annotate src/dnsbl.cpp @ 390:bcef093b1ba6

start parsing spf txt records
author Carl Byington <carl@five-ten-sg.com>
date Mon, 06 Mar 2017 17:14:41 -0800
parents aa9795b407e8
children dffedbdc8566
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1 /*
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
3 Copyright (c) 2013 Carl Byington - 510 Software Group, released under
152
c7fc218686f5 gpl3, block mail to recipients that cannot reply
carl
parents: 150
diff changeset
4 the GPL version 3 or any later version at your choice available at
c7fc218686f5 gpl3, block mail to recipients that cannot reply
carl
parents: 150
diff changeset
5 http://www.gnu.org/licenses/gpl-3.0.txt
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
6
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
7 Based on a sample milter Copyright (c) 2000-2003 Sendmail, Inc. and its
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
8 suppliers. Inspired by the DCC by Rhyolite Software
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
9
177
a4d313c2460b start embedded dcc filtering
carl
parents: 174
diff changeset
10 -b port The port used to talk to the dcc interface daemon
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
11 -r port The port used to talk to our internal dns resolver processes
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
12 -p port The port through which the MTA will connect to this milter.
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
13 -t sec The timeout value.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
14 -c Check the config, and print a copy to stdout. Don't start the
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
15 milter or do anything with the socket.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
16 -s Stress test by loading and deleting the current config in a loop.
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
17 -d level set the debug level
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
18 -e f|t Print the results of looking up from address f and to address
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
19 t in the current config
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
20
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
21 */
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
22
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
23
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
24 // from sendmail sample
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
25 #include <sys/types.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
26 #include <sys/stat.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
27 #include <errno.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
28 #include <sysexits.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
29 #include <unistd.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
30
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
31 // needed for socket io
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
32 #include <sys/ioctl.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
33 #include <net/if.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
34 #include <arpa/inet.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
35 #include <netinet/in.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
36 #include <netinet/tcp.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
37 #include <netdb.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
38 #include <sys/socket.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
39 #include <sys/un.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
40
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
41 // needed for thread
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
42 #include <pthread.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
43
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
44 // needed for std c++ collections
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
45 #include <set>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
46 #include <map>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
47 #include <list>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
48
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
49 // for the dns resolver
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
50 #include <netinet/in.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
51 #include <arpa/nameser.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
52 #include <resolv.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
53
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
54 // misc stuff needed here
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
55 #include <ctype.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
56 #include <syslog.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
57 #include <pwd.h>
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
58 #include <sys/wait.h> /* header for waitpid() and various macros */
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
59 #include <signal.h> /* header for signal functions */
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
60
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
61 #include "includes.h"
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
62
211
4db1457cd11a Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents: 203
diff changeset
63 #ifndef HAVE_DAEMON
4db1457cd11a Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents: 203
diff changeset
64 #include "daemon.h"
4db1457cd11a Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents: 203
diff changeset
65 #include "daemon.c"
4db1457cd11a Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents: 203
diff changeset
66 #endif
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
67
227
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
68 #ifndef HAVE_MEMRCHR
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
69 void *memrchr(const void *a, int c, size_t len);
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
70 void *memrchr(const void *a, int c, size_t len) {
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
71 const unsigned char *p = (const unsigned char *)a;
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
72 for (p += len-1; (const void *)p >= a; p--)
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
73 if (*p == c)
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
74 return (void *)p;
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
75 return (void *)0;
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
76 }
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
77 #endif
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
78
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
79 extern "C" {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
80 sfsistat mlfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
81 sfsistat mlfi_helo(SMFICTX * ctx, char *helohost);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
82 sfsistat mlfi_envfrom(SMFICTX *ctx, char **argv);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
83 sfsistat mlfi_envrcpt(SMFICTX *ctx, char **argv);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
84 sfsistat mlfi_header(SMFICTX* ctx, char* headerf, char* headerv);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
85 sfsistat mlfi_body(SMFICTX *ctx, u_char *data, size_t len);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
86 sfsistat mlfi_eom(SMFICTX *ctx);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
87 sfsistat mlfi_abort(SMFICTX *ctx);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
88 sfsistat mlfi_close(SMFICTX *ctx);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
89 void sig_chld(int signo);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
90 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
91
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
92 int debug_syslog = 0;
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
93 bool syslog_opened = false;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
94 bool use_syslog = true; // false to printf
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
95 bool loader_run = true; // used to stop the config loader thread
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
96 CONFIG *config = NULL; // protected by the config_mutex
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
97 int generation = 0; // protected by the config_mutex
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
98 const int maxlen = 1000; // used for snprintf buffers
235
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
99 regex_t srs_pattern; // used to detect srs coding in mail addresses
246
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
100 regex_t prvs_pattern; // used to detect prvs coding in mail addresses
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
101 regex_t dkim_r_pattern; // used to detect dkim signatures authenticated by the upstream opendkim milter
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
102 regex_t dkim_s_pattern; // used to detect dkim signatures generated by the upstream opendkim milter
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
103 regex_t from_pattern; // used to extract the senders mail domain from the body from: header
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
104
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
105 pthread_mutex_t config_mutex;
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
106 pthread_mutex_t syslog_mutex;
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
107 pthread_mutex_t resolve_mutex;
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
108 pthread_mutex_t fd_pool_mutex;
136
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
109 pthread_mutex_t rate_mutex;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
110
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
111 std::set<int> fd_pool;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
112 int NULL_SOCKET = -1;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
113 const time_t ERROR_SOCKET_TIME = 60; // number of seconds between attempts to open a socket to the dns resolver process
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
114 const char *resolver_port = NULL; // unix domain socket to talk to the dns resolver process
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
115 int resolver_socket = NULL_SOCKET; // socket used to listen for resolver requests
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
116 const char *dccifd_port = NULL; // unix domain socket to talk to the dcc interface daemon
248
b0738685bf51 latest tld list; fix uninitialized variable
Carl Byington <carl@five-ten-sg.com>
parents: 246
diff changeset
117 time_t last_error_time = 0;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
118 int resolver_sock_count = 0; // protected with fd_pool_mutex
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
119 int resolver_pool_size = 0; // protected with fd_pool_mutex
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
120 rates rcpt_hourly_counts; // protected with rate_mutex
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
121 rates rcpt_daily_counts; // protected with rate_mutex
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
122 auth_addresses auth_hourly_addresses; // protected with rate_mutex
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
123 auth_addresses auth_daily_addresses; // protected with rate_mutex
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
124
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
125
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
126
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
127 ns_map::~ns_map() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
128 for (string_map::iterator i=ns_host.begin(); i!=ns_host.end(); i++) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
129 const char *x = (*i).first;
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
130 const char *y = (*i).second;
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
131 free((void*)x);
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
132 free((void*)y);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
133 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
134 ns_ip.clear();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
135 ns_host.clear();
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
136 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
137
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
138
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
139 void ns_map::add(const char *name, const char *refer) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
140 string_map::iterator i = ns_host.find(name);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
141 if (i != ns_host.end()) return;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
142 char *x = strdup(name);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
143 char *y = strdup(refer);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
144 ns_ip[x] = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
145 ns_host[x] = y;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
146
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
147 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
148
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
149 // packed structure to allow a single socket write to dump the
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
150 // length and the following answer. The packing attribute is gcc specific.
