Mercurial > dnsbl
comparison src/dnsbl.cpp @ 377:7fd39f029936
reject if dkim signer is listed on surbl
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Sat, 18 Feb 2017 15:06:32 -0800 |
| parents | 9fc05f3a824f |
| children | e42923f8f3fd |
comparison
equal
deleted
inserted
replaced
| 376:7ad7acf60758 | 377:7fd39f029936 |
|---|---|
| 718 } | 718 } |
| 719 } | 719 } |
| 720 return rs; | 720 return rs; |
| 721 } | 721 } |
| 722 | 722 |
| 723 const char *mlfiPriv::check_uribl_signers() { | |
| 724 const char *st; | |
| 725 if (uribl_suffix) { | |
| 726 for (string_set::iterator s=dkim_signers.begin(); s!=dkim_signers.end(); s++) { | |
| 727 if (check_uribl(*this, hosts_uribl, *s, host_uribl)) return host_uribl; | |
| 728 } | |
| 729 } | |
| 730 return NULL; | |
| 731 } | |
| 732 | |
| 723 void mlfiPriv::need_content_filter(CONTEXT &con) { | 733 void mlfiPriv::need_content_filter(CONTEXT &con) { |
| 724 if (!memory) { | 734 if (!memory) { |
| 725 // first recipient that needs content filtering sets | 735 // first recipient that needs content filtering sets |
| 726 // some of the content filtering parameters | 736 // some of the content filtering parameters |
| 727 memory = new recorder(this, con.get_html_tags(), con.get_content_tlds(), con.get_content_tldwilds(), con.get_content_tldnots()); | 737 memory = new recorder(this, con.get_html_tags(), con.get_content_tlds(), con.get_content_tldwilds(), con.get_content_tldnots()); |
| 1626 string msg; | 1636 string msg; |
| 1627 string_set unknowns; | 1637 string_set unknowns; |
| 1628 string_set whites; | 1638 string_set whites; |
| 1629 bool random = false; | 1639 bool random = false; |
| 1630 int limit = 0; | 1640 int limit = 0; |
| 1641 const char *signer = NULL; | |
| 1642 bool checked_signers = false; | |
| 1631 if (priv.dkim_signers.empty()) { | 1643 if (priv.dkim_signers.empty()) { |
| 1632 snprintf(buf, sizeof(buf), "acceptable content from %s signer *", | 1644 snprintf(buf, sizeof(buf), "acceptable content from %s signer *", |
| 1633 (priv.fromaddr) ? priv.fromaddr : token_asterisk); | 1645 (priv.fromaddr) ? priv.fromaddr : token_asterisk); |
| 1634 my_syslog(&priv, buf); | 1646 my_syslog(&priv, buf); |
| 1635 } | 1647 } |
| 1651 // or signed by a dkim signer that we don't like | 1663 // or signed by a dkim signer that we don't like |
| 1652 // or header from requires dkim signer that is missing | 1664 // or header from requires dkim signer that is missing |
| 1653 smfi_delrcpt(ctx, (char*)rcpt); | 1665 smfi_delrcpt(ctx, (char*)rcpt); |
| 1654 } | 1666 } |
| 1655 else if (st == token_unknown) { | 1667 else if (st == token_unknown) { |
| 1656 unknowns.insert(rcpt); | 1668 if (!checked_signers) { |
| 1657 random |= con.get_host_random(); | 1669 signer = priv.check_uribl_signers(); |
| 1658 limit = max(limit, con.get_host_limit()); | 1670 checked_signers = true; |
| 1671 if (signer) { | |
| 1672 snprintf(buf, sizeof(buf), "dkim signer %s on uribl", signer); | |
| 1673 my_syslog(&priv, buf); | |
| 1674 snprintf(buf, sizeof(buf), "Mail rejected - dkim signed by %s", signer); | |
| 1675 msg = string(buf); | |
| 1676 } | |
| 1677 } | |
| 1678 if (signer) { | |
| 1679 // dkim signer is on the uribl | |
| 1680 smfi_delrcpt(ctx, (char*)rcpt); | |
| 1681 } | |
| 1682 else { | |
| 1683 // still unknown | |
| 1684 unknowns.insert(rcpt); | |
| 1685 random |= con.get_host_random(); | |
| 1686 limit = max(limit, con.get_host_limit()); | |
| 1687 } | |
| 1659 } | 1688 } |
| 1660 else if (st == token_white) { | 1689 else if (st == token_white) { |
| 1661 whites.insert(rcpt); | 1690 whites.insert(rcpt); |
| 1662 } | 1691 } |
| 1663 } | 1692 } |