dnsbl: src/context.cpp comparison

comparison src/context.cpp @ 153:8d7c439bb6fa

add auto whitelisting

author	carl
date	Sat, 07 Jul 2007 16:10:39 -0700
parents	c7fc218686f5
children	89ce226e5383

comparison

equal deleted inserted replaced

-:c7fc218686f5
+:8d7c439bb6fa
 #include <sys/socket.h>
 #include <sys/un.h>
 static char* context_version="$Id$";
+char *token_autowhite;
 char *token_black;
 char *token_content;
 char *token_context;
 char *token_dccfrom;
 char *token_dccto;
 #ifndef HOST_NAME_MAX
 	#define HOST_NAME_MAX 255
 #endif
 char myhostname[HOST_NAME_MAX+1];
+pthread_mutex_t verifier_mutex; 	// protect the verifier map
 verify_map	verifiers;
+pthread_mutex_t whitelister_mutex;	// protect the
+whitelister_map whitelisters;
 string_set	all_strings;	// owns all the strings, only modified by the config loader thread
 const int maxlen = 1000;	// used for snprintf buffers
-const int maxage = 120; 	// smtp verify sockets older than this are ancient
+const int maxsmtp_age = 120;// smtp verify sockets older than this are ancient
+const int maxauto_age = 600;// auto whitelister delay before flushing to file
 extern int	  NULL_SOCKET;
 const time_t  ERROR_SMTP_SOCKET_TIME = 600; // number of seconds between attempts to open a socket to an smtp server
 int SMTP::writer() {
 		my_syslog(buf);
 	}
 #endif
+////////////////////////////////////////////////
+// smtp verifier so backup mx machines can see the valid users
+//
 VERIFY::VERIFY(char *h) {
 	host	 = h;
 	last_err = 0;
 	pthread_mutex_init(&mutex, 0);
 }
 				ok = false;
 			}
 			else {
 				conn = connections.front();
 				time_t now = time(NULL);
-				if ((now - conn->get_stamp()) > maxage) {
+				if ((now - conn->get_stamp()) > maxsmtp_age) {
 					// this connection is ancient, remove it
 					connections.pop_front();
 				}
 				else {
 					ok	 = false;
 	put_connection(conn);
 	return (rc >= 500) ? false : true;
 }
+////////////////////////////////////////////////
+// setup a new smtp verify host
+//
+VERIFYP add_verify_host(char *host);
+VERIFYP add_verify_host(char *host) {
+	VERIFYP rc = NULL;
+	pthread_mutex_lock(&verifier_mutex);
+		verify_map::iterator i = verifiers.find(host);
+		if (i == verifiers.end()) {
+			rc = new VERIFY(host);
+			verifiers[host] = rc;
+		}
+		else rc = (*i).second;
+	pthread_mutex_unlock(&verifier_mutex);
+	return rc;
+}
+////////////////////////////////////////////////
+// thread to check for verify hosts with old sockets that we can close
+//
+void* verify_closer(void *arg) {
+	while (true) {
+		sleep(maxsmtp_age);
+		pthread_mutex_lock(&verifier_mutex);
+			for (verify_map::iterator i=verifiers.begin(); i!=verifiers.end(); i++) {
+				VERIFYP v = (*i).second;
+				v->closer();
+			}
+		pthread_mutex_unlock(&verifier_mutex);
+	}
+	return NULL;
+}
+////////////////////////////////////////////////
+// automatic whitelister
+//
+WHITELISTER::WHITELISTER(char *f, int d) {
+	fn		 = f;
+	days	 = d;
+	pthread_mutex_init(&mutex, 0);
+	need	 = false;
+}
+void WHITELISTER::writer() {
+	pthread_mutex_lock(&mutex);
+		time_t limit = time(NULL) - days*86400;
+		for (autowhite_sent::iterator i=rcpts.begin(); i!=rcpts.end();) {
+			time_t when = (*i).second;
