Mercurial > dnsbl
comparison src/context.cpp @ 436:7b072e16bd69 stable-6-0-64
fix syslog for long messages, supress dkim checks for mail from localhost
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Fri, 03 Nov 2017 09:57:13 -0700 |
| parents | 69d33c034a8e |
| children | 1686cb639269 |
comparison
equal
deleted
inserted
replaced
| 435:afd10321eb70 | 436:7b072e16bd69 |
|---|---|
| 1303 } | 1303 } |
| 1304 return false; | 1304 return false; |
| 1305 } | 1305 } |
| 1306 | 1306 |
| 1307 | 1307 |
| 1308 const char *CONTEXT::acceptable_content(recorder &memory, int score, int bulk, const char *queueid, string_set &signers, const char *from, mlfiPriv *priv, string& msg) { | 1308 const char *CONTEXT::acceptable_content(bool local_source, recorder &memory, int score, int bulk, const char *queueid, string_set &signers, const char *from, mlfiPriv *priv, string& msg) { |
| 1309 for (string_set::iterator s=signers.begin(); s!=signers.end(); s++) { | 1309 if (!local_source) { |
| 1310 const char *st = find_dkim_signer(*s); | |
| 1311 // signed by a white listed signer | |
| 1312 if (st == token_white) { | |
| 1313 log(queueid, "whitelisted dkim signer %s", *s); | |
| 1314 return token_white; | |
| 1315 } | |
| 1316 } | |
| 1317 | |
| 1318 DKIMP dk = find_dkim_from(from); | |
| 1319 if (dk) { | |
| 1320 const char *st = dk->action; | |
| 1321 for (string_set::iterator s=signers.begin(); s!=signers.end(); s++) { | 1310 for (string_set::iterator s=signers.begin(); s!=signers.end(); s++) { |
| 1311 const char *st = find_dkim_signer(*s); | |
| 1322 // signed by a white listed signer | 1312 // signed by a white listed signer |
| 1323 if ((st == token_signed_white) && in_signing_set(*s,dk->signer)) { | 1313 if (st == token_white) { |
| 1324 log(queueid, "whitelisted dkim signer %s", *s); | 1314 log(queueid, "whitelisted dkim signer %s", *s); |
| 1325 return token_white; | 1315 return token_white; |
| 1326 } | 1316 } |
| 1327 // signed by the required signer | 1317 } |
| 1328 if ((st == token_require_signed) && in_signing_set(*s,dk->signer)) { | 1318 |
| 1329 log(queueid, "required dkim signer %s", *s); | 1319 DKIMP dk = find_dkim_from(from); |
| 1330 return token_white; | 1320 if (dk) { |
| 1331 } | 1321 const char *st = dk->action; |
| 1322 for (string_set::iterator s=signers.begin(); s!=signers.end(); s++) { | |
| 1323 // signed by a white listed signer | |
| 1324 if ((st == token_signed_white) && in_signing_set(*s,dk->signer)) { | |
| 1325 log(queueid, "whitelisted dkim signer %s", *s); | |
| 1326 return token_white; | |
| 1327 } | |
| 1328 // signed by a required signer | |
| 1329 if ((st == token_require_signed) && in_signing_set(*s,dk->signer)) { | |
| 1330 log(queueid, "required dkim signer %s", *s); | |
| 1331 return token_white; | |
| 1332 } | |
| 1333 // signed by a black listed signer | |
| 1334 if ((st == token_signed_black) && in_signing_set(*s,dk->signer)) { | |
| 1335 char buf[maxlen]; | |
| 1336 snprintf(buf, sizeof(buf), "Mail rejected - dkim signed by %s", *s); | |
| 1337 msg = string(buf); | |
| 1338 return token_black; | |
| 1339 } | |
| 1340 } | |
| 1341 if (st == token_signed_white) { | |
| 1342 // not signed by a white listed signer, but maybe passes strong spf check | |
| 1343 if (resolve_spf(from, ntohl(priv->ip), priv)) { | |