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
151 struct glommer {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
152 size_t length;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
153 #ifdef NS_PACKETSZ
386
e27e22f6a49a start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 385
diff changeset
154 u_char answer[NS_PACKETSZ*8]; // with a resolver, we return resolver answers
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
155 #else
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
156 uint32_t answer; // without a resolver, we return a single ipv4 address in network byte order, 0 == no answer
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
157 #endif
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
158 } __attribute__ ((packed));
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
159
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
160
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
161 ////////////////////////////////////////////////
136
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
162 // helper to manipulate recipient counts
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
163 //
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
164 void incr_rcpt_count(const char *user, int &hourly, int &daily);
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
165 void incr_rcpt_count(const char *user, int &hourly, int &daily) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
166 pthread_mutex_lock(&rate_mutex);
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
167 rates::iterator i = rcpt_hourly_counts.find(user);
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
168 hourly = 1;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
169 if (i == rcpt_hourly_counts.end()) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
170 user = strdup(user);
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
171 rcpt_hourly_counts[user] = hourly;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
172 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
173 else {
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
174 hourly = ++((*i).second);
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
175 }
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
176
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
177 rates::iterator j = rcpt_daily_counts.find(user);
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
178 daily = 1;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
179 if (j == rcpt_daily_counts.end()) {
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
180 user = strdup(user);
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
181 rcpt_daily_counts[user] = daily;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
182 }
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
183 else {
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
184 daily = ++((*j).second);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
185 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
186 pthread_mutex_unlock(&rate_mutex);
136
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
187 }
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
188
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
189
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
190 void add_auth_address(const char *user, int &hourly, int &daily, uint32_t ip);
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
191 void add_auth_address(const char *user, int &hourly, int &daily, uint32_t ip) {
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
192 pthread_mutex_lock(&rate_mutex);
280
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
193 auth_addresses::iterator i = auth_hourly_addresses.find(user);
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
194 if (i == auth_hourly_addresses.end()) {
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
195 user = strdup(user);
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
196 auth_hourly_addresses[user] = new uint32_t_set;
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
197 auth_hourly_addresses[user]->insert(ip);
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
198 hourly = 1;
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
199 }
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
200 else {
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
201 uint32_t_set::iterator k = ((*i).second)->find(ip);
280
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
202 if (k == ((*i).second)->end()) ((*i).second)->insert(ip);
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
203 hourly = ((*i).second)->size();
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
204 }
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
205
280
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
206 auth_addresses::iterator j = auth_daily_addresses.find(user);
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
207 if (j == auth_daily_addresses.end()) {
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
208 user = strdup(user);
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
209 auth_daily_addresses[user] = new uint32_t_set;
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
210 auth_daily_addresses[user]->insert(ip);
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
211 daily = 1;
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
212 }
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
213 else {
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
214 uint32_t_set::iterator k = ((*j).second)->find(ip);
280
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
215 if (k == ((*j).second)->end()) ((*j).second)->insert(ip);
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
216 daily = ((*j).second)->size();
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
217 }
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
218 pthread_mutex_unlock(&rate_mutex);
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
219 }
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
220
136
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
221 ////////////////////////////////////////////////
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
222 // helper to discard the strings held by a context_map
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
223 //
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
224 void discard(context_map &cm);
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
225 void discard(context_map &cm) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
226 for (context_map::iterator i=cm.begin(); i!=cm.end(); i++) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
227 const char *x = (*i).first;
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
228 free((void*)x);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
229 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
230 cm.clear();
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
231 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
232
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
233
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
234 ////////////////////////////////////////////////
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
235 // helper to register a string in a context_map
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
236 //
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
237 void register_string(context_map &cm, const char *name, CONTEXT *con);
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
238 void register_string(context_map &cm, const char *name, CONTEXT *con) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
239 context_map::iterator i = cm.find(name);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
240 if (i != cm.end()) return;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
241 char *x = strdup(name);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
242 cm[x] = con;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
243 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
244
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
245
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
246 ////////////////////////////////////////////////
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
247 // disconnect the fd from the dns resolver process
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
248 //
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
249 void my_disconnect(int sock, bool decrement = true);
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
250 void my_disconnect(int sock, bool decrement) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
251 if (sock != NULL_SOCKET) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
252 if (decrement) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
253 pthread_mutex_lock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
254 resolver_sock_count--;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
255 pthread_mutex_unlock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
256 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
257 shutdown(sock, SHUT_RDWR);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
258 close(sock);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
259 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
260 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
261
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
262
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
263 ////////////////////////////////////////////////
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
264 // return fd connected to the dns resolver process
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
265 //
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
266 int my_connect();
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
267 int my_connect() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
268 // if we have had recent errors, don't even try to open the socket
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
269 if ((time(NULL) - last_error_time) < ERROR_SOCKET_TIME) return NULL_SOCKET;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
270
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
271 // nothing recent, maybe this time it will work
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
272 int sock = NULL_SOCKET;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
273 sockaddr_un server;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
274 memset(&server, '\0', sizeof(server));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
275 server.sun_family = AF_UNIX;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
276 strncpy(server.sun_path, resolver_port, sizeof(server.sun_path)-1);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
277 sock = socket(AF_UNIX, SOCK_STREAM, 0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
278 if (sock != NULL_SOCKET) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
279 bool rc = (connect(sock, (sockaddr *)&server, sizeof(server)) == 0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
280 if (!rc) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
281 my_disconnect(sock, false);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
282 sock = NULL_SOCKET;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
283 last_error_time = time(NULL);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
284 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
285 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
286 else last_error_time = time(NULL);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
287 if (sock != NULL_SOCKET) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
288 pthread_mutex_lock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
289 resolver_sock_count++;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
290 pthread_mutex_unlock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
291 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
292 return sock;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
293 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
294
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
295
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
296 ////////////////////////////////////////////////
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
297 // Ask a dns question and get an A record answer in network byte order.
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
298 // We don't try very hard, just using the default resolver retry settings.
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
299 // If we cannot get an answer, we just accept the mail.
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
300 // If the qtype is ns_t_txt, the answer is placed in txt_answer which
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
301 // must be non-null, and the return value can be ignored.
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
302 // A null string is returned in txt_answer in the case of errors.
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
303 // If the qtype is ns_t_a, the ip address is returned in network byte order.
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
304 // IP address 0 is returned in case of errors.
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
305 //
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
306 uint32_t dns_interface(mlfiPriv &priv, const char *question, int qtype, bool maybe_ip, ns_map *nameservers, char *txt_answer, size_t txt_size) {
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
307 if (txt_answer) txt_answer[0] = '\0'; // return null string if there are no txt answers
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
308
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
309 // tell sendmail we are still working
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
310 #if _FFR_SMFI_PROGRESS
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
311 if (priv.eom) smfi_progress(priv.ctx);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
312 #endif
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
313
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
314 // this part can be done without locking the resolver mutex. Each
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
315 // milter thread is talking over its own socket to a separate resolver
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
316 // process, which does the actual dns resolution.
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
317 if (priv.err) return 0; // cannot ask more questions on this socket.
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
318 if (maybe_ip && (qtype == ns_t_a)) {
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
319 // might be a bare ip address, try this first to avoid dns lookups that may not be needed
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
320 in_addr ip;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
321 if (inet_aton(question, &ip)) {
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
322 return ip.s_addr;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
323 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
324 }
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
325 int8_t qt = qtype;
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
326 priv.my_write((const char *)&qt, 1);// write the query type
328
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
327 size_t n = strlen(question);
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
328 if (question[n-1] == '.') {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
329 priv.my_write(question, n+1); // write the question including the null terminator
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
330 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
331 else {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
332 priv.my_write(question, n); // write the question
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
333 priv.my_write(".", 2); // and the fully qualified . terminator and null string terminator
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
334 }
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
335
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
336 glommer glom;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
337 char *buf = (char *)&glom;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
338 priv.my_read(buf, sizeof(glom.length));
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
339 buf += sizeof(glom.length);
390
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
340 #ifdef RESOLVER_DEBUG
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
341 char text[1000];
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
342 snprintf(text, sizeof(text), "dns_interface() wrote question %s and has answer length %d", question, glom.length);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
343 my_syslog(text);
390
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
344 #endif
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
345 if (glom.length == 0) return 0;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
346 if (glom.length > sizeof(glom.answer)) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
347 priv.err = true;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
348 return 0; // cannot process overlarge answers
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
349 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
350 priv.my_read(buf, glom.length);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
351
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
352 #ifdef NS_PACKETSZ
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
353 // now we need to lock the resolver mutex to keep the milter threads from
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
354 // stepping on each other while parsing the dns answer.
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
355 uint32_t ret_address = 0;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
356 pthread_mutex_lock(&resolve_mutex);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
357 // parse the answer
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
358 ns_msg handle;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
359 ns_rr rr;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
360 if (ns_initparse(glom.answer, glom.length, &handle) == 0) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
361 // look for ns names
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
362 if (nameservers) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
363 ns_map &ns = *nameservers;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
364 int rrnum = 0;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
365 while (ns_parserr(&handle, ns_s_ns, rrnum++, &rr) == 0) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
366 if (ns_rr_type(rr) == ns_t_ns) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
367 char nam[NS_MAXDNAME+1];
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
368 char *n = nam;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
369 const u_char *p = ns_rr_rdata(rr);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
370 while (((n-nam) < NS_MAXDNAME) && ((size_t)(p-glom.answer) < glom.length) && *p) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
371 size_t s = *(p++);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
372 if (s > 191) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
373 // compression pointer
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
374 s = (s-192)*256 + *(p++);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
375 if (s >= glom.length) break; // pointer outside bounds of answer
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
376 p = glom.answer + s;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
377 s = *(p++);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
378 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
379 if (s > 0) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
380 if ((size_t)(n-nam) >= (NS_MAXDNAME-s)) break; // destination would overflow name buffer
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
381 if ((size_t)(p-glom.answer) >= (glom.length-s)) break; // source outside bounds of answer
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
382 memcpy(n, p, s);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
383 n += s;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
384 p += s;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
385 *(n++) = '.';
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
386 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
387 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
388 if (n-nam) n--; // remove trailing .