+			if (when < limit) {
+				autowhite_sent::iterator j = i;
+				j++;
+				rcpts.erase(i);
+				i = j;
+				need = true;
+			}
+			else i++;
+		}
+		if (need) {
+			// dump the file
+			ofstream os;
+			os.open(fn);
+			if (!os.fail()) {
+				for (autowhite_sent::iterator i=rcpts.begin(); i!=rcpts.end(); i++) {
+					char *who = (*i).first;
+					int  when = (*i).second;
+					os << who << " " << when << endl;
+				}
+			}
+			os.close();
+		}
+	pthread_mutex_unlock(&mutex);
+}
+void WHITELISTER::sent(char *to) {
+	pthread_mutex_lock(&mutex);
+		need = true;
+		rcpts[to] = time(NULL);
+	pthread_mutex_unlock(&mutex);
+}
+bool WHITELISTER::is_white(char *from) {
+	bool rc = false;
+	pthread_mutex_lock(&mutex);
+		autowhite_sent::iterator i = rcpts.find(from);
+		if (i != rcpts.end()) {
+			time_t when = (*i).second;
+			time_t now = time(NULL);
+			rc = (when+(days*8640) > now);
+		}
+	pthread_mutex_unlock(&mutex);
+	return rc;
+}
+////////////////////////////////////////////////
+// setup a new auto whitelister file
+//
+WHITELISTERP add_whitelister_file(char *fn, int days);
+WHITELISTERP add_whitelister_file(char *fn, int days) {
+	WHITELISTERP rc = NULL;
+	pthread_mutex_lock(&whitelister_mutex);
+		whitelister_map::iterator i = whitelisters.find(fn);
+		if (i == whitelisters.end()) {
+			rc = new WHITELISTER(fn, days);
+			whitelisters[fn] = rc;
+		}
+		else rc = (*i).second;
+	pthread_mutex_unlock(&whitelister_mutex);
+	return rc;
+}
+////////////////////////////////////////////////
+// thread to check for whitelister hosts with old sockets that we can close
+//
+void* whitelister_writer(void *arg) {
+	while (true) {
+		sleep(maxauto_age);
+		pthread_mutex_lock(&whitelister_mutex);
+			for (whitelister_map::iterator i=whitelisters.begin(); i!=whitelisters.end(); i++) {
+				WHITELISTERP v = (*i).second;
+				v->writer();
+			}
+		pthread_mutex_unlock(&whitelister_mutex);
+	}
+	return NULL;
+}
 DNSBL::DNSBL(char *n, char *s, char *m) {
 	name	= n;
 	suffix	= s;
 	message = m;
 }
 CONTEXT::CONTEXT(CONTEXTP parent_, char *name_) {
 	parent				= parent_;
 	name				= name_;
 	verify_host 		= NULL;
+	verifier			= NULL;
+	autowhite_file		= NULL;
+	whitelister 		= NULL;
 	env_from_default	= (parent) ? token_inherit : token_unknown;
 	content_filtering	= (parent) ? parent->content_filtering : false;
 	content_suffix		= NULL;
 	content_message 	= NULL;
 	uribl_suffix		= NULL;
 	return false;
 }
 VERIFYP CONTEXT::find_verify(char *to) {
-	if (verify_host && (verify_host != token_myhostname) && cover_env_to(to)) {
+	if (verifier && (verify_host != token_myhostname) && cover_env_to(to))
-		verify_map::iterator i = verifiers.find(verify_host);
+		return verifier;
-		if (i == verifiers.end()) {
+	else if (parent)
-			if (debug_syslog) {
+		return parent->find_verify(to);
-				char buf[maxlen];
+	else
-				snprintf(buf, maxlen, "cannot find struc for %s", verify_host);
+		return NULL;
-				my_syslog(buf);
+}
-			}
-			return NULL;
-		}
+WHITELISTERP CONTEXT::find_autowhite(char *to) {
-		VERIFYP v = (*i).second;
+	if (whitelister && cover_env_to(to))
+		return whitelister;
-		return v;
+	else if (parent)
-	}
+		return parent->find_autowhite(to);
-	else if (parent) return parent->find_verify(to);
