = '.';
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
385 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
386 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
387 if (n-nam) n--; // remove trailing .
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
388 *n = '\0'; // null terminate it
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
389 ns.add(nam, question); // ns host to lookup later
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
390 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
391 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
392 rrnum = 0;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
393 while (ns_parserr(&handle, ns_s_ar, rrnum++, &rr) == 0) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
394 if (ns_rr_type(rr) == ns_t_a) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
395 char* nam = (char*)ns_rr_name(rr);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
396 ns_mapper::iterator i = ns.ns_ip.find(nam);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
397 if (i != ns.ns_ip.end()) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
398 // we want this ip address
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
399 uint32_t address;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
400 memcpy(&address, ns_rr_rdata(rr), sizeof(address));
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
401 ns.ns_ip[nam] = address;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
402 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
403 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
404 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
405 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
406 int rrnum = 0;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
407 while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
408 if (ns_rr_type(rr) == ns_t_a) {
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
409 uint32_t address;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
410 memcpy(&address, ns_rr_rdata(rr), sizeof(address));
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
411 ret_address = address;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
412 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
413 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
414 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
415 pthread_mutex_unlock(&resolve_mutex);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
416 #ifdef RESOLVER_DEBUG
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
417 snprintf(text, sizeof(text), "dns_interface() found ip %d", ret_address);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
418 my_syslog(text);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
419 #endif
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
420 return ret_address;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
421 #else
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
422 return glom.answer;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
423 #endif
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
424 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
425
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
426
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
427 ////////////////////////////////////////////////
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
428 // lookup a hostname on the uribl
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
429 //
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
430 // if we find hostname on the uribl, return true and point found to hostname
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
431 // as a string registered in hosts.
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
432 // otherwise, return false and preserve the value of found.
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
433 //
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
434 bool uriblookup(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) ;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
435 bool uriblookup(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) {
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
436 char buf[maxlen];
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
437 snprintf(buf, sizeof(buf), "%s.%s.", hostname, priv.uribl_suffix);
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
438 uint32_t ip = ntohl(dns_interface(priv, buf, false, NULL));
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
439 if (ip and (ip != 0x7f000000)) {
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
440 if (debug_syslog > 2) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
441 char tmp[maxlen];
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
442 snprintf(tmp, sizeof(tmp), "found %s on %s", hostname, priv.uribl_suffix);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
443 my_syslog(tmp);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
444 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
445 found = register_string(hosts, hostname);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
446 return true;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
447 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
448 return false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
449 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
450
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
451
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
452 ////////////////////////////////////////////////
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
453 // uribl checker
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
454 // -------------
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
455 // hostname MUST not have a trailing dot. Find the tld part of
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
456 // the hostname, and add one more level. If that is listed on
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
457 // the uribl, return true and point found to the part of the
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
458 // hostname that we found as a string registered in hosts.
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
459 // Otherwise, return false and preserve the value of found.
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
460 //
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
461 bool check_uribl(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) ;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
462 bool check_uribl(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
463 in_addr ip;
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
464 if (inet_aton(hostname, &ip)) return false; // don't check ip addresses in uribls
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
465 const char* components[maxlen];
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
466 int n = 0; // number of components in the hostname
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
467 while (n < maxlen) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
468 components[n++] = hostname;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
469 const char *c = strchr(hostname, '.');
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
470 if (!c) break;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
471 hostname = c+1;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
472 }
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
473 string_set *tlds = priv.memory->get_tlds();
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
474 string_set *tldwilds = priv.memory->get_tldwilds();
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
475 string_set *tldnots = priv.memory->get_tldnots();
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
476 string_set::iterator xtlds = tlds->end();
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
477 string_set::iterator xtldwilds = tldwilds->end();
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
478 string_set::iterator xtldnots = tldnots->end();
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
479 for (int i=max(0,n-4); i<n; i++) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
480 const char* name = components[i];
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
481 bool rc = false;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
482 string_set::iterator tt = tldnots->find(name);
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
483 if (tt != xtldnots) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
484 rc = true;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
485 }
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
486 else {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
487 tt = tldwilds->find(name);
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
488 if (tt != xtldwilds) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
489 if (i > 1) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
490 rc = true;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
491 name = components[i-2];
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
492 }
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
493 else return false;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
494 }
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
495 else {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
496 tt = tlds->find(name);
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
497 if (tt != xtlds) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
498 if (i > 0) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
499 rc = true;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
500 name = components[i-1];
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
501 }
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
502 else return false;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
503 }
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
504 }
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
505 }
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
506 if (rc) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
507 return uriblookup(priv, hosts, name, found);
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
508 }
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
509 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
510 return false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
511 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
512
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
513
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
514 mlfiPriv::mlfiPriv() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
515 pthread_mutex_lock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
516 pc = config;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
517 pc->reference_count++;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
518 pthread_mutex_unlock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
519 get_fd();
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
520 ctx = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
521 eom = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
522 ip = 0;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
523 helo = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
524 mailaddr = NULL;
321
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
525 fromaddr = NULL;
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
526 header_count = 0;
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
527 dkim_ok = true;
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
528 queueid = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
529 authenticated = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
530 client_name = NULL;
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
531 client_dns_name = NULL;
268
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
532 client_dns_forged = false;
238
7b818a4e21a4 produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents: 236
diff changeset
533 host_uribl = NULL;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
534 helo_uribl = false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
535 client_uribl = false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
536 from_uribl = false;
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
537 have_whites = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
538 only_whites = true;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
539 want_spamassassin = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
540 want_dccgrey = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
541 want_dccbulk = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
542 allow_autowhitelisting = true;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
543 content_context = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
544 memory = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
545 scanner = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
546 content_suffix = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
547 content_message = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
548 uribl_suffix = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
549 uribl_message = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
550 content_host_ignore = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
551 assassin = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
552 dccifd = NULL;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
553 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
554
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
555 mlfiPriv::~mlfiPriv() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
556 return_fd();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
557 pthread_mutex_lock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
558 pc->reference_count--;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
559 bool last = (!pc->reference_count) && (pc != config);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
560 pthread_mutex_unlock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
561 if (last) delete pc; // free this config, since we were the last reference to it
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
562 if (helo) free((void*)helo);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
563 reset(true);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
564 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
565
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
566 void mlfiPriv::reset(bool final) {
194
688ec12a3c0c delay autowhitelisting to avoid out of office reply bots
carl
parents: 193
diff changeset
567 while (!delayer.empty()) {
231
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
568 DELAYWHITEP dwp = delayer.front();
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
569 const char *loto = dwp->get_loto();
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
570 if (loto) free((void*)loto);
193
3ea79ef741a0 delay autowhitelisting to avoid out of office reply bots
carl
parents: 192
diff changeset
571 delete dwp;
3ea79ef741a0 delay autowhitelisting to avoid out of office reply bots
carl
parents: 192
diff changeset
572 delayer.pop_front();
3ea79ef741a0 delay autowhitelisting to avoid out of office reply bots
carl
parents: 192
diff changeset
573 }
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
574 if (mailaddr) free((void*)mailaddr);
321
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
575 if (fromaddr) free((void*)fromaddr);
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
576 if (queueid) free((void*)queueid);
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
577 if (authenticated) free((void*)authenticated);
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
578 if (client_name) free((void*)client_name);
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
579 if (client_dns_name) free((void*)client_dns_name);
326
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
580 discard(dkim_signers);
238
7b818a4e21a4 produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents: 236
diff changeset
581 discard(hosts_uribl);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
582 delayer.clear();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
583 discard(env_to);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
584 if (memory) delete memory;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
585 if (scanner) delete scanner;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
586 if (assassin) delete assassin;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
587 if (dccifd) delete dccifd;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
588 if (!final) {
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
589 ctx = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
590 eom = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
591 mailaddr = NULL;
321
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
592 fromaddr = NULL;
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
593 header_count = 0;
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
594 dkim_ok = true;
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
595 queueid = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
596 authenticated = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
597 client_name = NULL;
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
598 client_dns_name = NULL;
238
7b818a4e21a4 produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents: 236
diff changeset
599 host_uribl = NULL;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
600 helo_uribl = false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
601 client_uribl = false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
602 from_uribl = false;
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
603 have_whites = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
604 only_whites = true;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
605 want_spamassassin = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
606 want_dccgrey = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
607 want_dccbulk = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
608 allow_autowhitelisting = true;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
609 content_context = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
610 memory = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
611 scanner = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
612 content_suffix = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
613 content_message = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
614 uribl_suffix = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
615 uribl_message = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
616 content_host_ignore = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
617 assassin = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
618 dccifd = NULL;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
619 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
620 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
621
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
622 void mlfiPriv::get_fd() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
623 err = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
624 fd = NULL_SOCKET;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
625 int result = pthread_mutex_lock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
626 if (!result) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
627 std::set<int>::iterator i;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
628 i = fd_pool.begin();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
629 if (i != fd_pool.end()) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
630 // have at least one fd in the pool
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
631 err = false;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
632 fd = *i;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
633 fd_pool.erase(fd);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
634 resolver_pool_size--;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
635 pthread_mutex_unlock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
636 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
637 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
638 // pool is empty, get a new fd
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
639 pthread_mutex_unlock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
640 fd = my_connect();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
641 err = (fd == NULL_SOCKET);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
642 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
643 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
644 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
645 // cannot lock the pool, just get a new fd
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
646 fd = my_connect();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
647 err = (fd == NULL_SOCKET);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
648 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
649 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
650
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
651 void mlfiPriv::return_fd() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
652 if (err) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
653 // this fd got a socket error, so close it, rather than returning it to the pool
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
654 my_disconnect(fd);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
655 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
656 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
657 int result = pthread_mutex_lock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
658 if (!result) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
659 if ((resolver_sock_count > resolver_pool_size*5) || (resolver_pool_size < 5)) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
660 // return the fd to the pool
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
661 fd_pool.insert(fd);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
662 resolver_pool_size++;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
663 pthread_mutex_unlock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
664 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
665 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
666 // more than 20% of the open resolver sockets are in the pool, and the
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
667 // pool as at least 5 sockets. that is enough, so just close this one.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
668 pthread_mutex_unlock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
669 my_disconnect(fd);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
670 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
671 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
672 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
673 // could not lock the pool, so just close the fd
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
674 my_disconnect(fd);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
675 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
676 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
677 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
678
177
a4d313c2460b start embedded dcc filtering
carl
parents: 174
diff changeset
679 size_t mlfiPriv::my_write(const char *buf, size_t len) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
680 if (err) return 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
681 size_t rs = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
682 while (len) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
683 size_t ws = write(fd, buf, len);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
684 if (ws > 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
685 rs += ws;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
686 len -= ws;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
687 buf += ws;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
688 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
689 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
690 // peer closed the socket!