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
389 *n = '\0'; // null terminate it
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
390 ns.add(nam, question); // ns host to lookup later
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
391 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
392 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
393 rrnum = 0;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
394 while (ns_parserr(&handle, ns_s_ar, rrnum++, &rr) == 0) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
395 if (ns_rr_type(rr) == ns_t_a) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
396 char* nam = (char*)ns_rr_name(rr);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
397 ns_mapper::iterator i = ns.ns_ip.find(nam);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
398 if (i != ns.ns_ip.end()) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
399 // we want this ip address
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
400 uint32_t address;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
401 memcpy(&address, ns_rr_rdata(rr), sizeof(address));
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
402 ns.ns_ip[nam] = address;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
403 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
404 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
405 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
406 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
407 int rrnum = 0;
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
408 if (qtype == ns_t_a) {
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
409 while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) {
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
410 if (ns_rr_type(rr) == qtype) {
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
411 uint32_t address;
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
412 memcpy(&address, ns_rr_rdata(rr), sizeof(address));
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
413 ret_address = address;
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
414 }
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
415 }
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
416 }
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
417 if ((qtype == ns_t_txt) && (txt_answer) && (txt_size > 7)) {
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
418 txt_answer[0] = '\0'; // return null string if there are no txt answers
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
419 txt_size--; // allow room for terminating null;
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
420 while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) {
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
421 if (ns_rr_type(rr) == qtype) {
384
7b7066a51c33 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 382
diff changeset
422 size_t offset = 0;
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
423 size_t rdlen = ns_rr_rdlen(rr);
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
424 const unsigned char *rdata = ns_rr_rdata(rr);
390
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
425 #ifdef RESOLVER_DEBUG
385
be7355b47051 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 384
diff changeset
426 char text[1000];
be7355b47051 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 384
diff changeset
427 snprintf(text, sizeof(text), "found txt record rdlen = %d", rdlen);
be7355b47051 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 384
diff changeset
428 my_syslog(text);
390
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
429 #endif
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
430 while ((offset < txt_size) && rdlen) {
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
431 size_t slen = size_t(*(rdata++));
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
432 rdlen--;
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
433 size_t m = min(slen, rdlen);
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
434 m = min(m, txt_size-offset);
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
435 memcpy(txt_answer+offset, rdata, m);
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
436 offset += m;
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
437 rdata += m;
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
438 rdlen -= m;
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
439 }
384
7b7066a51c33 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 382
diff changeset
440 txt_answer[offset] = '\0'; // trailing null
390
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
441 #ifdef RESOLVER_DEBUG
385
be7355b47051 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 384
diff changeset
442 snprintf(text, sizeof(text), "found txt record %s", txt_answer);
be7355b47051 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 384
diff changeset
443 my_syslog(text);
390
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
444 #endif
384
7b7066a51c33 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 382
diff changeset
445 if (strncasecmp(txt_answer, "v=spf1 ", 7) == 0) break;
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
446 }
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
447 }
390
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
448 if (strncasecmp(txt_answer, "v=spf1 ", 7) != 0) {
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
449 txt_answer[0] = '\0'; // return null string if there are no spf1 txt answers
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
450 }
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
451 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
452 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
453 pthread_mutex_unlock(&resolve_mutex);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
454 #ifdef RESOLVER_DEBUG
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
455 snprintf(text, sizeof(text), "dns_interface() found ip %d", ret_address);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
456 my_syslog(text);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
457 #endif
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
458 return ret_address;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
459 #else
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
460 return glom.answer;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
461 #endif
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
462 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
463
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
464
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
465 ////////////////////////////////////////////////
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
466 // lookup a hostname on the uribl
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
467 //
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
468 // if we find hostname on the uribl, return true and point found to hostname
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
469 // as a string registered in hosts.
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
470 // otherwise, return false and preserve the value of found.
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
471 //
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
472 bool uriblookup(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) ;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
473 bool uriblookup(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) {
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
474 char buf[maxlen];
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
475 snprintf(buf, sizeof(buf), "%s.%s.", hostname, priv.uribl_suffix);
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
476 uint32_t ip = ntohl(dns_interface(priv, buf, ns_t_a));
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
477 if (ip and (ip != 0x7f000000)) {
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
478 if (debug_syslog > 2) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
479 char tmp[maxlen];
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
480 snprintf(tmp, sizeof(tmp), "found %s on %s", hostname, priv.uribl_suffix);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
481 my_syslog(tmp);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
482 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
483 found = register_string(hosts, hostname);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
484 return true;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
485 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
486 return false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
487 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
488
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
489
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
490 ////////////////////////////////////////////////
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
491 // uribl checker
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
492 // -------------
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
493 // hostname MUST not have a trailing dot. Find the tld part of
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
494 // the hostname, and add one more level. If that is listed on
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
495 // the uribl, return true and point found to the part of the
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
496 // hostname that we found as a string registered in hosts.
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
497 // Otherwise, return false and preserve the value of found.
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
498 //
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
499 bool check_uribl(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) ;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
500 bool check_uribl(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
501 in_addr ip;
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
502 if (inet_aton(hostname, &ip)) return false; // don't check ip addresses in uribls
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
503 const char* components[maxlen];
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
504 int n = 0; // number of components in the hostname
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
505 while (n < maxlen) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
506 components[n++] = hostname;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
507 const char *c = strchr(hostname, '.');
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
508 if (!c) break;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
509 hostname = c+1;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
510 }
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
511 string_set *tlds = priv.memory->get_tlds();
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
512 string_set *tldwilds = priv.memory->get_tldwilds();
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
513 string_set *tldnots = priv.memory->get_tldnots();
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
514 string_set::iterator xtlds = tlds->end();
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
515 string_set::iterator xtldwilds = tldwilds->end();
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
516 string_set::iterator xtldnots = tldnots->end();
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
517 for (int i=max(0,n-4); i<n; i++) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
518 const char* name = components[i];
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
519 bool rc = false;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
520 string_set::iterator tt = tldnots->find(name);
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
521 if (tt != xtldnots) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
522 rc = true;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
523 }
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
524 else {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
525 tt = tldwilds->find(name);
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
526 if (tt != xtldwilds) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
527 if (i > 1) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
528 rc = true;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
529 name = components[i-2];
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
530 }
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
531 else return false;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
532 }
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
533 else {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
534 tt = tlds->find(name);
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
535 if (tt != xtlds) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
536 if (i > 0) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
537 rc = true;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
538 name = components[i-1];
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
539 }
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
540 else return false;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
541 }
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
542 }
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
543 }
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
544 if (rc) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
545 return uriblookup(priv, hosts, name, found);
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
546 }
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
547 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
548 return false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
549 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
550
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
551
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
552 mlfiPriv::mlfiPriv() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
553 pthread_mutex_lock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
554 pc = config;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
555 pc->reference_count++;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
556 pthread_mutex_unlock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
557 get_fd();
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
558 ctx = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
559 eom = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
560 ip = 0;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
561 helo = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
562 mailaddr = NULL;
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
563 origaddr = NULL;
321
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
564 fromaddr = NULL;
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
565 header_count = 0;
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
566 dkim_ok = true;
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
567 queueid = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
568 authenticated = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
569 client_name = NULL;
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
570 client_dns_name = NULL;
268
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
571 client_dns_forged = false;
238
7b818a4e21a4 produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents: 236
diff changeset
572 host_uribl = NULL;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
573 helo_uribl = false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
574 client_uribl = false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
575 from_uribl = false;
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
576 have_whites = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
577 only_whites = true;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
578 want_spamassassin = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
579 want_dccgrey = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
580 want_dccbulk = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
581 allow_autowhitelisting = true;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
582 content_context = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
583 memory = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
584 scanner = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
585 content_suffix = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
586 content_message = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
587 uribl_suffix = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
588 uribl_message = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
589 content_host_ignore = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
590 assassin = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
591 dccifd = NULL;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
592 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
593
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
594 mlfiPriv::~mlfiPriv() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
595 return_fd();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
596 pthread_mutex_lock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
597 pc->reference_count--;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
598 bool last = (!pc->reference_count) && (pc != config);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
599 pthread_mutex_unlock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
600 if (last) delete pc; // free this config, since we were the last reference to it
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
601 if (helo) free((void*)helo);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
602 reset(true);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
603 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
604
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
605 void mlfiPriv::reset(bool final) {
194
688ec12a3c0c delay autowhitelisting to avoid out of office reply bots
carl
parents: 193
diff changeset
606 while (!delayer.empty()) {
231
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
607 DELAYWHITEP dwp = delayer.front();
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
608 const char *loto = dwp->get_loto();
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
609 if (loto) free((void*)loto);
193
3ea79ef741a0 delay autowhitelisting to avoid out of office reply bots
carl
parents: 192
diff changeset
610 delete dwp;
3ea79ef741a0 delay autowhitelisting to avoid out of office reply bots
carl
parents: 192
diff changeset
611 delayer.pop_front();
3ea79ef741a0 delay autowhitelisting to avoid out of office reply bots
carl
parents: 192
diff changeset
612 }
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
613 if (mailaddr) free((void*)mailaddr);
