Mercurial > dnsbl
comparison src/context.h @ 278:368572c57013
add limits on unique ip addresses per hour per authenticated user
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Tue, 17 Dec 2013 15:35:23 -0800 |
| parents | a99b6c1f5f67 |
| children | 802e2b779ed1 |
comparison
equal
deleted
inserted
replaced
| 277:7163e9b04bdb | 278:368572c57013 |
|---|---|
| 24 class recorder; | 24 class recorder; |
| 25 | 25 |
| 26 typedef map<const char *, const char *, ltstr> string_map; | 26 typedef map<const char *, const char *, ltstr> string_map; |
| 27 typedef set<int> int_set; | 27 typedef set<int> int_set; |
| 28 typedef set<int32_t> int32_t_set; | 28 typedef set<int32_t> int32_t_set; |
| 29 typedef int32_t_set * int32_t_set_p; | |
| 29 typedef list<SMTP *> smtp_list; | 30 typedef list<SMTP *> smtp_list; |
| 30 typedef DNSBL * DNSBLP; | 31 typedef DNSBL * DNSBLP; |
| 31 typedef DNSWL * DNSWLP; | 32 typedef DNSWL * DNSWLP; |
| 32 typedef VERIFY * VERIFYP; | 33 typedef VERIFY * VERIFYP; |
| 33 typedef WHITELISTER * WHITELISTERP; | 34 typedef WHITELISTER * WHITELISTERP; |
| 38 typedef map<const char *, DNSWLP, ltstr> dnswlp_map; | 39 typedef map<const char *, DNSWLP, ltstr> dnswlp_map; |
| 39 typedef CONTEXT * CONTEXTP; | 40 typedef CONTEXT * CONTEXTP; |
| 40 typedef list<CONTEXTP> context_list; | 41 typedef list<CONTEXTP> context_list; |
| 41 typedef map<const char *, CONTEXTP, ltstr> context_map; | 42 typedef map<const char *, CONTEXTP, ltstr> context_map; |
| 42 typedef map<const char *, int32_t, ltstr> ns_mapper; // name to ipv4 address | 43 typedef map<const char *, int32_t, ltstr> ns_mapper; // name to ipv4 address |
| 43 typedef map<const char *, int, ltstr> rcpt_rates; | 44 typedef map<const char *, int, ltstr> rates; |
| 45 typedef map<const char *, int32_t_set_p, ltstr> auth_addresses; | |
| 44 typedef map<const char *, time_t, ltstr> autowhite_sent; | 46 typedef map<const char *, time_t, ltstr> autowhite_sent; |
| 45 typedef map<const char *, VERIFYP, ltstr> verify_map; | 47 typedef map<const char *, VERIFYP, ltstr> verify_map; |
| 46 typedef map<const char *, WHITELISTERP, ltstr> whitelister_map; | 48 typedef map<const char *, WHITELISTERP, ltstr> whitelister_map; |
| 47 typedef list<DELAYWHITEP> delay_whitelist; | 49 typedef list<DELAYWHITEP> delay_whitelist; |
| 48 | 50 |
| 139 }; | 141 }; |
| 140 | 142 |
| 141 class CONTEXT { | 143 class CONTEXT { |
| 142 CONTEXTP parent; | 144 CONTEXTP parent; |
| 143 const char * name; | 145 const char * name; |
| 144 context_map children; // map child context names to their contexts | 146 context_map children; // map child context names to their contexts |
| 145 string_set env_to; // this context applies to these envelope recipients | 147 string_set env_to; // this context applies to these envelope recipients |
| 146 const char * verify_host; // use this smtp host to verify email addresses | 148 const char * verify_host; // use this smtp host to verify email addresses |
| 147 VERIFYP verifier; // pointer to the verifier structure | 149 VERIFYP verifier; // pointer to the verifier structure |
| 148 const char * generic_regx; // pointer to generic regular expression | 150 const char * generic_regx; // pointer to generic regular expression |
| 149 const char * generic_message; // pointer to generic message with one %s | 151 const char * generic_message; // pointer to generic message with one %s |
| 150 regex_t generic_pattern; // compiled regex pattern | 152 regex_t generic_pattern; // compiled regex pattern |
| 151 const char * white_regx; // pointer to whitelist regular expression | 153 const char * white_regx; // pointer to whitelist regular expression |
| 152 regex_t white_pattern; // compiled regex pattern | 154 regex_t white_pattern; // compiled regex pattern |
| 153 const char * autowhite_file; // file to use for automatic whitelisting | 155 const char * autowhite_file; // file to use for automatic whitelisting |
