comparison src/dnsbl.cpp @ 326:5e4b5540c8cc

allow multiple dkim signers in authentication results
author Carl Byington <carl@five-ten-sg.com>
date Sun, 18 Dec 2016 16:51:33 -0800
parents 28b6e0d97c5b
children 51846836ec92
comparison
equal deleted inserted replaced
325:28b6e0d97c5b 326:5e4b5540c8cc
523 helo = NULL; 523 helo = NULL;
524 mailaddr = NULL; 524 mailaddr = NULL;
525 fromaddr = NULL; 525 fromaddr = NULL;
526 header_count = 0; 526 header_count = 0;
527 dkim_ok = true; 527 dkim_ok = true;
528 dkim_signer = NULL;
529 queueid = NULL; 528 queueid = NULL;
530 authenticated = NULL; 529 authenticated = NULL;
531 client_name = NULL; 530 client_name = NULL;
532 client_dns_name = NULL; 531 client_dns_name = NULL;
533 client_dns_forged = false; 532 client_dns_forged = false;
572 delete dwp; 571 delete dwp;
573 delayer.pop_front(); 572 delayer.pop_front();
574 } 573 }
575 if (mailaddr) free((void*)mailaddr); 574 if (mailaddr) free((void*)mailaddr);
576 if (fromaddr) free((void*)fromaddr); 575 if (fromaddr) free((void*)fromaddr);
577 if (dkim_signer) free((void*)dkim_signer);
578 if (queueid) free((void*)queueid); 576 if (queueid) free((void*)queueid);
579 if (authenticated) free((void*)authenticated); 577 if (authenticated) free((void*)authenticated);
580 if (client_name) free((void*)client_name); 578 if (client_name) free((void*)client_name);
581 if (client_dns_name) free((void*)client_dns_name); 579 if (client_dns_name) free((void*)client_dns_name);
580 discard(dkim_signers);
582 discard(hosts_uribl); 581 discard(hosts_uribl);
583 delayer.clear(); 582 delayer.clear();
584 discard(env_to); 583 discard(env_to);
585 if (memory) delete memory; 584 if (memory) delete memory;
586 if (scanner) delete scanner; 585 if (scanner) delete scanner;
591 eom = false; 590 eom = false;
592 mailaddr = NULL; 591 mailaddr = NULL;
593 fromaddr = NULL; 592 fromaddr = NULL;
594 header_count = 0; 593 header_count = 0;
595 dkim_ok = true; 594 dkim_ok = true;
596 dkim_signer = NULL;
597 queueid = NULL; 595 queueid = NULL;
598 authenticated = NULL; 596 authenticated = NULL;
599 client_name = NULL; 597 client_name = NULL;
600 client_dns_name = NULL; 598 client_dns_name = NULL;
601 host_uribl = NULL; 599 host_uribl = NULL;
1472 if (strcasecmp(headerf, "Authentication-Results") != 0) priv.dkim_ok = false; 1470 if (strcasecmp(headerf, "Authentication-Results") != 0) priv.dkim_ok = false;
1473 if (strncasecmp(headerv, token_myhostname, strlen(token_myhostname)) != 0) priv.dkim_ok = false; 1471 if (strncasecmp(headerv, token_myhostname, strlen(token_myhostname)) != 0) priv.dkim_ok = false;
1474 if (priv.dkim_ok) { 1472 if (priv.dkim_ok) {
1475 const int nmatch = 2; 1473 const int nmatch = 2;
1476 regmatch_t match[nmatch]; 1474 regmatch_t match[nmatch];
1477 if (0 == regexec(&dkim_pattern, msg, nmatch, match, 0)) { 1475 while (true) {
1478 int s1 = match[1].rm_so; // domain 1476 if (0 == regexec(&dkim_pattern, msg, nmatch, match, 0)) {
1479 int e1 = match[1].rm_eo; 1477 int s1 = match[1].rm_so; // domain
1480 if (s1 != -1) { 1478 int e1 = match[1].rm_eo;
1481 msg[e1] = '\0'; 1479 if (s1 != -1) {
1482 priv.dkim_signer = strdup(msg+s1); 1480 msg[e1] = '\0';
1481 priv.dkim_signers.insert(strdup(msg+s1));
1482 }
1483 } 1483 }
1484 else break;
1484 } 1485 }
1485 } 1486 }
1486 } 1487 }
1487 if ((priv.header_count > 2) && (strcasecmp(headerf, "from"))) { 1488 if ((priv.header_count > 2) && (strcasecmp(headerf, "from"))) {
1488 const int nmatch = 2; 1489 const int nmatch = 2;
1580 char buf[maxlen]; 1581 char buf[maxlen];
1581 string msg; 1582 string msg;
1582 string_set alive; 1583 string_set alive;
1583 bool random = false; 1584 bool random = false;
1584 int limit = 0; 1585 int limit = 0;
1585 snprintf(buf, sizeof(buf), "acceptable content from %s signer %s", (priv.fromaddr) ? priv.fromaddr : token_asterisk, (priv.dkim_signer) ? priv.dkim_signer : token_asterisk); 1586 if (priv.dkim_signers.empty()) {
1586 my_syslog(&priv, buf); 1587 snprintf(buf, sizeof(buf), "acceptable content from %s signer *",
1588 (priv.fromaddr) ? priv.fromaddr : token_asterisk);
1589 my_syslog(&priv, buf);
1590 }
1591 else {
1592 for (string_set::iterator s=priv.dkim_signers.begin(); s!=priv.dkim_signers.end(); s++) {
1593 snprintf(buf, sizeof(buf), "acceptable content from %s signer %s",
1594 (priv.fromaddr) ? priv.fromaddr : token_asterisk, *s);
1595 my_syslog(&priv, buf);
1596 }
1597 }
1587 1598
1588 for (context_map::iterator i=priv.env_to.begin(); i!=priv.env_to.end(); i++) { 1599 for (context_map::iterator i=priv.env_to.begin(); i!=priv.env_to.end(); i++) {
1589 const char *rcpt = (*i).first; 1600 const char *rcpt = (*i).first;
1590 CONTEXT &con = *((*i).second); 1601 CONTEXT &con = *((*i).second);
1591 if (!con.acceptable_content(*priv.memory, score, bulk, priv.dkim_signer, priv.fromaddr, msg)) { 1602 if (!con.acceptable_content(*priv.memory, score, bulk, priv.dkim_signers, priv.fromaddr, msg)) {
1592 // bad html tags or excessive hosts or 1603 // bad html tags or excessive hosts or
1593 // high spam assassin score or dcc bulk threshold exceedeed 1604 // high spam assassin score or dcc bulk threshold exceedeed
1594 // or signed by a dkim signer that we don't like 1605 // or signed by a dkim signer that we don't like
1595 // or header from requires dkim signer that is missing 1606 // or header from requires dkim signer that is missing
1596 smfi_delrcpt(ctx, (char*)rcpt); 1607 smfi_delrcpt(ctx, (char*)rcpt);