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
614 if (origaddr) free((void*)origaddr);
321
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
615 if (fromaddr) free((void*)fromaddr);
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
616 if (queueid) free((void*)queueid);
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
617 if (authenticated) free((void*)authenticated);
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
618 if (client_name) free((void*)client_name);
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
619 if (client_dns_name) free((void*)client_dns_name);
326
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
620 discard(dkim_signers);
238
7b818a4e21a4 produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents: 236
diff changeset
621 discard(hosts_uribl);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
622 delayer.clear();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
623 discard(env_to);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
624 if (memory) delete memory;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
625 if (scanner) delete scanner;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
626 if (assassin) delete assassin;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
627 if (dccifd) delete dccifd;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
628 if (!final) {
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
629 ctx = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
630 eom = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
631 mailaddr = NULL;
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
632 origaddr = NULL;
321
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
633 fromaddr = NULL;
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
634 header_count = 0;
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
635 dkim_ok = true;
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
636 queueid = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
637 authenticated = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
638 client_name = NULL;
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
639 client_dns_name = NULL;
238
7b818a4e21a4 produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents: 236
diff changeset
640 host_uribl = NULL;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
641 helo_uribl = false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
642 client_uribl = false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
643 from_uribl = false;
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
644 have_whites = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
645 only_whites = true;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
646 want_spamassassin = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
647 want_dccgrey = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
648 want_dccbulk = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
649 allow_autowhitelisting = true;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
650 content_context = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
651 memory = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
652 scanner = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
653 content_suffix = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
654 content_message = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
655 uribl_suffix = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
656 uribl_message = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
657 content_host_ignore = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
658 assassin = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
659 dccifd = NULL;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
660 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
661 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
662
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
663 void mlfiPriv::get_fd() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
664 err = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
665 fd = NULL_SOCKET;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
666 int result = pthread_mutex_lock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
667 if (!result) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
668 std::set<int>::iterator i;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
669 i = fd_pool.begin();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
670 if (i != fd_pool.end()) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
671 // have at least one fd in the pool
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
672 err = false;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
673 fd = *i;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
674 fd_pool.erase(fd);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
675 resolver_pool_size--;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
676 pthread_mutex_unlock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
677 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
678 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
679 // pool is empty, get a new fd
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
680 pthread_mutex_unlock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
681 fd = my_connect();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
682 err = (fd == NULL_SOCKET);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
683 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
684 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
685 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
686 // cannot lock the pool, just get a new fd
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
687 fd = my_connect();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
688 err = (fd == NULL_SOCKET);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
689 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
690 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
691
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
692 void mlfiPriv::return_fd() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
693 if (err) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
694 // this fd got a socket error, so close it, rather than returning it to the pool
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
695 my_disconnect(fd);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
696 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
697 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
698 int result = pthread_mutex_lock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
699 if (!result) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
700 if ((resolver_sock_count > resolver_pool_size*5) || (resolver_pool_size < 5)) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
701 // return the fd to the pool
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
702 fd_pool.insert(fd);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
703 resolver_pool_size++;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
704 pthread_mutex_unlock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
705 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
706 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
707 // more than 20% of the open resolver sockets are in the pool, and the
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
708 // pool as at least 5 sockets. that is enough, so just close this one.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
709 pthread_mutex_unlock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
710 my_disconnect(fd);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
711 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
712 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
713 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
714 // could not lock the pool, so just close the fd
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
715 my_disconnect(fd);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
716 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
717 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
718 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
719
177
a4d313c2460b start embedded dcc filtering
carl
parents: 174
diff changeset
720 size_t mlfiPriv::my_write(const char *buf, size_t len) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
721 if (err) return 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
722 size_t rs = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
723 while (len) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
724 size_t ws = write(fd, buf, len);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
725 if (ws > 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
726 rs += ws;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
727 len -= ws;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
728 buf += ws;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
729 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
730 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
731 // peer closed the socket!
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
732 rs = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
733 err = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
734 break;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
735 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
736 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
737 return rs;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
738 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
739
177
a4d313c2460b start embedded dcc filtering
carl
parents: 174
diff changeset
740 size_t mlfiPriv::my_read(char *buf, size_t len) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
741 if (err) return 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
742 size_t rs = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
743 while (len) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
744 size_t ws = read(fd, buf, len);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
745 if (ws > 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
746 rs += ws;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
747 len -= ws;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
748 buf += ws;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
749 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
750 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
751 // peer closed the socket!
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
752 rs = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
753 err = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
754 break;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
755 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
756 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
757 return rs;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
758 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
759
377
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
760 const char *mlfiPriv::check_uribl_signers() {
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
761 if (uribl_suffix) {
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
762 for (string_set::iterator s=dkim_signers.begin(); s!=dkim_signers.end(); s++) {
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
763 if (check_uribl(*this, hosts_uribl, *s, host_uribl)) return host_uribl;
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
764 }
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
765 }
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
766 return NULL;
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
767 }
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
768
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
769 void mlfiPriv::need_content_filter(CONTEXT &con) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
770 if (!memory) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
771 // first recipient that needs content filtering sets
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
772 // some of the content filtering parameters
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
773 memory = new recorder(this, con.get_html_tags(), con.get_content_tlds(), con.get_content_tldwilds(), con.get_content_tldnots());
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
774 scanner = new url_scanner(memory);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
775 content_suffix = con.get_content_suffix();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
776 content_message = con.get_content_message();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
777 uribl_suffix = con.get_uribl_suffix();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
778 uribl_message = con.get_uribl_message();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
779 content_host_ignore = &con.get_content_host_ignore();
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
780 // if we are using uribl, test helo and client names here
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
781 if (uribl_suffix) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
782 if (helo) {
238
7b818a4e21a4 produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents: 236
diff changeset
783 helo_uribl = check_uribl(*this, hosts_uribl, helo, host_uribl);
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
784 }
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
785 if (client_dns_name && !helo_uribl) {
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
786 client_uribl = check_uribl(*this, hosts_uribl, client_dns_name, host_uribl);
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
787 }
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
788 if (mailaddr && !client_uribl) {
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
789 const char *f = strchr(mailaddr, '@');
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
790 if (f) from_uribl = check_uribl(*this, hosts_uribl, f+1, host_uribl);
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
791 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
792 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
793 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
794 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
795
186
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
796
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
797 mlfiPriv* fetch_priv_from_ctx(SMFICTX *ctx);
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
798 mlfiPriv* fetch_priv_from_ctx(SMFICTX *ctx)
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
799 {
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
800 mlfiPriv *priv = (struct mlfiPriv *)smfi_getpriv(ctx);
187
f0eda59e8afd fix null pointer dereference from missing HELO command
carl
parents: 186
diff changeset
801 priv->ctx = ctx;
186
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
802 return priv;
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
803 }
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
804 #define MLFIPRIV fetch_priv_from_ctx(ctx)
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
805
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
806
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
807
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
808 ////////////////////////////////////////////////
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
809 // syslog a message
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
810 //
310
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
811 void my_syslog(const char *queueid, const char *text) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
812 char buf[maxlen];
311
f5547e7b3a09 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 310
diff changeset
813 if (queueid && queueid[0]) {
310
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
814 snprintf(buf, sizeof(buf), "%s: %s", queueid, text);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
815 text = buf;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
816 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
817 if (use_syslog) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
818 pthread_mutex_lock(&syslog_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
819 if (!syslog_opened) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
820 openlog("dnsbl", LOG_PID, LOG_MAIL);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
821 syslog_opened = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
822 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
823 syslog(LOG_NOTICE, "%s", text);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
824 pthread_mutex_unlock(&syslog_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
825 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
826 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
827 printf("%s \n", text);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
828 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
829 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
830
310
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
831 void my_syslog(mlfiPriv *priv, const char *text) {
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
832 if (priv) my_syslog(priv->queueid, text);
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
833 else my_syslog((const char *)NULL, text);
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
834 }
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
835
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
836 void my_syslog(mlfiPriv *priv, const string text) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
837 if (debug_syslog > 3) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
838 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
839 strncpy(buf, text.c_str(), sizeof(buf));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
840 buf[maxlen-1] = '\0'; // ensure null termination
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
841 my_syslog(priv, buf);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
842 }
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
843 }
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
844
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
845 void my_syslog(const char *text) {
310
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
846 my_syslog((const char *)NULL, text);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
847 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
848
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
849
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
850 ////////////////////////////////////////////////
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
851 // read a resolver request from the socket, process it, and
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
852 // write the result back to the socket.