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
691 rs = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
692 err = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
693 break;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
694 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
695 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
696 return rs;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
697 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
698
177
a4d313c2460b start embedded dcc filtering
carl
parents: 174
diff changeset
699 size_t mlfiPriv::my_read(char *buf, size_t len) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
700 if (err) return 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
701 size_t rs = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
702 while (len) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
703 size_t ws = read(fd, buf, len);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
704 if (ws > 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
705 rs += ws;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
706 len -= ws;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
707 buf += ws;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
708 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
709 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
710 // peer closed the socket!
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
711 rs = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
712 err = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
713 break;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
714 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
715 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
716 return rs;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
717 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
718
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
719 void mlfiPriv::need_content_filter(const char *rcpt, CONTEXT &con) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
720 if (!memory) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
721 // first recipient that needs content filtering sets
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
722 // some of the content filtering parameters
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
723 memory = new recorder(this, con.get_html_tags(), con.get_content_tlds(), con.get_content_tldwilds(), con.get_content_tldnots());
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
724 scanner = new url_scanner(memory);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
725 content_suffix = con.get_content_suffix();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
726 content_message = con.get_content_message();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
727 uribl_suffix = con.get_uribl_suffix();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
728 uribl_message = con.get_uribl_message();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
729 content_host_ignore = &con.get_content_host_ignore();
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
730 // if we are using uribl, test helo and client names here
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
731 if (uribl_suffix) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
732 if (helo) {
238
7b818a4e21a4 produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents: 236
diff changeset
733 helo_uribl = check_uribl(*this, hosts_uribl, helo, host_uribl);
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
734 }
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
735 if (client_dns_name && !helo_uribl) {
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
736 client_uribl = check_uribl(*this, hosts_uribl, client_dns_name, host_uribl);
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
737 }
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
738 if (mailaddr && !client_uribl) {
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
739 const char *f = strchr(mailaddr, '@');
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
740 if (f) from_uribl = check_uribl(*this, hosts_uribl, f+1, host_uribl);
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
741 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
742 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
743 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
744 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
745
186
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
746
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
747 mlfiPriv* fetch_priv_from_ctx(SMFICTX *ctx);
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
748 mlfiPriv* fetch_priv_from_ctx(SMFICTX *ctx)
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
749 {
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
750 mlfiPriv *priv = (struct mlfiPriv *)smfi_getpriv(ctx);
187
f0eda59e8afd fix null pointer dereference from missing HELO command
carl
parents: 186
diff changeset
751 priv->ctx = ctx;
186
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
752 return priv;
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
753 }
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
754 #define MLFIPRIV fetch_priv_from_ctx(ctx)
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
755
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
756
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
757
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
758 ////////////////////////////////////////////////
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
759 // syslog a message
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
760 //
310
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
761 void my_syslog(const char *queueid, const char *text) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
762 char buf[maxlen];
311
f5547e7b3a09 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 310
diff changeset
763 if (queueid && queueid[0]) {
310
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
764 snprintf(buf, sizeof(buf), "%s: %s", queueid, text);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
765 text = buf;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
766 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
767 if (use_syslog) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
768 pthread_mutex_lock(&syslog_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
769 if (!syslog_opened) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
770 openlog("dnsbl", LOG_PID, LOG_MAIL);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
771 syslog_opened = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
772 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
773 syslog(LOG_NOTICE, "%s", text);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
774 pthread_mutex_unlock(&syslog_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
775 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
776 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
777 printf("%s \n", text);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
778 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
779 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
780
310
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
781 void my_syslog(mlfiPriv *priv, const char *text) {
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
782 if (priv) my_syslog(priv->queueid, text);
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
783 else my_syslog((const char *)NULL, text);
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
784 }
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
785
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
786 void my_syslog(mlfiPriv *priv, const string text) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
787 if (debug_syslog > 3) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
788 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
789 strncpy(buf, text.c_str(), sizeof(buf));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
790 buf[maxlen-1] = '\0'; // ensure null termination
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
791 my_syslog(priv, buf);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
792 }
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
793 }
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
794
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
795 void my_syslog(const char *text) {
310
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
796 my_syslog((const char *)NULL, text);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
797 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
798
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
799
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
800 ////////////////////////////////////////////////
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
801 // read a resolver request from the socket, process it, and
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
802 // write the result back to the socket.
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
803
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
804 void process_resolver_requests(int socket);
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
805 void process_resolver_requests(int socket) {
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
806 #ifdef NS_MAXDNAME
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
807 char question[NS_MAXDNAME];
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
808 #else
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
809 char question[1000];
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
810 #endif
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
811 glommer glom;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
812
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
813 int maxq = sizeof(question);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
814 while (true) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
815 // read a question
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
816 int rs = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
817 while (rs < maxq) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
818 int ns = read(socket, question+rs, maxq-rs);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
819 if (ns > 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
820 rs += ns;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
821 if (question[rs-1] == '\0') {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
822 // last byte read was the null terminator, we are done
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
823 break;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
824 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
825 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
826 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
827 // peer closed the socket
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
828 #ifdef RESOLVER_DEBUG
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
829 my_syslog("process_resolver_requests() peer closed socket while reading question");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
830 #endif
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
831 shutdown(socket, SHUT_RDWR);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
832 close(socket);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
833 return;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
834 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
835 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
836 question[rs-1] = '\0'; // ensure null termination
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
837
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
838 // find the answer
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
839 #ifdef NS_PACKETSZ
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
840 #ifdef RESOLVER_DEBUG
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
841 char text[1000];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
842 snprintf(text, sizeof(text), "process_resolver_requests() has a question %s", question);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
843 my_syslog(text);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
844 #endif
223
da9e7f1c8160 fix unsigned signed compare, back to mixed -lresolv and libresolv.a with auto requires
Carl Byington <carl@five-ten-sg.com>
parents: 222
diff changeset
845 int res_result = res_search(question, ns_c_in, ns_t_a, glom.answer, sizeof(glom.answer));
da9e7f1c8160 fix unsigned signed compare, back to mixed -lresolv and libresolv.a with auto requires
Carl Byington <carl@five-ten-sg.com>
parents: 222
diff changeset
846 if (res_result < 0) glom.length = 0; // represent all errors as zero length answers
da9e7f1c8160 fix unsigned signed compare, back to mixed -lresolv and libresolv.a with auto requires
Carl Byington <carl@five-ten-sg.com>
parents: 222
diff changeset
847 else glom.length = (size_t)res_result;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
848 #else
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
849 glom.length = sizeof(glom.answer);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
850 glom.answer = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
851 struct hostent *host = gethostbyname(question);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
852 if (host && (host->h_addrtype == AF_INET)) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
853 memcpy(&glom.answer, host->h_addr, sizeof(glom.answer));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
854 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
855 #endif
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
856
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
857 // write the answer
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
858 char *buf = (char *)&glom;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
859 int len = glom.length + sizeof(glom.length);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
860 #ifdef RESOLVER_DEBUG
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
861 snprintf(text, sizeof(text), "process_resolver_requests() writing answer length %d for total %d", glom.length, len);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
862 my_syslog(text);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
863 #endif
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
864 int ws = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
865 while (len > ws) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
866 int ns = write(socket, buf+ws, len-ws);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
867 if (ns > 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
868 ws += ns;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
869 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
870 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
871 // peer closed the socket!
