dnsbl: src/dnsbl.cpp annotate

annotate src/dnsbl.cpp @ 34:fc7f8f3ea90f

look for NS records on the SBL also

author	carl
date	Sun, 30 May 2004 16:17:44 -0700
parents	4dfdf33f1db0
children	d718dca81bc9

rev	line source
0 96a9758165cd Initial revision carl parents: diff changeset	1 /*
96a9758165cd Initial revision carl parents: diff changeset	2
96a9758165cd Initial revision carl parents: diff changeset	3 Copyright (c) 2004 Carl Byington - 510 Software Group, released under
96a9758165cd Initial revision carl parents: diff changeset	4 the GPL version 2 or any later version at your choice available at
96a9758165cd Initial revision carl parents: diff changeset	5 http://www.fsf.org/licenses/gpl.txt
96a9758165cd Initial revision carl parents: diff changeset	6
96a9758165cd Initial revision carl parents: diff changeset	7 Based on a sample milter Copyright (c) 2000-2003 Sendmail, Inc. and its
96a9758165cd Initial revision carl parents: diff changeset	8 suppliers. Inspired by the DCC by Rhyolite Software
96a9758165cd Initial revision carl parents: diff changeset	9
96a9758165cd Initial revision carl parents: diff changeset	10 -p port The port through which the MTA will connect to this milter.
96a9758165cd Initial revision carl parents: diff changeset	11 -t sec The timeout value.
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	12 -c Check the config, and print a copy to stdout. Don't start the
4 15a7e942adec updates to use dcc conf files carl parents: 3 diff changeset	13 milter or do anything with the socket.
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	14 -d Add debug syslog entries
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	15
0 96a9758165cd Initial revision carl parents: diff changeset	16
13 2752e512fd32 finish documentation carl parents: 12 diff changeset	17 TODO:
2752e512fd32 finish documentation carl parents: 12 diff changeset	18 1) Add config for max_recipients for each mail domain. Recipients in
2752e512fd32 finish documentation carl parents: 12 diff changeset	19 excess of that limit will be rejected, and the entire data will be
2752e512fd32 finish documentation carl parents: 12 diff changeset	20 rejected if it is sent.
2752e512fd32 finish documentation carl parents: 12 diff changeset	21
2752e512fd32 finish documentation carl parents: 12 diff changeset	22 2) Add config for poison addresses. If any recipient is poison, all
2752e512fd32 finish documentation carl parents: 12 diff changeset	23 recipients are rejected even if they would be whitelisted, and the
2752e512fd32 finish documentation carl parents: 12 diff changeset	24 data is rejected if sent.
2752e512fd32 finish documentation carl parents: 12 diff changeset	25
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	26 3) Add option to only allow one recipient if the return path is empty.
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	27
0 96a9758165cd Initial revision carl parents: diff changeset	28 */
96a9758165cd Initial revision carl parents: diff changeset	29
96a9758165cd Initial revision carl parents: diff changeset	30
96a9758165cd Initial revision carl parents: diff changeset	31 // from sendmail sample
96a9758165cd Initial revision carl parents: diff changeset	32 #include <sys/types.h>
96a9758165cd Initial revision carl parents: diff changeset	33 #include <sys/stat.h>
96a9758165cd Initial revision carl parents: diff changeset	34 #include <errno.h>
96a9758165cd Initial revision carl parents: diff changeset	35 #include <sysexits.h>
96a9758165cd Initial revision carl parents: diff changeset	36 #include <unistd.h>
96a9758165cd Initial revision carl parents: diff changeset	37
96a9758165cd Initial revision carl parents: diff changeset	38 // needed for socket io
96a9758165cd Initial revision carl parents: diff changeset	39 #include <sys/ioctl.h>
96a9758165cd Initial revision carl parents: diff changeset	40 #include <net/if.h>
96a9758165cd Initial revision carl parents: diff changeset	41 #include <arpa/inet.h>
96a9758165cd Initial revision carl parents: diff changeset	42 #include <netinet/in.h>
96a9758165cd Initial revision carl parents: diff changeset	43 #include <netinet/tcp.h>
96a9758165cd Initial revision carl parents: diff changeset	44 #include <netdb.h>
96a9758165cd Initial revision carl parents: diff changeset	45 #include <sys/socket.h>
96a9758165cd Initial revision carl parents: diff changeset	46
96a9758165cd Initial revision carl parents: diff changeset	47 // needed for thread
96a9758165cd Initial revision carl parents: diff changeset	48 #include <pthread.h>
96a9758165cd Initial revision carl parents: diff changeset	49
96a9758165cd Initial revision carl parents: diff changeset	50 // needed for std c++ collections
96a9758165cd Initial revision carl parents: diff changeset	51 #include <set>
96a9758165cd Initial revision carl parents: diff changeset	52 #include <map>
96a9758165cd Initial revision carl parents: diff changeset	53 #include <list>
96a9758165cd Initial revision carl parents: diff changeset	54
96a9758165cd Initial revision carl parents: diff changeset	55 // for the dns resolver
96a9758165cd Initial revision carl parents: diff changeset	56 #include <netinet/in.h>
96a9758165cd Initial revision carl parents: diff changeset	57 #include <arpa/nameser.h>
96a9758165cd Initial revision carl parents: diff changeset	58 #include <resolv.h>
96a9758165cd Initial revision carl parents: diff changeset	59
96a9758165cd Initial revision carl parents: diff changeset	60 // misc stuff needed here
96a9758165cd Initial revision carl parents: diff changeset	61 #include <ctype.h>
96a9758165cd Initial revision carl parents: diff changeset	62 #include <fstream>
96a9758165cd Initial revision carl parents: diff changeset	63 #include <syslog.h>
96a9758165cd Initial revision carl parents: diff changeset	64
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	65 static char* dnsbl_version="$Id$";
0 96a9758165cd Initial revision carl parents: diff changeset	66
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	67 #define DEFAULT "default"
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	68 #define WHITE "white"
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	69 #define BLACK "black"
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	70 #define OK "ok"
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	71 #define MANY "many"
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	72
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	73 enum status {oksofar, // not rejected yet
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	74 white, // whitelisted by envelope from
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	75 black, // blacklisted by envelope from or to
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	76 reject, // rejected by a dns list
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	77 reject_tag, // too many bad html tags
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	78 reject_host}; // too many hosts/urls in body
1 bd0b1a153f67 no message carl parents: 0 diff changeset	79
0 96a9758165cd Initial revision carl parents: diff changeset	80 using namespace std;
96a9758165cd Initial revision carl parents: diff changeset	81
96a9758165cd Initial revision carl parents: diff changeset	82 extern "C" {
96a9758165cd Initial revision carl parents: diff changeset	83 #include "libmilter/mfapi.h"
96a9758165cd Initial revision carl parents: diff changeset	84 sfsistat mlfi_connect(SMFICTX ctx, char hostname, _SOCK_ADDR *hostaddr);
96a9758165cd Initial revision carl parents: diff changeset	85 sfsistat mlfi_envfrom(SMFICTX ctx, char *argv);
96a9758165cd Initial revision carl parents: diff changeset	86 sfsistat mlfi_envrcpt(SMFICTX ctx, char *argv);
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	87 sfsistat mlfi_body(SMFICTX ctx, u_char data, size_t len);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	88 sfsistat mlfi_eom(SMFICTX *ctx);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	89 sfsistat mlfi_abort(SMFICTX *ctx);
0 96a9758165cd Initial revision carl parents: diff changeset	90 sfsistat mlfi_close(SMFICTX *ctx);
96a9758165cd Initial revision carl parents: diff changeset	91 }
96a9758165cd Initial revision carl parents: diff changeset	92
96a9758165cd Initial revision carl parents: diff changeset	93 struct ltstr {
96a9758165cd Initial revision carl parents: diff changeset	94 bool operator()(char* s1, char* s2) const {
96a9758165cd Initial revision carl parents: diff changeset	95 return strcmp(s1, s2) < 0;
96a9758165cd Initial revision carl parents: diff changeset	96 }
96a9758165cd Initial revision carl parents: diff changeset	97 };
96a9758165cd Initial revision carl parents: diff changeset	98
96a9758165cd Initial revision carl parents: diff changeset	99 struct DNSBL {
96a9758165cd Initial revision carl parents: diff changeset	100 char *suffix; // blacklist suffix like blackholes.five-ten-sg.com
96a9758165cd Initial revision carl parents: diff changeset	101 char *message; // error message with one or two %s operators for the ip address replacement
96a9758165cd Initial revision carl parents: diff changeset	102 DNSBL(char s, char m);
96a9758165cd Initial revision carl parents: diff changeset	103 };
96a9758165cd Initial revision carl parents: diff changeset	104 DNSBL::DNSBL(char s, char m) {
96a9758165cd Initial revision carl parents: diff changeset	105 suffix = s;
96a9758165cd Initial revision carl parents: diff changeset	106 message = m;
96a9758165cd Initial revision carl parents: diff changeset	107 }
96a9758165cd Initial revision carl parents: diff changeset	108
96a9758165cd Initial revision carl parents: diff changeset	109 typedef DNSBL * DNSBLP;
96a9758165cd Initial revision carl parents: diff changeset	110 typedef list<DNSBLP> DNSBLL;
96a9758165cd Initial revision carl parents: diff changeset	111 typedef DNSBLL * DNSBLLP;
96a9758165cd Initial revision carl parents: diff changeset	112 typedef map<char , char , ltstr> string_map;
96a9758165cd Initial revision carl parents: diff changeset	113 typedef map<char , string_map , ltstr> from_map;
96a9758165cd Initial revision carl parents: diff changeset	114 typedef map<char *, DNSBLP, ltstr> dnsblp_map;
96a9758165cd Initial revision carl parents: diff changeset	115 typedef map<char *, DNSBLLP, ltstr> dnsbllp_map;
96a9758165cd Initial revision carl parents: diff changeset	116 typedef set<char *, ltstr> string_set;
96a9758165cd Initial revision carl parents: diff changeset	117 typedef list<char *> string_list;
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	118 typedef map<char *, int, ltstr> ns_map;
0 96a9758165cd Initial revision carl parents: diff changeset	119
96a9758165cd Initial revision carl parents: diff changeset	120 struct CONFIG {
96a9758165cd Initial revision carl parents: diff changeset	121 // the only mutable stuff once it has been loaded from the config file
96a9758165cd Initial revision carl parents: diff changeset	122 int reference_count; // protected by the global config_mutex
96a9758165cd Initial revision carl parents: diff changeset	123 // all the rest is constant after loading from the config file
29 4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	124 int generation;
0 96a9758165cd Initial revision carl parents: diff changeset	125 time_t load_time;
96a9758165cd Initial revision carl parents: diff changeset	126 string_list config_files;
96a9758165cd Initial revision carl parents: diff changeset	127 dnsblp_map dnsbls;
96a9758165cd Initial revision carl parents: diff changeset	128 dnsbllp_map dnsblls;
96a9758165cd Initial revision carl parents: diff changeset	129 from_map env_from;
96a9758165cd Initial revision carl parents: diff changeset	130 string_map env_to_dnsbll; // map recipient to a named dnsbll
96a9758165cd Initial revision carl parents: diff changeset	131 string_map env_to_chkfrom; // map recipient to a named from map
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	132 char * content_suffix; // for sbl url body filtering
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	133 char * content_message; // ""
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	134 char * host_limit_message; // error message for excessive host names
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	135 int host_limit; // limit on host names
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	136 char * tag_limit_message; // error message for excessive bad html tags
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	137 int tag_limit; // limit on bad html tags
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	138 string_set html_tags; // set of valid html tags
28 33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	139 string_set tlds; // set of valid tld components
0 96a9758165cd Initial revision carl parents: diff changeset	140 CONFIG();
96a9758165cd Initial revision carl parents: diff changeset	141 ~CONFIG();
96a9758165cd Initial revision carl parents: diff changeset	142 };
96a9758165cd Initial revision carl parents: diff changeset	143 CONFIG::CONFIG() {
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	144 reference_count = 0;
29 4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	145 generation = 0;
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	146 load_time = 0;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	147 content_suffix = NULL;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	148 content_message = NULL;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	149 host_limit_message = NULL;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	150 host_limit = 0;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	151 tag_limit_message = NULL;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	152 tag_limit = 0;
0 96a9758165cd Initial revision carl parents: diff changeset	153 }
96a9758165cd Initial revision carl parents: diff changeset	154 CONFIG::~CONFIG() {
96a9758165cd Initial revision carl parents: diff changeset	155 for (dnsblp_map::iterator i=dnsbls.begin(); i!=dnsbls.end(); i++) {
96a9758165cd Initial revision carl parents: diff changeset	156 DNSBLP d = (*i).second;
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	157 // delete the underlying DNSBL objects.