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
853
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
854 void process_resolver_requests(int socket);
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
855 void process_resolver_requests(int socket) {
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
856 #ifdef NS_MAXDNAME
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
857 char question[NS_MAXDNAME];
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
858 #else
389
aa9795b407e8 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 388
diff changeset
859 char question[1025];
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
860 #endif
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
861 glommer glom;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
862
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
863 int maxq = sizeof(question);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
864 while (true) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
865 // read a question
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
866 int rs = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
867 while (rs < maxq) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
868 int ns = read(socket, question+rs, maxq-rs);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
869 if (ns > 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
870 rs += ns;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
871 if (question[rs-1] == '\0') {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
872 // last byte read was the null terminator, we are done
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
873 break;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
874 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
875 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
876 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
877 // peer closed the socket
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
878 #ifdef RESOLVER_DEBUG
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
879 my_syslog("process_resolver_requests() peer closed socket while reading question");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
880 #endif
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
881 shutdown(socket, SHUT_RDWR);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
882 close(socket);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
883 return;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
884 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
885 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
886 question[rs-1] = '\0'; // ensure null termination
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
887
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
888 // find the answer
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
889 #ifdef NS_PACKETSZ
388
2354a1944e49 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 387
diff changeset
890 int qt = int8_t(question[0]);
2354a1944e49 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 387
diff changeset
891 int res_result = res_query(question+1, ns_c_in, qt, glom.answer, sizeof(glom.answer));
390
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
892 #ifdef RESOLVER_DEBUG
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
893 char text[1000];
387
616e46e9b8f0 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 386
diff changeset
894 snprintf(text, sizeof(text), "process_resolver_requests() has a question %s qtype %d buf len %d result %d",
388
2354a1944e49 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 387
diff changeset
895 question+1, qt, sizeof(glom.answer), res_result);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
896 my_syslog(text);
390
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
897 #endif
223
da9e7f1c8160 fix unsigned signed compare, back to mixed -lresolv and libresolv.a with auto requires
Carl Byington <carl@five-ten-sg.com>
parents: 222
diff changeset
898 if (res_result < 0) glom.length = 0; // represent all errors as zero length answers
da9e7f1c8160 fix unsigned signed compare, back to mixed -lresolv and libresolv.a with auto requires
Carl Byington <carl@five-ten-sg.com>
parents: 222
diff changeset
899 else glom.length = (size_t)res_result;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
900 #else
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
901 glom.length = sizeof(glom.answer);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
902 glom.answer = 0;
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
903 int t = int8_t(question[0]);
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
904 if (t != ns_t_a) {
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
905 glom.length = 0;
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
906 }
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
907 else {
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
908 struct hostent *host = gethostbyname(question+1);
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
909 if (host && (host->h_addrtype == AF_INET)) {
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
910 memcpy(&glom.answer, host->h_addr, sizeof(glom.answer));
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
911 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
912 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
913 #endif
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
914
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
915 // write the answer
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
916 char *buf = (char *)&glom;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
917 int len = glom.length + sizeof(glom.length);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
918 #ifdef RESOLVER_DEBUG
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
919 snprintf(text, sizeof(text), "process_resolver_requests() writing answer length %d for total %d", glom.length, len);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
920 my_syslog(text);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
921 #endif
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
922 int ws = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
923 while (len > ws) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
924 int ns = write(socket, buf+ws, len-ws);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
925 if (ns > 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
926 ws += ns;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
927 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
928 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
929 // peer closed the socket!
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
930 #ifdef RESOLVER_DEBUG
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
931 my_syslog("process_resolver_requests() peer closed socket while writing answer");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
932 #endif
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
933 shutdown(socket, SHUT_RDWR);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
934 close(socket);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
935 return;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
936 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
937 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
938 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
939 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
940
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
941
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
942 ////////////////////////////////////////////////
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
943 // check a single dns list, return ip address in network byte order
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
944 //
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
945 uint32_t check_single(mlfiPriv &priv, uint32_t ip, const char *suffix);
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
946 uint32_t check_single(mlfiPriv &priv, uint32_t ip, const char *suffix) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
947 // make a dns question
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
948 const u_char *src = (const u_char *)&ip;
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
949 if (src[0] == 127) return 0; // don't do dns lookups on localhost
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
950 if (src[0] == 10) return 0; // don't do dns lookups on rfc1918 space
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
951 if ((src[0] == 192) && (src[1] == 168)) return 0;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
952 if ((src[0] == 172) && (16 <= src[1]) && (src[1] <= 31)) return 0;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
953 #ifdef NS_MAXDNAME
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
954 char question[NS_MAXDNAME];
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
955 #else
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
956 char question[1000];
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
957 #endif
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
958 snprintf(question, sizeof(question), "%u.%u.%u.%u.%s.", src[3], src[2], src[1], src[0], suffix);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
959 // ask the question, if we get an A record it implies a blacklisted ip address
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
960 return dns_interface(priv, question, ns_t_a);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
961 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
962
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
963
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
964 ////////////////////////////////////////////////
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
965 // check a single dnsbl
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
966 //
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
967 bool check_single(mlfiPriv &priv, uint32_t ip, DNSBL &bl);
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
968 bool check_single(mlfiPriv &priv, uint32_t ip, DNSBL &bl) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
969 return check_single(priv, ip, bl.suffix);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
970 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
971
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
972
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
973 ////////////////////////////////////////////////
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
974 // check a single dnswl
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
975 //
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
976 bool check_single(mlfiPriv &priv, uint32_t ip, DNSWL &wl);
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
977 bool check_single(mlfiPriv &priv, uint32_t ip, DNSWL &wl) {
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
978 uint32_t r = ntohl(check_single(priv, ip, wl.suffix));
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
979 uint32_t v = (uint32_t)0x7f000000;
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
980 uint32_t m = (uint32_t)0xffff0000;
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
981 uint32_t m2 = (uint32_t)0x000000ff;
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
982 if ((r & m) == v) {
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
983 uint32_t l = r & m2;
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
984 if ((int)l >= wl.level) return true;
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
985 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
986 return false;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
987 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
988
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
989
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
990 ////////////////////////////////////////////////
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
991 // check the dnsbls specified for this recipient
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
992 //
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
993 bool check_dnsbl(mlfiPriv &priv, dnsblp_list &dnsbll, DNSBLP &rejectlist);
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
994 bool check_dnsbl(mlfiPriv &priv, dnsblp_list &dnsbll, DNSBLP &rejectlist) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
995 for (dnsblp_list::iterator i=dnsbll.begin(); i!=dnsbll.end(); i++) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
996 DNSBLP dp = *i; // non null by construction
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
997 bool st;
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
998 map<DNSBLP, bool>::iterator f = priv.checked_black.find(dp);
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
999 if (f == priv.checked_black.end()) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1000 // have not checked this list yet
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1001 st = check_single(priv, priv.ip, *dp);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1002 rejectlist = dp;
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1003 priv.checked_black[dp] = st;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1004 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1005 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1006 st = (*f).second;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1007 rejectlist = (*f).first;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1008 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1009 if (st) return st;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1010 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1011 return false;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1012 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1013
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1014
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1015 ////////////////////////////////////////////////