| 154 WHITELISTERP whitelister; // pointer to the auto whitelister structure | 156 WHITELISTERP whitelister; // pointer to the auto whitelister structure |
| 155 string_map env_from; // map senders to white/black/unknown | 157 string_map env_from; // map senders to white/black/unknown |
| 156 context_map env_from_context; // map senders to a child context | 158 context_map env_from_context; // map senders to a child context |
| 157 const char * env_from_default; // default value for senders that are not found in the map white/black/unknown/inherit | 159 const char * env_from_default; // default value for senders that are not found in the map white/black/unknown/inherit |
| 158 bool content_filtering; // | 160 bool content_filtering; // |
| 159 const char * content_suffix; // for url body filtering based on ip addresses of hostnames in the body | 161 const char * content_suffix; // for url body filtering based on ip addresses of hostnames in the body |
| 160 const char * content_message; // "" | 162 const char * content_message; // "" |
| 161 const char * uribl_suffix; // for uribl body filtering based on hostnames in the body | 163 const char * uribl_suffix; // for uribl body filtering based on hostnames in the body |
| 162 const char * uribl_message; // "" | 164 const char * uribl_message; // "" |
| 163 string_set content_host_ignore;// hosts to ignore for content sbl checking | 165 string_set content_host_ignore; // hosts to ignore for content sbl checking |
| 164 string_set content_tlds; // names that are tlds | 166 string_set content_tlds; // names that are tlds |
| 165 string_set content_tldwilds; // *.names that are tlds | 167 string_set content_tldwilds; // *.names that are tlds |
| 166 string_set content_tldnots; // names that are not tlds | 168 string_set content_tldnots; // names that are not tlds |
| 167 string_set html_tags; // set of valid html tags | 169 string_set html_tags; // set of valid html tags |
| 168 int host_limit; // limit on host names | 170 int host_limit; // limit on host names |
| 169 const char * host_limit_message; // error message for excessive host names | 171 const char * host_limit_message; // error message for excessive host names |
| 170 bool host_random; // pick a random selection of host names rather than error for excessive hosts | 172 bool host_random; // pick a random selection of host names rather than error for excessive hosts |
| 171 int tag_limit; // limit on bad html tags | 173 int tag_limit; // limit on bad html tags |
| 172 const char * tag_limit_message; // error message for excessive bad html tags | 174 const char * tag_limit_message; // error message for excessive bad html tags |
| 173 int spamassassin_limit; // max score from spamassassin | 175 int spamassassin_limit; // max score from spamassassin |
| 174 bool require_match; // require matching context filtering context | 176 bool require_match; // require matching context filtering context |
| 175 bool require_rdns; // require proper rdns on client ip | 177 bool require_rdns; // require proper rdns on client ip |
| 176 bool dcc_greylist; // should we do dcc greylisting? | 178 bool dcc_greylist; // should we do dcc greylisting? |
| 177 int dcc_bulk_threshold; // off = 0, many = 1000 | 179 int dcc_bulk_threshold; // off = 0, many = 1000 |
| 178 dnsblp_map dnsbl_names; // name to dnsbl mapping for lists that are available in this context and children | 180 dnsblp_map dnsbl_names; // name to dnsbl mapping for lists that are available in this context and children |
| 179 dnsblp_list dnsbl_list; // list of dnsbls to be used in this context | 181 dnsblp_list dnsbl_list; // list of dnsbls to be used in this context |
| 180 bool dnsbl_list_parsed; // true iff we have actually parsed a dnsbl_list | 182 bool dnsbl_list_parsed; // true iff we have actually parsed a dnsbl_list |