0 96a9758165cd Initial revision carl parents: diff changeset	158 delete d;
96a9758165cd Initial revision carl parents: diff changeset	159 }
96a9758165cd Initial revision carl parents: diff changeset	160 for (dnsbllp_map::iterator i=dnsblls.begin(); i!=dnsblls.end(); i++) {
96a9758165cd Initial revision carl parents: diff changeset	161 DNSBLLP d = (*i).second;
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	162 // *d is a list of pointers to DNSBL objects, but
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	163 // the underlying objects have already been deleted above.
0 96a9758165cd Initial revision carl parents: diff changeset	164 delete d;
96a9758165cd Initial revision carl parents: diff changeset	165 }
96a9758165cd Initial revision carl parents: diff changeset	166 for (from_map::iterator i=env_from.begin(); i!=env_from.end(); i++) {
96a9758165cd Initial revision carl parents: diff changeset	167 string_map d = (i).second;
96a9758165cd Initial revision carl parents: diff changeset	168 delete d;
96a9758165cd Initial revision carl parents: diff changeset	169 }
96a9758165cd Initial revision carl parents: diff changeset	170 }
96a9758165cd Initial revision carl parents: diff changeset	171
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	172 static bool debug_syslog = false;
18 041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	173 static bool loader_run = true; // used to stop the config loader thread
0 96a9758165cd Initial revision carl parents: diff changeset	174 static string_set all_strings; // owns all the strings, only modified by the config loader thread
96a9758165cd Initial revision carl parents: diff changeset	175 static CONFIG * config = NULL; // protected by the config_mutex
29 4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	176 static int generation = 0; // protected by the config_mutex
0 96a9758165cd Initial revision carl parents: diff changeset	177
96a9758165cd Initial revision carl parents: diff changeset	178 static pthread_mutex_t config_mutex;
96a9758165cd Initial revision carl parents: diff changeset	179 static pthread_mutex_t syslog_mutex;
96a9758165cd Initial revision carl parents: diff changeset	180 static pthread_mutex_t resolve_mutex;
96a9758165cd Initial revision carl parents: diff changeset	181
96a9758165cd Initial revision carl parents: diff changeset	182
96a9758165cd Initial revision carl parents: diff changeset	183 ////////////////////////////////////////////////
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	184 // helper to discard the strings and objects held by an ns_map
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	185 //
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	186 static void discard(ns_map &s);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	187 static void discard(ns_map &s) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	188 for (ns_map::iterator i=s.begin(); i!=s.end(); i++) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	189 char x = (i).first;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	190 free(x);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	191 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	192 s.clear();
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	193 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	194
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	195 ////////////////////////////////////////////////
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	196 // helper to register a string in an ns_map
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	197 //
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	198 static void register_string(ns_map &s, char *name);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	199 static void register_string(ns_map &s, char *name) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	200 ns_map::iterator i = s.find(name);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	201 if (i != s.end()) return;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	202 char *x = strdup(name);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	203 s[x] = 0;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	204 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	205
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	206 ////////////////////////////////////////////////
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	207 // helper to discard the strings held by a string_set
0 96a9758165cd Initial revision carl parents: diff changeset	208 //
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	209 static void discard(string_set &s);
8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	210 static void discard(string_set &s) {
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	211 for (string_set::iterator i=s.begin(); i!=s.end(); i++) {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	212 free(*i);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	213 }
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	214 s.clear();
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	215 }
0 96a9758165cd Initial revision carl parents: diff changeset	216
12 6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	217 ////////////////////////////////////////////////
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	218 // helper to register a string in a string set
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	219 //
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	220 static char* register_string(string_set &s, char *name);
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	221 static char* register_string(string_set &s, char *name) {
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	222 string_set::iterator i = s.find(name);
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	223 if (i != s.end()) return *i;
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	224 char *x = strdup(name);
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	225 s.insert(x);
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	226 return x;
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	227 }
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	228
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	229 ////////////////////////////////////////////////
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	230 // syslog a message
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	231 //
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	232 static void my_syslog(char *text);
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	233 static void my_syslog(char *text) {
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	234 pthread_mutex_lock(&syslog_mutex);
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	235 openlog("dnsbl", LOG_PID, LOG_MAIL);
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	236 syslog(LOG_NOTICE, "%s", text);
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	237 closelog();
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	238 pthread_mutex_unlock(&syslog_mutex);
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	239 }
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	240
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	241
12 6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	242 // include the content scanner
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	243 #include "scanner.cpp"
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	244
6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	245
0 96a9758165cd Initial revision carl parents: diff changeset	246 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	247 // mail filter private data, held for us by sendmail
96a9758165cd Initial revision carl parents: diff changeset	248 //
96a9758165cd Initial revision carl parents: diff changeset	249 struct mlfiPriv
96a9758165cd Initial revision carl parents: diff changeset	250 {
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	251 // connection specific data
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	252 CONFIG *pc; // global context with our maps
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	253 int ip; // ip4 address of the smtp client
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	254 map<DNSBLP, status> checked; // status from those lists
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	255 // message specific data
0 96a9758165cd Initial revision carl parents: diff changeset	256 char *mailaddr; // envelope from value
96a9758165cd Initial revision carl parents: diff changeset	257 bool authenticated; // client authenticated? if so, suppress all dnsbl checks
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	258 bool have_whites; // have at least one whitelisted recipient? need to accept content and remove all non-whitelisted recipients if it fails
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	259 bool only_whites; // every recipient is whitelisted?
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	260 string_set non_whites; // remember the non-whitelisted recipients so we can remove them if need be
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	261 recorder *memory; // memory for the content scanner
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	262 url_scanner *scanner; // object to handle body scanning
0 96a9758165cd Initial revision carl parents: diff changeset	263 mlfiPriv();
96a9758165cd Initial revision carl parents: diff changeset	264 ~mlfiPriv();
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	265 void reset(bool final = false); // for a new message
0 96a9758165cd Initial revision carl parents: diff changeset	266 };
96a9758165cd Initial revision carl parents: diff changeset	267 mlfiPriv::mlfiPriv() {
96a9758165cd Initial revision carl parents: diff changeset	268 pthread_mutex_lock(&config_mutex);
96a9758165cd Initial revision carl parents: diff changeset	269 pc = config;
96a9758165cd Initial revision carl parents: diff changeset	270 pc->reference_count++;
96a9758165cd Initial revision carl parents: diff changeset	271 pthread_mutex_unlock(&config_mutex);
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	272 ip = 0;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	273 mailaddr = NULL;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	274 authenticated = false;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	275 have_whites = false;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	276 only_whites = true;
28 33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	277 memory = new recorder(&pc->html_tags, &pc->tlds);
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	278 scanner = new url_scanner(memory);
0 96a9758165cd Initial revision carl parents: diff changeset	279 }
96a9758165cd Initial revision carl parents: diff changeset	280 mlfiPriv::~mlfiPriv() {
96a9758165cd Initial revision carl parents: diff changeset	281 pthread_mutex_lock(&config_mutex);
96a9758165cd Initial revision carl parents: diff changeset	282 pc->reference_count--;
96a9758165cd Initial revision carl parents: diff changeset	283 pthread_mutex_unlock(&config_mutex);
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	284 reset(true);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	285 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	286 void mlfiPriv::reset(bool final) {
0 96a9758165cd Initial revision carl parents: diff changeset	287 if (mailaddr) free(mailaddr);
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	288 discard(non_whites);
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	289 delete memory;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	290 delete scanner;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	291 if (!final) {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	292 mailaddr = NULL;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	293 authenticated = false;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	294 have_whites = false;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	295 only_whites = true;
28 33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	296 memory = new recorder(&pc->html_tags, &pc->tlds);
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	297 scanner = new url_scanner(memory);
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	298 }
0 96a9758165cd Initial revision carl parents: diff changeset	299 }
96a9758165cd Initial revision carl parents: diff changeset	300
96a9758165cd Initial revision carl parents: diff changeset	301 #define MLFIPRIV ((struct mlfiPriv *) smfi_getpriv(ctx))
96a9758165cd Initial revision carl parents: diff changeset	302
96a9758165cd Initial revision carl parents: diff changeset	303
96a9758165cd Initial revision carl parents: diff changeset	304 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	305 // register a global string
96a9758165cd Initial revision carl parents: diff changeset	306 //
96a9758165cd Initial revision carl parents: diff changeset	307 static char* register_string(char *name);
96a9758165cd Initial revision carl parents: diff changeset	308 static char* register_string(char *name) {
12 6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	309 return register_string(all_strings, name);
0 96a9758165cd Initial revision carl parents: diff changeset	310 }
96a9758165cd Initial revision carl parents: diff changeset	311
96a9758165cd Initial revision carl parents: diff changeset	312
96a9758165cd Initial revision carl parents: diff changeset	313 static char* next_token(char *delim);
96a9758165cd Initial revision carl parents: diff changeset	314 static char* next_token(char *delim) {
96a9758165cd Initial revision carl parents: diff changeset	315 char *name = strtok(NULL, delim);
96a9758165cd Initial revision carl parents: diff changeset	316 if (!name) return name;
96a9758165cd Initial revision carl parents: diff changeset	317 return register_string(name);
96a9758165cd Initial revision carl parents: diff changeset	318 }
96a9758165cd Initial revision carl parents: diff changeset	319
96a9758165cd Initial revision carl parents: diff changeset	320
96a9758165cd Initial revision carl parents: diff changeset	321 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	322 // lookup an email address in the env_from or env_to maps
96a9758165cd Initial revision carl parents: diff changeset	323 //
96a9758165cd Initial revision carl parents: diff changeset	324 static char* lookup1(char *email, string_map map);
96a9758165cd Initial revision carl parents: diff changeset	325 static char* lookup1(char *email, string_map map) {
96a9758165cd Initial revision carl parents: diff changeset	326 string_map::iterator i = map.find(email);
96a9758165cd Initial revision carl parents: diff changeset	327 if (i != map.end()) return (*i).second;
96a9758165cd Initial revision carl parents: diff changeset	328 char *x = strchr(email, '@');
96a9758165cd Initial revision carl parents: diff changeset	329 if (!x) return DEFAULT;
96a9758165cd Initial revision carl parents: diff changeset	330 x++;
96a9758165cd Initial revision carl parents: diff changeset	331 i = map.find(x);
96a9758165cd Initial revision carl parents: diff changeset	332 if (i != map.end()) return (*i).second;
96a9758165cd Initial revision carl parents: diff changeset	333 return DEFAULT;
96a9758165cd Initial revision carl parents: diff changeset	334 }
96a9758165cd Initial revision carl parents: diff changeset	335
96a9758165cd Initial revision carl parents: diff changeset	336
96a9758165cd Initial revision carl parents: diff changeset	337 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	338 // lookup an email address in the env_from or env_to maps
96a9758165cd Initial revision carl parents: diff changeset	339 // this email address is passed in from sendmail, and will
96a9758165cd Initial revision carl parents: diff changeset	340 // always be enclosed in <>. It may have mixed case, just
96a9758165cd Initial revision carl parents: diff changeset	341 // as the mail client sent it.