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
872 #ifdef RESOLVER_DEBUG
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
873 my_syslog("process_resolver_requests() peer closed socket while writing answer");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
874 #endif
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
875 shutdown(socket, SHUT_RDWR);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
876 close(socket);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
877 return;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
878 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
879 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
880 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
881 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
882
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
883
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
884 ////////////////////////////////////////////////
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
885 // check a single dns list, return ip address in network byte order
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
886 //
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
887 uint32_t check_single(mlfiPriv &priv, int32_t ip, const char *suffix);
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
888 uint32_t check_single(mlfiPriv &priv, int32_t ip, const char *suffix) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
889 // make a dns question
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
890 const u_char *src = (const u_char *)&ip;
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
891 if (src[0] == 127) return 0; // don't do dns lookups on localhost
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
892 if (src[0] == 10) return 0; // don't do dns lookups on rfc1918 space
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
893 if ((src[0] == 192) && (src[1] == 168)) return 0;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
894 if ((src[0] == 172) && (16 <= src[1]) && (src[1] <= 31)) return 0;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
895 #ifdef NS_MAXDNAME
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
896 char question[NS_MAXDNAME];
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
897 #else
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
898 char question[1000];
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
899 #endif
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
900 snprintf(question, sizeof(question), "%u.%u.%u.%u.%s.", src[3], src[2], src[1], src[0], suffix);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
901 // ask the question, if we get an A record it implies a blacklisted ip address
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
902 return dns_interface(priv, question, false, NULL);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
903 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
904
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
905
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
906 ////////////////////////////////////////////////
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
907 // check a single dnsbl
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
908 //
242
d8ee4c97b9ab 64 bit fixes for libresolv.a
Carl Byington <carl@five-ten-sg.com>
parents: 238
diff changeset
909 bool check_single(mlfiPriv &priv, int32_t ip, DNSBL &bl);
d8ee4c97b9ab 64 bit fixes for libresolv.a
Carl Byington <carl@five-ten-sg.com>
parents: 238
diff changeset
910 bool check_single(mlfiPriv &priv, int32_t ip, DNSBL &bl) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
911 return check_single(priv, ip, bl.suffix);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
912 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
913
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
914
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
915 ////////////////////////////////////////////////
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
916 // check a single dnswl
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
917 //
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
918 bool check_single(mlfiPriv &priv, int32_t ip, DNSWL &wl);
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
919 bool check_single(mlfiPriv &priv, int32_t ip, DNSWL &wl) {
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
920 uint32_t r = ntohl(check_single(priv, ip, wl.suffix));
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
921 uint32_t v = (uint32_t)0x7f000000;
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
922 uint32_t m = (uint32_t)0xffff0000;
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
923 uint32_t m2 = (uint32_t)0x000000ff;
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
924 if ((r & m) == v) {
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
925 uint32_t l = r & m2;
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
926 if ((int)l >= wl.level) return true;
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
927 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
928 return false;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
929 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
930
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
931
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
932 ////////////////////////////////////////////////
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
933 // check the dnsbls specified for this recipient
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
934 //
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
935 bool check_dnsbl(mlfiPriv &priv, dnsblp_list &dnsbll, DNSBLP &rejectlist);
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
936 bool check_dnsbl(mlfiPriv &priv, dnsblp_list &dnsbll, DNSBLP &rejectlist) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
937 for (dnsblp_list::iterator i=dnsbll.begin(); i!=dnsbll.end(); i++) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
938 DNSBLP dp = *i; // non null by construction
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
939 bool st;
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
940 map<DNSBLP, bool>::iterator f = priv.checked_black.find(dp);
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
941 if (f == priv.checked_black.end()) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
942 // have not checked this list yet
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
943 st = check_single(priv, priv.ip, *dp);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
944 rejectlist = dp;
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
945 priv.checked_black[dp] = st;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
946 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
947 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
948 st = (*f).second;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
949 rejectlist = (*f).first;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
950 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
951 if (st) return st;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
952 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
953 return false;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
954 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
955
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
956
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
957 ////////////////////////////////////////////////
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
958 // check the dnswls specified for this recipient
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
959 //
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
960 bool check_dnswl(mlfiPriv &priv, dnswlp_list &dnswll, DNSWLP &acceptlist);
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
961 bool check_dnswl(mlfiPriv &priv, dnswlp_list &dnswll, DNSWLP &acceptlist) {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
962 for (dnswlp_list::iterator i=dnswll.begin(); i!=dnswll.end(); i++) {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
963 DNSWLP dp = *i; // non null by construction
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
964 bool st;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
965 map<DNSWLP, bool>::iterator f = priv.checked_white.find(dp);
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
966 if (f == priv.checked_white.end()) {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
967 // have not checked this list yet
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
968 st = check_single(priv, priv.ip, *dp);
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
969 acceptlist = dp;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
970 priv.checked_white[dp] = st;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
971 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
972 else {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
973 st = (*f).second;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
974 acceptlist = (*f).first;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
975 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
976 if (st) return st;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
977 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
978 return false;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
979 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
980
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
981
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
982 ////////////////////////////////////////////////
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
983 // check the hosts from the body against the content filter and uribl dnsbls
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
984 //
124
ea6f9c812faa put hostname in smtp message for uribl style lookups
carl
parents: 123
diff changeset
985 //
242
d8ee4c97b9ab 64 bit fixes for libresolv.a
Carl Byington <carl@five-ten-sg.com>
parents: 238
diff changeset
986 bool check_hosts(mlfiPriv &priv, bool random, int limit, const char *&msg, const char *&host, int32_t &ip, const char *&found);
d8ee4c97b9ab 64 bit fixes for libresolv.a
Carl Byington <carl@five-ten-sg.com>
parents: 238
diff changeset
987 bool check_hosts(mlfiPriv &priv, bool random, int limit, const char *&msg, const char *&host, int32_t &ip, const char *&found) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
988 found = NULL; // normally ip address style
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
989 if (!priv.content_suffix && !priv.uribl_suffix) return false; // nothing to check
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
990 string_set &hosts = priv.memory->get_hosts();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
991 string_set &ignore = *priv.content_host_ignore;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
992
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
993 int count = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
994 int cnt = hosts.size(); // number of hosts we could look at
242
d8ee4c97b9ab 64 bit fixes for libresolv.a
Carl Byington <carl@five-ten-sg.com>
parents: 238
diff changeset
995 int32_t_set ips;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
996 ns_map nameservers;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
997 for (string_set::iterator i=hosts.begin(); i!=hosts.end(); i++) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
998 host = *i; // a reference into hosts, which will live until this smtp transaction is closed
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
999
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1000 // don't bother looking up hosts on the ignore list
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1001 string_set::iterator j = ignore.find(host);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1002 if (j != ignore.end()) continue;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1003
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1004 // try to only look at limit/cnt fraction of the available cnt host names in random mode
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1005 if ((cnt > limit) && (limit > 0) && random) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1006 int r = rand() % cnt;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1007 if (r >= limit) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1008 if (debug_syslog > 2) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1009 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1010 snprintf(buf, sizeof(buf), "host %s skipped", host);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1011 my_syslog(&priv, buf);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1012 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1013 continue;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1014 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1015 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1016 count++;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1017 ip = dns_interface(priv, host, true, &nameservers);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1018 if (debug_syslog > 2) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1019 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1020 if (ip) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1021 char adr[sizeof "255.255.255.255 "];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1022 adr[0] = '\0';
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1023 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1024 snprintf(buf, sizeof(buf), "host %s found at %s", host, adr);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1025 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1026 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1027 snprintf(buf, sizeof(buf), "host %s not found", host);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1028 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1029 my_syslog(&priv, buf);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1030 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1031 if (ip) {
242
d8ee4c97b9ab 64 bit fixes for libresolv.a
Carl Byington <carl@five-ten-sg.com>
parents: 238
diff changeset
1032 int32_t_set::iterator i = ips.find(ip);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1033 if (i == ips.end()) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1034 // we haven't looked this up yet
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1035 ips.insert(ip);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1036 // check dnsbl style list
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1037 if (priv.content_suffix && check_single(priv, ip, priv.content_suffix)) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1038 msg = priv.content_message;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1039 return true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1040 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1041 // Check uribl & surbl style list
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1042 if (priv.uribl_suffix && check_uribl(priv, hosts, host, found)) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1043 msg = priv.uribl_message;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1044 return true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1045 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1046 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1047 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1048 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1049 limit *= 4; // allow average of 3 ns per host name
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1050 for (ns_mapper::iterator i=nameservers.ns_ip.begin(); i!=nameservers.ns_ip.end(); i++) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1051 count++;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1052 if ((count > limit) && (limit > 0)) return false; // too many name servers to check them all
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1053 host = (*i).first; // a transient reference that needs to be replaced before we return it
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1054 ip = (*i).second;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1055 if (!ip) ip = dns_interface(priv, host, false, NULL);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1056 if (debug_syslog > 2) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1057 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1058 if (ip) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1059 char adr[sizeof "255.255.255.255 "];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1060 adr[0] = '\0';
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1061 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1062 snprintf(buf, sizeof(buf), "ns %s found at %s", host, adr);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1063 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1064 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1065 snprintf(buf, sizeof(buf), "ns %s not found", host);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1066 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1067 my_syslog(&priv, buf);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1068 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1069 if (ip) {
242
d8ee4c97b9ab 64 bit fixes for libresolv.a
Carl Byington <carl@five-ten-sg.com>
parents: 238
diff changeset
1070 int32_t_set::iterator i = ips.find(ip);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1071 if (i == ips.end()) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1072 ips.insert(ip);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1073 if (check_single(priv, ip, priv.content_suffix)) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1074 msg = priv.content_message;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1075 string_map::iterator j = nameservers.ns_host.find(host);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1076 if (j != nameservers.ns_host.end()) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1077 const char *refer = (*j).second;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1078 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1079 snprintf(buf, sizeof(buf), "%s with nameserver %s", refer, host);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1080 host = register_string(hosts, buf); // put a copy into hosts, and return that reference
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1081 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1082 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1083 host = register_string(hosts, host); // put a copy into hosts, and return that reference
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1084 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1085 return true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1086 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1087 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1088 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1089 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1090 return false;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1091 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1092
127
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes
carl
parents: 126
diff changeset
1093
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1094 ////////////////////////////////////////////////
127
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes
carl
parents: 126
diff changeset
1095 //
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes
carl
parents: 126
diff changeset
1096 // this email address is passed in from sendmail, and will normally be
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1097 // enclosed in <>. I think older versions of sendmail supplied the <>
127
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes
carl
parents: 126
diff changeset
1098 // wrapper if the mail client did not, but the current version does not do
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes
carl
parents: 126
diff changeset
1099 // that. So the <> wrapper is now optional. It may have mixed case, just
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1100 // as the mail client sent it. We dup the string and convert the duplicate
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1101 // to lower case. Some clients enclose the entire address in single quotes,
246
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1102 // so we strip those as well. We also remove the SRS and prvs coding.