| 181 dnswlp_map dnswl_names; // name to dnswl mapping for lists that are available in this context and children | 183 dnswlp_map dnswl_names; // name to dnswl mapping for lists that are available in this context and children |
| 182 dnswlp_list dnswl_list; // list of dnswls to be used in this context | 184 dnswlp_list dnswl_list; // list of dnswls to be used in this context |
| 183 bool dnswl_list_parsed; // true iff we have actually parsed a dnswl_list | 185 bool dnswl_list_parsed; // true iff we have actually parsed a dnswl_list |
| 184 int default_rcpt_rate; // if not specified per user | 186 int default_rate_limit; // if not specified per user |
| 185 int rcpt_daily_multiple;// daily multiplier applied to hourly rate | 187 int default_address_limit; // if not specified per user |
| 186 rcpt_rates rcpt_per_hour; // per user limits on number of recipients per hour | 188 int daily_rate_multiple; // daily multiplier applied to hourly rate |
| 189 int daily_address_multiple; // daily multiplier applied to hourly rate | |
| 190 rates rcpt_per_hour; // per user limits on number of recipients per hour | |
| 191 rates addresses_per_hour; // per user limits on number of unique ip address connections per hour | |
| 187 | 192 |
| 188 | 193 |
| 189 public: | 194 public: |
| 190 CONTEXT(CONTEXTP parent_, const char *name_); | 195 CONTEXT(CONTEXTP parent_, const char *name_); |
| 191 ~CONTEXT(); | 196 ~CONTEXT(); |
| 205 void set_whitelister(WHITELISTERP v) {whitelister = v;}; | 210 void set_whitelister(WHITELISTERP v) {whitelister = v;}; |
| 206 void set_autowhite(const char *fn) {autowhite_file = fn;}; | 211 void set_autowhite(const char *fn) {autowhite_file = fn;}; |
| 207 const char* get_autowhite() {return autowhite_file;}; | 212 const char* get_autowhite() {return autowhite_file;}; |
| 208 WHITELISTERP find_autowhite(const char *from, const char *to); | 213 WHITELISTERP find_autowhite(const char *from, const char *to); |
| 209 | 214 |
| 210 void set_default_rate(int limit) {default_rcpt_rate = limit;}; | 215 void set_default_rate_limit(int limit) {default_rate_limit = limit;}; |
| 211 void set_daily_multiple(int multiple) {rcpt_daily_multiple = multiple;}; | 216 void set_default_address_limit(int limit) {default_address_limit = limit;}; |
| 212 void add_rate(const char *user, int limit) {rcpt_per_hour[user] = limit;}; | 217 void set_daily_rate_multiple(int multiple) {daily_rate_multiple = multiple;}; |
| 213 int find_rate(const char *user); | 218 void set_daily_address_multiple(int multiple) {daily_address_multiple = multiple;}; |
| 219 void add_rate_limit(const char *user, int limit) {rcpt_per_hour[user] = limit;}; | |
| 220 void add_address_limit(const char *user, int limit) {addresses_per_hour[user] = limit;}; | |
| 221 int find_rate_limit(const char *user); // recipients per hour/day | |
| 222 int find_address_limit(const char *user); // unique ip address connections per hour/day | |
| 214 bool is_unauthenticated_limited(const char *user); | 223 bool is_unauthenticated_limited(const char *user); |
| 215 int get_daily_multiple() {return rcpt_daily_multiple;}; | 224 int get_daily_rate_multiple() {return daily_rate_multiple;}; |
| 225 int get_daily_address_multiple() {return daily_address_multiple;}; | |
| 216 | 226 |
| 217 void add_to(const char *to) {env_to.insert(to);}; | 227 void add_to(const char *to) {env_to.insert(to);}; |
| 218 void add_from(const char *from, const char *status) {env_from[from] = status;}; | 228 void add_from(const char *from, const char *status) {env_from[from] = status;}; |
| 219 void add_from_context(const char *from, CONTEXTP con) {env_from_context[from] = con;}; | 229 void add_from_context(const char *from, CONTEXTP con) {env_from_context[from] = con;}; |
| 220 void set_from_default(const char *status) {env_from_default = status;}; | 230 void set_from_default(const char *status) {env_from_default = status;}; |