96a9758165cd Initial revision carl parents: diff changeset	342 //
96a9758165cd Initial revision carl parents: diff changeset	343 static char* lookup(char* email, string_map map);
96a9758165cd Initial revision carl parents: diff changeset	344 static char* lookup(char* email, string_map map) {
96a9758165cd Initial revision carl parents: diff changeset	345 int n = strlen(email)-2;
96a9758165cd Initial revision carl parents: diff changeset	346 if (n < 1) return DEFAULT; // malformed
96a9758165cd Initial revision carl parents: diff changeset	347 char *key = strdup(email+1);
96a9758165cd Initial revision carl parents: diff changeset	348 key[n] = '\0';
96a9758165cd Initial revision carl parents: diff changeset	349 for (int i=0; i<n; i++) key[i] = tolower(key[i]);
96a9758165cd Initial revision carl parents: diff changeset	350 char *rc = lookup1(key, map);
96a9758165cd Initial revision carl parents: diff changeset	351 free(key);
96a9758165cd Initial revision carl parents: diff changeset	352 return rc;
96a9758165cd Initial revision carl parents: diff changeset	353 }
96a9758165cd Initial revision carl parents: diff changeset	354
96a9758165cd Initial revision carl parents: diff changeset	355
96a9758165cd Initial revision carl parents: diff changeset	356 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	357 // find the dnsbl with a specific name
96a9758165cd Initial revision carl parents: diff changeset	358 //
96a9758165cd Initial revision carl parents: diff changeset	359 static DNSBLP find_dnsbl(CONFIG &dc, char *name);
96a9758165cd Initial revision carl parents: diff changeset	360 static DNSBLP find_dnsbl(CONFIG &dc, char *name) {
96a9758165cd Initial revision carl parents: diff changeset	361 dnsblp_map::iterator i = dc.dnsbls.find(name);
96a9758165cd Initial revision carl parents: diff changeset	362 if (i == dc.dnsbls.end()) return NULL;
96a9758165cd Initial revision carl parents: diff changeset	363 return (*i).second;
96a9758165cd Initial revision carl parents: diff changeset	364 }
96a9758165cd Initial revision carl parents: diff changeset	365
96a9758165cd Initial revision carl parents: diff changeset	366
96a9758165cd Initial revision carl parents: diff changeset	367 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	368 // find the dnsbll with a specific name
96a9758165cd Initial revision carl parents: diff changeset	369 //
96a9758165cd Initial revision carl parents: diff changeset	370 static DNSBLLP find_dnsbll(CONFIG &dc, char *name);
96a9758165cd Initial revision carl parents: diff changeset	371 static DNSBLLP find_dnsbll(CONFIG &dc, char *name) {
96a9758165cd Initial revision carl parents: diff changeset	372 dnsbllp_map::iterator i = dc.dnsblls.find(name);
96a9758165cd Initial revision carl parents: diff changeset	373 if (i == dc.dnsblls.end()) return NULL;
96a9758165cd Initial revision carl parents: diff changeset	374 return (*i).second;
96a9758165cd Initial revision carl parents: diff changeset	375 }
96a9758165cd Initial revision carl parents: diff changeset	376
96a9758165cd Initial revision carl parents: diff changeset	377
96a9758165cd Initial revision carl parents: diff changeset	378 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	379 // find the envfrom map with a specific name
96a9758165cd Initial revision carl parents: diff changeset	380 //
96a9758165cd Initial revision carl parents: diff changeset	381 static string_map* find_from_map(CONFIG &dc, char *name);
96a9758165cd Initial revision carl parents: diff changeset	382 static string_map* find_from_map(CONFIG &dc, char *name) {
96a9758165cd Initial revision carl parents: diff changeset	383 from_map::iterator i = dc.env_from.find(name);
96a9758165cd Initial revision carl parents: diff changeset	384 if (i == dc.env_from.end()) return NULL;
96a9758165cd Initial revision carl parents: diff changeset	385 return (*i).second;
96a9758165cd Initial revision carl parents: diff changeset	386 }
96a9758165cd Initial revision carl parents: diff changeset	387
96a9758165cd Initial revision carl parents: diff changeset	388
96a9758165cd Initial revision carl parents: diff changeset	389 static string_map& really_find_from_map(CONFIG &dc, char *name);
96a9758165cd Initial revision carl parents: diff changeset	390 static string_map& really_find_from_map(CONFIG &dc, char *name) {
96a9758165cd Initial revision carl parents: diff changeset	391 string_map *sm = find_from_map(dc, name);
96a9758165cd Initial revision carl parents: diff changeset	392 if (!sm) {
96a9758165cd Initial revision carl parents: diff changeset	393 sm = new string_map;
96a9758165cd Initial revision carl parents: diff changeset	394 dc.env_from[name] = sm;
96a9758165cd Initial revision carl parents: diff changeset	395 }
96a9758165cd Initial revision carl parents: diff changeset	396 return *sm;
96a9758165cd Initial revision carl parents: diff changeset	397 }
96a9758165cd Initial revision carl parents: diff changeset	398
96a9758165cd Initial revision carl parents: diff changeset	399
96a9758165cd Initial revision carl parents: diff changeset	400 ////////////////////////////////////////////////
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	401 //
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	402 // ask a dns question and get an A record answer - we don't try
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	403 // very hard, just using the default resolver retry settings.
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	404 // If we cannot get an answer, we just accept the mail. The
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	405 // caller must ensure thread safety.
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	406 //
0 96a9758165cd Initial revision carl parents: diff changeset	407 //
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	408 static int dns_interface(char question, bool maybe_ip, ns_map nameservers);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	409 static int dns_interface(char question, bool maybe_ip, ns_map nameservers) {
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	410 #ifdef NS_PACKETSZ
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	411 u_char answer[NS_PACKETSZ];
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	412 int length = res_search(question, ns_c_in, ns_t_a, answer, sizeof(answer));
23 06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	413 if (length >= 0) { // no error yet
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	414 // parse the answer
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	415 ns_msg handle;
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	416 ns_rr rr;
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	417 if (ns_initparse(answer, length, &handle) == 0) {
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	418 // look for ns names
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	419 if (nameservers) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	420 ns_map &ns = *nameservers;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	421 int rrnum = 0;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	422 while (ns_parserr(&handle, ns_s_ns, rrnum++, &rr) == 0) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	423 if (ns_rr_type(rr) == ns_t_ns) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	424 char nam[NS_MAXDNAME+1];
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	425 char *n = nam;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	426 const u_char *p = ns_rr_rdata(rr);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	427 while (((n-nam) < NS_MAXDNAME) && ((p-answer) < length) && *p) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	428 size_t s = *(p++);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	429 if (s > 191) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	430 // compression pointer
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	431 s = (s-192)256 + (p++);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	432 if (s >= length) break; // pointer outside bounds of answer
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	433 p = answer + s;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	434 s = *(p++);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	435 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	436 if (s > 0) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	437 if ((n-nam) >= (NS_MAXDNAME-s)) break; // destination would overflow name buffer
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	438 if ((p-answer) >= (length-s)) break; // source outside bounds of answer
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	439 memcpy(n, p, s);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	440 n += s;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	441 p += s;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	442 *(n++) = '.';
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	443 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	444 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	445 *(--n) = '\0'; // remove trailing .
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	446 register_string(ns, nam); // ns host to lookup later
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	447 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	448 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	449 rrnum = 0;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	450 while (ns_parserr(&handle, ns_s_ar, rrnum++, &rr) == 0) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	451 if (ns_rr_type(rr) == ns_t_a) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	452 char* nam = (char*)ns_rr_name(rr);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	453 ns_map::iterator i = ns.find(nam);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	454 if (i != ns.end()) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	455 // we want this ip address
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	456 int address;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	457 memcpy(&address, ns_rr_rdata(rr), sizeof(address));
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	458 ns[nam] = address;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	459 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	460 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	461 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	462 }
23 06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	463 int rrnum = 0;
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	464 while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) {
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	465 if (ns_rr_type(rr) == ns_t_a) {
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	466 int address;
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	467 memcpy(&address, ns_rr_rdata(rr), sizeof(address));
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	468 return address;
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	469 }
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	470 }
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	471 }
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	472 }
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	473 if (maybe_ip) {
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	474 // might be a bare ip address
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	475 in_addr ip;
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	476 if (inet_aton(question, &ip)) {
06de5ab6a232 add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames carl parents: 22 diff changeset	477 return ip.s_addr;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	478 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	479 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	480 return 0;
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	481 #else
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	482 struct hostent *host = gethostbyname(question);
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	483 if (!host) return 0;
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	484 if (host->h_addrtype != AF_INET) return 0;
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	485 int address;
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	486 memcpy(&address, host->h_addr, sizeof(address));
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	487 return address;
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	488 #endif
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	489 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	490
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	491 static int protected_dns_interface(char question, bool maybe_ip, ns_map nameservers);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	492 static int protected_dns_interface(char question, bool maybe_ip, ns_map nameservers) {
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	493 int ans;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	494 pthread_mutex_lock(&resolve_mutex);
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	495 ans = dns_interface(question, maybe_ip, nameservers);
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	496 pthread_mutex_unlock(&resolve_mutex);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	497 return ans;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	498
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	499 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	500
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	501 ////////////////////////////////////////////////
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	502 // check a single dnsbl
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	503 //
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	504 static status check_single(int ip, char *suffix);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	505 static status check_single(int ip, char *suffix) {
0 96a9758165cd Initial revision carl parents: diff changeset	506 // make a dns question
96a9758165cd Initial revision carl parents: diff changeset	507 const u_char src = (const u_char )&ip;
96a9758165cd Initial revision carl parents: diff changeset	508 if (src[0] == 127) return oksofar; // don't do dns lookups on localhost
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	509 #ifdef NS_MAXDNAME
0 96a9758165cd Initial revision carl parents: diff changeset	510 char question[NS_MAXDNAME];
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	511 #else
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	512 char question[1000];
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	513 #endif