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1103 //
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1104 const char *to_lower_string(const char *email);
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1105 const char *to_lower_string(const char *email) {
266
582cfb9c4031 fix unauthenticated rate limit bug for empty mail from
Carl Byington <carl@five-ten-sg.com>
parents: 263
diff changeset
1106 if (!email) return strdup("<>");
328
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1107 size_t n = strlen(email);
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1108 if ((n > 1) && (email[0] == '<') && (email[n-1] == '>')) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1109 n -= 2;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1110 email++;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1111 }
328
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1112 if ((n > 1) && (email[0] == '\'') && (email[n-1] == '\'')) {
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1113 n -= 2;
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1114 email++;
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1115 }
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1116 if (n ==0) return strdup("<>");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1117 char *key = strdup(email);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1118 key[n] = '\0';
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1119 for (int i=0; i<n; i++) key[i] = tolower(key[i]);
246
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1120 if ((n > 14) && (strncmp(key, "srs", 3) == 0)) {
235
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1121 // might have srs coding to be removed
293
fbbc341001cc allow broken SRS0+ rather than the correct SRS0= tag
Carl Byington <carl@five-ten-sg.com>
parents: 291
diff changeset
1122 const int nmatch = 7;
235
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1123 regmatch_t match[nmatch];
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1124 if (0 == regexec(&srs_pattern, key, nmatch, match, 0)) {
293
fbbc341001cc allow broken SRS0+ rather than the correct SRS0= tag
Carl Byington <carl@five-ten-sg.com>
parents: 291
diff changeset
1125 int s4 = match[5].rm_so; // domain
fbbc341001cc allow broken SRS0+ rather than the correct SRS0= tag
Carl Byington <carl@five-ten-sg.com>
parents: 291
diff changeset
1126 int e4 = match[5].rm_eo;
fbbc341001cc allow broken SRS0+ rather than the correct SRS0= tag
Carl Byington <carl@five-ten-sg.com>
parents: 291
diff changeset
1127 int s5 = match[6].rm_so; // user
fbbc341001cc allow broken SRS0+ rather than the correct SRS0= tag
Carl Byington <carl@five-ten-sg.com>
parents: 291
diff changeset
1128 int e5 = match[6].rm_eo;
235
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1129 if ((s4 != -1) && (s5 != -1)) {
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1130 char *newkey = strdup(key); // large enough
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1131 key[e4] = '\0';
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1132 key[e5] = '\0';
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1133 strcpy(newkey, key+s5); // user
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1134 strcat(newkey, "@"); // @
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1135 strcat(newkey, key+s4); // domain
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1136 free(key);
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1137 key = newkey;
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1138 }
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1139 }
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1140 }
246
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1141 if ((n > 7) && (strncmp(key, "prvs", 4) == 0)) {
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1142 // might have prvs coding to be removed
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1143 const int nmatch = 3;
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1144 regmatch_t match[nmatch];
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1145 if (0 == regexec(&prvs_pattern, key, nmatch, match, 0)) {
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1146 int s2 = match[2].rm_so; // user@domain
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1147 if (s2 != -1) {
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1148 char *newkey = strdup(key+s2); // user@domain
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1149 free(key);
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1150 key = newkey;
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1151 }
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1152 }
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1153 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1154 return key;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1155 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1156
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1157
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1158 ////////////////////////////////////////////////
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1159 // start of sendmail milter interfaces
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1160 //
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1161 sfsistat mlfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1162 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1163 // allocate some private memory
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1164 mlfiPriv *priv = new mlfiPriv;
286
9bd5388bf469 Fix possible segfault in mlfi_connect, hostaddr might be null
Carl Byington <carl@five-ten-sg.com>
parents: 284
diff changeset
1165 if (hostaddr && (hostaddr->sa_family == AF_INET)) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1166 priv->ip = ((struct sockaddr_in *)hostaddr)->sin_addr.s_addr;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1167 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1168 // save the private data
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1169 smfi_setpriv(ctx, (void*)priv);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1170
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1171 // continue processing
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1172 return SMFIS_CONTINUE;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1173 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1174
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1175 sfsistat mlfi_helo(SMFICTX * ctx, char *helohost)
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1176 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1177 mlfiPriv &priv = *MLFIPRIV;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1178 priv.helo = strdup(helohost);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1179 return SMFIS_CONTINUE;
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1180 }
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1181
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1182 sfsistat mlfi_envfrom(SMFICTX *ctx, char **from)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1183 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1184 mlfiPriv &priv = *MLFIPRIV;
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1185 CONFIG &dc = *priv.pc;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1186 priv.mailaddr = to_lower_string(from[0]);
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1187 priv.queueid = strdup(smfi_getsymval(ctx, (char*)"i"));
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1188 priv.authenticated = smfi_getsymval(ctx, (char*)"{auth_authen}");
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1189 priv.client_name = smfi_getsymval(ctx, (char*)"_");
191
2a67d31099c3 fix null pointer dereference from missing HELO command
carl
parents: 190
diff changeset
1190 if (!priv.helo) priv.helo = strdup("unknown");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1191 if (priv.authenticated) priv.authenticated = strdup(priv.authenticated);
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1192 if (priv.client_name) {
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1193 priv.client_name = strdup(priv.client_name);
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1194 const char *p = strstr(priv.client_name, " [");
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1195 if (p) {
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1196 uint pp = p - priv.client_name;
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1197 priv.client_dns_name = strdup(priv.client_name);
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1198 priv.client_dns_name[pp] = '\0';
259
be939802c64e add recipient rate limits by email from address or domain
Carl Byington <carl@five-ten-sg.com>
parents: 257
diff changeset
1199 //char text[500];
be939802c64e add recipient rate limits by email from address or domain
Carl Byington <carl@five-ten-sg.com>
parents: 257
diff changeset
1200 //snprintf(text, sizeof(text), "found simple dns client name %s", priv.client_dns_name);
be939802c64e add recipient rate limits by email from address or domain
Carl Byington <carl@five-ten-sg.com>
parents: 257
diff changeset
1201 //my_syslog(text);
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1202 }
268
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1203 p = strstr(priv.client_name, "] (may be forged)");
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1204 if (p) {
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1205 priv.client_dns_forged = true;
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1206 if (priv.client_dns_name) {
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1207 char text[500];
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1208 snprintf(text, sizeof(text), "forged dns client name %s", priv.client_dns_name);
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1209 my_syslog(text);
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1210 }
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1211 }
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1212 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1213 if (spamc != spamc_empty) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1214 priv.assassin = new SpamAssassin(&priv, priv.ip, priv.helo, priv.mailaddr, priv.queueid);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1215 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1216 if (dccifd_port) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1217 priv.dccifd = new DccInterface(dccifd_port, &priv, priv.ip, priv.helo, priv.mailaddr);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1218 }
290
bb69fdc3acaa Unique ip connection limits only apply to authenticated connections
Carl Byington <carl@five-ten-sg.com>
parents: 286
diff changeset
1219 if (priv.authenticated) {
284
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1220 int hourly, daily;
290
bb69fdc3acaa Unique ip connection limits only apply to authenticated connections
Carl Byington <carl@five-ten-sg.com>
parents: 286
diff changeset
1221 add_auth_address(priv.authenticated, hourly, daily, priv.ip);
bb69fdc3acaa Unique ip connection limits only apply to authenticated connections
Carl Byington <carl@five-ten-sg.com>
parents: 286
diff changeset
1222 int h_limit = dc.default_context->find_address_limit(priv.authenticated);
284
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1223 int d_limit = dc.default_context->get_daily_address_multiple() * h_limit;
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1224 if (debug_syslog > 1) {
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1225 char msg[maxlen];
290
bb69fdc3acaa Unique ip connection limits only apply to authenticated connections
Carl Byington <carl@five-ten-sg.com>
parents: 286
diff changeset
1226 snprintf(msg, sizeof(msg), "connect for %s (%d %d addresses, %d %d limits)", priv.authenticated, hourly, daily, h_limit, d_limit);
284
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1227 my_syslog(&priv, msg);
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1228 }
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1229 if ((hourly > h_limit) || (daily > d_limit)){
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1230 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"unique connection ip address limit exceeded");
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1231 return SMFIS_REJECT;
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1232 }
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1233 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1234 return SMFIS_CONTINUE;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1235 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1236
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1237 sfsistat mlfi_envrcpt(SMFICTX *ctx, char **rcpt)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1238 {
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1239 DNSBLP rejectlist = NULL; // list that caused the reject
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1240 mlfiPriv &priv = *MLFIPRIV;
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1241 CONFIG &dc = *priv.pc;
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1242 const char *rcptaddr = rcpt[0];
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1243 const char *loto = to_lower_string(rcptaddr);
216
784030ac71f1 Never whitelist self addressed mail. Changes for Fedora 10 and const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 214
diff changeset
1244 bool self = (strcmp(loto, priv.mailaddr) == 0);
174
da0c41b9f672 don't whitelist addresses with embedded spaces
carl
parents: 173
diff changeset
1245
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1246 // some version of sendmail allowed rcpt to:<> and passed it thru to the milters
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1247 if (strcmp(loto, "<>") == 0) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1248 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"bogus recipient");
286
9bd5388bf469 Fix possible segfault in mlfi_connect, hostaddr might be null
Carl Byington <carl@five-ten-sg.com>
parents: 284
diff changeset
1249 free((void*)loto); // cppcheck static analysis found memory leak
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1250 return SMFIS_REJECT;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1251 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1252 // priv.mailaddr sending original message to loto
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1253 CONTEXT &con = *(dc.find_context(loto)->find_context(priv.mailaddr));
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1254 VERIFYP ver = con.find_verify(loto);
233
5c3e9bf45bb5 Add whitelisting by regex expression filtering.
