Mercurial > dnsbl

comparison src/dnsbl.cpp @ 342:6d27b4f45799

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
author Carl Byington <carl@five-ten-sg.com>
date Fri, 23 Dec 2016 07:19:39 -0800
parents be776a246f97
children 891281cb6d3d
comparison
equal deleted inserted replaced
341:958f37cbb3ab 342:6d27b4f45799
1239 DNSBLP rejectlist = NULL; // list that caused the reject 1239 DNSBLP rejectlist = NULL; // list that caused the reject
1240 mlfiPriv &priv = *MLFIPRIV; 1240 mlfiPriv &priv = *MLFIPRIV;
1241 CONFIG &dc = *priv.pc; 1241 CONFIG &dc = *priv.pc;
1242 const char *rcptaddr = rcpt[0]; 1242 const char *rcptaddr = rcpt[0];
1243 const char *loto = to_lower_string(rcptaddr); 1243 const char *loto = to_lower_string(rcptaddr);
1244 bool self = (strcmp(loto, priv.mailaddr) == 0); 1244 bool self = (strcmp(loto, priv.mailaddr) == 0);
1245 const u_char *src = (const u_char *)&priv.ip;
1246 bool local_source = (src[0] == 127);
1247 bool from_root = (strncasecmp(priv.mailaddr, "root@", 5) == 0);
1245 1248
1246 // some version of sendmail allowed rcpt to:<> and passed it thru to the milters 1249 // some version of sendmail allowed rcpt to:<> and passed it thru to the milters
1247 if (strcmp(loto, "<>") == 0) { 1250 if (strcmp(loto, "<>") == 0) {
1248 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"bogus recipient"); 1251 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"bogus recipient");
1249 free((void*)loto); // cppcheck static analysis found memory leak 1252 free((void*)loto); // cppcheck static analysis found memory leak
1289 st = white; 1292 st = white;
1290 } 1293 }
1291 else if (fromvalue == token_black) { 1294 else if (fromvalue == token_black) {
1292 st = black; 1295 st = black;
1293 } 1296 }
1297 else if ((fromvalue == token_white) && (local_source || from_root)) {
1298 st = white;
1299 }
1294 else if ((fromvalue == token_white) && !self) { 1300 else if ((fromvalue == token_white) && !self) {
1295 // whitelisting based on envelope from value, but ignore it if 1301 // whitelisting based on envelope from value, but ignore it if
1296 // we have a dkim requirement for that domain. 1302 // we have a dkim requirement for that domain
1297 const char *domain = strchr(priv.mailaddr, '@'); 1303 const char *domain = strchr(priv.mailaddr, '@');
1298 if (domain) { 1304 if (domain) {
1299 DKIMP dk = con.find_dkim_from(domain+1); 1305 DKIMP dk = con.find_dkim_from(domain+1);
1300 if (dk && (dk->action == token_require_signed)) { 1306 if (dk && (dk->action == token_require_signed)) {
1301 my_syslog(&priv, "dkim require_signed overrides envelope from whitelist"); 1307 my_syslog(&priv, "dkim require_signed overrides envelope from whitelist");
1394 const char *p = strchr(loto, '@'); 1400 const char *p = strchr(loto, '@');
1395 int len = (p) ? p-loto : max_local_size; 1401 int len = (p) ? p-loto : max_local_size;
1396 if (len >= max_local_size) w = NULL; // too big, pretend we don't have a whitelister 1402 if (len >= max_local_size) w = NULL; // too big, pretend we don't have a whitelister
1397 1403
1398 // ignore auto whitelisting from outgoing mail from localhost 1404 // ignore auto whitelisting from outgoing mail from localhost
1399 const u_char *src = (const u_char *)&priv.ip; 1405 if (local_source) w = NULL; // outgoing mail from localhost, pretend we don't have a whitelister
1400 if (src[0] == 127) w = NULL; // outgoing mail from localhost, pretend we don't have a whitelister
1401 1406
1402 // record it if we have a whitelister 1407 // record it if we have a whitelister
1403 if (w) { 1408 if (w) {
1404 DELAYWHITEP dwp = new DELAYWHITE(loto, w, &con2); // dwp takes ownership of the string 1409 DELAYWHITEP dwp = new DELAYWHITE(loto, w, &con2); // dwp takes ownership of the string
1405 priv.delayer.push_back(dwp); 1410 priv.delayer.push_back(dwp);