Mercurial > dnsbl
annotate src/spamass.cpp.in @ 172:d3189495ec68 stable-6-0-7
don't do generic rdns filtering on whitelisted recipients
author | carl |
---|---|
date | Thu, 30 Aug 2007 18:50:00 -0700 |
parents | bd33eaccfed8 |
children | a4d313c2460b |
rev | line source |
---|---|
163 | 1 /* |
2 | |
3 Copyright (c) 2007 Carl Byington - 510 Software Group, released under | |
4 the GPL version 3 or any later version at your choice available at | |
5 http://www.gnu.org/licenses/gpl-3.0.txt | |
6 | |
7 Based on spamass-milter by Georg C. F. Greve <greve@gnu.org> | |
8 | |
9 */ | |
10 | |
11 #include "config.h" | |
12 #include "dnsbl.h" | |
13 #include <errno.h> | |
14 #include <fcntl.h> | |
15 #include <poll.h> | |
16 #include <signal.h> | |
17 #include <string> | |
18 #include <sys/types.h> | |
19 #include <sys/wait.h> | |
20 #include <unistd.h> | |
21 | |
22 | |
23 static const char Id[] = "$Id$"; | |
24 | |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
25 char *spamc = "@SPAMC@"; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
26 char *spamc_empty = ""; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
27 bool warnedmacro = false; /* have we logged that we couldn't fetch a macro? */ |
163 | 28 const int maxlen = 1000; // used for snprintf buffers |
29 | |
30 | |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
31 SpamAssassin::SpamAssassin(mlfiPriv *priv_, int ip, char *helo_, char *from, char *qid) |
163 | 32 { |
33 error = false; | |
34 running = false; | |
35 first_recipient = true; | |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
36 priv = priv_; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
37 ip4 = ip; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
38 helo = helo_; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
39 envfrom = from; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
40 queueid = qid; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
41 pid = 0; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
42 pipe_io[0][0] = -1; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
43 pipe_io[0][1] = -1; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
44 pipe_io[1][0] = -1; |
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
45 pipe_io[1][1] = -1; |
163 | 46 } |
47 | |
48 | |
49 SpamAssassin::~SpamAssassin() | |
50 { | |
51 // close all pipes that are still open | |
52 if (pipe_io[0][0] > -1) close(pipe_io[0][0]); | |
53 if (pipe_io[0][1] > -1) close(pipe_io[0][1]); | |
54 if (pipe_io[1][0] > -1) close(pipe_io[1][0]); | |
55 if (pipe_io[1][1] > -1) close(pipe_io[1][1]); | |
56 // child still running? | |
57 if (running) { | |
58 // make sure the pid is valid | |
59 if (pid > 0) { | |
60 // slaughter child | |
61 kill(pid, SIGKILL); | |
62 // wait for child to terminate | |
63 int status; | |
64 waitpid(pid, &status, 0); | |
65 } | |
66 } | |
67 } | |
68 | |
69 | |
70 void SpamAssassin::mlfi_envrcpt(SMFICTX *ctx, char *envrcpt) | |
71 { | |
72 if (first_recipient) { | |
73 /* Send the envelope headers as X-Envelope-From: and | |
74 X-Envelope-To: so that SpamAssassin can use them in its | |
75 whitelist checks. Also forge as complete a dummy | |
76 Received: header as possible because SA gets a lot of | |
77 info from it. | |
78 | |
79 HReceived: $?sfrom $s $.$?_($?s$|from $.$_) | |
80 $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.) | |
81 $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version} | |
82 (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u | |
83 for $u; $|; | |
84 $.$b$?g | |
85 (envelope-from $g)$. | |