Carl Byington <carl@five-ten-sg.com>
parents: 231
diff changeset
1255 const char *fromvalue = con.find_from(priv.mailaddr, true, priv.queueid);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1256 // tell spam assassin and dccifd about this recipient
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1257 if (priv.assassin) priv.assassin->mlfi_envrcpt(ctx, loto);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1258 if (priv.dccifd) priv.dccifd->mlfi_envrcpt(ctx, loto, con.get_grey() && !priv.authenticated);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1259 // loto sending a reply back to priv.mailaddr
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1260 CONTEXT &con2 = *(dc.find_context(priv.mailaddr)->find_context(loto));
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1261 const char *replyvalue = con2.find_from(loto);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1262 if (debug_syslog > 1) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1263 char buf[maxlen];
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1264 char buf2[maxlen];
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1265 char msg[maxlen];
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1266 snprintf(msg, sizeof(msg), "from <%s> to <%s> using context %s state %s reply context %s state %s", priv.mailaddr, loto, con.get_full_name(buf,maxlen), fromvalue, con2.get_full_name(buf2,maxlen), replyvalue);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1267 my_syslog(&priv, msg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1268 }
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1269 free((void*)loto);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1270 status st;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1271 if (replyvalue == token_black) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1272 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient can not reply due to blacklisting");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1273 return SMFIS_REJECT;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1274 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1275 if (priv.authenticated) {
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1276 int hourly, daily;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1277 incr_rcpt_count(priv.authenticated, hourly, daily);
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1278 int h_limit = dc.default_context->find_rate_limit(priv.authenticated);
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1279 int d_limit = dc.default_context->get_daily_rate_multiple() * h_limit;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1280 if (debug_syslog > 1) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1281 char msg[maxlen];
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1282 snprintf(msg, sizeof(msg), "authenticated id %s (%d %d recipients, %d %d limits)", priv.authenticated, hourly, daily, h_limit, d_limit);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1283 my_syslog(&priv, msg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1284 }
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1285 if ((hourly > h_limit) || (daily > d_limit)){
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1286 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient rate limit exceeded");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1287 return SMFIS_REJECT;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1288 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1289 st = white;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1290 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1291 else if (fromvalue == token_black) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1292 st = black;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1293 }
216
784030ac71f1 Never whitelist self addressed mail. Changes for Fedora 10 and const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 214
diff changeset
1294 else if ((fromvalue == token_white) && !self) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1295 st = white;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1296 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1297 else {
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1298 // check the dns based lists, whitelist first
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1299 DNSWLP acceptlist = NULL; // list that caused the whitelisting
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1300 if (check_dnswl(priv, con.get_dnswl_list(), acceptlist)) {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1301 st = white;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1302 if (debug_syslog > 1) {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1303 char msg[maxlen];
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1304 snprintf(msg, sizeof(msg), "whitelisted by %s", acceptlist->name);
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1305 my_syslog(&priv, msg);
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1306 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1307 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1308 else if (check_dnsbl(priv, con.get_dnsbl_list(), rejectlist)) {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1309 st = reject;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1310 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1311 else {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1312 st = oksofar;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1313 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1314 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1315 if (st == reject) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1316 // reject the recipient based on some dnsbl
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1317 char adr[sizeof "255.255.255.255 "];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1318 adr[0] = '\0';
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1319 inet_ntop(AF_INET, (const u_char *)&priv.ip, adr, sizeof(adr));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1320 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1321 snprintf(buf, sizeof(buf), rejectlist->message, adr, adr);
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1322 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1323 return SMFIS_REJECT;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1324 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1325 if (st == oksofar) {
268
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1326 // check forged rdns
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1327 if (con.get_requirerdns() && (!priv.client_dns_name || priv.client_dns_forged)) {
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1328 // reject the recipient based on forged reverse dns
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1329 char buf[maxlen];
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1330 snprintf(buf, sizeof(buf), "%s is not acceptable", priv.client_name);
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1331 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1332 return SMFIS_REJECT;
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1333 }
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1334 // check generic rdns
301
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1335 if (priv.client_dns_name) {
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1336 const char *msg = con.generic_match(priv.client_dns_name);
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1337 if (msg) {
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1338 // reject the recipient based on generic reverse dns
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1339 char buf[maxlen];
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1340 snprintf(buf, sizeof(buf), msg, priv.client_name);
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1341 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1342 return SMFIS_REJECT;
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1343 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1344 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1345 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1346 if (st == black) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1347 // reject the recipient based on blacklisting either from or to
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1348 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"no such user");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1349 return SMFIS_REJECT;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1350 }
203
92a5c866bdfa Verify from/to pairs even if they might be explicitly whitelisted.
Carl Byington <carl@five-ten-sg.com>
parents: 194
diff changeset
1351 if (ver) {
92a5c866bdfa Verify from/to pairs even if they might be explicitly whitelisted.
Carl Byington <carl@five-ten-sg.com>
parents: 194
diff changeset
1352 // try to verify this from/to pair of addresses even if it might be explicitly whitelisted
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1353 const char *loto = to_lower_string(rcptaddr);
310
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
1354 bool rc = ver->ok(priv.queueid, priv.mailaddr, loto);
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1355 free((void*)loto);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1356 if (!rc) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1357 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"no such user");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1358 return SMFIS_REJECT;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1359 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1360 }
263
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1361 if (!priv.authenticated && dc.default_context->is_unauthenticated_limited(priv.mailaddr)) {
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1362 int hourly, daily;
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1363 incr_rcpt_count(priv.mailaddr, hourly, daily);
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1364 int h_limit = dc.default_context->find_rate_limit(priv.mailaddr);
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1365 int d_limit = dc.default_context->get_daily_rate_multiple() * h_limit;
263
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1366 if (debug_syslog > 1) {
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1367 char msg[maxlen];
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1368 snprintf(msg, sizeof(msg), "unauthenticated address %s (%d %d recipients, %d %d limits)", priv.mailaddr, hourly, daily, h_limit, d_limit);
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1369 my_syslog(&priv, msg);
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1370 }
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1371 if ((hourly > h_limit) || (daily > d_limit)){
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1372 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient rate limit exceeded");
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1373 return SMFIS_REJECT;
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1374 }
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1375 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1376 // we will accept the recipient, but add an auto-whitelist entry
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1377 // if needed to ensure we can accept replies
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1378 loto = to_lower_string(rcptaddr);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1379 WHITELISTERP w = con2.find_autowhite(loto, priv.mailaddr);
291
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 290
diff changeset
1380
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1381 // check if local part is too big
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1382 const int max_local_size = 30;
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1383 const char *p = strchr(loto, '@');
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1384 int len = (p) ? p-loto : max_local_size;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1385 if (len >= max_local_size) w = NULL; // too big, pretend we don't have a whitelister
291
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 290
diff changeset
1386
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 290
diff changeset
1387 // ignore auto whitelisting from outgoing mail from localhost
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 290
diff changeset
1388 const u_char *src = (const u_char *)&priv.ip;
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 290
diff changeset
1389 if (src[0] == 127) w = NULL; // outgoing mail from localhost, pretend we don't have a whitelister
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 290
diff changeset
1390
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1391 // record it if we have a whitelister
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1392 if (w) {
231
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1393 DELAYWHITEP dwp = new DELAYWHITE(loto, w, &con2); // dwp takes ownership of the string
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1394 priv.delayer.push_back(dwp);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1395 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1396 else {
231
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1397 free((void*)loto); // or we free it here
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1398 }
179
8b86a894514d embedded dcc filtering
carl
parents: 178
diff changeset
1399
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1400 // accept the recipient
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1401 if (!con.get_content_filtering()) st = white;
179
8b86a894514d embedded dcc filtering
carl
parents: 178
diff changeset
1402
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1403 if (st == oksofar) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1404 // remember first content filtering context
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1405 if (con.get_content_filtering()) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1406 if (!priv.content_context) priv.content_context = &con;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1407 else if (con.get_require() && (priv.content_context != &con)) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1408 smfi_setreply(ctx, (char*)"452", (char*)"4.2.1", (char*)"incompatible filtering contexts");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1409 return SMFIS_TEMPFAIL;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1410 }
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1411 priv.need_content_filter(rcptaddr, con);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1412 char bu[maxlen];
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1413 bool uri = false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1414 // content filtering implies also checking helo name on uribl (if enabled)
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1415 if (priv.helo_uribl) {
238
7b818a4e21a4 produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents: 236
diff changeset
1416 snprintf(bu, sizeof(bu), "(helo %s)", priv.host_uribl);
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1417 uri = true;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1418 }
268
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1419 // content filtering implies also checking client reverse dns name on uribl (if enabled)
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1420 if (priv.client_uribl) {
238
7b818a4e21a4 produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents: 236
diff changeset
1421 snprintf(bu, sizeof(bu), "(rdns %s)", priv.host_uribl);
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1422 uri = true;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1423 }
268
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1424 // content filtering implies also checking mail from domain name on uribl (if enabled)
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1425 if (priv.from_uribl) {
238
7b818a4e21a4 produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents: 236
diff changeset
1426 snprintf(bu, sizeof(bu), "(from %s)", priv.host_uribl);
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1427 uri = true;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1428 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1429 if (uri) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1430 char buf[maxlen];
238
7b818a4e21a4 produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents: 236
diff changeset
1431 snprintf(buf, sizeof(buf), priv.uribl_message, bu, priv.host_uribl);
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1432 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1433 return SMFIS_REJECT;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1434 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1435 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1436 // remember the non-whites
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1437 register_string(priv.env_to, rcptaddr, &con);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1438 priv.only_whites = false;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1439 priv.want_spamassassin |= (priv.assassin) && // have spam assassin available and
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1440 (con.get_spamassassin_limit() != 0); // want to use it with a non-zero score
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1441 priv.want_dccgrey |= (priv.dccifd) && // have dcc interface and
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1442 (con.get_grey()); // want to use it for greylisting
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1443 priv.want_dccbulk |= (priv.dccifd) && // have dcc interface and
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1444 (con.get_bulk() != 0); // want to use it for bulk detection
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1445 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1446 if (st == white) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1447 priv.have_whites = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1448 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1449 return SMFIS_CONTINUE;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1450 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1451
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1452 sfsistat mlfi_header(SMFICTX* ctx, char* headerf, char* headerv)
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1453 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1454 mlfiPriv &priv = *MLFIPRIV;
321
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
1455 priv.header_count++;
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1456 char msg[maxlen];
321
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
1457 if ((priv.header_count < 4) || (strcasecmp(headerf, "from") == 0)) {
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
1458 snprintf(msg, sizeof(msg), "header %s: %s", headerf, headerv);
328
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1459 for (size_t i=0; i<strlen(msg); i++) {
321
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
1460 if (msg[i] < 0x20) msg[i] = ' ';
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
1461 }
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
1462 my_syslog(&priv, msg);
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
1463 }
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
1464
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1465 if (priv.dkim_ok) {
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1466 if ((priv.header_count == 1) && (strcasecmp(headerf, "DKIM-Filter") != 0)) priv.dkim_ok = false;
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1467 if (priv.header_count == 2) {