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	514 snprintf(question, sizeof(question), "%u.%u.%u.%u.%s.", src[3], src[2], src[1], src[0], suffix);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	515 // ask the question, if we get an A record it implies a blacklisted ip address
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	516 return (protected_dns_interface(question, false, NULL)) ? reject : oksofar;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	517 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	518
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	519
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	520 ////////////////////////////////////////////////
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	521 // check a single dnsbl
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	522 //
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	523 static status check_single(int ip, DNSBL &bl);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	524 static status check_single(int ip, DNSBL &bl) {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	525 return check_single(ip, bl.suffix);
0 96a9758165cd Initial revision carl parents: diff changeset	526 }
96a9758165cd Initial revision carl parents: diff changeset	527
96a9758165cd Initial revision carl parents: diff changeset	528
96a9758165cd Initial revision carl parents: diff changeset	529 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	530 // check the dnsbls specified for this recipient
96a9758165cd Initial revision carl parents: diff changeset	531 //
96a9758165cd Initial revision carl parents: diff changeset	532 static status check_dnsbl(mlfiPriv &priv, DNSBLLP dnsbllp, DNSBLP &rejectlist);
96a9758165cd Initial revision carl parents: diff changeset	533 static status check_dnsbl(mlfiPriv &priv, DNSBLLP dnsbllp, DNSBLP &rejectlist) {
96a9758165cd Initial revision carl parents: diff changeset	534 if (priv.authenticated) return oksofar;
96a9758165cd Initial revision carl parents: diff changeset	535 if (!dnsbllp) return oksofar;
96a9758165cd Initial revision carl parents: diff changeset	536 DNSBLL &dnsbll = *dnsbllp;
96a9758165cd Initial revision carl parents: diff changeset	537 for (DNSBLL::iterator i=dnsbll.begin(); i!=dnsbll.end(); i++) {
96a9758165cd Initial revision carl parents: diff changeset	538 DNSBLP dp = *i; // non null by construction
96a9758165cd Initial revision carl parents: diff changeset	539 status st;
96a9758165cd Initial revision carl parents: diff changeset	540 map<DNSBLP, status>::iterator f = priv.checked.find(dp);
96a9758165cd Initial revision carl parents: diff changeset	541 if (f == priv.checked.end()) {
96a9758165cd Initial revision carl parents: diff changeset	542 // have not checked this list yet
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	543 st = check_single(priv.ip, *dp);
0 96a9758165cd Initial revision carl parents: diff changeset	544 rejectlist = dp;
96a9758165cd Initial revision carl parents: diff changeset	545 priv.checked[dp] = st;
96a9758165cd Initial revision carl parents: diff changeset	546 }
96a9758165cd Initial revision carl parents: diff changeset	547 else {
96a9758165cd Initial revision carl parents: diff changeset	548 st = (*f).second;
96a9758165cd Initial revision carl parents: diff changeset	549 rejectlist = (*f).first;
96a9758165cd Initial revision carl parents: diff changeset	550 }
96a9758165cd Initial revision carl parents: diff changeset	551 if (st == reject) return st;
96a9758165cd Initial revision carl parents: diff changeset	552 }
96a9758165cd Initial revision carl parents: diff changeset	553 return oksofar;
96a9758165cd Initial revision carl parents: diff changeset	554 }
96a9758165cd Initial revision carl parents: diff changeset	555
96a9758165cd Initial revision carl parents: diff changeset	556
96a9758165cd Initial revision carl parents: diff changeset	557 ////////////////////////////////////////////////
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	558 // check the dnsbls specified for this recipient
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	559 //
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	560 static status check_hosts(mlfiPriv &priv, char *&host, int &ip);
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	561 static status check_hosts(mlfiPriv &priv, char *&host, int &ip) {
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	562 CONFIG &dc = *priv.pc;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	563 if (!dc.content_suffix) return oksofar;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	564 int count = 0;
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	565 ns_map nameservers;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	566 int lim = priv.pc->host_limit;
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	567 for (string_set::iterator i=priv.memory->hosts.begin(); i!=priv.memory->hosts.end(); i++) {
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	568 count++;
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	569 if ((count > lim) && (lim > 0)) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	570 discard(nameservers);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	571 return reject_host;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	572 }
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	573 host = *i;
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	574 ip = protected_dns_interface(host, true, &nameservers);
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	575 if (debug_syslog) {
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	576 char buf[200];
29 4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	577 if (ip) {
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	578 char adr[sizeof "255.255.255.255"];
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	579 adr[0] = '\0';
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	580 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	581 snprintf(buf, sizeof(buf), "host %s found at %s", host, adr);
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	582 }
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	583 else {
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	584 snprintf(buf, sizeof(buf), "host %s not found", host);
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	585 }
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	586 my_syslog(buf);
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	587 }
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	588 if (ip) {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	589 status st = check_single(ip, dc.content_suffix);
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	590 if (st == reject) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	591 discard(nameservers);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	592 return st;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	593 }
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	594 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	595 }
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	596 lim *= 4; // allow average of 3 ns per host name
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	597 for (ns_map::iterator i=nameservers.begin(); i!=nameservers.end(); i++) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	598 count++;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	599 if ((count > lim) && (lim > 0)) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	600 discard(nameservers);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	601 return reject_host;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	602 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	603 host = (*i).first;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	604 ip = (*i).second;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	605 if (!ip) ip = protected_dns_interface(host, false, NULL);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	606 if (debug_syslog) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	607 char buf[200];
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	608 if (ip) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	609 char adr[sizeof "255.255.255.255"];
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	610 adr[0] = '\0';
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	611 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	612 snprintf(buf, sizeof(buf), "ns %s found at %s", host, adr);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	613 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	614 else {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	615 snprintf(buf, sizeof(buf), "ns %s not found", host);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	616 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	617 my_syslog(buf);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	618 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	619 if (ip) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	620 status st = check_single(ip, dc.content_suffix);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	621 if (st == reject) {
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	622 discard(nameservers);
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	623 return st;
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	624 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	625 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	626 }
fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	627 discard(nameservers);
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	628 host = NULL;
26 fdae7ab30cfc allow normal and terminator versions of tags carl parents: 24 diff changeset	629 int bin = priv.memory->binary_tags;
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	630 int bad = priv.memory->bad_html_tags;
34 fc7f8f3ea90f look for NS records on the SBL also carl parents: 29 diff changeset	631 lim = priv.pc->tag_limit;
26 fdae7ab30cfc allow normal and terminator versions of tags carl parents: 24 diff changeset	632 if (bin > bad) return oksofar; // probably .zip or .tar.gz with random content
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	633 if ((bad > lim) && (lim > 0)) return reject_tag;
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	634 return oksofar;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	635 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	636
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	637
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	638 ////////////////////////////////////////////////
0 96a9758165cd Initial revision carl parents: diff changeset	639 // start of sendmail milter interfaces
96a9758165cd Initial revision carl parents: diff changeset	640 //
96a9758165cd Initial revision carl parents: diff changeset	641 sfsistat mlfi_connect(SMFICTX ctx, char hostname, _SOCK_ADDR *hostaddr)
96a9758165cd Initial revision carl parents: diff changeset	642 {
96a9758165cd Initial revision carl parents: diff changeset	643 // allocate some private memory
96a9758165cd Initial revision carl parents: diff changeset	644 mlfiPriv *priv = new mlfiPriv;
96a9758165cd Initial revision carl parents: diff changeset	645 if (hostaddr->sa_family == AF_INET) {
96a9758165cd Initial revision carl parents: diff changeset	646 priv->ip = ((struct sockaddr_in *)hostaddr)->sin_addr.s_addr;
96a9758165cd Initial revision carl parents: diff changeset	647 }
96a9758165cd Initial revision carl parents: diff changeset	648
96a9758165cd Initial revision carl parents: diff changeset	649 // save the private data
96a9758165cd Initial revision carl parents: diff changeset	650 smfi_setpriv(ctx, (void*)priv);
96a9758165cd Initial revision carl parents: diff changeset	651
96a9758165cd Initial revision carl parents: diff changeset	652 // continue processing
96a9758165cd Initial revision carl parents: diff changeset	653 return SMFIS_CONTINUE;
96a9758165cd Initial revision carl parents: diff changeset	654 }
96a9758165cd Initial revision carl parents: diff changeset	655
96a9758165cd Initial revision carl parents: diff changeset	656 sfsistat mlfi_envfrom(SMFICTX ctx, char *from)
96a9758165cd Initial revision carl parents: diff changeset	657 {
96a9758165cd Initial revision carl parents: diff changeset	658 mlfiPriv &priv = *MLFIPRIV;
96a9758165cd Initial revision carl parents: diff changeset	659 priv.mailaddr = strdup(from[0]);
96a9758165cd Initial revision carl parents: diff changeset	660 priv.authenticated = (smfi_getsymval(ctx, "{auth_authen}") != NULL);
96a9758165cd Initial revision carl parents: diff changeset	661 return SMFIS_CONTINUE;
96a9758165cd Initial revision carl parents: diff changeset	662 }
96a9758165cd Initial revision carl parents: diff changeset	663
96a9758165cd Initial revision carl parents: diff changeset	664 sfsistat mlfi_envrcpt(SMFICTX ctx, char *rcpt)
96a9758165cd Initial revision carl parents: diff changeset	665 {
96a9758165cd Initial revision carl parents: diff changeset	666 DNSBLP rejectlist = NULL; // list that caused the reject
96a9758165cd Initial revision carl parents: diff changeset	667 status st = oksofar;
96a9758165cd Initial revision carl parents: diff changeset	668 mlfiPriv &priv = *MLFIPRIV;
96a9758165cd Initial revision carl parents: diff changeset	669 CONFIG &dc = *priv.pc;
96a9758165cd Initial revision carl parents: diff changeset	670 char *rcptaddr = rcpt[0];
96a9758165cd Initial revision carl parents: diff changeset	671 char *dnsname = lookup(rcptaddr, dc.env_to_dnsbll);
96a9758165cd Initial revision carl parents: diff changeset	672 char *fromname = lookup(rcptaddr, dc.env_to_chkfrom);
96a9758165cd Initial revision carl parents: diff changeset	673 if ((strcmp(dnsname, BLACK) == 0) \|\|
96a9758165cd Initial revision carl parents: diff changeset	674 (strcmp(fromname, BLACK) == 0)) {
96a9758165cd Initial revision carl parents: diff changeset	675 st = black; // two options to blacklist this recipient
96a9758165cd Initial revision carl parents: diff changeset	676 }
96a9758165cd Initial revision carl parents: diff changeset	677 else if (strcmp(fromname, WHITE) == 0) {
96a9758165cd Initial revision carl parents: diff changeset	678 st = white;
96a9758165cd Initial revision carl parents: diff changeset	679 }
96a9758165cd Initial revision carl parents: diff changeset	680 else {
96a9758165cd Initial revision carl parents: diff changeset	681 // check an env_from map
96a9758165cd Initial revision carl parents: diff changeset	682 string_map *sm = find_from_map(dc, fromname);
96a9758165cd Initial revision carl parents: diff changeset	683 if (sm != NULL) {
96a9758165cd Initial revision carl parents: diff changeset	684 fromname = lookup(priv.mailaddr, *sm); // returns default if name not in map
96a9758165cd Initial revision carl parents: diff changeset	685 if (strcmp(fromname, BLACK) == 0) {