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1016 // check the dnswls specified for this recipient
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1017 //
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1018 bool check_dnswl(mlfiPriv &priv, dnswlp_list &dnswll, DNSWLP &acceptlist);
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1019 bool check_dnswl(mlfiPriv &priv, dnswlp_list &dnswll, DNSWLP &acceptlist) {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1020 for (dnswlp_list::iterator i=dnswll.begin(); i!=dnswll.end(); i++) {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1021 DNSWLP dp = *i; // non null by construction
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1022 bool st;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1023 map<DNSWLP, bool>::iterator f = priv.checked_white.find(dp);
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1024 if (f == priv.checked_white.end()) {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1025 // have not checked this list yet
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1026 st = check_single(priv, priv.ip, *dp);
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1027 acceptlist = dp;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1028 priv.checked_white[dp] = st;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1029 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1030 else {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1031 st = (*f).second;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1032 acceptlist = (*f).first;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1033 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1034 if (st) return st;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1035 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1036 return false;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1037 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1038
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1039
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1040 ////////////////////////////////////////////////
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1041 // check the hosts from the body against the content filter and uribl dnsbls
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1042 //
124
ea6f9c812faa put hostname in smtp message for uribl style lookups
carl
parents: 123
diff changeset
1043 //
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
1044 bool check_hosts(mlfiPriv &priv, bool random, int limit, const char *&msg, const char *&host, uint32_t &ip, const char *&found);
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
1045 bool check_hosts(mlfiPriv &priv, bool random, int limit, const char *&msg, const char *&host, uint32_t &ip, const char *&found) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1046 found = NULL; // normally ip address style
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1047 if (!priv.content_suffix && !priv.uribl_suffix) return false; // nothing to check
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1048 string_set &hosts = priv.memory->get_hosts();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1049 string_set &ignore = *priv.content_host_ignore;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1050
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1051 int count = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1052 int cnt = hosts.size(); // number of hosts we could look at
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
1053 uint32_t_set ips;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1054 ns_map nameservers;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1055 for (string_set::iterator i=hosts.begin(); i!=hosts.end(); i++) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1056 host = *i; // a reference into hosts, which will live until this smtp transaction is closed
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1057
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1058 // don't bother looking up hosts on the ignore list
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1059 string_set::iterator j = ignore.find(host);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1060 if (j != ignore.end()) continue;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1061
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1062 // try to only look at limit/cnt fraction of the available cnt host names in random mode
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1063 if ((cnt > limit) && (limit > 0) && random) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1064 int r = rand() % cnt;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1065 if (r >= limit) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1066 if (debug_syslog > 2) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1067 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1068 snprintf(buf, sizeof(buf), "host %s skipped", host);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1069 my_syslog(&priv, buf);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1070 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1071 continue;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1072 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1073 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1074 count++;
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
1075 ip = dns_interface(priv, host, ns_t_a, true, &nameservers);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1076 if (debug_syslog > 2) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1077 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1078 if (ip) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1079 char adr[sizeof "255.255.255.255 "];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1080 adr[0] = '\0';
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1081 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1082 snprintf(buf, sizeof(buf), "host %s found at %s", host, adr);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1083 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1084 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1085 snprintf(buf, sizeof(buf), "host %s not found", host);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1086 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1087 my_syslog(&priv, buf);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1088 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1089 if (ip) {
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
1090 uint32_t_set::iterator i = ips.find(ip);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1091 if (i == ips.end()) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1092 // we haven't looked this up yet
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1093 ips.insert(ip);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1094 // check dnsbl style list
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1095 if (priv.content_suffix && check_single(priv, ip, priv.content_suffix)) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1096 msg = priv.content_message;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1097 return true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1098 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1099 // Check uribl & surbl style list
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1100 if (priv.uribl_suffix && check_uribl(priv, hosts, host, found)) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1101 msg = priv.uribl_message;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1102 return true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1103 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1104 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1105 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1106 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1107 limit *= 4; // allow average of 3 ns per host name
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1108 for (ns_mapper::iterator i=nameservers.ns_ip.begin(); i!=nameservers.ns_ip.end(); i++) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1109 count++;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1110 if ((count > limit) && (limit > 0)) return false; // too many name servers to check them all
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1111 host = (*i).first; // a transient reference that needs to be replaced before we return it
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1112 ip = (*i).second;
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
1113 if (!ip) ip = dns_interface(priv, host, ns_t_a);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1114 if (debug_syslog > 2) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1115 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1116 if (ip) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1117 char adr[sizeof "255.255.255.255 "];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1118 adr[0] = '\0';
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1119 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1120 snprintf(buf, sizeof(buf), "ns %s found at %s", host, adr);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1121 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1122 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1123 snprintf(buf, sizeof(buf), "ns %s not found", host);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1124 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1125 my_syslog(&priv, buf);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1126 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1127 if (ip) {
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
1128 uint32_t_set::iterator i = ips.find(ip);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1129 if (i == ips.end()) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1130 ips.insert(ip);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1131 if (check_single(priv, ip, priv.content_suffix)) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1132 msg = priv.content_message;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1133 string_map::iterator j = nameservers.ns_host.find(host);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1134 if (j != nameservers.ns_host.end()) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1135 const char *refer = (*j).second;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1136 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1137 snprintf(buf, sizeof(buf), "%s with nameserver %s", refer, host);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1138 host = register_string(hosts, buf); // put a copy into hosts, and return that reference
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1139 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1140 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1141 host = register_string(hosts, host); // put a copy into hosts, and return that reference
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1142 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1143 return true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1144 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1145 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1146 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1147 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1148 return false;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1149 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1150
127
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes
carl
parents: 126
diff changeset
1151
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1152 ////////////////////////////////////////////////
127
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes
carl
parents: 126
diff changeset
1153 //
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes
carl
parents: 126
diff changeset
1154 // this email address is passed in from sendmail, and will normally be
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1155 // enclosed in <>. I think older versions of sendmail supplied the <>
127
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes
carl
parents: 126
diff changeset
1156 // wrapper if the mail client did not, but the current version does not do
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes
carl
parents: 126
diff changeset
1157 // that. So the <> wrapper is now optional. It may have mixed case, just
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1158 // as the mail client sent it. We dup the string and convert the duplicate
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1159 // to lower case. Some clients enclose the entire address in single quotes,
246
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1160 // so we strip those as well. We also remove the SRS and prvs coding.
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1161 //
346
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1162 const char *to_lower_string(const char *email, bool srs = true);
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1163 const char *to_lower_string(const char *email, bool srs) {
266
582cfb9c4031 fix unauthenticated rate limit bug for empty mail from
Carl Byington <carl@five-ten-sg.com>
parents: 263
diff changeset
1164 if (!email) return strdup("<>");
328
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1165 size_t n = strlen(email);
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1166 if ((n > 1) && (email[0] == '<') && (email[n-1] == '>')) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1167 n -= 2;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1168 email++;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1169 }
328
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1170 if ((n > 1) && (email[0] == '\'') && (email[n-1] == '\'')) {
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1171 n -= 2;
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1172 email++;
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1173 }
352
f5a6740cabee need to lowercase the domain extracted from the from header so it will match the keys in dkim_from
