dnsbl: src/dnsbl.cpp comparison

comparison src/dnsbl.cpp @ 89:946fc1bcfb2c stable-5-3

don't load null config pointer, keep the old one

author	carl
date	Sun, 07 Aug 2005 11:26:37 -0700
parents	c1280cd3e248
children	962a1f8f1d9f

comparison

equal deleted inserted replaced

-:7245c45cef7a
+:946fc1bcfb2c
 Copyright (c) 2004, 2005 Carl Byington - 510 Software Group, released
 under the GPL version 2 or any later version at your choice available at
 http://www.fsf.org/licenses/gpl.txt
 Based on a sample milter Copyright (c) 2000-2003 Sendmail, Inc. and its
-suppliers.  Inspired by the DCC by Rhyolite Software
+suppliers.	Inspired by the DCC by Rhyolite Software
 -r port  The port used to talk to our internal dns resolver processes
 -p port  The port through which the MTA will connect to this milter.
--t sec   The timeout value.
+-t sec	 The timeout value.
--c       Check the config, and print a copy to stdout. Don't start the
+-c		 Check the config, and print a copy to stdout. Don't start the
-milter or do anything with the socket.
+		 milter or do anything with the socket.
--s       Stress test by loading and deleting the current config in a loop.
+-s		 Stress test by loading and deleting the current config in a loop.
--d       increase debug level
+-d		 increase debug level
--e f|t   Print the results of looking up from address f and to address
+-e f|t	 Print the results of looking up from address f and to address
-t in the current config
+		 t in the current config
 TODO:
 1) Add option for using smtp connections to verify addresses from backup
 // misc stuff needed here
 #include <ctype.h>
 #include <syslog.h>
 #include <pwd.h>
-#include <sys/wait.h>   /* header for waitpid() and various macros */
+#include <sys/wait.h>	/* header for waitpid() and various macros */
-#include <signal.h>     /* header for signal functions */
+#include <signal.h> 	/* header for signal functions */
 #include "includes.h"
 static char* dnsbl_version="$Id$";
 extern "C" {
-#include "libmilter/mfapi.h"
+	#include "libmilter/mfapi.h"
-sfsistat mlfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr);
+	sfsistat mlfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr);
-sfsistat mlfi_envfrom(SMFICTX *ctx, char **argv);
+	sfsistat mlfi_envfrom(SMFICTX *ctx, char **argv);
-sfsistat mlfi_envrcpt(SMFICTX *ctx, char **argv);
+	sfsistat mlfi_envrcpt(SMFICTX *ctx, char **argv);
-sfsistat mlfi_body(SMFICTX *ctx, u_char *data, size_t len);
+	sfsistat mlfi_body(SMFICTX *ctx, u_char *data, size_t len);
-sfsistat mlfi_eom(SMFICTX *ctx);
+	sfsistat mlfi_eom(SMFICTX *ctx);
-sfsistat mlfi_abort(SMFICTX *ctx);
+	sfsistat mlfi_abort(SMFICTX *ctx);
-sfsistat mlfi_close(SMFICTX *ctx);
+	sfsistat mlfi_close(SMFICTX *ctx);
-void sig_chld(int signo);
+	void sig_chld(int signo);
 }
 int  debug_syslog  = 0;
 bool syslog_opened = false;
-bool use_syslog    = true;  // false to printf
+bool use_syslog    = true;	// false to printf
-bool loader_run    = true;  // used to stop the config loader thread