96a9758165cd Initial revision carl parents: diff changeset	686 st = black; // blacklist this envelope from value
96a9758165cd Initial revision carl parents: diff changeset	687 }
96a9758165cd Initial revision carl parents: diff changeset	688 if (strcmp(fromname, WHITE) == 0) {
96a9758165cd Initial revision carl parents: diff changeset	689 st = white; // blacklist this envelope from value
96a9758165cd Initial revision carl parents: diff changeset	690 }
96a9758165cd Initial revision carl parents: diff changeset	691 }
96a9758165cd Initial revision carl parents: diff changeset	692 }
96a9758165cd Initial revision carl parents: diff changeset	693 if ((st == oksofar) && (strcmp(dnsname, WHITE) != 0)) {
96a9758165cd Initial revision carl parents: diff changeset	694 // check dns lists
96a9758165cd Initial revision carl parents: diff changeset	695 st = check_dnsbl(priv, find_dnsbll(dc, dnsname), rejectlist);
96a9758165cd Initial revision carl parents: diff changeset	696 }
96a9758165cd Initial revision carl parents: diff changeset	697
96a9758165cd Initial revision carl parents: diff changeset	698 if (st == reject) {
96a9758165cd Initial revision carl parents: diff changeset	699 // reject the recipient based on some dnsbl
96a9758165cd Initial revision carl parents: diff changeset	700 char adr[sizeof "255.255.255.255"];
96a9758165cd Initial revision carl parents: diff changeset	701 adr[0] = '\0';
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	702 inet_ntop(AF_INET, (const u_char *)&priv.ip, adr, sizeof(adr));
0 96a9758165cd Initial revision carl parents: diff changeset	703 char buf[2000];
96a9758165cd Initial revision carl parents: diff changeset	704 snprintf(buf, sizeof(buf), rejectlist->message, adr, adr);
96a9758165cd Initial revision carl parents: diff changeset	705 smfi_setreply(ctx, "550", "5.7.1", buf);
96a9758165cd Initial revision carl parents: diff changeset	706 return SMFIS_REJECT;
96a9758165cd Initial revision carl parents: diff changeset	707 }
96a9758165cd Initial revision carl parents: diff changeset	708 else if (st == black) {
96a9758165cd Initial revision carl parents: diff changeset	709 // reject the recipient based on blacklisting either from or to
96a9758165cd Initial revision carl parents: diff changeset	710 smfi_setreply(ctx, "550", "5.7.1", "no such user");
96a9758165cd Initial revision carl parents: diff changeset	711 return SMFIS_REJECT;
96a9758165cd Initial revision carl parents: diff changeset	712 }
96a9758165cd Initial revision carl parents: diff changeset	713 else {
96a9758165cd Initial revision carl parents: diff changeset	714 // accept the recipient
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	715 if (st == oksofar) {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	716 // but remember the non-whites
12 6ac6d6b822ce fix memory leak with duplicate url host names, carl parents: 11 diff changeset	717 register_string(priv.non_whites, rcptaddr);
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	718 priv.only_whites = false;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	719 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	720 if (st == white) {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	721 priv.have_whites = true;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	722 }
0 96a9758165cd Initial revision carl parents: diff changeset	723 return SMFIS_CONTINUE;
96a9758165cd Initial revision carl parents: diff changeset	724 }
96a9758165cd Initial revision carl parents: diff changeset	725 }
96a9758165cd Initial revision carl parents: diff changeset	726
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	727 sfsistat mlfi_body(SMFICTX ctx, u_char data, size_t len)
0 96a9758165cd Initial revision carl parents: diff changeset	728 {
96a9758165cd Initial revision carl parents: diff changeset	729 mlfiPriv &priv = *MLFIPRIV;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	730 if (priv.authenticated) return SMFIS_CONTINUE;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	731 if (priv.only_whites) return SMFIS_CONTINUE;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	732 priv.scanner->scan(data, len);
11 2c206836b4cc integration work on url scanner carl parents: 9 diff changeset	733 return SMFIS_CONTINUE;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	734 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	735
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	736 sfsistat mlfi_eom(SMFICTX *ctx)
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	737 {
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	738 sfsistat rc;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	739 mlfiPriv &priv = *MLFIPRIV;
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	740 char *host = NULL;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	741 int ip;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	742 status st;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	743 // process end of message
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	744 if (priv.authenticated \|\|
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	745 priv.only_whites \|\|
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	746 ((st=check_hosts(priv, host, ip)) == oksofar)) rc = SMFIS_CONTINUE;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	747 else {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	748 if (!priv.have_whites) {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	749 // can reject the entire message
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	750 char buf[2000];
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	751 if (st == reject_tag) {
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	752 // rejected due to excessive bad html tags
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	753 snprintf(buf, sizeof(buf), priv.pc->tag_limit_message);
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	754 }
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	755 else if (st == reject_host) {
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	756 // rejected due to excessive unique host/urls
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	757 snprintf(buf, sizeof(buf), priv.pc->host_limit_message);
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	758 }
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	759 else {
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	760 char adr[sizeof "255.255.255.255"];
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	761 adr[0] = '\0';
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	762 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	763 snprintf(buf, sizeof(buf), priv.pc->content_message, host, adr);
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	764 }
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	765 smfi_setreply(ctx, "550", "5.7.1", buf);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	766 rc = SMFIS_REJECT;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	767 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	768 else {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	769 // need to accept it but remove the recipients that don't want it
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	770 for (string_set::iterator i=priv.non_whites.begin(); i!=priv.non_whites.end(); i++) {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	771 char rcpt = i;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	772 smfi_delrcpt(ctx, rcpt);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	773 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	774 rc = SMFIS_CONTINUE;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	775 }
0 96a9758165cd Initial revision carl parents: diff changeset	776 }
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	777 // reset for a new message on the same connection
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	778 mlfi_abort(ctx);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	779 return rc;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	780 }
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	781
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	782 sfsistat mlfi_abort(SMFICTX *ctx)
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	783 {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	784 mlfiPriv &priv = *MLFIPRIV;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	785 priv.reset();
0 96a9758165cd Initial revision carl parents: diff changeset	786 return SMFIS_CONTINUE;
96a9758165cd Initial revision carl parents: diff changeset	787 }
96a9758165cd Initial revision carl parents: diff changeset	788
96a9758165cd Initial revision carl parents: diff changeset	789 sfsistat mlfi_close(SMFICTX *ctx)
96a9758165cd Initial revision carl parents: diff changeset	790 {
96a9758165cd Initial revision carl parents: diff changeset	791 mlfiPriv *priv = MLFIPRIV;
96a9758165cd Initial revision carl parents: diff changeset	792 if (!priv) return SMFIS_CONTINUE;
96a9758165cd Initial revision carl parents: diff changeset	793 delete priv;
96a9758165cd Initial revision carl parents: diff changeset	794 smfi_setpriv(ctx, NULL);
96a9758165cd Initial revision carl parents: diff changeset	795 return SMFIS_CONTINUE;
96a9758165cd Initial revision carl parents: diff changeset	796 }
96a9758165cd Initial revision carl parents: diff changeset	797
96a9758165cd Initial revision carl parents: diff changeset	798 struct smfiDesc smfilter =
96a9758165cd Initial revision carl parents: diff changeset	799 {
96a9758165cd Initial revision carl parents: diff changeset	800 "DNSBL", // filter name
96a9758165cd Initial revision carl parents: diff changeset	801 SMFI_VERSION, // version code -- do not change
96a9758165cd Initial revision carl parents: diff changeset	802 SMFIF_DELRCPT, // flags
96a9758165cd Initial revision carl parents: diff changeset	803 mlfi_connect, // connection info filter
96a9758165cd Initial revision carl parents: diff changeset	804 NULL, // SMTP HELO command filter
96a9758165cd Initial revision carl parents: diff changeset	805 mlfi_envfrom, // envelope sender filter
96a9758165cd Initial revision carl parents: diff changeset	806 mlfi_envrcpt, // envelope recipient filter
96a9758165cd Initial revision carl parents: diff changeset	807 NULL, // header filter
96a9758165cd Initial revision carl parents: diff changeset	808 NULL, // end of header
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	809 mlfi_body, // body block filter
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	810 mlfi_eom, // end of message
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	811 mlfi_abort, // message aborted
0 96a9758165cd Initial revision carl parents: diff changeset	812 mlfi_close, // connection cleanup
96a9758165cd Initial revision carl parents: diff changeset	813 };
96a9758165cd Initial revision carl parents: diff changeset	814
96a9758165cd Initial revision carl parents: diff changeset	815
96a9758165cd Initial revision carl parents: diff changeset	816 static void dumpit(char *name, string_map map);
96a9758165cd Initial revision carl parents: diff changeset	817 static void dumpit(char *name, string_map map) {
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	818 fprintf(stdout, "\n");
0 96a9758165cd Initial revision carl parents: diff changeset	819 for (string_map::iterator i=map.begin(); i!=map.end(); i++) {
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	820 fprintf(stdout, "%s %s->%s\n", name, (i).first, (i).second);
0 96a9758165cd Initial revision carl parents: diff changeset	821 }
96a9758165cd Initial revision carl parents: diff changeset	822 }
96a9758165cd Initial revision carl parents: diff changeset	823
96a9758165cd Initial revision carl parents: diff changeset	824
96a9758165cd Initial revision carl parents: diff changeset	825 static void dumpit(from_map map);
96a9758165cd Initial revision carl parents: diff changeset	826 static void dumpit(from_map map) {
96a9758165cd Initial revision carl parents: diff changeset	827 for (from_map::iterator i=map.begin(); i!=map.end(); i++) {
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	828 char buf[2000];
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	829 snprintf(buf, sizeof(buf), "envelope from map for %s", (*i).first);
0 96a9758165cd Initial revision carl parents: diff changeset	830 string_map sm = (i).second;
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	831 dumpit(buf, *sm);
0 96a9758165cd Initial revision carl parents: diff changeset	832 }
96a9758165cd Initial revision carl parents: diff changeset	833 }
96a9758165cd Initial revision carl parents: diff changeset	834
96a9758165cd Initial revision carl parents: diff changeset	835
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	836 static void dumpit(CONFIG &dc);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	837 static void dumpit(CONFIG &dc) {
5 793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	838 dumpit(dc.env_from);
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	839 dumpit("envelope to (dnsbl list)", dc.env_to_dnsbll);
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	840 dumpit("envelope to (from map)", dc.env_to_chkfrom);
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	841 fprintf(stdout, "\ndnsbls\n");
0 96a9758165cd Initial revision carl parents: diff changeset	842 for (dnsblp_map::iterator i=dc.dnsbls.begin(); i!=dc.dnsbls.end(); i++) {
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	843 fprintf(stdout, "%s %s %s\n", (i).first, (i).second->suffix, (*i).second->message);
0 96a9758165cd Initial revision carl parents: diff changeset	844 }
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	845 fprintf(stdout, "\ndnsbl_lists\n");
0 96a9758165cd Initial revision carl parents: diff changeset	846 for (dnsbllp_map::iterator i=dc.dnsblls.begin(); i!=dc.dnsblls.end(); i++) {
96a9758165cd Initial revision carl parents: diff changeset	847 char name = (i).first;
96a9758165cd Initial revision carl parents: diff changeset	848 DNSBLL &dl = ((i).second);
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	849 fprintf(stdout, "%s", name);
0 96a9758165cd Initial revision carl parents: diff changeset	850 for (DNSBLL::iterator j=dl.begin(); j!=dl.end(); j++) {
96a9758165cd Initial revision carl parents: diff changeset	851 DNSBL &d = **j;
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	852 fprintf(stdout, " %s", d.suffix);
0 96a9758165cd Initial revision carl parents: diff changeset	853 }
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	854 fprintf(stdout, "\n");
0 96a9758165cd Initial revision carl parents: diff changeset	855 }
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	856 if (dc.content_suffix) {
8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	857 fprintf(stdout, "\ncontent filtering enabled with %s %s\n", dc.content_suffix, dc.content_message);