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1468 if (strcasecmp(headerf, "Authentication-Results") != 0) priv.dkim_ok = false;
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1469 if (strncasecmp(headerv, token_myhostname, strlen(token_myhostname)) != 0) priv.dkim_ok = false;
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1470 if (priv.dkim_ok) {
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1471 const int nmatch = 2;
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1472 regmatch_t match[nmatch];
328
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1473 char *msgo = msg;
326
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1474 while (true) {
328
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1475 if (0 == regexec(&dkim_pattern, msgo, nmatch, match, 0)) {
326
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1476 int s1 = match[1].rm_so; // domain
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1477 int e1 = match[1].rm_eo;
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1478 if (s1 != -1) {
328
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1479 char save = msgo[e1];
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1480 msgo[e1] = '\0';
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1481 priv.dkim_signers.insert(strdup(msgo+s1));
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1482 msgo[e1] = save;
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1483 msgo += e1 + 1;
326
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1484 }
327
51846836ec92 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 326
diff changeset
1485 else break;
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1486 }
326
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1487 else break;
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1488 }
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1489 }
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1490 }
328
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1491 }
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1492
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1493 if ((priv.header_count > 2) && (strcasecmp(headerf, "from"))) {
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1494 const int nmatch = 2;
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1495 regmatch_t match[nmatch];
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1496 if (0 == regexec(&from_pattern, msg, nmatch, match, 0)) {
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1497 int s1 = match[1].rm_so; // domain
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1498 int e1 = match[1].rm_eo;
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1499 if (s1 != -1) {
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1500 msg[e1] = '\0';
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1501 priv.fromaddr = strdup(msg+s1);
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1502 }
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1503 }
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1504 }
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1505
231
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1506 // headers that avoid autowhitelisting
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
1507 if (((strcasecmp(headerf, "precedence") == 0) && (strcasecmp(headerv, "bulk") == 0)) ||
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
1508 ((strcasecmp(headerf, "content-type") == 0) && (strncasecmp(headerv, "multipart/report", 16) == 0))) {
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
1509 priv.allow_autowhitelisting = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
1510 }
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
1511
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1512 // other headers are only needed for content filtering
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1513 if (priv.authenticated) return SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1514 if (priv.only_whites) return SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1515 if (priv.want_spamassassin) priv.assassin->mlfi_header(headerf, headerv);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1516 if (priv.want_dccgrey || priv.want_dccbulk) priv.dccifd->mlfi_header(ctx, headerf, headerv);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1517 return SMFIS_CONTINUE;
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1518 }
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1519
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1520 sfsistat mlfi_eoh(SMFICTX* ctx)
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1521 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1522 mlfiPriv &priv = *MLFIPRIV;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1523 // delayed autowhitelisting
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1524 while (!priv.delayer.empty()) {
231
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1525 DELAYWHITEP dwp = priv.delayer.front();
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1526 const char *loto = dwp->get_loto();
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
1527 if (priv.allow_autowhitelisting) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1528 WHITELISTERP w = dwp->get_w();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1529 CONTEXTP con2 = dwp->get_con();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1530 if (debug_syslog > 1) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1531 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1532 char msg[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1533 snprintf(msg, sizeof(msg), "whitelist reply from <%s> in context %s", loto, con2->get_full_name(buf,maxlen));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1534 my_syslog(&priv, msg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1535 }
231
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1536 w->sent(loto); // don't free it, the whitelister takes ownership of the string
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1537 }
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1538 else {
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1539 if (debug_syslog > 1) {
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1540 char msg[maxlen];
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1541 snprintf(msg, sizeof(msg), "avoid whitelist reply from <%s> for outgoing auto-responder", loto);
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1542 my_syslog(&priv, msg);
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1543 }
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1544 if (loto) free((void*)loto);// or we free it here
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1545 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1546 delete dwp;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1547 priv.delayer.pop_front();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1548 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1549 // content filtering
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1550 if (priv.authenticated) return SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1551 if (priv.only_whites) return SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1552 if (priv.want_spamassassin) priv.assassin->mlfi_eoh();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1553 if (priv.want_dccgrey || priv.want_dccbulk) priv.dccifd->mlfi_eoh();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1554 return SMFIS_CONTINUE;
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1555 }
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1556
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1557 sfsistat mlfi_body(SMFICTX *ctx, u_char *data, size_t len)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1558 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1559 mlfiPriv &priv = *MLFIPRIV;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1560 if (priv.authenticated) return SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1561 if (priv.only_whites) return SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1562 if (priv.want_spamassassin) priv.assassin->mlfi_body(data, len);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1563 if (priv.want_dccgrey || priv.want_dccbulk) priv.dccifd->mlfi_body(data, len);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1564 priv.scanner->scan(data, len);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1565 return SMFIS_CONTINUE;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1566 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1567
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1568 sfsistat mlfi_eom(SMFICTX *ctx)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1569 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1570 sfsistat rc;
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1571 mlfiPriv &priv = *MLFIPRIV;
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1572 const char *host = NULL;
242
d8ee4c97b9ab 64 bit fixes for libresolv.a
Carl Byington <carl@five-ten-sg.com>
parents: 238
diff changeset
1573 int32_t ip;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1574 // process end of message
190
004b855c6c1f fix null pointer dereference from missing HELO command
carl
parents: 188
diff changeset
1575 priv.eom = true;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1576 if (priv.authenticated || priv.only_whites) rc = SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1577 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1578 // assert env_to not empty, it contains the
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1579 // non-whitelisted folks that want content filtering
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1580 int score = (priv.want_spamassassin) ? priv.assassin->mlfi_eom() : 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1581 bool grey = false;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1582 int bulk = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1583 if (priv.want_dccgrey || priv.want_dccbulk) priv.dccifd->mlfi_eom(grey, bulk);
178
d6531c702be3 embedded dcc filtering
carl
parents: 177
diff changeset
1584
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1585 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1586 string msg;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1587 string_set alive;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1588 bool random = false;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1589 int limit = 0;
326
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1590 if (priv.dkim_signers.empty()) {
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1591 snprintf(buf, sizeof(buf), "acceptable content from %s signer *",
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1592 (priv.fromaddr) ? priv.fromaddr : token_asterisk);
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1593 my_syslog(&priv, buf);
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1594 }
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1595 else {
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1596 for (string_set::iterator s=priv.dkim_signers.begin(); s!=priv.dkim_signers.end(); s++) {
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1597 snprintf(buf, sizeof(buf), "acceptable content from %s signer %s",
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1598 (priv.fromaddr) ? priv.fromaddr : token_asterisk, *s);
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1599 my_syslog(&priv, buf);
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1600 }
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1601 }
323
a6de27b0a1e9 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 322
diff changeset
1602
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1603 for (context_map::iterator i=priv.env_to.begin(); i!=priv.env_to.end(); i++) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1604 const char *rcpt = (*i).first;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1605 CONTEXT &con = *((*i).second);
326
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1606 if (!con.acceptable_content(*priv.memory, score, bulk, priv.dkim_signers, priv.fromaddr, msg)) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1607 // bad html tags or excessive hosts or
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1608 // high spam assassin score or dcc bulk threshold exceedeed
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1609 // or signed by a dkim signer that we don't like
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1610 // or header from requires dkim signer that is missing
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1611 smfi_delrcpt(ctx, (char*)rcpt);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1612 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1613 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1614 alive.insert(rcpt);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1615 random |= con.get_host_random();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1616 limit = max(limit, con.get_host_limit());
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1617 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1618 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1619 bool rejecting = alive.empty(); // if alive is empty, we must have set msg above in acceptable_content()
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1620 if (!rejecting) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1621 const char *fmt;
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1622 const char *found;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1623 if (check_hosts(priv, random, limit, fmt, host, ip, found)) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1624 if (found) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1625 // uribl style
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1626 snprintf(buf, sizeof(buf), fmt, host, found);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1627 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1628 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1629 // dnsbl style
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1630 char adr[sizeof "255.255.255.255 "];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1631 adr[0] = '\0';
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1632 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1633 snprintf(buf, sizeof(buf), fmt, host, adr);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1634 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1635 msg = string(buf);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1636 rejecting = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1637 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1638 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1639 if (!rejecting) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1640 if (priv.want_dccgrey && grey) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1641 smfi_setreply(ctx, (char*)"452", (char*)"4.2.1", (char*)"temporary greylist embargoed");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1642 rc = SMFIS_TEMPFAIL;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1643 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1644 else rc = SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1645 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1646 else if (!priv.have_whites) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1647 // can reject the entire message
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1648 snprintf(buf, sizeof(buf), "%s", msg.c_str());
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1649 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1650 rc = SMFIS_REJECT;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1651 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1652 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1653 // need to accept it but remove the recipients that don't want it
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1654 for (string_set::iterator i=alive.begin(); i!=alive.end(); i++) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1655 const char *rcpt = *i;
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1656 smfi_delrcpt(ctx, (char*)rcpt);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1657 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1658 rc = SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1659 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1660 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1661 // reset for a new message on the same connection
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1662 mlfi_abort(ctx);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1663 return rc;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1664 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1665
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1666 sfsistat mlfi_abort(SMFICTX *ctx)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1667 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1668 mlfiPriv &priv = *MLFIPRIV;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1669 priv.reset();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1670 return SMFIS_CONTINUE;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1671 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1672
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1673 sfsistat mlfi_close(SMFICTX *ctx)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1674 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1675 mlfiPriv *priv = MLFIPRIV;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1676 if (!priv) return SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1677 delete priv;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1678 smfi_setpriv(ctx, NULL);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1679 return SMFIS_CONTINUE;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1680 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1681
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1682 struct smfiDesc smfilter =
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1683 {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1684 (char*)"DNSBL", // filter name
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1685 SMFI_VERSION, // version code -- do not change
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1686 SMFIF_DELRCPT, // flags
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1687 mlfi_connect, // connection info filter
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1688 mlfi_helo, // SMTP HELO command filter
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1689 mlfi_envfrom, // envelope sender filter
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1690 mlfi_envrcpt, // envelope recipient filter
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1691 mlfi_header, // header filter
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1692 mlfi_eoh, // end of header
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1693 mlfi_body, // body block filter
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1694 mlfi_eom, // end of message
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1695 mlfi_abort, // message aborted
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1696 mlfi_close, // connection cleanup
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1697 };
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1698
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1699
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1700 ////////////////////////////////////////////////
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1701 // reload the config
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1702 //
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1703 CONFIG* new_conf();
