dnsbl: src/dnsbl.cpp comparison

comparison src/dnsbl.cpp @ 76:81f1e400e8ab

start coding on new config syntax

author	carl
date	Sat, 16 Jul 2005 13:47:19 -0700
parents	1142e46be550
children	8487650c98ee

comparison

equal deleted inserted replaced

-:1142e46be550
+:81f1e400e8ab
 -r port  The port used to talk to our internal dns resolver processes
 -p port  The port through which the MTA will connect to this milter.
 -t sec   The timeout value.
 -c       Check the config, and print a copy to stdout. Don't start the
 milter or do anything with the socket.
+-s       Stress test by loading and deleting the current config in a loop.
 -d       Add debug syslog entries
+-e f|t   Print the results of looking up from address f and to address
+t in the current config
 TODO:
-1) Add config for max_recipients for each mail domain. Recipients in
-excess of that limit will be rejected, and the entire data will be
+1) Add option for using smtp connections to verify addresses from backup
-rejected if it is sent.
-2) Add config for poison addresses. If any recipient is poison, all
-recipients are rejected even if they would be whitelisted, and the
-data is rejected if sent.
-3) Add option to only allow one recipient if the return path is empty.
-4) Check if the envelope from domain name primary MX points 127.0.0.0/8
-5) Add option for using smtp connections to verify addresses from backup
 mx machines. This allows the backup mx to learn the valid addresses
 on the primary machine.
 */
 bool debug_syslog  = false;
 bool syslog_opened = false;
 bool use_syslog    = true;  // false to printf
 bool loader_run    = true;  // used to stop the config loader thread
-CONFIG * config = NULL;     // protected by the config_mutex
+CONFIG   *config = NULL;    // protected by the config_mutex
-int  generation = 0;        // protected by the config_mutex
+int   generation = 0;       // protected by the config_mutex
+const int maxlen = 1000;    // used for snprintf buffers
 pthread_mutex_t  config_mutex;
 pthread_mutex_t  syslog_mutex;
 pthread_mutex_t  resolve_mutex;
 pthread_mutex_t  fd_pool_mutex;
 void discard(context_map &cm) {
 for (context_map::iterator i=cm.begin(); i!=cm.end(); i++) {
 char *x = (*i).first;
 free(x);
 }
+cm.clear();
 }
 ////////////////////////////////////////////////
 // helper to register a string in a context_map
 pthread_mutex_lock(&config_mutex);
 pc = config;
 pc->reference_count++;
 pthread_mutex_unlock(&config_mutex);
 get_fd();
-ip            = 0;
+ip                  = 0;
-mailaddr      = NULL;
+mailaddr            = NULL;
-queueid       = NULL;
+queueid             = NULL;
-authenticated = false;
+authenticated       = false;
-have_whites   = false;
+have_whites         = false;
-only_whites   = true;
+only_whites         = true;
-memory        = new recorder(this, pc->get_html_tags(), pc->get_content_tlds());
+memory              = NULL;
-scanner       = new url_scanner(memory);
+scanner             = NULL;
+content_suffix      = NULL;
+content_message     = NULL;
+content_host_ignore = NULL;
 }
 mlfiPriv::~mlfiPriv() {
 return_fd();
 pthread_mutex_lock(&config_mutex);
 pthread_mutex_unlock(&config_mutex);
 reset(true);
 }
 void mlfiPriv::reset(bool final) {
+if (debug_syslog) my_syslog(this, "mlfiPriv::reset");
 if (mailaddr) free(mailaddr);
 if (queueid)  free(queueid);
 discard(env_to);
-delete memory;
+if (memory)  delete memory;