+bool loader_run    = true;	// used to stop the config loader thread
-CONFIG   *config = NULL;    // protected by the config_mutex
+CONFIG	 *config = NULL;	// protected by the config_mutex
-int   generation = 0;       // protected by the config_mutex
+int   generation = 0;		// protected by the config_mutex
-const int maxlen = 1000;    // used for snprintf buffers
+const int maxlen = 1000;	// used for snprintf buffers
 pthread_mutex_t  config_mutex;
 pthread_mutex_t  syslog_mutex;
 pthread_mutex_t  resolve_mutex;
 pthread_mutex_t  fd_pool_mutex;
-std::set<int>    fd_pool;
+std::set<int>	 fd_pool;
-int    NULL_SOCKET       = -1;
+int    NULL_SOCKET		 = -1;
-char  *resolver_port     = NULL;         // unix domain socket to talk to the dns resolver process
+char  *resolver_port	 = NULL;		 // unix domain socket to talk to the dns resolver process
-int    resolver_socket   = NULL_SOCKET;  // socket used to listen for resolver requests
+int    resolver_socket	 = NULL_SOCKET;  // socket used to listen for resolver requests
-time_t ERROR_SOCKET_TIME = 60;           // number of seconds between attempts to open the spam filter socket
+time_t ERROR_SOCKET_TIME = 60;			 // number of seconds between attempts to open the spam filter socket
 time_t last_error_time;
-int    resolver_sock_count = 0;          // protected with fd_pool_mutex
+int    resolver_sock_count = 0; 		 // protected with fd_pool_mutex
-int    resolver_pool_size  = 0;          // protected with fd_pool_mutex
+int    resolver_pool_size  = 0; 		 // protected with fd_pool_mutex
 struct ns_map {
-// all the strings are owned by the keys/values in the ns_host string map
+	// all the strings are owned by the keys/values in the ns_host string map
-string_map  ns_host;    // nameserver name -> host name that uses this name server
+	string_map	ns_host;	// nameserver name -> host name that uses this name server
-ns_mapper   ns_ip;      // nameserver name -> ip address of the name server
+	ns_mapper	ns_ip;		// nameserver name -> ip address of the name server
-~ns_map();
+	~ns_map();
-void add(char *name, char *refer);
+	void add(char *name, char *refer);
 };
 ns_map::~ns_map() {
-for (string_map::iterator i=ns_host.begin(); i!=ns_host.end(); i++) {
+	for (string_map::iterator i=ns_host.begin(); i!=ns_host.end(); i++) {
-char *x = (*i).first;
+		char *x = (*i).first;
-char *y = (*i).second;
+		char *y = (*i).second;
-free(x);
+		free(x);
-free(y);
+		free(y);
-}
+	}
-ns_ip.clear();
+	ns_ip.clear();
-ns_host.clear();
+	ns_host.clear();
 }
 void ns_map::add(char *name, char *refer) {
-string_map::iterator i = ns_host.find(name);
+	string_map::iterator i = ns_host.find(name);
-if (i != ns_host.end()) return;
+	if (i != ns_host.end()) return;
-char *x = strdup(name);
+	char *x = strdup(name);
-char *y = strdup(refer);
+	char *y = strdup(refer);
-ns_ip[x]   = 0;
+	ns_ip[x]   = 0;
-ns_host[x] = y;
+	ns_host[x] = y;
 }
 // packed structure to allow a single socket write to dump the
 // length and the following answer. The packing attribute is gcc specific.