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1704 CONFIG* new_conf() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1705 CONFIG *newc = new CONFIG;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1706 pthread_mutex_lock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1707 newc->generation = generation++;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1708 pthread_mutex_unlock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1709 if (debug_syslog) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1710 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1711 snprintf(buf, sizeof(buf), "loading configuration generation %d", newc->generation);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1712 my_syslog(buf);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1713 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1714 if (load_conf(*newc, "dnsbl.conf")) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1715 newc->load_time = time(NULL);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1716 return newc;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1717 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1718 delete newc;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1719 return NULL;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1720 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1721
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1722
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1723 ////////////////////////////////////////////////
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1724 // thread to watch the old config files for changes
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1725 // and reload when needed.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1726 // we also clear the SMTP AUTH recipient counts hourly
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1727 //
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1728 extern "C" {void* config_loader(void *arg);}
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1729 void* config_loader(void *arg) {
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1730 int loop1 = 0;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1731 int loop2 = 0;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1732 while (loader_run) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1733 sleep(180); // look for modifications every 3 minutes
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1734 if (!loader_run) break;
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1735 loop1++;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1736 loop2++;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1737 if (loop1 == 20) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1738 // three minutes thru each loop, 20 loops per hour
280
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
1739 // clear the recipient hourly counts and hourly sets of ip connection addresses
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1740 pthread_mutex_lock(&rate_mutex);
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1741 for (rates::iterator i=rcpt_hourly_counts.begin(); i!=rcpt_hourly_counts.end(); i++) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1742 (*i).second = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1743 }
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1744 for (auth_addresses::iterator j=auth_hourly_addresses.begin(); j!=auth_hourly_addresses.end(); j++) {
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1745 delete (*j).second;
280
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
1746 (*j).second = new int32_t_set;
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1747 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1748 pthread_mutex_unlock(&rate_mutex);
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1749 loop1 = 0;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1750 }
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1751 if (loop2 == 480) {
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1752 // three minutes thru each loop, 480 loops per day
280
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
1753 // clear the recipient daily counts and daily sets of connection ip addresses
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1754 pthread_mutex_lock(&rate_mutex);
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1755 for (rates::iterator i=rcpt_daily_counts.begin(); i!=rcpt_daily_counts.end(); i++) {
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1756 (*i).second = 0;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1757 }
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1758 for (auth_addresses::iterator j=auth_daily_addresses.begin(); j!=auth_daily_addresses.end(); j++) {
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1759 delete (*j).second;
280
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
1760 (*j).second = new int32_t_set;
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1761 }
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1762 pthread_mutex_unlock(&rate_mutex);
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1763 loop2 = 0;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1764 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1765 CONFIG &dc = *config;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1766 time_t then = dc.load_time;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1767 struct stat st;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1768 bool reload = false;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1769 for (string_set::iterator i=dc.config_files.begin(); i!=dc.config_files.end(); i++) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1770 const char *fn = *i;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1771 if (stat(fn, &st)) reload = true; // file disappeared
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1772 else if (st.st_mtime > then) reload = true; // file modified
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1773 if (reload) break;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1774 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1775 if (reload) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1776 CONFIG *newc = new_conf();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1777 if (newc) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1778 // replace the global config pointer
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1779 pthread_mutex_lock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1780 CONFIG *pc = config;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1781 bool last = pc && (!pc->reference_count);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1782 config = newc;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1783 pthread_mutex_unlock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1784 if (last) delete pc; // there were no references to this config
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1785 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1786 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1787 // failed to load new config
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1788 my_syslog("failed to load new configuration");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1789 system("echo 'failed to load new dnsbl configuration from /etc/dnsbl' | mail -s 'error in /etc/dnsbl configuration' root");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1790 // update the load time on the current config to prevent complaining every 3 minutes
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1791 dc.load_time = time(NULL);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1792 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1793 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1794 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1795 return NULL;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1796 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1797
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1798
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1799 void usage(const char *prog);
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1800 void usage(const char *prog)
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1801 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1802 fprintf(stderr, "Usage: %s [-d [level]] [-c] [-s] [-e from|to] [-b dccifd-addr] -r port -p sm-sock-addr [-t timeout]\n", prog);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1803 fprintf(stderr, "where dccifd_addr is for the connection to dccifd\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1804 fprintf(stderr, " and should be local-domain-socket-file-name\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1805 fprintf(stderr, "where port is for the connection to our own dns resolver processes\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1806 fprintf(stderr, " and should be local-domain-socket-file-name\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1807 fprintf(stderr, "where sm-sock-addr is for the connection to sendmail\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1808 fprintf(stderr, " and should be one of\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1809 fprintf(stderr, " inet:port@ip-address\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1810 fprintf(stderr, " local:local-domain-socket-file-name\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1811 fprintf(stderr, "-c will load and dump the config to stdout\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1812 fprintf(stderr, "-s will stress test the config loading code by repeating the load/free cycle\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1813 fprintf(stderr, " in an infinte loop.\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1814 fprintf(stderr, "-d will set the syslog message level, currently 0 to 3\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1815 fprintf(stderr, "-e will print the results of looking up the from and to addresses in the\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1816 fprintf(stderr, " current config. The | character is used to separate the from and to\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1817 fprintf(stderr, " addresses in the argument to the -e switch\n");
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1818 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1819
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1820
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1821
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1822 void setup_socket(const char *sock);
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1823 void setup_socket(const char *sock) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1824 unlink(sock);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1825 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1826
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1827
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1828 /*
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1829 * The signal handler function -- only gets called when a SIGCHLD
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1830 * is received, ie when a child terminates
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1831 */
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1832 void sig_chld(int signo)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1833 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1834 int status;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1835 /* Wait for any child without blocking */
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1836 while (waitpid(-1, &status, WNOHANG) > 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1837 // ignore child exit status, we only do this to cleanup zombies
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1838 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1839 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1840
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1841
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1842 int main(int argc, char**argv)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1843 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1844 token_init();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1845 bool check = false;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1846 bool stress = false;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1847 bool setconn = false;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1848 bool setreso = false;
244
ef97c7cd4a6e const correctness fixes from new gcc, libresolv.a moved to glibc-static on newer distributions
Carl Byington <carl@five-ten-sg.com>
parents: 242
diff changeset
1849 char *email = NULL;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1850 int c;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1851 const char *args = "b:r:p:t:e:d:chs";
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1852 extern char *optarg;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1853
235
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1854 // setup srs coding detection
296
05b604c99e06 allow broken SRS0+ rather than the correct SRS0= tag
Carl Byington <carl@five-ten-sg.com>
parents: 293
diff changeset
1855 if (regcomp(&srs_pattern, "^srs(0|1)(=|\\+)([^=]+)=([^=]+)=([^=]+)=([^@]+)@", REG_ICASE | REG_EXTENDED)) {
235
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1856 printf("cannot compile regex pattern to find srs coding in mail addresses\n");
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1857 exit(3);
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1858 }
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1859
246
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1860 // setup prvs coding detection
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1861 if (regcomp(&prvs_pattern, "^prvs=([^=]+)=(.+)$", REG_ICASE | REG_EXTENDED)) {
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1862 printf("cannot compile regex pattern to find prvs coding in mail addresses\n");
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1863 exit(3);
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1864 }
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1865
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1866 // setup dkim signature detection
327
51846836ec92 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 326
diff changeset
1867 if (regcomp(&dkim_pattern, " dkim=pass .[0-9]*-bit key. header.d=([^ ]+) ", REG_ICASE | REG_EXTENDED)) {
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1868 printf("cannot compile regex pattern to find dkim signatures\n");
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1869 exit(3);
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1870 }
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1871
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1872 // setup from domain extraction
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1873 if (regcomp(&from_pattern, "@([a-zA-Z0-9.-]+)", REG_ICASE | REG_EXTENDED)) {
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1874 printf("cannot compile regex pattern to find dkim signatures\n");
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1875 exit(3);
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1876 }
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1877
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1878 // Process command line options
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1879 while ((c = getopt(argc, argv, args)) != -1) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1880 switch (c) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1881 case 'b':
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1882 if (optarg == NULL || *optarg == '\0') {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1883 fprintf(stderr, "Illegal dccifd socket: %s\n", optarg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1884 exit(EX_USAGE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1885 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1886 dccifd_port = strdup(optarg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1887 break;
177
a4d313c2460b start embedded dcc filtering
carl
parents: 174
diff changeset
1888
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1889 case 'r':
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1890 if (optarg == NULL || *optarg == '\0') {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1891 fprintf(stderr, "Illegal resolver socket: %s\n", optarg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1892 exit(EX_USAGE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1893 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1894 resolver_port = strdup(optarg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1895 setup_socket(resolver_port);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1896 setreso = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1897 break;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1898
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1899 case 'p':
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1900 if (optarg == NULL || *optarg == '\0') {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1901 fprintf(stderr, "Illegal sendmail socket: %s\n", optarg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1902 exit(EX_USAGE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1903 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1904 if (smfi_setconn(optarg) == MI_FAILURE) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1905 fprintf(stderr, "smfi_setconn failed\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1906 exit(EX_SOFTWARE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1907 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1908 if (strncasecmp(optarg, "unix:", 5) == 0) setup_socket(optarg + 5);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1909 else if (strncasecmp(optarg, "local:", 6) == 0) setup_socket(optarg + 6);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1910 setconn = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1911 break;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1912
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1913 case 't':
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1914 if (optarg == NULL || *optarg == '\0') {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1915 fprintf(stderr, "Illegal timeout: %s\n", optarg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1916 exit(EX_USAGE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1917 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1918 if (smfi_settimeout(atoi(optarg)) == MI_FAILURE) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1919 fprintf(stderr, "smfi_settimeout failed\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1920 exit(EX_SOFTWARE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1921 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1922 break;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1923
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1924 case 'e':
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1925 if (email) free((void*)email);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1926 email = strdup(optarg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1927 break;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1928
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1929 case 'c':
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1930 check = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1931 break;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1932
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1933 case 's':
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1934 stress = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1935 break;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1936