8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	858 }
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	859 if (dc.host_limit) {
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	860 fprintf(stdout, "\ncontent filtering for host names enabled with limit %d %s\n", dc.host_limit, dc.host_limit_message);
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	861 }
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	862 if (dc.tag_limit) {
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	863 fprintf(stdout, "\ncontent filtering for excessive html tags enabled with limit %d %s\n", dc.tag_limit, dc.tag_limit_message);
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	864 }
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	865 fprintf(stdout, "\nfiles\n");
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	866 for (string_list::iterator i=dc.config_files.begin(); i!=dc.config_files.end(); i++) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	867 char f = i;
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	868 fprintf(stdout, "config includes %s\n", f);
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	869 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	870 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	871
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	872
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	873 ////////////////////////////////////////////////
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	874 // check for redundant or recursive include files
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	875 //
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	876 static bool ok_to_include(CONFIG &dc, char *fn);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	877 static bool ok_to_include(CONFIG &dc, char *fn) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	878 if (!fn) return false;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	879 bool ok = true;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	880 for (string_list::iterator i=dc.config_files.begin(); i!=dc.config_files.end(); i++) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	881 char f = i;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	882 if (strcmp(f, fn) == 0) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	883 my_syslog("redundant or recursive include file detected");
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	884 ok = false;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	885 break;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	886 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	887 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	888 return ok;
0 96a9758165cd Initial revision carl parents: diff changeset	889 }
96a9758165cd Initial revision carl parents: diff changeset	890
96a9758165cd Initial revision carl parents: diff changeset	891
96a9758165cd Initial revision carl parents: diff changeset	892 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	893 // load a single config file
96a9758165cd Initial revision carl parents: diff changeset	894 //
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	895 static void load_conf_dcc(CONFIG &dc, char name, char fn);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	896 static void load_conf_dcc(CONFIG &dc, char name, char fn) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	897 dc.config_files.push_back(fn);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	898 char *list = BLACK;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	899 const int LINE_SIZE = 2000;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	900 ifstream is(fn);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	901 if (is.fail()) return;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	902 char line[LINE_SIZE];
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	903 char *delim = " \t";
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	904 int curline = 0;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	905 while (!is.eof()) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	906 is.getline(line, LINE_SIZE);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	907 curline++;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	908 int n = strlen(line);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	909 if (!n) continue;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	910 for (int i=0; i<n; i++) line[i] = tolower(line[i]);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	911 if (line[0] == '#') continue;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	912 char *head = line;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	913 if (strspn(line, delim) == 0) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	914 // have a leading ok/many tag to fetch
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	915 char *cmd = strtok(line, delim);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	916 if (strcmp(cmd, MANY) == 0) list = BLACK;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	917 else if (strcmp(cmd, OK) == 0) list = WHITE;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	918 head = cmd + strlen(cmd) + 1;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	919 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	920 char *cmd = strtok(head, delim);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	921 if (!cmd) continue;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	922 if (strcmp(cmd, "env_from") == 0) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	923 char *from = next_token(delim);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	924 if (from) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	925 string_map &fm = really_find_from_map(dc, name);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	926 fm[from] = list;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	927 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	928 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	929 else if (strcmp(cmd, "env_to") == 0) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	930 char *to = next_token(delim);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	931 if (to) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	932 dc.env_to_dnsbll[to] = list;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	933 dc.env_to_chkfrom[to] = list;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	934 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	935 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	936 else if (strcmp(cmd, "substitute") == 0) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	937 char *tag = next_token(delim);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	938 if (tag && (strcmp(tag, "mail_host") == 0)) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	939 char *from = next_token(delim);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	940 if (from) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	941 string_map &fm = really_find_from_map(dc, name);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	942 fm[from] = list;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	943 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	944 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	945 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	946 else if (strcmp(cmd, "include") == 0) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	947 char *fn = next_token(delim);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	948 if (ok_to_include(dc, fn)) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	949 load_conf_dcc(dc, name, fn);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	950 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	951 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	952
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	953 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	954 is.close();
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	955 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	956
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	957
0 96a9758165cd Initial revision carl parents: diff changeset	958 static void load_conf(CONFIG &dc, char *fn);
96a9758165cd Initial revision carl parents: diff changeset	959 static void load_conf(CONFIG &dc, char *fn) {
96a9758165cd Initial revision carl parents: diff changeset	960 dc.config_files.push_back(fn);
96a9758165cd Initial revision carl parents: diff changeset	961 map<char*, int, ltstr> commands;
28 33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	962 enum {dummy, tld, content, hostlimit, htmllimit, htmltag, dnsbl, dnsbll, envfrom, envto, include, includedcc};
33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	963 commands["tld" ] = tld;
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	964 commands["content" ] = content;
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	965 commands["host_limit" ] = hostlimit;
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	966 commands["html_limit" ] = htmllimit;
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	967 commands["html_tag" ] = htmltag;
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	968 commands["dnsbl" ] = dnsbl;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	969 commands["dnsbl_list" ] = dnsbll;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	970 commands["env_from" ] = envfrom;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	971 commands["env_to" ] = envto;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	972 commands["include" ] = include;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	973 commands["include_dcc"] = includedcc;
0 96a9758165cd Initial revision carl parents: diff changeset	974 const int LINE_SIZE = 2000;
96a9758165cd Initial revision carl parents: diff changeset	975 ifstream is(fn);
96a9758165cd Initial revision carl parents: diff changeset	976 if (is.fail()) return;
96a9758165cd Initial revision carl parents: diff changeset	977 char line[LINE_SIZE];
96a9758165cd Initial revision carl parents: diff changeset	978 char orig[LINE_SIZE];
96a9758165cd Initial revision carl parents: diff changeset	979 char *delim = " \t";
96a9758165cd Initial revision carl parents: diff changeset	980 int curline = 0;
96a9758165cd Initial revision carl parents: diff changeset	981 while (!is.eof()) {
96a9758165cd Initial revision carl parents: diff changeset	982 is.getline(line, LINE_SIZE);
96a9758165cd Initial revision carl parents: diff changeset	983 snprintf(orig, sizeof(orig), "%s", line);
96a9758165cd Initial revision carl parents: diff changeset	984 curline++;
96a9758165cd Initial revision carl parents: diff changeset	985 int n = strlen(line);
96a9758165cd Initial revision carl parents: diff changeset	986 for (int i=0; i<n; i++) line[i] = tolower(line[i]);
96a9758165cd Initial revision carl parents: diff changeset	987 char *cmd = strtok(line, delim);
96a9758165cd Initial revision carl parents: diff changeset	988 if (cmd && (cmd[0] != '#') && (cmd[0] != '\0')) {
96a9758165cd Initial revision carl parents: diff changeset	989 // have a decent command
96a9758165cd Initial revision carl parents: diff changeset	990 bool processed = false;
96a9758165cd Initial revision carl parents: diff changeset	991 switch (commands[cmd]) {
28 33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	992 case tld: {
29 4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	993 char *tld = next_token(delim);
28 33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	994 if (!tld) break; // no tld value
29 4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	995 dc.tlds.insert(tld);
28 33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	996 processed = true;
33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	997 } break;
33e1e3910506 add configurable list of tlds carl parents: 27 diff changeset	998
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	999 case content: {
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1000 char *suff = strtok(NULL, delim);
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1001 if (!suff) break; // no dns suffix
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1002 char *msg = suff + strlen(suff);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1003 if ((msg - line) >= strlen(orig)) break; // line ended with the dns suffix
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1004 msg = strchr(msg+1, '\'');
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1005 if (!msg) break; // no reply message template
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1006 msg++; // move over the leading '
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1007 if ((msg - line) >= strlen(orig)) break; // line ended with the leading quote
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1008 char *last = strchr(msg, '\'');
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1009 if (!last) break; // no trailing quote
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1010 *last = '\0'; // make it a null terminator
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1011 dc.content_suffix = register_string(suff);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1012 dc.content_message = register_string(msg);
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1013 processed = true;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1014 } break;
dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1015
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1016 case hostlimit: {
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1017 char *limit = strtok(NULL, delim);
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1018 if (!limit) break; // no integer limit
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1019 char *msg = limit + strlen(limit);
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1020 if ((msg - line) >= strlen(orig)) break; // line ended with the limit
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1021 msg = strchr(msg+1, '\'');
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1022 if (!msg) break; // no reply message template
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1023 msg++; // move over the leading '
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1024 if ((msg - line) >= strlen(orig)) break; // line ended with the leading quote
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1025 char *last = strchr(msg, '\'');
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1026 if (!last) break; // no trailing quote
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1027 *last = '\0'; // make it a null terminator
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1028 dc.host_limit = atoi(limit);