86 | |
87 */ | |
88 const char *macro_b, *macro_i, *macro_j, *macro_r, | |
89 *macro_s, *macro_v, *macro_Z, *macro__; | |
90 char date[32]; | |
91 time_t tval; | |
92 time(&tval); | |
93 strftime(date, sizeof(date), "%a, %d %b %Y %H:%M:%S %z", localtime(&tval)); | |
94 macro_b = date; | |
95 | |
168 | 96 // queue ID |
163 | 97 macro_i = queueid; |
98 | |
168 | 99 // FQDN of this site |
100 macro_j = getorwarnmacro(ctx, "j", "localhost", "ENVRCPT"); | |
163 | 101 |
170 | 102 // Protocol used to receive the message, not really needed by spam assassin |
103 macro_r = "SMTP"; | |
163 | 104 |
170 | 105 // helo value we already have |
163 | 106 macro_s = helo; |
107 | |
170 | 108 // Sendmail binary version, not really needed by spam assassin |
109 macro_v = "8.13.0"; | |
163 | 110 |
170 | 111 // Sendmail .cf version, not really needed by spam assassin |
112 macro_Z = "8.13.0"; | |
163 | 113 |
168 | 114 // Validated sending site's address |
170 | 115 macro__ = getorwarnmacro(ctx, "_", "unknown", "ENVRCPT"); |
163 | 116 |
117 output(string("Received: from ") + macro_s + " (" + macro__+ ")\r\n\t" + | |
118 "by " + macro_j + " (" + macro_v + "/" + macro_Z + ") with " + macro_r + " id " + macro_i + "\r\n\t" + | |
119 "for " + envfrom + ";\r\n\t" + | |
120 macro_b + "\r\n"); | |
121 | |
122 output(string("X-Envelope-From: ") + envfrom + "\r\n"); | |
123 } | |
124 output(string("X-Envelope-To: ") + envrcpt + "\r\n"); | |
125 first_recipient = false; | |
126 } | |
127 | |
128 | |
129 void SpamAssassin::mlfi_header(char* headerf, char* headerv) | |
130 { | |
131 if (!running) Connect(); | |
132 output(spamc_input); | |
133 output(headerf); | |
134 output(": "); | |
135 output(headerv); | |
136 output("\r\n"); | |
137 spamc_input.empty(); | |
138 } | |
139 | |
140 | |
141 void SpamAssassin::mlfi_eoh() | |
142 { | |
143 output("\r\n"); | |
144 } | |
145 | |
146 | |
147 void SpamAssassin::mlfi_body(u_char *bodyp, size_t bodylen) | |
148 { | |
149 output((char *)bodyp, bodylen); | |
150 } | |
151 | |
152 | |
153 int SpamAssassin::mlfi_eom() | |
154 { | |
155 close_output(); // signal EOF to SpamAssassin | |
156 input(); // read what the Assassin is telling us | |
157 my_syslog(priv, "spamc returned " + spamc_output); | |
158 return atoi(spamc_output.c_str()); | |
159 } | |
160 | |
161 | |
162 void SpamAssassin::Connect() | |
163 { | |
164 if (error) return; | |
165 // set up pipes for in- and output | |
166 error |= (pipe(pipe_io[0])); | |
167 error |= (pipe(pipe_io[1])); | |
168 if (error) return; | |
169 | |
170 // now execute SpamAssassin client for contact with SpamAssassin spamd | |
171 // start child process | |
172 pid = fork(); | |
173 switch (pid) { | |
174 case -1: | |
175 // forking trouble. | |
176 my_syslog(priv, "unable to fork for spamc"); | |
177 error = true; | |
178 close(pipe_io[0][0]); | |
179 close(pipe_io[0][1]); | |
180 close(pipe_io[1][0]); | |
181 close(pipe_io[1][1]); | |
182 pipe_io[0][0] = -1; | |
183 pipe_io[0][1] = -1; | |
184 pipe_io[1][0] = -1; | |
185 pipe_io[1][1] = -1; | |
186 return; | |
187 case 0: | |
188 // +++ CHILD +++ | |
189 | |
190 // close unused pipes | |
191 close(pipe_io[1][0]); | |
192 close(pipe_io[0][1]); | |
193 | |
194 // redirect stdin(0), stdout(1) and stderr(2) | |
195 dup2(pipe_io[0][0],0); | |
196 dup2(pipe_io[1][1],1); | |
197 dup2(pipe_io[1][1],2); | |
198 | |
199 closeall(3); | |
200 | |
201 // execute spamc | |
202 char* argv[3]; | |
167
9b129ed78d7d
actually use spamassassin result, allow build without spam assassin, only call it if some recipient needs it.