-delete scanner;
+if (scanner) delete scanner;
 if (!final) {
-mailaddr      = NULL;
+mailaddr            = NULL;
-queueid       = NULL;
+queueid             = NULL;
-authenticated = false;
+authenticated       = false;
-have_whites   = false;
+have_whites         = false;
-only_whites   = true;
+only_whites         = true;
-memory        = new recorder(this, pc->get_html_tags(), pc->get_content_tlds());
+memory              = NULL;
-scanner       = new url_scanner(memory);
+scanner             = NULL;
-}
+content_suffix      = NULL;
+content_message     = NULL;
+content_host_ignore = NULL;
+}
+if (debug_syslog) my_syslog("mlfiPriv::reset exit");
 }
 void mlfiPriv::get_fd() {
 err = true;
 fd  = NULL_SOCKET;
 }
 return rs;
 }
 void mlfiPriv::need_content_filter(char *rcpt, CONTEXT &con) {
+if (debug_syslog) my_syslog(this, "need_content_filter");
 register_string(env_to, rcpt, &con);
+if (!memory) {
+// first recipient that needs content filtering sets all
+// the content filtering parameters
+memory        = new recorder(this, con.get_html_tags(), con.get_content_tlds());
+scanner       = new url_scanner(memory);
+content_suffix      = con.get_content_suffix();
+content_message     = con.get_content_message();
+content_host_ignore = &con.get_content_host_ignore();
+}
+if (debug_syslog) my_syslog(this, "need_content_filter exit");
 }
 #define MLFIPRIV    ((struct mlfiPriv *) smfi_getpriv(ctx))
 ////////////////////////////////////////////////
 // syslog a message
 //
 void my_syslog(mlfiPriv *priv, char *text) {
-char buf[1000];
+char buf[maxlen];
 if (priv) {
 snprintf(buf, sizeof(buf), "%s: %s", priv->queueid, text);
 text = buf;
 }
 if (use_syslog) {
 if (!syslog_opened) {
 openlog("dnsbl", LOG_PID, LOG_MAIL);
 syslog_opened = true;
 }
 syslog(LOG_NOTICE, "%s", text);
+closelog();
+syslog_opened = false;
 pthread_mutex_unlock(&syslog_mutex);
 }
 else {
 printf("%s \n", text);
 }
 //
 bool check_hosts(mlfiPriv &priv, bool random, int limit, char *&host, int ip);
 bool check_hosts(mlfiPriv &priv, bool random, int limit, char *&host, int ip) {
 CONFIG     &dc     = *priv.pc;
 string_set &hosts  = priv.memory->get_hosts();
-string_set &ignore = dc.get_content_host_ignore();
+string_set &ignore = *priv.content_host_ignore;
-char       *suffix = dc.get_content_suffix();
+char       *suffix = priv.content_suffix;
 int count = 0;
 int   cnt = hosts.size();   // number of hosts we could look at
 int_set ips;
 ns_map  nameservers;
 // try to only look at limit/cnt fraction of the available cnt host names in random mode
 if ((cnt > limit) && (limit > 0) && random) {
 int r = rand() % cnt;
 if (r >= limit) {
-char buf[1000];
+char buf[maxlen];
 snprintf(buf, sizeof(buf), "host %s skipped", host);
 my_syslog(&priv, buf);
 continue;
 }
 }
 count++;
 ip = dns_interface(priv, host, true, &nameservers);
 if (debug_syslog) {
-char buf[1000];
+char buf[maxlen];
 if (ip) {
 char adr[sizeof "255.255.255.255"];
 adr[0] = '\0';
 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
 snprintf(buf, sizeof(buf), "host %s found at %s", host, adr);
 }
 host = (*i).first;  // a transient reference that needs to be replaced before we return it
 ip   = (*i).second;
 if (!ip) ip = dns_interface(priv, host, false, NULL);
 if (debug_syslog) {
-char buf[200];
+char buf[maxlen];
 if (ip) {
 char adr[sizeof "255.255.255.255"];
 adr[0] = '\0';