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1029 dc.host_limit_message = register_string(msg);
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1030 processed = true;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1031 } break;
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1032
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1033 case htmllimit: {
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1034 char *limit = strtok(NULL, delim);
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1035 if (!limit) break; // no integer limit
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1036 char *msg = limit + strlen(limit);
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1037 if ((msg - line) >= strlen(orig)) break; // line ended with the limit
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1038 msg = strchr(msg+1, '\'');
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1039 if (!msg) break; // no reply message template
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1040 msg++; // move over the leading '
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1041 if ((msg - line) >= strlen(orig)) break; // line ended with the leading quote
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1042 char *last = strchr(msg, '\'');
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1043 if (!last) break; // no trailing quote
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1044 *last = '\0'; // make it a null terminator
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1045 dc.tag_limit = atoi(limit);
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1046 dc.tag_limit_message = register_string(msg);
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1047 processed = true;
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1048 } break;
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1049
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1050 case htmltag: {
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1051 char *tag = next_token(delim);
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1052 if (!tag) break; // no html tag value
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1053 dc.html_tags.insert(tag); // base version
26 fdae7ab30cfc allow normal and terminator versions of tags carl parents: 24 diff changeset	1054 char buf[200];
fdae7ab30cfc allow normal and terminator versions of tags carl parents: 24 diff changeset	1055 snprintf(buf, sizeof(buf), "/%s", tag);
27 43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1056 dc.html_tags.insert(register_string(buf)); // leading /
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1057 snprintf(buf, sizeof(buf), "%s/", tag);
43a4f6b3e668 add configurable host name limit and bad html tag limits. carl parents: 26 diff changeset	1058 dc.html_tags.insert(register_string(buf)); // trailing /
24 2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1059 processed = true;
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1060 } break;
2e23b7184d2b start coding for bad html tag detection carl parents: 23 diff changeset	1061
0 96a9758165cd Initial revision carl parents: diff changeset	1062 case dnsbl: {
96a9758165cd Initial revision carl parents: diff changeset	1063 // have a new dnsbl to use
96a9758165cd Initial revision carl parents: diff changeset	1064 char *name = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1065 if (!name) break; // no name name
96a9758165cd Initial revision carl parents: diff changeset	1066 if (find_dnsbl(dc, name)) break; // duplicate entry
96a9758165cd Initial revision carl parents: diff changeset	1067 char *suff = strtok(NULL, delim);
96a9758165cd Initial revision carl parents: diff changeset	1068 if (!suff) break; // no dns suffic
96a9758165cd Initial revision carl parents: diff changeset	1069 char *msg = suff + strlen(suff);
96a9758165cd Initial revision carl parents: diff changeset	1070 if ((msg - line) >= strlen(orig)) break; // line ended with the dns suffix
96a9758165cd Initial revision carl parents: diff changeset	1071 msg = strchr(msg+1, '\'');
96a9758165cd Initial revision carl parents: diff changeset	1072 if (!msg) break; // no reply message template
96a9758165cd Initial revision carl parents: diff changeset	1073 msg++; // move over the leading '
96a9758165cd Initial revision carl parents: diff changeset	1074 if ((msg - line) >= strlen(orig)) break; // line ended with the leading quote
96a9758165cd Initial revision carl parents: diff changeset	1075 char *last = strchr(msg, '\'');
96a9758165cd Initial revision carl parents: diff changeset	1076 if (!last) break; // no trailing quote
96a9758165cd Initial revision carl parents: diff changeset	1077 *last = '\0'; // make it a null terminator
96a9758165cd Initial revision carl parents: diff changeset	1078 dc.dnsbls[name] = new DNSBL(register_string(suff), register_string(msg));
96a9758165cd Initial revision carl parents: diff changeset	1079 processed = true;
96a9758165cd Initial revision carl parents: diff changeset	1080 } break;
96a9758165cd Initial revision carl parents: diff changeset	1081
96a9758165cd Initial revision carl parents: diff changeset	1082 case dnsbll: {
96a9758165cd Initial revision carl parents: diff changeset	1083 // define a new combination of dnsbls
96a9758165cd Initial revision carl parents: diff changeset	1084 char *name = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1085 if (!name) break;
96a9758165cd Initial revision carl parents: diff changeset	1086 if (find_dnsbll(dc, name)) break; // duplicate entry
96a9758165cd Initial revision carl parents: diff changeset	1087 char *list = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1088 if (!list \|\| (list == '\0') \|\| (list == '#')) break;
96a9758165cd Initial revision carl parents: diff changeset	1089 DNSBLLP d = new DNSBLL;
96a9758165cd Initial revision carl parents: diff changeset	1090 DNSBLP p = find_dnsbl(dc, list);
96a9758165cd Initial revision carl parents: diff changeset	1091 if (p) d->push_back(p);
96a9758165cd Initial revision carl parents: diff changeset	1092 while (true) {
96a9758165cd Initial revision carl parents: diff changeset	1093 list = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1094 if (!list \|\| (list == '\0') \|\| (list == '#')) break;
96a9758165cd Initial revision carl parents: diff changeset	1095 DNSBLP p = find_dnsbl(dc, list);
96a9758165cd Initial revision carl parents: diff changeset	1096 if (p) d->push_back(p);
96a9758165cd Initial revision carl parents: diff changeset	1097 }
96a9758165cd Initial revision carl parents: diff changeset	1098 dc.dnsblls[name] = d;
96a9758165cd Initial revision carl parents: diff changeset	1099 processed = true;
96a9758165cd Initial revision carl parents: diff changeset	1100 } break;
96a9758165cd Initial revision carl parents: diff changeset	1101
96a9758165cd Initial revision carl parents: diff changeset	1102 case envfrom: {
96a9758165cd Initial revision carl parents: diff changeset	1103 // add an entry into the named string_map
96a9758165cd Initial revision carl parents: diff changeset	1104 char *name = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1105 if (!name) break;
96a9758165cd Initial revision carl parents: diff changeset	1106 char *from = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1107 if (!from) break;
96a9758165cd Initial revision carl parents: diff changeset	1108 char *list = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1109 if (!list) break;
96a9758165cd Initial revision carl parents: diff changeset	1110 if ((strcmp(list, WHITE) == 0) \|\|
96a9758165cd Initial revision carl parents: diff changeset	1111 (strcmp(list, BLACK) == 0)) {
96a9758165cd Initial revision carl parents: diff changeset	1112 string_map &fm = really_find_from_map(dc, name);
96a9758165cd Initial revision carl parents: diff changeset	1113 fm[from] = list;
96a9758165cd Initial revision carl parents: diff changeset	1114 processed = true;
96a9758165cd Initial revision carl parents: diff changeset	1115 }
96a9758165cd Initial revision carl parents: diff changeset	1116 else {
96a9758165cd Initial revision carl parents: diff changeset	1117 // list may be the name of a previously defined from_map
96a9758165cd Initial revision carl parents: diff changeset	1118 string_map *m = find_from_map(dc, list);
96a9758165cd Initial revision carl parents: diff changeset	1119 if (m && (strcmp(list,name) != 0)) {
96a9758165cd Initial revision carl parents: diff changeset	1120 string_map &pm = *m;
96a9758165cd Initial revision carl parents: diff changeset	1121 string_map &fm = really_find_from_map(dc, name);
96a9758165cd Initial revision carl parents: diff changeset	1122 fm.insert(pm.begin(), pm.end());
96a9758165cd Initial revision carl parents: diff changeset	1123 processed = true;
96a9758165cd Initial revision carl parents: diff changeset	1124 }
96a9758165cd Initial revision carl parents: diff changeset	1125 }
96a9758165cd Initial revision carl parents: diff changeset	1126 } break;
96a9758165cd Initial revision carl parents: diff changeset	1127
96a9758165cd Initial revision carl parents: diff changeset	1128 case envto: {
96a9758165cd Initial revision carl parents: diff changeset	1129 // define the dnsbl_list and env_from maps to use for this recipient
96a9758165cd Initial revision carl parents: diff changeset	1130 char *to = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1131 if (!to) break;
96a9758165cd Initial revision carl parents: diff changeset	1132 char *list = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1133 if (!list) break;
96a9758165cd Initial revision carl parents: diff changeset	1134 char *from = next_token(delim);
96a9758165cd Initial revision carl parents: diff changeset	1135 if (!from) break;
96a9758165cd Initial revision carl parents: diff changeset	1136 dc.env_to_dnsbll[to] = list;
96a9758165cd Initial revision carl parents: diff changeset	1137 dc.env_to_chkfrom[to] = from;
96a9758165cd Initial revision carl parents: diff changeset	1138 processed = true;
96a9758165cd Initial revision carl parents: diff changeset	1139 } break;
96a9758165cd Initial revision carl parents: diff changeset	1140
96a9758165cd Initial revision carl parents: diff changeset	1141 case include: {
96a9758165cd Initial revision carl parents: diff changeset	1142 char *fn = next_token(delim);
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1143 if (ok_to_include(dc, fn)) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1144 load_conf(dc, fn);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1145 processed = true;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1146 }
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1147 } break;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1148
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1149 case includedcc: {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1150 char *name = next_token(delim);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1151 if (!name) break;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1152 char *fn = next_token(delim);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1153 if (ok_to_include(dc, fn)) {
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1154 load_conf_dcc(dc, name, fn);
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1155 processed = true;
0 96a9758165cd Initial revision carl parents: diff changeset	1156 }
96a9758165cd Initial revision carl parents: diff changeset	1157 } break;
96a9758165cd Initial revision carl parents: diff changeset	1158
96a9758165cd Initial revision carl parents: diff changeset	1159 default: {
96a9758165cd Initial revision carl parents: diff changeset	1160 } break;
96a9758165cd Initial revision carl parents: diff changeset	1161 }
96a9758165cd Initial revision carl parents: diff changeset	1162 if (!processed) {
96a9758165cd Initial revision carl parents: diff changeset	1163 pthread_mutex_lock(&syslog_mutex);
96a9758165cd Initial revision carl parents: diff changeset	1164 openlog("dnsbl", LOG_PID, LOG_MAIL);
96a9758165cd Initial revision carl parents: diff changeset	1165 syslog(LOG_ERR, "ignoring file %s line %d : %s\n", fn, curline, orig);
96a9758165cd Initial revision carl parents: diff changeset	1166 closelog();
96a9758165cd Initial revision carl parents: diff changeset	1167 pthread_mutex_unlock(&syslog_mutex);
96a9758165cd Initial revision carl parents: diff changeset	1168 }
96a9758165cd Initial revision carl parents: diff changeset	1169 }
96a9758165cd Initial revision carl parents: diff changeset	1170 }
96a9758165cd Initial revision carl parents: diff changeset	1171 is.close();
96a9758165cd Initial revision carl parents: diff changeset	1172 }
96a9758165cd Initial revision carl parents: diff changeset	1173
96a9758165cd Initial revision carl parents: diff changeset	1174
96a9758165cd Initial revision carl parents: diff changeset	1175 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	1176 // reload the config
96a9758165cd Initial revision carl parents: diff changeset	1177 //
96a9758165cd Initial revision carl parents: diff changeset	1178 static CONFIG* new_conf();
96a9758165cd Initial revision carl parents: diff changeset	1179 static CONFIG* new_conf() {
96a9758165cd Initial revision carl parents: diff changeset	1180 CONFIG *newc = new CONFIG;
29 4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	1181 pthread_mutex_lock(&config_mutex);
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	1182 newc->generation = generation++;
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	1183 pthread_mutex_unlock(&config_mutex);
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	1184 char buf[200];
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	1185 snprintf(buf, sizeof(buf), "loading configuration generation %d", newc->generation);
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	1186 my_syslog(buf);
0 96a9758165cd Initial revision carl parents: diff changeset	1187 load_conf(*newc, "dnsbl.conf");
96a9758165cd Initial revision carl parents: diff changeset	1188 newc->load_time = time(NULL);
96a9758165cd Initial revision carl parents: diff changeset	1189 return newc;
96a9758165cd Initial revision carl parents: diff changeset	1190 }
96a9758165cd Initial revision carl parents: diff changeset	1191
96a9758165cd Initial revision carl parents: diff changeset	1192
96a9758165cd Initial revision carl parents: diff changeset	1193 ////////////////////////////////////////////////
96a9758165cd Initial revision carl parents: diff changeset	1194 // thread to watch the old config files for changes
96a9758165cd Initial revision carl parents: diff changeset	1195 // and reload when needed. we also cleanup old
96a9758165cd Initial revision carl parents: diff changeset	1196 // configs whose reference count has gone to zero.