Carl Byington <carl@five-ten-sg.com>
parents: 350
diff changeset
1174 if (n == 0) return strdup("<>");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1175 char *key = strdup(email);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1176 key[n] = '\0';
331
9800776436b9 allow dkim whitelisting to override uribl hosts in the mail body
Carl Byington <carl@five-ten-sg.com>
parents: 330
diff changeset
1177 for (size_t i=0; i<n; i++) key[i] = tolower(key[i]);
346
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1178
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1179 if (srs) {
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1180 if ((n > 14) && (strncmp(key, "srs", 3) == 0)) {
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1181 // might have srs coding to be removed
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1182 const int nmatch = 7;
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1183 regmatch_t match[nmatch];
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1184 if (0 == regexec(&srs_pattern, key, nmatch, match, 0)) {
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1185 int s4 = match[5].rm_so; // domain
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1186 int e4 = match[5].rm_eo;
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1187 int s5 = match[6].rm_so; // user
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1188 int e5 = match[6].rm_eo;
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1189 if ((s4 != -1) && (s5 != -1)) {
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1190 char *newkey = strdup(key); // large enough
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1191 key[e4] = '\0';
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1192 key[e5] = '\0';
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1193 strcpy(newkey, key+s5); // user
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1194 strcat(newkey, "@"); // @
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1195 strcat(newkey, key+s4); // domain
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1196 free(key);
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1197 key = newkey;
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1198 }
235
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1199 }
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1200 }
346
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1201 if ((n > 7) && (strncmp(key, "prvs", 4) == 0)) {
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1202 // might have prvs coding to be removed
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1203 const int nmatch = 3;
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1204 regmatch_t match[nmatch];
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1205 if (0 == regexec(&prvs_pattern, key, nmatch, match, 0)) {
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1206 int s2 = match[2].rm_so; // user@domain
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1207 if (s2 != -1) {
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1208 char *newkey = strdup(key+s2); // user@domain
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1209 free(key);
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1210 key = newkey;
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1211 }
246
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1212 }
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1213 }
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1214 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1215 return key;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1216 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1217
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1218
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1219 ////////////////////////////////////////////////
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1220 // start of sendmail milter interfaces
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1221 //
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1222 sfsistat mlfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1223 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1224 // allocate some private memory
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1225 mlfiPriv *priv = new mlfiPriv;
286
9bd5388bf469 Fix possible segfault in mlfi_connect, hostaddr might be null
Carl Byington <carl@five-ten-sg.com>
parents: 284
diff changeset
1226 if (hostaddr && (hostaddr->sa_family == AF_INET)) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1227 priv->ip = ((struct sockaddr_in *)hostaddr)->sin_addr.s_addr;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1228 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1229 // save the private data
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1230 smfi_setpriv(ctx, (void*)priv);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1231
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1232 // continue processing
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1233 return SMFIS_CONTINUE;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1234 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1235
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1236 sfsistat mlfi_helo(SMFICTX * ctx, char *helohost)
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1237 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1238 mlfiPriv &priv = *MLFIPRIV;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1239 priv.helo = strdup(helohost);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1240 return SMFIS_CONTINUE;
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1241 }
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1242
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1243 sfsistat mlfi_envfrom(SMFICTX *ctx, char **from)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1244 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1245 mlfiPriv &priv = *MLFIPRIV;
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1246 CONFIG &dc = *priv.pc;
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1247 priv.origaddr = to_lower_string(from[0], false);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1248 priv.mailaddr = to_lower_string(from[0]);
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1249 priv.queueid = strdup(smfi_getsymval(ctx, (char*)"i"));
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1250 priv.authenticated = smfi_getsymval(ctx, (char*)"{auth_authen}");
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1251 priv.client_name = smfi_getsymval(ctx, (char*)"_");
191
2a67d31099c3 fix null pointer dereference from missing HELO command
carl
parents: 190
diff changeset
1252 if (!priv.helo) priv.helo = strdup("unknown");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1253 if (priv.authenticated) priv.authenticated = strdup(priv.authenticated);
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1254 if (priv.client_name) {
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1255 priv.client_name = strdup(priv.client_name);
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1256 const char *p = strstr(priv.client_name, " [");
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1257 if (p) {
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1258 uint pp = p - priv.client_name;
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1259 priv.client_dns_name = strdup(priv.client_name);
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1260 priv.client_dns_name[pp] = '\0';
259
be939802c64e add recipient rate limits by email from address or domain
Carl Byington <carl@five-ten-sg.com>
parents: 257
diff changeset
1261 //char text[500];
be939802c64e add recipient rate limits by email from address or domain
Carl Byington <carl@five-ten-sg.com>
parents: 257
diff changeset
1262 //snprintf(text, sizeof(text), "found simple dns client name %s", priv.client_dns_name);
be939802c64e add recipient rate limits by email from address or domain
Carl Byington <carl@five-ten-sg.com>
parents: 257
diff changeset
1263 //my_syslog(text);
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1264 }
268
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1265 p = strstr(priv.client_name, "] (may be forged)");
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1266 if (p) {
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1267 priv.client_dns_forged = true;
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1268 if (priv.client_dns_name) {
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1269 char text[500];
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1270 snprintf(text, sizeof(text), "forged dns client name %s", priv.client_dns_name);
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1271 my_syslog(text);
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1272 }
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1273 }
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1274 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1275 if (spamc != spamc_empty) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1276 priv.assassin = new SpamAssassin(&priv, priv.ip, priv.helo, priv.mailaddr, priv.queueid);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1277 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1278 if (dccifd_port) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1279 priv.dccifd = new DccInterface(dccifd_port, &priv, priv.ip, priv.helo, priv.mailaddr);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1280 }
290
bb69fdc3acaa Unique ip connection limits only apply to authenticated connections
Carl Byington <carl@five-ten-sg.com>
parents: 286
diff changeset
1281 if (priv.authenticated) {
284
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1282 int hourly, daily;
290
bb69fdc3acaa Unique ip connection limits only apply to authenticated connections
Carl Byington <carl@five-ten-sg.com>
parents: 286
diff changeset
1283 add_auth_address(priv.authenticated, hourly, daily, priv.ip);
bb69fdc3acaa Unique ip connection limits only apply to authenticated connections
Carl Byington <carl@five-ten-sg.com>
parents: 286
diff changeset
1284 int h_limit = dc.default_context->find_address_limit(priv.authenticated);
284
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1285 int d_limit = dc.default_context->get_daily_address_multiple() * h_limit;
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1286 if (debug_syslog > 1) {
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1287 char msg[maxlen];
290
bb69fdc3acaa Unique ip connection limits only apply to authenticated connections
Carl Byington <carl@five-ten-sg.com>
parents: 286
diff changeset
1288 snprintf(msg, sizeof(msg), "connect for %s (%d %d addresses, %d %d limits)", priv.authenticated, hourly, daily, h_limit, d_limit);
284
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1289 my_syslog(&priv, msg);
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1290 }
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1291 if ((hourly > h_limit) || (daily > d_limit)){
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1292 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"unique connection ip address limit exceeded");
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1293 return SMFIS_REJECT;
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1294 }
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1295 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1296 return SMFIS_CONTINUE;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1297 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1298
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1299 sfsistat mlfi_envrcpt(SMFICTX *ctx, char **rcpt)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1300 {
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1301 DNSBLP rejectlist = NULL; // list that caused the reject
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1302 mlfiPriv &priv = *MLFIPRIV;
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1303 CONFIG &dc = *priv.pc;
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1304 const char *rcptaddr = rcpt[0];
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1305 const char *loto = to_lower_string(rcptaddr);
342
6d27b4f45799 allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents: 340
diff changeset
1306 bool self = (strcmp(loto, priv.mailaddr) == 0);
6d27b4f45799 allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents: 340
diff changeset
1307 const u_char *src = (const u_char *)&priv.ip;
6d27b4f45799 allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents: 340
diff changeset
1308 bool local_source = (src[0] == 127);
6d27b4f45799 allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents: 340
diff changeset
1309 bool from_root = (strncasecmp(priv.mailaddr, "root@", 5) == 0);
174
da0c41b9f672 don't whitelist addresses with embedded spaces
carl
parents: 173
diff changeset
1310
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1311 // some version of sendmail allowed rcpt to:<> and passed it thru to the milters
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1312 if (strcmp(loto, "<>") == 0) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1313 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"bogus recipient");
286
9bd5388bf469 Fix possible segfault in mlfi_connect, hostaddr might be null
Carl Byington <carl@five-ten-sg.com>
parents: 284
diff changeset
1314 free((void*)loto); // cppcheck static analysis found memory leak
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1315 return SMFIS_REJECT;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1316 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1317 // priv.mailaddr sending original message to loto
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1318 CONTEXT &con = *(dc.find_context(loto)->find_context(priv.mailaddr));
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1319 VERIFYP ver = con.find_verify(loto);
233
5c3e9bf45bb5 Add whitelisting by regex expression filtering.