 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
 snprintf(buf, sizeof(buf), "ns %s found at %s", host, adr);
 ips.insert(ip);
 if (check_single(priv, ip, suffix)) {
 string_map::iterator j = nameservers.ns_host.find(host);
 if (j != nameservers.ns_host.end()) {
 char *refer = (*j).second;
-char buf[1000];
+char buf[maxlen];
 snprintf(buf, sizeof(buf), "%s with nameserver %s", refer, host);
 host = register_string(hosts, buf);    // put a copy into hosts, and return that reference
 }
 else {
 host = register_string(hosts, host);   // put a copy into hosts, and return that reference
 ////////////////////////////////////////////////
 // start of sendmail milter interfaces
 //
 sfsistat mlfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr)
 {
+if (debug_syslog) my_syslog("mlfi_connect");
 // allocate some private memory
 mlfiPriv *priv = new mlfiPriv;
 if (hostaddr->sa_family == AF_INET) {
 priv->ip = ((struct sockaddr_in *)hostaddr)->sin_addr.s_addr;
 }
 }
 sfsistat mlfi_envfrom(SMFICTX *ctx, char **from)
 {
 mlfiPriv &priv = *MLFIPRIV;
+if (debug_syslog) my_syslog(&priv, "mlfi_envfrom");
 priv.mailaddr      = to_lower_string(from[0]);
 priv.authenticated = (smfi_getsymval(ctx, "{auth_authen}") != NULL);
 return SMFIS_CONTINUE;
 }
 sfsistat mlfi_envrcpt(SMFICTX *ctx, char **rcpt)
 {
 DNSBLP rejectlist = NULL;   // list that caused the reject
 mlfiPriv &priv = *MLFIPRIV;
+if (debug_syslog) my_syslog(&priv, "mlfi_envrcpt");
 CONFIG &dc = *priv.pc;
 if (!priv.queueid) priv.queueid = strdup(smfi_getsymval(ctx, "i"));
 char *rcptaddr  = rcpt[0];
 char *loto      = to_lower_string(rcptaddr);
-CONTEXT     con = *(dc.find_context(loto)->find_context(priv.mailaddr));
+if (debug_syslog) my_syslog(&priv, "finding context");
+CONTEXT    &con = *(dc.find_context(loto)->find_context(priv.mailaddr));
+if (debug_syslog) {
+char buf[maxlen];
+char msg[maxlen];
+snprintf(msg, sizeof(msg), "from <%s> to <%s> using context %s", priv.mailaddr, loto, con.get_full_name(buf,maxlen));
+my_syslog(&priv, msg);
+}
+if (debug_syslog) my_syslog(&priv, "finding from value");
 char *fromvalue = con.find_from(priv.mailaddr);
 free(loto);
 status st;
 if (fromvalue == token_black) {
 st = black;
 else if (fromvalue == token_white) {
 st = white;
 }
 else {
 // check the dns based lists
+if (debug_syslog) my_syslog(&priv, "checking dns lists");
 st = (check_dnsbl(priv, con.get_dnsbl_list(), rejectlist)) ? black : oksofar;
 }
 if (st == reject) {
 // reject the recipient based on some dnsbl
 char adr[sizeof "255.255.255.255"];
 adr[0] = '\0';
 inet_ntop(AF_INET, (const u_char *)&priv.ip, adr, sizeof(adr));
-char buf[2000];
+char buf[maxlen];
 snprintf(buf, sizeof(buf), rejectlist->message, adr, adr);
 smfi_setreply(ctx, "550", "5.7.1", buf);
 return SMFIS_REJECT;
 }
 else if (st == black) {
 smfi_setreply(ctx, "550", "5.7.1", "no such user");
 return SMFIS_REJECT;
 }
 else {
 // accept the recipient
+if (debug_syslog) my_syslog(&priv, "checking content filtering");
 if (!con.get_content_filtering()) st = white;
 if (st == oksofar) {
 // but remember the non-whites
 priv.need_content_filter(rcptaddr, con);
 priv.only_whites = false;
 }
 sfsistat mlfi_body(SMFICTX *ctx, u_char *data, size_t len)
 {
 mlfiPriv &priv = *MLFIPRIV;
+if (debug_syslog) my_syslog(&priv, "mlfi_body");
 if (priv.authenticated)       return SMFIS_CONTINUE;
 if (priv.only_whites)         return SMFIS_CONTINUE;
