dnsbl: src/dnsbl.cpp comparison

comparison src/dnsbl.cpp @ 24:2e23b7184d2b

start coding for bad html tag detection

author	carl
date	Wed, 19 May 2004 21:40:50 -0700
parents	06de5ab6a232
children	fdae7ab30cfc

comparison

equal deleted inserted replaced

-:06de5ab6a232
+:2e23b7184d2b
 from_map    env_from;
 string_map  env_to_dnsbll;      // map recipient to a named dnsbll
 string_map  env_to_chkfrom;     // map recipient to a named from map
 char *      content_suffix;     // for sbl url body filtering
 char *      content_message;    // ""
+char *      limit_message;      // error message for excessive bad html tags
+int         bad_tag_limit;      // limit on bad html tags
+string_set  html_tags;          // set of valid html tags
 CONFIG();
 ~CONFIG();
 };
 CONFIG::CONFIG() {
 reference_count = 0;
 load_time       = 0;
 content_suffix  = NULL;
 content_message = NULL;
+limit_message   = NULL;
+bad_tag_limit   = 0;
 }
 CONFIG::~CONFIG() {
 for (dnsblp_map::iterator i=dnsbls.begin(); i!=dnsbls.end(); i++) {
 DNSBLP d = (*i).second;
+// delete the underlying DNSBL objects.
 delete d;
 }
 for (dnsbllp_map::iterator i=dnsblls.begin(); i!=dnsblls.end(); i++) {
 DNSBLLP d = (*i).second;
+// *d is a list of pointers to DNSBL objects, but
+// the underlying objects have already been deleted above.
 delete d;
 }
 for (from_map::iterator i=env_from.begin(); i!=env_from.end(); i++) {
 string_map *d = (*i).second;
 delete d;
 // message specific data
 char    *mailaddr;      // envelope from value
 bool    authenticated;  // client authenticated? if so, suppress all dnsbl checks
 bool    have_whites;    // have at least one whitelisted recipient? need to accept content and remove all non-whitelisted recipients if it fails
 bool    only_whites;    // every recipient is whitelisted?
+string_set  non_whites; // remember the non-whitelisted recipients so we can remove them if need be
+recorder    *memory;    // memory for the content scanner
 url_scanner *scanner;   // object to handle body scanning
-string_set  non_whites; // remember the non-whitelisted recipients so we can remove them if need be
-string_set  hosts;      // remember the hosts that we have checked
 mlfiPriv();
 ~mlfiPriv();
 void reset(bool final = false); // for a new message
 };
 mlfiPriv::mlfiPriv() {
 ip            = 0;
 mailaddr      = NULL;
 authenticated = false;
 have_whites   = false;
 only_whites   = true;
-scanner       = new url_scanner(&hosts);
+memory        = new recorder(&pc->html_tags);
+scanner       = new url_scanner(memory);
 }
 mlfiPriv::~mlfiPriv() {
 pthread_mutex_lock(&config_mutex);
 pc->reference_count--;
 pthread_mutex_unlock(&config_mutex);
 reset(true);
 }
 void mlfiPriv::reset(bool final) {
 if (mailaddr) free(mailaddr);
+discard(non_whites);
+delete memory;
 delete scanner;
-discard(non_whites);
-discard(hosts);
 if (!final) {
 mailaddr      = NULL;
 authenticated = false;
 have_whites   = false;
 only_whites   = true;
-scanner       = new url_scanner(&hosts);
+memory        = new recorder(&pc->html_tags);
+scanner       = new url_scanner(memory);
 }
 }
 #define MLFIPRIV    ((struct mlfiPriv *) smfi_getpriv(ctx))
 static status check_hosts(mlfiPriv &priv, char *&host, int &ip);
 static status check_hosts(mlfiPriv &priv, char *&host, int &ip) {
 CONFIG     &dc   = *priv.pc;
 if (!dc.content_suffix) return oksofar;
 int count = 0;
-for (string_set::iterator i=priv.hosts.begin(); i!=priv.hosts.end(); i++) {
+for (string_set::iterator i=priv.memory->hosts.begin(); i!=priv.memory->hosts.end(); i++) {
 count++;
 if (count > 20) return oksofar; // silly to check too many hosts
 host = *i;
 if (debug_syslog) {
 char buf[200];
 }
 status st = check_single(ip, dc.content_suffix);
 if (st == reject) return st;
 }
 }
+host = NULL;
+int bad = priv.memory->bad_html_tags;
+int lim = priv.pc->bad_tag_limit;