 struct glommer {
-int    length;
+	int    length;
-#ifdef NS_PACKETSZ
+	#ifdef NS_PACKETSZ
-u_char answer[NS_PACKETSZ];     // with a resolver, we return resolver answers
+		u_char answer[NS_PACKETSZ]; 	// with a resolver, we return resolver answers
-#else
+	#else
-int    answer;                  // without a resolver, we return a single ip4 address, 0 == no answer
+		int    answer;					// without a resolver, we return a single ip4 address, 0 == no answer
-#endif
+	#endif
 } __attribute__ ((packed));
 ////////////////////////////////////////////////
 // helper to discard the strings held by a context_map
 //
 void discard(context_map &cm);
 void discard(context_map &cm) {
-for (context_map::iterator i=cm.begin(); i!=cm.end(); i++) {
+	for (context_map::iterator i=cm.begin(); i!=cm.end(); i++) {
-char *x = (*i).first;
+		char *x = (*i).first;
-free(x);
+		free(x);
-}
+	}
-cm.clear();
+	cm.clear();
 }
 ////////////////////////////////////////////////
 // helper to register a string in a context_map
 //
 void register_string(context_map &cm, char *name, CONTEXT *con);
 void register_string(context_map &cm, char *name, CONTEXT *con) {
-context_map::iterator i = cm.find(name);
+	context_map::iterator i = cm.find(name);
-if (i != cm.end()) return;
+	if (i != cm.end()) return;
-char *x = strdup(name);
+	char *x = strdup(name);
-cm[x] = con;
+	cm[x] = con;
 }
 ////////////////////////////////////////////////
 // disconnect the fd from the dns resolver process
 //
 void my_disconnect(int sock, bool decrement = true);
 void my_disconnect(int sock, bool decrement) {
-if (sock != NULL_SOCKET) {
+	if (sock != NULL_SOCKET) {
-if (decrement) {
+		if (decrement) {
-pthread_mutex_lock(&fd_pool_mutex);
+			pthread_mutex_lock(&fd_pool_mutex);
-resolver_sock_count--;
+				resolver_sock_count--;
-pthread_mutex_unlock(&fd_pool_mutex);
+			pthread_mutex_unlock(&fd_pool_mutex);
-}
+		}
-shutdown(sock, SHUT_RDWR);
+		shutdown(sock, SHUT_RDWR);
-close(sock);
+		close(sock);
-}
+	}
 }
 ////////////////////////////////////////////////
 // return fd connected to the dns resolver process
 //
 int my_connect();
 int my_connect() {
-// if we have had recent errors, don't even try to open the socket
+	// if we have had recent errors, don't even try to open the socket
-time_t now = time(NULL);
+	time_t now = time(NULL);
-if ((now - last_error_time) < ERROR_SOCKET_TIME) return NULL_SOCKET;
+	if ((now - last_error_time) < ERROR_SOCKET_TIME) return NULL_SOCKET;
-// nothing recent, maybe this time it will work
+	// nothing recent, maybe this time it will work
-int sock = NULL_SOCKET;
+	int sock = NULL_SOCKET;
-sockaddr_un server;
+	sockaddr_un server;
-memset(&server, '\0', sizeof(server));
+	memset(&server, '\0', sizeof(server));
-server.sun_family = AF_UNIX;
+	server.sun_family = AF_UNIX;
-strncpy(server.sun_path, resolver_port, sizeof(server.sun_path)-1);
+	strncpy(server.sun_path, resolver_port, sizeof(server.sun_path)-1);
-sock = socket(AF_UNIX, SOCK_STREAM, 0);
+	sock = socket(AF_UNIX, SOCK_STREAM, 0);
-if (sock != NULL_SOCKET) {
+	if (sock != NULL_SOCKET) {
-bool rc = (connect(sock, (sockaddr *)&server, sizeof(server)) == 0);
+		bool rc = (connect(sock, (sockaddr *)&server, sizeof(server)) == 0);
-if (!rc) {
+		if (!rc) {
-my_disconnect(sock, false);
+			my_disconnect(sock, false);
-sock = NULL_SOCKET;
+			sock = NULL_SOCKET;
-last_error_time = now;
+			last_error_time = now;
-}
+		}
-}
+	}
-else last_error_time = now;
+	else last_error_time = now;
-if (sock != NULL_SOCKET) {
+	if (sock != NULL_SOCKET) {
-pthread_mutex_lock(&fd_pool_mutex);
+		pthread_mutex_lock(&fd_pool_mutex);
-resolver_sock_count++;
+			resolver_sock_count++;
-pthread_mutex_unlock(&fd_pool_mutex);
+		pthread_mutex_unlock(&fd_pool_mutex);
-}
+	}
-return sock;
+	return sock;
 }
 mlfiPriv::mlfiPriv() {
-pthread_mutex_lock(&config_mutex);
+	pthread_mutex_lock(&config_mutex);
-pc = config;
+		pc = config;
-pc->reference_count++;
+		pc->reference_count++;
-pthread_mutex_unlock(&config_mutex);
+	pthread_mutex_unlock(&config_mutex);
-get_fd();
