Mercurial > dnsbl
comparison src/dnsbl.cpp @ 280:2b77295fb9a7 stable-6-0-37
add limits on unique ip addresses per hour per authenticated user
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Thu, 19 Dec 2013 09:47:00 -0800 |
| parents | 368572c57013 |
| children | e276180647ab |
comparison
equal
deleted
inserted
replaced
| 279:3d894d09c198 | 280:2b77295fb9a7 |
|---|---|
| 193 | 193 |
| 194 | 194 |
| 195 void add_auth_address(const char *user, int &hourly, int &daily, int32_t ip); | 195 void add_auth_address(const char *user, int &hourly, int &daily, int32_t ip); |
| 196 void add_auth_address(const char *user, int &hourly, int &daily, int32_t ip) { | 196 void add_auth_address(const char *user, int &hourly, int &daily, int32_t ip) { |
| 197 pthread_mutex_lock(&rate_mutex); | 197 pthread_mutex_lock(&rate_mutex); |
| 198 auth_addresses::iterator ii = auth_hourly_addresses.find(user); | 198 auth_addresses::iterator i = auth_hourly_addresses.find(user); |
| 199 if (ii == auth_hourly_addresses.end()) { | 199 if (i == auth_hourly_addresses.end()) { |
| 200 user = strdup(user); | |
| 200 auth_hourly_addresses[user] = new int32_t_set; | 201 auth_hourly_addresses[user] = new int32_t_set; |
| 201 auth_hourly_addresses[user]->insert(ip); | 202 auth_hourly_addresses[user]->insert(ip); |
| 202 hourly = 1; | 203 hourly = 1; |
| 203 } | 204 } |
| 204 else { | 205 else { |
| 205 int32_t_set::iterator i = ((*ii).second)->find(ip); | 206 int32_t_set::iterator k = ((*i).second)->find(ip); |
| 206 if (i == ((*ii).second)->end()) ((*ii).second)->insert(ip); | 207 if (k == ((*i).second)->end()) ((*i).second)->insert(ip); |
| 207 hourly = ((*ii).second)->size(); | 208 hourly = ((*i).second)->size(); |
| 208 } | 209 } |
| 209 | 210 |
| 210 auth_addresses::iterator jj = auth_daily_addresses.find(user); | 211 auth_addresses::iterator j = auth_daily_addresses.find(user); |
| 211 if (jj == auth_daily_addresses.end()) { | 212 if (j == auth_daily_addresses.end()) { |
| 213 user = strdup(user); | |
| 212 auth_daily_addresses[user] = new int32_t_set; | 214 auth_daily_addresses[user] = new int32_t_set; |
| 213 auth_daily_addresses[user]->insert(ip); | 215 auth_daily_addresses[user]->insert(ip); |
| 214 daily = 1; | 216 daily = 1; |
| 215 } | 217 } |
| 216 else { | 218 else { |
| 217 int32_t_set::iterator i = ((*jj).second)->find(ip); | 219 int32_t_set::iterator k = ((*j).second)->find(ip); |
| 218 if (i == ((*jj).second)->end()) ((*jj).second)->insert(ip); | 220 if (k == ((*j).second)->end()) ((*j).second)->insert(ip); |
| 219 daily = ((*jj).second)->size(); | 221 daily = ((*j).second)->size(); |
| 220 } | 222 } |
| 221 pthread_mutex_unlock(&rate_mutex); | 223 pthread_mutex_unlock(&rate_mutex); |
| 222 } | 224 } |
| 223 | 225 |
| 224 //////////////////////////////////////////////// | 226 //////////////////////////////////////////////// |
| 1647 if (!loader_run) break; | 1649 if (!loader_run) break; |
| 1648 loop1++; | 1650 loop1++; |
| 1649 loop2++; | 1651 loop2++; |
| 1650 if (loop1 == 20) { | 1652 if (loop1 == 20) { |
| 1651 // three minutes thru each loop, 20 loops per hour | 1653 // three minutes thru each loop, 20 loops per hour |
| 1652 // clear the recipient hourly counts | 1654 // clear the recipient hourly counts and hourly sets of ip connection addresses |
| 1653 pthread_mutex_lock(&rate_mutex); | 1655 pthread_mutex_lock(&rate_mutex); |
| 1654 for (rates::iterator i=rcpt_hourly_counts.begin(); i!=rcpt_hourly_counts.end(); i++) { | 1656 for (rates::iterator i=rcpt_hourly_counts.begin(); i!=rcpt_hourly_counts.end(); i++) { |
| 1655 (*i).second = 0; | 1657 (*i).second = 0; |
| 1656 } | 1658 } |
| 1657 for (auth_addresses::iterator j=auth_hourly_addresses.begin(); j!=auth_hourly_addresses.end(); j++) { | 1659 for (auth_addresses::iterator j=auth_hourly_addresses.begin(); j!=auth_hourly_addresses.end(); j++) { |
| 1658 delete (*j).second; | 1660 delete (*j).second; |
| 1661 (*j).second = new int32_t_set; | |
| 1659 } | 1662 } |
| 1660 pthread_mutex_unlock(&rate_mutex); | 1663 pthread_mutex_unlock(&rate_mutex); |
| 1661 loop1 = 0; | 1664 loop1 = 0; |
| 1662 } | 1665 } |
| 1663 if (loop2 == 480) { | 1666 if (loop2 == 480) { |
| 1664 // three minutes thru each loop, 480 loops per day | 1667 // three minutes thru each loop, 480 loops per day |
| 1665 // clear the recipient daily counts | 1668 // clear the recipient daily counts and daily sets of connection ip addresses |
| 1666 pthread_mutex_lock(&rate_mutex); | 1669 pthread_mutex_lock(&rate_mutex); |
| 1667 for (rates::iterator i=rcpt_daily_counts.begin(); i!=rcpt_daily_counts.end(); i++) { | 1670 for (rates::iterator i=rcpt_daily_counts.begin(); i!=rcpt_daily_counts.end(); i++) { |
| 1668 (*i).second = 0; | 1671 (*i).second = 0; |
| 1669 } | 1672 } |
| 1670 for (auth_addresses::iterator j=auth_daily_addresses.begin(); j!=auth_daily_addresses.end(); j++) { | 1673 for (auth_addresses::iterator j=auth_daily_addresses.begin(); j!=auth_daily_addresses.end(); j++) { |
| 1671 delete (*j).second; | 1674 delete (*j).second; |
| 1675 (*j).second = new int32_t_set; | |
| 1672 } | 1676 } |
| 1673 pthread_mutex_unlock(&rate_mutex); | 1677 pthread_mutex_unlock(&rate_mutex); |
| 1674 loop2 = 0; | 1678 loop2 = 0; |
| 1675 } | 1679 } |
| 1676 CONFIG &dc = *config; | 1680 CONFIG &dc = *config; |