+if ((bad > lim) && (lim > 0)) return reject;
 return oksofar;
 }
 ////////////////////////////////////////////////
 priv.only_whites   ||
 (check_hosts(priv, host, ip) == oksofar)) rc = SMFIS_CONTINUE;
 else {
 if (!priv.have_whites) {
 // can reject the entire message
-char adr[sizeof "255.255.255.255"];
-adr[0] = '\0';
-inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
 char buf[2000];
-snprintf(buf, sizeof(buf), priv.pc->content_message, host, adr);
+if (!host) {
+// must be rejected due to excessive bad html tags
+snprintf(buf, sizeof(buf), priv.pc->limit_message);
+}
+else {
+char adr[sizeof "255.255.255.255"];
+adr[0] = '\0';
+inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
+snprintf(buf, sizeof(buf), priv.pc->content_message, host, adr);
+}
 smfi_setreply(ctx, "550", "5.7.1", buf);
 rc = SMFIS_REJECT;
 }
 else {
 // need to accept it but remove the recipients that don't want it
 }
 fprintf(stdout, "\n");
 }
 if (dc.content_suffix) {
 fprintf(stdout, "\ncontent filtering enabled with %s %s\n", dc.content_suffix, dc.content_message);
+}
+if (dc.bad_tag_limit) {
+fprintf(stdout, "\ncontent filtering for excessive html tags enabled with limit %d %s\n", dc.bad_tag_limit, dc.limit_message);
 }
 fprintf(stdout, "\nfiles\n");
 for (string_list::iterator i=dc.config_files.begin(); i!=dc.config_files.end(); i++) {
 char *f = *i;
 fprintf(stdout, "config includes %s\n", f);
 static void load_conf(CONFIG &dc, char *fn);
 static void load_conf(CONFIG &dc, char *fn) {
 dc.config_files.push_back(fn);
 map<char*, int, ltstr> commands;
-enum {dummy, content, dnsbl, dnsbll, envfrom, envto, include, includedcc};
+enum {dummy, content, htmllimit, htmltag, dnsbl, dnsbll, envfrom, envto, include, includedcc};
 commands["content"    ] = content;
+commands["html_limit" ] = htmllimit;
+commands["html_tag"   ] = htmltag;
 commands["dnsbl"      ] = dnsbl;
 commands["dnsbl_list" ] = dnsbll;
 commands["env_from"   ] = envfrom;
 commands["env_to"     ] = envto;
 commands["include"    ] = include;
 // have a decent command
 bool processed = false;
 switch (commands[cmd]) {
 case content: {
 char *suff = strtok(NULL, delim);
-if (!suff) break;                           // no dns suffic
+if (!suff) break;                           // no dns suffix
 char *msg = suff + strlen(suff);
 if ((msg - line) >= strlen(orig)) break;    // line ended with the dns suffix
 msg  = strchr(msg+1, '\'');
 if (!msg) break;                            // no reply message template
 msg++; // move over the leading '
 char *last = strchr(msg, '\'');
 if (!last) break;                           // no trailing quote
 *last = '\0';                               // make it a null terminator
 dc.content_suffix  = register_string(suff);
 dc.content_message = register_string(msg);
+processed = true;
+} break;
+case htmllimit: {
+char *limit = strtok(NULL, delim);
+if (!limit) break;                          // no integer limit
+char *msg = limit + strlen(limit);
+if ((msg - line) >= strlen(orig)) break;    // line ended with the limit
+msg  = strchr(msg+1, '\'');
+if (!msg) break;                            // no reply message template
+msg++; // move over the leading '
+if ((msg - line) >= strlen(orig)) break;    // line ended with the leading quote
+char *last = strchr(msg, '\'');
+if (!last) break;                           // no trailing quote
+*last = '\0';                               // make it a null terminator
+dc.bad_tag_limit = atoi(limit);
+dc.limit_message = register_string(msg);
+processed = true;
+} break;
+case htmltag: {
+char *tag = next_token(delim);
+if (!tag) break;                            // no html tag value
+dc.html_tags.insert(tag);
 processed = true;
 } break;
 case dnsbl: {
 // have a new dnsbl to use

Mercurial > dnsbl

comparison src/dnsbl.cpp @ 24:2e23b7184d2b