+	get_fd();
-ip                  = 0;
+	ip					= 0;
-mailaddr            = NULL;
+	mailaddr			= NULL;
-queueid             = NULL;
+	queueid 			= NULL;
-authenticated       = false;
+	authenticated		= false;
-have_whites         = false;
+	have_whites 		= false;
-only_whites         = true;
+	only_whites 		= true;
-memory              = NULL;
+	memory				= NULL;
-scanner             = NULL;
+	scanner 			= NULL;
-content_suffix      = NULL;
+	content_suffix		= NULL;
-content_message     = NULL;
+	content_message 	= NULL;
-content_host_ignore = NULL;
+	content_host_ignore = NULL;
 }
 mlfiPriv::~mlfiPriv() {
-return_fd();
+	return_fd();
-pthread_mutex_lock(&config_mutex);
+	pthread_mutex_lock(&config_mutex);
-pc->reference_count--;
+		pc->reference_count--;
-pthread_mutex_unlock(&config_mutex);
+	pthread_mutex_unlock(&config_mutex);
-reset(true);
+	reset(true);
 }
 void mlfiPriv::reset(bool final) {
-if (mailaddr) free(mailaddr);
+	if (mailaddr) free(mailaddr);
-if (queueid)  free(queueid);
+	if (queueid)  free(queueid);
-discard(env_to);
+	discard(env_to);
-if (memory)  delete memory;
+	if (memory)  delete memory;
-if (scanner) delete scanner;
+	if (scanner) delete scanner;
-if (!final) {
+	if (!final) {
-mailaddr            = NULL;
+		mailaddr			= NULL;
-queueid             = NULL;
+		queueid 			= NULL;
-authenticated       = false;
+		authenticated		= false;
-have_whites         = false;
+		have_whites 		= false;
-only_whites         = true;
+		only_whites 		= true;
-memory              = NULL;
+		memory				= NULL;
-scanner             = NULL;
+		scanner 			= NULL;
-content_suffix      = NULL;
+		content_suffix		= NULL;
-content_message     = NULL;
+		content_message 	= NULL;
-content_host_ignore = NULL;
+		content_host_ignore = NULL;
-}
+	}
 }
 void mlfiPriv::get_fd() {
-err = true;
+	err = true;
-fd  = NULL_SOCKET;
+	fd	= NULL_SOCKET;
-int result = pthread_mutex_lock(&fd_pool_mutex);
+	int result = pthread_mutex_lock(&fd_pool_mutex);
-if (!result) {
+	if (!result) {
-std::set<int>::iterator i;
+		std::set<int>::iterator i;
-i = fd_pool.begin();
+		i = fd_pool.begin();
-if (i != fd_pool.end()) {
+		if (i != fd_pool.end()) {
-// have at least one fd in the pool
+			// have at least one fd in the pool
-err = false;
+			err = false;
-fd  = *i;
+			fd	= *i;
-fd_pool.erase(fd);
+			fd_pool.erase(fd);
-resolver_pool_size--;
+			resolver_pool_size--;
-pthread_mutex_unlock(&fd_pool_mutex);
+			pthread_mutex_unlock(&fd_pool_mutex);
-}
+		}
-else {
+		else {
-// pool is empty, get a new fd
+			// pool is empty, get a new fd
-pthread_mutex_unlock(&fd_pool_mutex);
+			pthread_mutex_unlock(&fd_pool_mutex);
-fd  = my_connect();
+			fd	= my_connect();
-err = (fd == NULL_SOCKET);
+			err = (fd == NULL_SOCKET);
-}
+		}
-}
+	}
-else {
+	else {
-// cannot lock the pool, just get a new fd
+		// cannot lock the pool, just get a new fd
-fd  = my_connect();
+		fd	= my_connect();
-err = (fd == NULL_SOCKET);
+		err = (fd == NULL_SOCKET);
-}
+	}
 }
 void mlfiPriv::return_fd() {
-if (err) {
+	if (err) {
-// this fd got a socket error, so close it, rather than returning it to the pool
+		// this fd got a socket error, so close it, rather than returning it to the pool
-my_disconnect(fd);
+		my_disconnect(fd);
-}
+	}
-else {
+	else {
-int result = pthread_mutex_lock(&fd_pool_mutex);
+		int result = pthread_mutex_lock(&fd_pool_mutex);
-if (!result) {
+		if (!result) {
-if ((resolver_sock_count > resolver_pool_size*5) || (resolver_pool_size < 5)) {
+			if ((resolver_sock_count > resolver_pool_size*5) || (resolver_pool_size < 5)) {
-// return the fd to the pool
+				// return the fd to the pool
-fd_pool.insert(fd);
+				fd_pool.insert(fd);
-resolver_pool_size++;
+				resolver_pool_size++;
-pthread_mutex_unlock(&fd_pool_mutex);
+				pthread_mutex_unlock(&fd_pool_mutex);
-}
+			}
-else {
+			else {
-// more than 20% of the open resolver sockets are in the pool, and the
+				// more than 20% of the open resolver sockets are in the pool, and the
-// pool as at least 5 sockets. that is enough, so just close this one.