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1937 case 'd':
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1938 if (optarg == NULL || *optarg == '\0') debug_syslog = 1;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1939 else debug_syslog = atoi(optarg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1940 break;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1941
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1942 case 'h':
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1943 default:
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1944 usage(argv[0]);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1945 exit(EX_USAGE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1946 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1947 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1948
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1949 if (check) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1950 use_syslog = false;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1951 debug_syslog = 10;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1952 CONFIG *conf = new_conf();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1953 if (conf) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1954 conf->dump();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1955 delete conf;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1956 clear_strings(); // for valgrind checking
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1957 return 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1958 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1959 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1960 return 1; // config failed to load
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1961 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1962 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1963
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1964 if (stress) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1965 fprintf(stdout, "stress testing\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1966 while (1) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1967 for (int i=0; i<10; i++) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1968 CONFIG *conf = new_conf();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1969 if (conf) delete conf;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1970 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1971 fprintf(stdout, ".");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1972 fflush(stdout);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1973 sleep(1);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1974 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1975 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1976
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1977 if (email) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1978 char *x = strchr(email, '|');
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1979 if (x) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1980 *x = '\0';
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1981 const char *from = to_lower_string(email);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1982 const char *to = to_lower_string(x+1);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1983 use_syslog = false;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1984 CONFIG *conf = new_conf();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1985 if (conf) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1986 CONTEXTP con = conf->find_context(to);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1987 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1988 fprintf(stdout, "envelope to <%s> finds context %s\n", to, con->get_full_name(buf,maxlen));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1989 CONTEXTP fc = con->find_context(from);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1990 fprintf(stdout, "envelope from <%s> finds context %s\n", from, fc->get_full_name(buf,maxlen));
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1991 const char *st = fc->find_from(from);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1992 fprintf(stdout, "envelope from <%s> finds status %s\n", from, st);
216
784030ac71f1 Never whitelist self addressed mail. Changes for Fedora 10 and const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 214
diff changeset
1993 bool self = (strcmp(from, to) == 0);
784030ac71f1 Never whitelist self addressed mail. Changes for Fedora 10 and const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 214
diff changeset
1994 if ((st == token_white) && self) fprintf(stdout, "ignore self whitelisting\n");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1995 delete conf;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1996 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1997 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1998 return 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1999 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2000
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2001 if (!setconn) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2002 fprintf(stderr, "%s: Missing required -p argument\n", argv[0]);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2003 usage(argv[0]);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2004 exit(EX_USAGE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2005 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2006
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2007 if (!setreso) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2008 fprintf(stderr, "%s: Missing required -r argument\n", argv[0]);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2009 usage(argv[0]);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2010 exit(EX_USAGE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2011 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2012
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2013 if (smfi_register(smfilter) == MI_FAILURE) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2014 fprintf(stderr, "smfi_register failed\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2015 exit(EX_UNAVAILABLE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2016 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2017
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2018 // switch to background mode
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2019 if (daemon(1,0) < 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2020 fprintf(stderr, "daemon() call failed\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2021 exit(EX_UNAVAILABLE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2022 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2023
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2024 // write the pid
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2025 const char *pidpath = "/var/run/dnsbl.pid";
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2026 unlink(pidpath);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2027 FILE *f = fopen(pidpath, "w");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2028 if (f) {
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2029 #ifdef linux
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2030 // from a comment in the DCC source code:
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2031 // Linux threads are broken. Signals given the
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2032 // original process are delivered to only the
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2033 // thread that happens to have that PID. The
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2034 // sendmail libmilter thread that needs to hear
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2035 // SIGINT and other signals does not, and that breaks
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2036 // scripts that need to stop milters.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2037 // However, signaling the process group works.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2038 fprintf(f, "-%d\n", (u_int)getpgrp());
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2039 #else
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2040 fprintf(f, "%d\n", (u_int)getpid());
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2041 #endif
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2042 fclose(f);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2043 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2044
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2045 // initialize the thread sync objects
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2046 pthread_mutex_init(&config_mutex, 0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2047 pthread_mutex_init(&syslog_mutex, 0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2048 pthread_mutex_init(&resolve_mutex, 0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2049 pthread_mutex_init(&fd_pool_mutex, 0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2050 pthread_mutex_init(&verifier_mutex, 0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2051 pthread_mutex_init(&whitelister_mutex, 0);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2052
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2053 // drop root privs
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2054 struct passwd *pw = getpwnam("dnsbl");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2055 if (pw) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2056 if (setgid(pw->pw_gid) == -1) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2057 my_syslog("failed to switch to group dnsbl");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2058 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2059 if (setuid(pw->pw_uid) == -1) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2060 my_syslog("failed to switch to user dnsbl");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2061 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2062 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2063
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2064 // load the initial config
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2065 config = new_conf();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2066 if (!config) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2067 my_syslog("failed to load initial configuration, quitting");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2068 exit(1);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2069 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2070
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2071 // fork off the resolver listener process
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2072 pid_t child = fork();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2073 if (child < 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2074 my_syslog("failed to create resolver listener process");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2075 exit(0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2076 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2077 if (child == 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2078 // we are the child - dns resolver listener process
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2079 resolver_socket = socket(AF_UNIX, SOCK_STREAM, 0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2080 if (resolver_socket < 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2081 my_syslog("child failed to create resolver socket");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2082 exit(0); // failed
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2083 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2084 sockaddr_un server;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2085 memset(&server, '\0', sizeof(server));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2086 server.sun_family = AF_UNIX;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2087 strncpy(server.sun_path, resolver_port, sizeof(server.sun_path)-1);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2088 //try to bind the address to the socket.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2089 if (bind(resolver_socket, (sockaddr *)&server, sizeof(server)) < 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2090 // bind failed
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2091 shutdown(resolver_socket, SHUT_RDWR);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2092 close(resolver_socket);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2093 my_syslog("child failed to bind resolver socket");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2094 exit(0); // failed
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2095 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2096 //listen on the socket.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2097 if (listen(resolver_socket, 10) < 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2098 // listen failed
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2099 shutdown(resolver_socket, SHUT_RDWR);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2100 close(resolver_socket);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2101 my_syslog("child failed to listen to resolver socket");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2102 exit(0); // failed
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2103 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2104 // setup sigchld handler to prevent zombies
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2105 struct sigaction act;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2106 act.sa_handler = sig_chld; // Assign sig_chld as our SIGCHLD handler
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2107 sigemptyset(&act.sa_mask); // We don't want to block any other signals in this example
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2108 act.sa_flags = SA_NOCLDSTOP; // only want children that have terminated
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2109 if (sigaction(SIGCHLD, &act, NULL) < 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2110 my_syslog("child failed to setup SIGCHLD handler");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2111 exit(0); // failed
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2112 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2113 while (true) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2114 sockaddr_un client;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2115 socklen_t clientlen = sizeof(client);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2116 int s = accept(resolver_socket, (sockaddr *)&client, &clientlen);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2117 if (s > 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2118 // accept worked, it did not get cancelled before we could accept it
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2119 // fork off a process to handle this connection
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2120 int newchild = fork();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2121 if (newchild == 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2122 // this is the worker process
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2123 // child does not need the listening socket
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2124 close(resolver_socket);
220
495cfe5caead try to allow mixed -lresolv and libresolv.a for ns_parserr
Carl Byington <carl@five-ten-sg.com>
parents: 216
diff changeset
2125 #ifdef NS_PACKETSZ
495cfe5caead try to allow mixed -lresolv and libresolv.a for ns_parserr
Carl Byington <carl@five-ten-sg.com>
parents: 216
diff changeset
2126 res_init();
495cfe5caead try to allow mixed -lresolv and libresolv.a for ns_parserr
Carl Byington <carl@five-ten-sg.com>
parents: 216
diff changeset
2127 _res.retry = 2;
495cfe5caead try to allow mixed -lresolv and libresolv.a for ns_parserr
Carl Byington <carl@five-ten-sg.com>
parents: 216
diff changeset
2128 _res.retrans = RES_TIMEOUT;
495cfe5caead try to allow mixed -lresolv and libresolv.a for ns_parserr
Carl Byington <carl@five-ten-sg.com>
parents: 216
diff changeset
2129 #endif
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2130 process_resolver_requests(s);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2131 exit(0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2132 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2133 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2134 // this is the parent
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2135 // parent does not need the accepted socket
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2136 close(s);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2137 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2138 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2139 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2140 exit(0); // make sure we don't fall thru.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2141 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2142 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2143 sleep(2); // allow child to get started
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2144 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2145
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2146 // only create threads after the fork() in daemon
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2147 pthread_t tid;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2148 if (pthread_create(&tid, 0, config_loader, 0))
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2149 my_syslog("failed to create config loader thread");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2150 if (pthread_detach(tid))
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2151 my_syslog("failed to detach config loader thread");
153
8d7c439bb6fa add auto whitelisting
carl
parents: 152
diff changeset
2152
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2153 if (pthread_create(&tid, 0, verify_closer, 0))
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2154 my_syslog("failed to create verify closer thread");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2155 if (pthread_detach(tid))
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2156 my_syslog("failed to detach verify closer thread");
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2157
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2158 if (pthread_create(&tid, 0, whitelister_writer, 0))
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2159 my_syslog("failed to create autowhite writer thread");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2160 if (pthread_detach(tid))
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2161 my_syslog("failed to detach autowhite writer thread");
153
8d7c439bb6fa add auto whitelisting
carl
parents: 152
diff changeset
2162
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2163 time_t starting = time(NULL);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2164 int rc = smfi_main();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2165 if ((rc != MI_SUCCESS) && (time(NULL) > starting+5*60)) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2166 my_syslog("trying to restart after smfi_main()");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2167 loader_run = false; // eventually the config loader thread will terminate
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2168 execvp(argv[0], argv);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2169 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2170 exit((rc == MI_SUCCESS) ? 0 : EX_UNAVAILABLE);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2171 }