96a9758165cd Initial revision carl parents: diff changeset	1197 //
96a9758165cd Initial revision carl parents: diff changeset	1198 static void* config_loader(void *arg);
96a9758165cd Initial revision carl parents: diff changeset	1199 static void* config_loader(void *arg) {
96a9758165cd Initial revision carl parents: diff changeset	1200 typedef set<CONFIG *> configp_set;
96a9758165cd Initial revision carl parents: diff changeset	1201 configp_set old_configs;
18 041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1202 while (loader_run) {
0 96a9758165cd Initial revision carl parents: diff changeset	1203 sleep(180); // look for modifications every 3 minutes
18 041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1204 if (!loader_run) break;
0 96a9758165cd Initial revision carl parents: diff changeset	1205 CONFIG &dc = *config;
96a9758165cd Initial revision carl parents: diff changeset	1206 time_t then = dc.load_time;
96a9758165cd Initial revision carl parents: diff changeset	1207 struct stat st;
96a9758165cd Initial revision carl parents: diff changeset	1208 bool reload = false;
96a9758165cd Initial revision carl parents: diff changeset	1209 for (string_list::iterator i=dc.config_files.begin(); i!=dc.config_files.end(); i++) {
96a9758165cd Initial revision carl parents: diff changeset	1210 char fn = i;
96a9758165cd Initial revision carl parents: diff changeset	1211 if (stat(fn, &st)) reload = true; // file disappeared
96a9758165cd Initial revision carl parents: diff changeset	1212 else if (st.st_mtime > then) reload = true; // file modified
96a9758165cd Initial revision carl parents: diff changeset	1213 if (reload) break;
96a9758165cd Initial revision carl parents: diff changeset	1214 }
96a9758165cd Initial revision carl parents: diff changeset	1215 if (reload) {
96a9758165cd Initial revision carl parents: diff changeset	1216 CONFIG *newc = new_conf();
96a9758165cd Initial revision carl parents: diff changeset	1217 // replace the global config pointer
96a9758165cd Initial revision carl parents: diff changeset	1218 pthread_mutex_lock(&config_mutex);
96a9758165cd Initial revision carl parents: diff changeset	1219 CONFIG *old = config;
96a9758165cd Initial revision carl parents: diff changeset	1220 config = newc;
96a9758165cd Initial revision carl parents: diff changeset	1221 pthread_mutex_unlock(&config_mutex);
96a9758165cd Initial revision carl parents: diff changeset	1222 if (old) old_configs.insert(old);
96a9758165cd Initial revision carl parents: diff changeset	1223 }
96a9758165cd Initial revision carl parents: diff changeset	1224 // now look for old configs with zero ref counts
96a9758165cd Initial revision carl parents: diff changeset	1225 for (configp_set::iterator i=old_configs.begin(); i!=old_configs.end(); ) {
96a9758165cd Initial revision carl parents: diff changeset	1226 CONFIG old = i;
96a9758165cd Initial revision carl parents: diff changeset	1227 if (!old->reference_count) {
29 4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	1228 char buf[200];
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	1229 snprintf(buf, sizeof(buf), "freeing memory for old configuration generation %d", old->generation);
4dfdf33f1db0 add syslog msg freeing memory, use bare tld names without leading period carl parents: 28 diff changeset	1230 my_syslog(buf);
0 96a9758165cd Initial revision carl parents: diff changeset	1231 delete old; // destructor does all the work
96a9758165cd Initial revision carl parents: diff changeset	1232 old_configs.erase(i++);
96a9758165cd Initial revision carl parents: diff changeset	1233 }
96a9758165cd Initial revision carl parents: diff changeset	1234 else i++;
96a9758165cd Initial revision carl parents: diff changeset	1235 }
96a9758165cd Initial revision carl parents: diff changeset	1236 }
18 041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1237 return NULL;
0 96a9758165cd Initial revision carl parents: diff changeset	1238 }
96a9758165cd Initial revision carl parents: diff changeset	1239
96a9758165cd Initial revision carl parents: diff changeset	1240
96a9758165cd Initial revision carl parents: diff changeset	1241 static void usage(char *prog);
96a9758165cd Initial revision carl parents: diff changeset	1242 static void usage(char *prog)
96a9758165cd Initial revision carl parents: diff changeset	1243 {
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	1244 fprintf(stderr, "Usage: %s [-d] [-c] -p socket-addr [-t timeout]\n", prog);
0 96a9758165cd Initial revision carl parents: diff changeset	1245 fprintf(stderr, "where socket-addr is for the connection to sendmail and should be one of\n");
96a9758165cd Initial revision carl parents: diff changeset	1246 fprintf(stderr, " inet:port@local-ip-address\n");
96a9758165cd Initial revision carl parents: diff changeset	1247 fprintf(stderr, " local:local-domain-socket-file-name\n");
9 8c65411cd7ab integration work on url scanner carl parents: 8 diff changeset	1248 fprintf(stderr, "-c will load and dump the config to stdout\n");
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	1249 fprintf(stderr, "-d will add some syslog debug messages\n");
0 96a9758165cd Initial revision carl parents: diff changeset	1250 }
96a9758165cd Initial revision carl parents: diff changeset	1251
96a9758165cd Initial revision carl parents: diff changeset	1252
96a9758165cd Initial revision carl parents: diff changeset	1253 int main(int argc, char**argv)
96a9758165cd Initial revision carl parents: diff changeset	1254 {
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1255 bool check = false;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1256 bool setconn = false;
0 96a9758165cd Initial revision carl parents: diff changeset	1257 int c;
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	1258 const char *args = "p:t:hcd";
0 96a9758165cd Initial revision carl parents: diff changeset	1259 extern char *optarg;
96a9758165cd Initial revision carl parents: diff changeset	1260
96a9758165cd Initial revision carl parents: diff changeset	1261 // Process command line options
96a9758165cd Initial revision carl parents: diff changeset	1262 while ((c = getopt(argc, argv, args)) != -1) {
96a9758165cd Initial revision carl parents: diff changeset	1263 switch (c) {
96a9758165cd Initial revision carl parents: diff changeset	1264 case 'p':
96a9758165cd Initial revision carl parents: diff changeset	1265 if (optarg == NULL \|\| *optarg == '\0') {
96a9758165cd Initial revision carl parents: diff changeset	1266 fprintf(stderr, "Illegal conn: %s\n", optarg);
96a9758165cd Initial revision carl parents: diff changeset	1267 exit(EX_USAGE);
96a9758165cd Initial revision carl parents: diff changeset	1268 }
96a9758165cd Initial revision carl parents: diff changeset	1269 if (smfi_setconn(optarg) == MI_FAILURE) {
96a9758165cd Initial revision carl parents: diff changeset	1270 fprintf(stderr, "smfi_setconn failed\n");
96a9758165cd Initial revision carl parents: diff changeset	1271 exit(EX_SOFTWARE);
96a9758165cd Initial revision carl parents: diff changeset	1272 }
96a9758165cd Initial revision carl parents: diff changeset	1273
96a9758165cd Initial revision carl parents: diff changeset	1274 if (strncasecmp(optarg, "unix:", 5) == 0) unlink(optarg + 5);
96a9758165cd Initial revision carl parents: diff changeset	1275 else if (strncasecmp(optarg, "local:", 6) == 0) unlink(optarg + 6);
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1276 setconn = true;
0 96a9758165cd Initial revision carl parents: diff changeset	1277 break;
96a9758165cd Initial revision carl parents: diff changeset	1278
96a9758165cd Initial revision carl parents: diff changeset	1279 case 't':
96a9758165cd Initial revision carl parents: diff changeset	1280 if (optarg == NULL \|\| *optarg == '\0') {
96a9758165cd Initial revision carl parents: diff changeset	1281 fprintf(stderr, "Illegal timeout: %s\n", optarg);
96a9758165cd Initial revision carl parents: diff changeset	1282 exit(EX_USAGE);
96a9758165cd Initial revision carl parents: diff changeset	1283 }
96a9758165cd Initial revision carl parents: diff changeset	1284 if (smfi_settimeout(atoi(optarg)) == MI_FAILURE) {
96a9758165cd Initial revision carl parents: diff changeset	1285 fprintf(stderr, "smfi_settimeout failed\n");
96a9758165cd Initial revision carl parents: diff changeset	1286 exit(EX_SOFTWARE);
96a9758165cd Initial revision carl parents: diff changeset	1287 }
96a9758165cd Initial revision carl parents: diff changeset	1288 break;
96a9758165cd Initial revision carl parents: diff changeset	1289
3 7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1290 case 'c':
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1291 check = true;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1292 break;
7e1eb343a825 updates to use dcc conf files carl parents: 2 diff changeset	1293
16 2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	1294 case 'd':
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	1295 debug_syslog = true;
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	1296 break;
2ae8d953f1d0 add scanning for bare hostnames carl parents: 14 diff changeset	1297
0 96a9758165cd Initial revision carl parents: diff changeset	1298 case 'h':
96a9758165cd Initial revision carl parents: diff changeset	1299 default:
96a9758165cd Initial revision carl parents: diff changeset	1300 usage(argv[0]);
96a9758165cd Initial revision carl parents: diff changeset	1301 exit(EX_USAGE);
96a9758165cd Initial revision carl parents: diff changeset	1302 }
96a9758165cd Initial revision carl parents: diff changeset	1303 }
5 793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	1304
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	1305 if (check) {
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	1306 CONFIG &dc = *new_conf();
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	1307 dumpit(dc);
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	1308 return 0;
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	1309 }
793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	1310
0 96a9758165cd Initial revision carl parents: diff changeset	1311 if (!setconn) {
96a9758165cd Initial revision carl parents: diff changeset	1312 fprintf(stderr, "%s: Missing required -p argument\n", argv[0]);
96a9758165cd Initial revision carl parents: diff changeset	1313 usage(argv[0]);
96a9758165cd Initial revision carl parents: diff changeset	1314 exit(EX_USAGE);
96a9758165cd Initial revision carl parents: diff changeset	1315 }
5 793ac9cc114d updates to use dcc conf files carl parents: 4 diff changeset	1316
0 96a9758165cd Initial revision carl parents: diff changeset	1317 if (smfi_register(smfilter) == MI_FAILURE) {
96a9758165cd Initial revision carl parents: diff changeset	1318 fprintf(stderr, "smfi_register failed\n");
96a9758165cd Initial revision carl parents: diff changeset	1319 exit(EX_UNAVAILABLE);
96a9758165cd Initial revision carl parents: diff changeset	1320 }
96a9758165cd Initial revision carl parents: diff changeset	1321
96a9758165cd Initial revision carl parents: diff changeset	1322 // switch to background mode
96a9758165cd Initial revision carl parents: diff changeset	1323 if (daemon(1,0) < 0) {
96a9758165cd Initial revision carl parents: diff changeset	1324 fprintf(stderr, "daemon() call failed\n");
96a9758165cd Initial revision carl parents: diff changeset	1325 exit(EX_UNAVAILABLE);
96a9758165cd Initial revision carl parents: diff changeset	1326 }
96a9758165cd Initial revision carl parents: diff changeset	1327
96a9758165cd Initial revision carl parents: diff changeset	1328 // initialize the thread sync objects
96a9758165cd Initial revision carl parents: diff changeset	1329 pthread_mutex_init(&config_mutex, 0);
96a9758165cd Initial revision carl parents: diff changeset	1330 pthread_mutex_init(&syslog_mutex, 0);
96a9758165cd Initial revision carl parents: diff changeset	1331 pthread_mutex_init(&resolve_mutex, 0);
96a9758165cd Initial revision carl parents: diff changeset	1332
96a9758165cd Initial revision carl parents: diff changeset	1333 // load the initial config
96a9758165cd Initial revision carl parents: diff changeset	1334 config = new_conf();
96a9758165cd Initial revision carl parents: diff changeset	1335
96a9758165cd Initial revision carl parents: diff changeset	1336 // only create threads after the fork() in daemon
96a9758165cd Initial revision carl parents: diff changeset	1337 pthread_t tid;
96a9758165cd Initial revision carl parents: diff changeset	1338 if (pthread_create(&tid, 0, config_loader, 0))
96a9758165cd Initial revision carl parents: diff changeset	1339 my_syslog("failed to create config loader thread");
96a9758165cd Initial revision carl parents: diff changeset	1340 if (pthread_detach(tid))
96a9758165cd Initial revision carl parents: diff changeset	1341 my_syslog("failed to detach config loader thread");
96a9758165cd Initial revision carl parents: diff changeset	1342
96a9758165cd Initial revision carl parents: diff changeset	1343 // write the pid
96a9758165cd Initial revision carl parents: diff changeset	1344 const char *pidpath = "/var/run/dnsbl.pid";
96a9758165cd Initial revision carl parents: diff changeset	1345 unlink(pidpath);
96a9758165cd Initial revision carl parents: diff changeset	1346 FILE *f = fopen(pidpath, "w");
96a9758165cd Initial revision carl parents: diff changeset	1347 if (f) {
22 c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1348 #ifdef linux
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1349 // from a comment in the DCC source code:
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1350 // Linux threads are broken. Signals given the
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1351 // original process are delivered to only the
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1352 // thread that happens to have that PID. The
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1353 // sendmail libmilter thread that needs to hear
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1354 // SIGINT and other signals does not, and that breaks
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1355 // scripts that need to stop milters.
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1356 // However, signaling the process group works.
0 96a9758165cd Initial revision carl parents: diff changeset	1357 fprintf(f, "-%d\n", (u_int)getpgrp());
22 c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1358 #else
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1359 fprintf(f, "%d\n", (u_int)getpid());
c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1360 #endif
0 96a9758165cd Initial revision carl parents: diff changeset	1361 fclose(f);
96a9758165cd Initial revision carl parents: diff changeset	1362 }
96a9758165cd Initial revision carl parents: diff changeset	1363
18 041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1364 time_t starting = time(NULL);
041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1365 int rc = smfi_main();
22 c21b888cc175 fix restart code, add ifdef for linux pid issues carl parents: 18 diff changeset	1366 if ((rc != MI_SUCCESS) && (time(NULL) > starting+5*60)) {
18 041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1367 my_syslog("trying to restart after smfi_main()");
041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1368 loader_run = false; // eventually the config loader thread will terminate
041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1369 execvp(argv[0], argv);
041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1370 }
041ea016b684 add scanning for bare hostnames carl parents: 16 diff changeset	1371 exit((rc == MI_SUCCESS) ? 0 : EX_UNAVAILABLE);
0 96a9758165cd Initial revision carl parents: diff changeset	1372 }
8 dbe18921f741 integration work on url scanner carl parents: 5 diff changeset	1373

Mercurial > dnsbl

annotate src/dnsbl.cpp @ 34:fc7f8f3ea90f