carl
parents:
164
diff
changeset
|
203 argv[0] = spamc; |
163 | 204 argv[1] = "-c"; |
205 argv[2] = NULL; | |
206 execvp(argv[0] , argv); // does not return! | |
207 _exit(1); // exec failed | |
208 break; | |
209 } | |
210 | |
211 // +++ PARENT +++ | |
212 | |
213 // close unused pipes | |
214 close(pipe_io[0][0]); | |
215 close(pipe_io[1][1]); | |
216 pipe_io[0][0] = -1; | |
217 pipe_io[1][1] = -1; | |
218 | |
219 // mark the pipes non-blocking | |
220 if (fcntl(pipe_io[0][1], F_SETFL, O_NONBLOCK) == -1) | |
221 error = true; | |
222 #if 0 /* don't really need to make the sink pipe nonblocking */ | |
223 if (fcntl(pipe_io[1][0], F_SETFL, O_NONBLOCK) == -1) | |
224 error = true; | |
225 #endif | |
226 | |
227 // we have to assume the client is running now. | |
228 running = true; | |
229 } | |
230 | |
231 | |
232 void SpamAssassin::output(const char* buffer, size_t size) | |
233 { | |
234 // if there are problems, fail. | |
235 if (error) return; | |
236 | |
237 if (!running) { | |
238 // buffer it | |
239 spamc_input.append(buffer, size); | |
240 return; | |
241 } | |
242 | |
243 // send to SpamAssassin | |
244 long total = 0; | |
245 long wsize = 0; | |
246 string reason; | |
247 int status; | |
248 do { | |
249 struct pollfd fds[2]; | |
250 int nfds = 2, nready; | |
251 fds[0].fd = pipe_io[0][1]; | |
252 fds[0].events = POLLOUT; | |
253 fds[0].revents = 0; | |
254 fds[1].fd = pipe_io[1][0]; | |
255 fds[1].events = POLLIN; | |
256 fds[1].revents = 0; | |
257 | |
258 nready = poll(fds, nfds, 1000); | |
259 if (nready == -1) { | |
260 my_syslog(priv, "poll failed"); | |
261 error = true; | |
262 return; | |
263 } | |
264 | |
265 if (fds[1].revents & (POLLERR|POLLNVAL|POLLHUP)) { | |
266 my_syslog(priv, "poll says my read pipe is busted"); | |
267 error = true; | |
268 return; | |
269 } | |
270 | |
271 if (fds[0].revents & (POLLERR|POLLNVAL|POLLHUP)) { | |
272 my_syslog(priv, "poll says my write pipe is busted"); | |
273 error = true; | |
274 return; | |
275 } | |
276 | |
277 if (fds[1].revents & POLLIN) { | |
278 read_pipe(); | |
279 } | |
280 | |
281 if (fds[0].revents & POLLOUT) { | |
282 switch(wsize = write(pipe_io[0][1], (char *)buffer + total, size - total)) { | |
283 case -1: | |
284 if (errno == EAGAIN) continue; | |
285 reason = string(strerror(errno)); | |
286 // close the pipes | |
287 close(pipe_io[0][1]); | |
288 close(pipe_io[1][0]); | |
289 pipe_io[0][1] = -1; | |
290 pipe_io[1][0] = -1; | |
291 // Slaughter child | |
292 kill(pid, SIGKILL); | |
293 // wait for child to terminate | |
294 waitpid(pid, &status, 0); | |
295 my_syslog(priv, "write error: " + reason); | |
296 error = true; | |
297 running = false; | |
298 return; | |
299 default: | |
300 total += wsize; | |
301 break; | |
302 } | |
303 } | |
304 } while ( total < size ); | |