 priv.scanner->scan(data, len);
 return SMFIS_CONTINUE;
 }
 sfsistat mlfi_eom(SMFICTX *ctx)
 {
+if (debug_syslog) my_syslog("mlfi_eom");
 sfsistat  rc;
 mlfiPriv &priv = *MLFIPRIV;
+if (debug_syslog) my_syslog(&priv, "mlfi_eom");
 CONFIG   &dc   = *priv.pc;
 char     *host = NULL;
 int       ip;
 status    st;
 // process end of message
 if (priv.authenticated || priv.only_whites) rc = SMFIS_CONTINUE;
 else {
+// assert env_to not empty
+char buf[maxlen];
 char *msg = NULL;
 string_set alive;
 bool random = false;
 int  limit  = 0;
 for (context_map::iterator i=priv.env_to.begin(); i!=priv.env_to.end(); i++) {
 alive.insert(rcpt);
 random |= con.get_host_random();
 limit   = max(limit, con.get_host_limit());
 }
 }
-bool rejecting = alive.empty();
+bool rejecting = alive.empty(); // if alive is empty, we must have set msg above in acceptable_content()
 if (!rejecting) {
-rejecting = check_hosts(priv, random, limit, host, ip);
+if (check_hosts(priv, random, limit, host, ip)) {
-if (rejecting) {
-static char buf[2000];
 char adr[sizeof "255.255.255.255"];
 adr[0] = '\0';
 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
-snprintf(buf, sizeof(buf), dc.get_content_message(), host, adr);
+snprintf(buf, sizeof(buf), priv.content_message, host, adr);
 msg = buf;
+rejecting = true;
 }
 }
 if (!rejecting) {
 rc = SMFIS_CONTINUE;
 }
-else if (!priv.have_whites && alive.empty()) {
+else if (!priv.have_whites) {
 // can reject the entire message
 smfi_setreply(ctx, "550", "5.7.1", msg);
 rc = SMFIS_REJECT;
 }
 else {
 }
 sfsistat mlfi_abort(SMFICTX *ctx)
 {
 mlfiPriv &priv = *MLFIPRIV;
+if (debug_syslog) my_syslog(&priv, "mlfi_abort");
 priv.reset();
 return SMFIS_CONTINUE;
 }
 sfsistat mlfi_close(SMFICTX *ctx)
 {
 mlfiPriv *priv = MLFIPRIV;
+if (debug_syslog) my_syslog(priv, "mlfi_close");
 if (!priv) return SMFIS_CONTINUE;
 delete priv;
 smfi_setpriv(ctx, NULL);
 return SMFIS_CONTINUE;
 }
 CONFIG* new_conf() {
 CONFIG *newc = new CONFIG;
 pthread_mutex_lock(&config_mutex);
 newc->generation = generation++;
 pthread_mutex_unlock(&config_mutex);
-char buf[200];
+char buf[maxlen];
 snprintf(buf, sizeof(buf), "loading configuration generation %d", newc->generation);
 my_syslog(buf);
 if (load_conf(*newc, "dnsbl.conf")) {
 newc->load_time = time(NULL);
 return newc;
 }
 // now look for old configs with zero ref counts
 for (configp_set::iterator i=old_configs.begin(); i!=old_configs.end(); ) {
 CONFIG *old = *i;
 if (!old->reference_count) {
-char buf[200];
+char buf[maxlen];
 snprintf(buf, sizeof(buf), "freeing memory for old configuration generation %d", old->generation);
 my_syslog(buf);
 delete old; // destructor does all the work
 old_configs.erase(i++);
 }
 exit(EX_USAGE);
 }
 }
 if (check) {
-use_syslog = false;
+use_syslog   = false;
+debug_syslog = true;
 CONFIG *conf = new_conf();
 if (conf) {
 conf->dump();
 delete conf;
 return 0;
 char *to   = strdup(x+1);
 use_syslog = false;
 CONFIG *conf = new_conf();
 if (conf) {
 CONTEXTP con = conf->find_context(to);
-const int maxlen = 1000;
 char buf[maxlen];
 fprintf(stdout, "envelope to   <%s> finds context %s\n", to, con->get_full_name(buf,maxlen));
 CONTEXTP fc = con->find_context(from);
 fprintf(stdout, "envelope from <%s> finds context %s\n", from, fc->get_full_name(buf,maxlen));
 char *st = fc->find_from(from);

Mercurial > dnsbl

comparison src/dnsbl.cpp @ 76:81f1e400e8ab