+	else
-	else return NULL;
+		return NULL;
 }
 int CONTEXT::find_rate(char *user) {
 	if (rcpt_per_hour.empty()) return default_rcpt_rate;
 	return (i == rcpt_per_hour.end()) ? default_rcpt_rate : (*i).second;
 }
 char *CONTEXT::find_from(char *from) {
+	if (whitelister && whitelister->is_white(from)) return token_white;
 	char *rc = env_from_default;
 	string_map::iterator i = env_from.find(from);
 	if (i != env_from.end()) rc = (*i).second;	// found user@domain key
 	else {
 		char *x = strchr(from, '@');
 	}
 	printf("%s     }; \n", indent);
 	if (verify_host) {
 		printf("%s     verify %s; \n", indent, verify_host);
+	}
+	if (autowhite_file && whitelister) {
+		printf("%s     autowhite %d %s; \n", indent, whitelister->get_days(), autowhite_file);
 	}
 	for (context_map::iterator i=children.begin(); i!=children.end(); i++) {
 		CONTEXTP c = (*i).second;
 		c->dump(false, level+1);
 bool parse_verify(TOKEN &tok, CONFIG &dc, CONTEXT &me);
 bool parse_verify(TOKEN &tok, CONFIG &dc, CONTEXT &me) {
 	char *host = tok.next();
 	if (!tsa(tok, token_semi)) return false;
 	me.set_verify(host);
-	add_verify_host(host);
+	me.set_verifier(add_verify_host(host));
+	return true;
+}
+////////////////////////////////////////////////
+//
+bool parse_autowhite(TOKEN &tok, CONFIG &dc, CONTEXT &me);
+bool parse_autowhite(TOKEN &tok, CONFIG &dc, CONTEXT &me) {
+	int days = tok.nextint();
+	char *fn = tok.next();
+	if (!tsa(tok, token_semi)) return false;
+	me.set_autowhite(fn);
+	me.set_whitelister(add_whitelister_file(fn, days));
 	return true;
 }
 ////////////////////////////////////////////////
 			if (!parse_envto(tok, dc, *con)) return false;
 		}
 		else if (have == token_verify) {
 			if (!parse_verify(tok, dc, *con)) return false;
 		}
+		else if (have == token_autowhite) {
+			if (!parse_autowhite(tok, dc, *con)) return false;
+		}
 		else if (have == token_envfrom) {
 			if (!parse_envfrom(tok, dc, *con)) return false;
 		}
 		else if (have == token_rate) {
 			if (parent || dc.default_context) tok.token_error("rate limit ignored in non default context");
 	return (dc.default_context) ? true : false;
 }
 ////////////////////////////////////////////////
-// setup a new smtp verify host
-//
-void add_verify_host(char *host) {
-	verify_map::iterator i = verifiers.find(host);
-	if (i == verifiers.end()) {
-		VERIFYP v = new VERIFY(host);
-		verifiers[host] = v;
-	}
-}
-////////////////////////////////////////////////
-// thread to check for verify hosts with old sockets that we can close
-//
-void* verify_closer(void *arg) {
-	while (true) {
-		sleep(maxage);
-		for (verify_map::iterator i=verifiers.begin(); i!=verifiers.end(); i++) {
-			VERIFYP v = (*i).second;
-			v->closer();
-		}
-	}
-	return NULL;
-}
-////////////////////////////////////////////////
 // init the tokens
 //
 void token_init() {
+	token_autowhite  = register_string("autowhite");
 	token_black 	 = register_string("black");
 	token_cctld 	 = register_string("cctld");
 	token_content	 = register_string("content");
 	token_context	 = register_string("context");
 	token_dccfrom	 = register_string("dcc_from");

Mercurial > dnsbl

comparison src/context.cpp @ 153:8d7c439bb6fa