| 1344 log(queueid, "spf pass for %s rather than whitelisted dkim signer", from); | |
| 1345 return token_white; | |
| 1346 } | |
| 1347 } | |
| 1348 if (st == token_require_signed) { | |
| 1349 // not signed by a required signer, but maybe passes strong spf check | |
| 1350 // only check spf if the list of required signers is not a single dot. | |
| 1351 if (strcmp(dk->signer, ".") && resolve_spf(from, ntohl(priv->ip), priv)) { | |
| 1352 log(queueid, "spf pass for %s rather than required dkim signer", from); | |
| 1353 return token_white; | |
| 1354 } | |
| 1355 // todo - we could also check spf for the rfc5321 envelope from domain, | |
| 1356 // if it is dmarc aligned (relaxed) with the rfc5322 header from domain. | |
| 1357 char buf[maxlen]; | |
| 1358 snprintf(buf, sizeof(buf), "Mail rejected - not dkim signed by %s", dk->signer); | |
| 1359 msg = string(buf); | |
| 1360 return token_black; | |
| 1361 } | |
| 1362 } | |
| 1363 | |
| 1364 for (string_set::iterator s=signers.begin(); s!=signers.end(); s++) { | |
| 1365 const char *st = find_dkim_signer(*s); | |
| 1332 // signed by a black listed signer | 1366 // signed by a black listed signer |
| 1333 if ((st == token_signed_black) && in_signing_set(*s,dk->signer)) { | 1367 if (st == token_black) { |
| 1334 char buf[maxlen]; | 1368 char buf[maxlen]; |
| 1335 snprintf(buf, sizeof(buf), "Mail rejected - dkim signed by %s", *s); | 1369 snprintf(buf, sizeof(buf), "Mail rejected - dkim signed by %s", *s); |
| 1336 msg = string(buf); | 1370 msg = string(buf); |
| 1337 return token_black; | 1371 return token_black; |
| 1338 } | 1372 } |
| 1339 } | |
| 1340 if (st == token_signed_white) { | |
| 1341 // not signed by a white signer, but maybe passes strong spf check | |
| 1342 if (resolve_spf(from, ntohl(priv->ip), priv)) { | |
| 1343 log(queueid, "spf pass for %s rather than whitelisted dkim signer", from); | |
| 1344 return token_white; | |
| 1345 } | |
| 1346 } | |
| 1347 if (st == token_require_signed) { | |
| 1348 // not signed by a required signer, but maybe passes strong spf check | |
| 1349 // only check spf if the list of required signers is not a single dot. | |
| 1350 if (strcmp(dk->signer, ".") && resolve_spf(from, ntohl(priv->ip), priv)) { | |
| 1351 log(queueid, "spf pass for %s rather than required dkim signer", from); | |
| 1352 return token_white; | |
| 1353 } | |
| 1354 // todo - we could also check spf for the rfc5321 envelope from domain, | |
| 1355 // if it is dmarc aligned (relaxed) with the rfc5322 header from domain. | |
| 1356 char buf[maxlen]; | |
| 1357 snprintf(buf, sizeof(buf), "Mail rejected - not dkim signed by %s", dk->signer); | |
| 1358 msg = string(buf); | |
| 1359 return token_black; | |
| 1360 } | |
| 1361 } | |
| 1362 | |
| 1363 for (string_set::iterator s=signers.begin(); s!=signers.end(); s++) { | |
| 1364 const char *st = find_dkim_signer(*s); | |
| 1365 // signed by a black listed signer | |
| 1366 if (st == token_black) { | |
| 1367 char buf[maxlen]; | |
| 1368 snprintf(buf, sizeof(buf), "Mail rejected - dkim signed by %s", *s); | |
| 1369 msg = string(buf); | |
| 1370 return token_black; | |
| 1371 } | 1373 } |
| 1372 } | 1374 } |
| 1373 | 1375 |
| 1374 if (spamassassin_limit && (score > spamassassin_limit)) { | 1376 if (spamassassin_limit && (score > spamassassin_limit)) { |
| 1375 char buf[maxlen]; | 1377 char buf[maxlen]; |