305 } | |
306 | |
307 | |
308 void SpamAssassin::output(const char* buffer) | |
309 { | |
310 output(buffer, strlen(buffer)); | |
311 } | |
312 | |
313 | |
314 void SpamAssassin::output(string buffer) | |
315 { | |
316 output(buffer.c_str(), buffer.size()); | |
317 } | |
318 | |
319 | |
320 void SpamAssassin::close_output() | |
321 { | |
322 if (close(pipe_io[0][1])) | |
323 my_syslog(priv, "close error: " + string(strerror(errno))); | |
324 pipe_io[0][1] = -1; | |
325 } | |
326 | |
327 | |
328 void SpamAssassin::input() | |
329 { | |
330 if (!running || error) return; | |
331 empty_and_close_pipe(); | |
332 if (running) { | |
333 // wait until child is dead | |
334 int status; | |
335 if (waitpid(pid, &status, 0) < 0) { | |
336 error = true; | |
337 }; | |
338 } | |
339 running = false; | |
340 } | |
341 | |
342 | |
343 int SpamAssassin::read_pipe() | |
344 { | |
345 long size; | |
346 int status; | |
347 char iobuff[1024]; | |
348 string reason; | |
349 | |
350 if (pipe_io[1][0] == -1) return 0; | |
351 | |
352 size = read(pipe_io[1][0], iobuff, 1024); | |
353 | |
354 if (size < 0) { | |
355 reason = string(strerror(errno)); | |
356 // Close remaining pipe. | |
357 close(pipe_io[1][0]); | |
358 pipe_io[1][0] = -1; | |
359 // Slaughter child | |
360 kill(pid, SIGKILL); | |
361 // wait for child to terminate | |
362 waitpid(pid, &status, 0); | |
363 my_syslog(priv, "read error: " + reason); | |
364 size = 0; | |
365 error = true; | |
366 running = false; | |
367 } else if (size == 0) { | |
368 // EOF. Close the pipe | |
369 if (close(pipe_io[1][0])) { | |
370 error = true; | |
371 my_syslog(priv, "close error: " + string(strerror(errno))); | |
372 } | |
373 pipe_io[1][0] = -1; | |
374 } else { | |
375 // append to mail buffer | |
376 spamc_output.append(iobuff, size); | |
377 } | |
378 return size; | |
379 } | |
380 | |
381 | |
382 void SpamAssassin::empty_and_close_pipe() | |
383 { | |
384 while (read_pipe()) | |
385 ; | |
386 } | |
387 | |
388 | |
389 void SpamAssassin::closeall(int fd) | |
390 { | |
391 int fdlimit = sysconf(_SC_OPEN_MAX); | |
392 while (fd < fdlimit) | |
393 close(fd++); | |
394 } | |
395 | |
396 | |
168 | 397 char *SpamAssassin::getorwarnmacro(SMFICTX *ctx, char *macro, char *def, char *scope) |
398 { | |
399 char *rc = smfi_getsymval(ctx, macro); | |
400 if (!rc) { | |
401 rc = def; | |
402 warnmacro(macro, scope); | |
403 } | |
404 return rc; | |
405 } | |
406 | |
407 | |
163 | 408 void SpamAssassin::warnmacro(char *macro, char *scope) |
409 { | |
410 if (warnedmacro) return; | |
411 char buf[maxlen]; | |
412 snprintf(buf, sizeof(buf), "Could not retrieve sendmail macro %s. Add it to confMILTER_MACROS_%s for better results.", macro, scope); | |
413 my_syslog(priv, buf); | |
414 warnedmacro = true; | |
415 } | |
416 |