Carl Byington <carl@five-ten-sg.com>
parents: 231
diff changeset
1320 const char *fromvalue = con.find_from(priv.mailaddr, true, priv.queueid);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1321 // tell spam assassin and dccifd about this recipient
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1322 if (priv.assassin) priv.assassin->mlfi_envrcpt(ctx, loto);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1323 if (priv.dccifd) priv.dccifd->mlfi_envrcpt(ctx, loto, con.get_grey() && !priv.authenticated);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1324 // loto sending a reply back to priv.mailaddr
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1325 CONTEXT &con2 = *(dc.find_context(priv.mailaddr)->find_context(loto));
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1326 const char *replyvalue = con2.find_from(loto);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1327 if (debug_syslog > 1) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1328 char buf[maxlen];
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1329 char buf2[maxlen];
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1330 char msg[maxlen];
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1331 snprintf(msg, sizeof(msg), "from <%s> to <%s> using context %s state %s reply context %s state %s", priv.mailaddr, loto, con.get_full_name(buf,maxlen), fromvalue, con2.get_full_name(buf2,maxlen), replyvalue);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1332 my_syslog(&priv, msg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1333 }
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1334 free((void*)loto);
340
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1335 status st = oksofar;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1336 if (replyvalue == token_black) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1337 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient can not reply due to blacklisting");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1338 return SMFIS_REJECT;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1339 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1340 if (priv.authenticated) {
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1341 int hourly, daily;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1342 incr_rcpt_count(priv.authenticated, hourly, daily);
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1343 int h_limit = dc.default_context->find_rate_limit(priv.authenticated);
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1344 int d_limit = dc.default_context->get_daily_rate_multiple() * h_limit;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1345 if (debug_syslog > 1) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1346 char msg[maxlen];
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1347 snprintf(msg, sizeof(msg), "authenticated id %s (%d %d recipients, %d %d limits)", priv.authenticated, hourly, daily, h_limit, d_limit);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1348 my_syslog(&priv, msg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1349 }
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1350 if ((hourly > h_limit) || (daily > d_limit)){
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1351 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient rate limit exceeded");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1352 return SMFIS_REJECT;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1353 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1354 st = white;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1355 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1356 else if (fromvalue == token_black) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1357 st = black;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1358 }
342
6d27b4f45799 allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents: 340
diff changeset
1359 else if ((fromvalue == token_white) && (local_source || from_root)) {
6d27b4f45799 allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents: 340
diff changeset
1360 st = white;
6d27b4f45799 allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents: 340
diff changeset
1361 }
216
784030ac71f1 Never whitelist self addressed mail. Changes for Fedora 10 and const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 214
diff changeset
1362 else if ((fromvalue == token_white) && !self) {
330
b5b93a7e1e6d ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents: 329
diff changeset
1363 // whitelisting based on envelope from value, but ignore it if
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1364 // we have a dkim requirement for the original domain
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1365 const char *domain = strchr(priv.origaddr, '@');
330
b5b93a7e1e6d ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents: 329
diff changeset
1366 if (domain) {
338
f375a67ee516 set st in all paths; missing +1 to avoid lookup starting with @
Carl Byington <carl@five-ten-sg.com>
parents: 337
diff changeset
1367 DKIMP dk = con.find_dkim_from(domain+1);
330
b5b93a7e1e6d ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents: 329
diff changeset
1368 if (dk && (dk->action == token_require_signed)) {
b5b93a7e1e6d ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents: 329
diff changeset
1369 my_syslog(&priv, "dkim require_signed overrides envelope from whitelist");
338
f375a67ee516 set st in all paths; missing +1 to avoid lookup starting with @
Carl Byington <carl@five-ten-sg.com>
parents: 337
diff changeset
1370 st = oksofar;
330
b5b93a7e1e6d ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents: 329
diff changeset
1371 }
b5b93a7e1e6d ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents: 329
diff changeset
1372 else st = white;
b5b93a7e1e6d ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents: 329
diff changeset
1373 }
b5b93a7e1e6d ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents: 329
diff changeset
1374 else st = white; // might be <>, envelope from has no @
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1375 }
340
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1376
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1377 if (st == oksofar) {
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1378 // check the dns based lists, whitelist first
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1379 DNSWLP acceptlist = NULL; // list that caused the whitelisting
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1380 if (check_dnswl(priv, con.get_dnswl_list(), acceptlist)) {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1381 st = white;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1382 if (debug_syslog > 1) {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1383 char msg[maxlen];
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1384 snprintf(msg, sizeof(msg), "whitelisted by %s", acceptlist->name);
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1385 my_syslog(&priv, msg);
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1386 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1387 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1388 else if (check_dnsbl(priv, con.get_dnsbl_list(), rejectlist)) {
340
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1389 // reject the recipient based on some dnsbl
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1390 char adr[sizeof "255.255.255.255 "];
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1391 adr[0] = '\0';
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1392 inet_ntop(AF_INET, (const u_char *)&priv.ip, adr, sizeof(adr));
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1393 char buf[maxlen];
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1394 snprintf(buf, sizeof(buf), rejectlist->message, adr, adr);
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1395 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1396 return SMFIS_REJECT;
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1397 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1398 }
340
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1399
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1400 if (st == oksofar) {
268
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1401 // check forged rdns
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1402 if (con.get_requirerdns() && (!priv.client_dns_name || priv.client_dns_forged)) {
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1403 // reject the recipient based on forged reverse dns
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1404 char buf[maxlen];
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1405 snprintf(buf, sizeof(buf), "%s is not acceptable", priv.client_name);
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1406 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1407 return SMFIS_REJECT;
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1408 }
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1409 // check generic rdns
301
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1410 if (priv.client_dns_name) {
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1411 const char *msg = con.generic_match(priv.client_dns_name);
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1412 if (msg) {
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1413 // reject the recipient based on generic reverse dns
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1414 char buf[maxlen];
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1415 snprintf(buf, sizeof(buf), msg, priv.client_name);
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1416 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1417 return SMFIS_REJECT;
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1418 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1419 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1420 }
340
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1421
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1422 if (st == black) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1423 // reject the recipient based on blacklisting either from or to
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1424 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"no such user");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1425 return SMFIS_REJECT;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1426 }
340
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1427
203
92a5c866bdfa Verify from/to pairs even if they might be explicitly whitelisted.
Carl Byington <carl@five-ten-sg.com>
parents: 194
diff changeset
1428 if (ver) {
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1429 // try to verify the original from/to pair of addresses even if it might be explicitly whitelisted
346
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1430 const char *loto = to_lower_string(rcptaddr, false);
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1431 bool rc = ver->ok(priv.queueid, priv.origaddr, loto);
346
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1432 free((void*)loto);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1433 if (!rc) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1434 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"no such user");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1435 return SMFIS_REJECT;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1436 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1437 }
340
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1438
263
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1439 if (!priv.authenticated && dc.default_context->is_unauthenticated_limited(priv.mailaddr)) {
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1440 int hourly, daily;
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1441 incr_rcpt_count(priv.mailaddr, hourly, daily);
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1442 int h_limit = dc.default_context->find_rate_limit(priv.mailaddr);
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1443 int d_limit = dc.default_context->get_daily_rate_multiple() * h_limit;
263
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1444 if (debug_syslog > 1) {
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1445 char msg[maxlen];
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1446 snprintf(msg, sizeof(msg), "unauthenticated address %s (%d %d recipients, %d %d limits)", priv.mailaddr, hourly, daily, h_limit, d_limit);
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1447 my_syslog(&priv, msg);
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1448 }
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1449 if ((hourly > h_limit) || (daily > d_limit)){
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1450 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient rate limit exceeded");
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1451 return SMFIS_REJECT;
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1452 }
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1453 }
340
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1454
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1455 // we will accept the recipient, but add an auto-whitelist entry
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1456 // if needed to ensure we can accept replies
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1457 loto = to_lower_string(rcptaddr);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1458 WHITELISTERP w = con2.find_autowhite(loto, priv.mailaddr);
291
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 290
diff changeset
1459
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1460 // check if local part is too big
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1461 const int max_local_size = 30;
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1462 const char *p = strchr(loto, '@');
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1463 int len = (p) ? p-loto : max_local_size;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1464 if (len >= max_local_size) w = NULL; // too big, pretend we don't have a whitelister
291
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 290
diff changeset
1465
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 290
diff changeset
1466 // ignore auto whitelisting from outgoing mail from localhost
342
6d27b4f45799 allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents: 340
diff changeset
1467 if (local_source) w = NULL; // outgoing mail from localhost, pretend we don't have a whitelister
291
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 290
diff changeset
1468
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1469 // record it if we have a whitelister
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1470 if (w) {
231
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1471 DELAYWHITEP dwp = new DELAYWHITE(loto, w, &con2); // dwp takes ownership of the string
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1472 priv.delayer.push_back(dwp);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1473 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1474 else {
231
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1475 free((void*)loto); // or we free it here
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1476 }
179
8b86a894514d embedded dcc filtering
carl
parents: 178
diff changeset
1477
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1478 // accept the recipient
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1479 if (!con.get_content_filtering()) st = white;
179
8b86a894514d embedded dcc filtering
carl
parents: 178
diff changeset
1480
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1481 if (st == oksofar) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1482 // remember first content filtering context
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1483 if (con.get_content_filtering()) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1484 if (!priv.content_context) priv.content_context = &con;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1485 else if (con.get_require() && (priv.content_context != &con)) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1486 smfi_setreply(ctx, (char*)"452", (char*)"4.2.1", (char*)"incompatible filtering contexts");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1487 return SMFIS_TEMPFAIL;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1488 }
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1489 priv.need_content_filter(con);
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1490 char bu[maxlen];
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1491 bool uri = false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1492 // content filtering implies also checking helo name on uribl (if enabled)
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1493 if (priv.helo_uribl) {
238
7b818a4e21a4 produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents: 236
diff changeset
1494 snprintf(bu, sizeof(bu), "(helo %s)", priv.host_uribl);
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1495 uri = true;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1496 }
268
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1497 // content filtering implies also checking client reverse dns name on uribl (if enabled)
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@f