+				// pool as at least 5 sockets. that is enough, so just close this one.
-pthread_mutex_unlock(&fd_pool_mutex);
+				pthread_mutex_unlock(&fd_pool_mutex);
-my_disconnect(fd);
+				my_disconnect(fd);
-}
+			}
-}
+		}
-else {
+		else {
-// could not lock the pool, so just close the fd
+			// could not lock the pool, so just close the fd
-my_disconnect(fd);
+			my_disconnect(fd);
-}
+		}
-}
+	}
 }
 int mlfiPriv::my_write(char *buf, int len) {
-if (err) return 0;
+	if (err) return 0;
-int rs = 0;
+	int rs = 0;
-while (len) {
+	while (len) {
-int ws = write(fd, buf, len);
+		int ws = write(fd, buf, len);
-if (ws > 0) {
+		if (ws > 0) {
-rs  += ws;
+			rs	+= ws;
-len -= ws;
+			len -= ws;
-buf += ws;
+			buf += ws;
-}
+		}
-else {
+		else {
-// peer closed the socket!
+			// peer closed the socket!
-rs = 0;
+			rs = 0;
-err = true;
+			err = true;
-break;
+			break;
-}
+		}
-}
+	}
-return rs;
+	return rs;
 }
 int mlfiPriv::my_read(char *buf, int len) {
-if (err) return 0;
+	if (err) return 0;
-int rs = 0;
+	int rs = 0;
-while (len > 1) {
+	while (len > 1) {
-int ws = read(fd, buf, len);
+		int ws = read(fd, buf, len);
-if (ws > 0) {
+		if (ws > 0) {
-rs  += ws;
+			rs	+= ws;
-len -= ws;
+			len -= ws;
-buf += ws;
+			buf += ws;
-}
+		}
-else {
+		else {
-// peer closed the socket!
+			// peer closed the socket!
-rs = 0;
+			rs = 0;
-err = true;
+			err = true;
-break;
+			break;
-}
+		}
-}
+	}
-return rs;
+	return rs;
 }
 void mlfiPriv::need_content_filter(char *rcpt, CONTEXT &con) {
-register_string(env_to, rcpt, &con);
+	register_string(env_to, rcpt, &con);
-if (!memory) {
+	if (!memory) {
-// first recipient that needs content filtering sets all
+		// first recipient that needs content filtering sets all
-// the content filtering parameters
+		// the content filtering parameters
-memory        = new recorder(this, con.get_html_tags(), con.get_content_tlds());
+		memory		  = new recorder(this, con.get_html_tags(), con.get_content_tlds());
-scanner       = new url_scanner(memory);
+		scanner 	  = new url_scanner(memory);
-content_suffix      = con.get_content_suffix();
+		content_suffix		= con.get_content_suffix();
-content_message     = con.get_content_message();
+		content_message 	= con.get_content_message();
-content_host_ignore = &con.get_content_host_ignore();
+		content_host_ignore = &con.get_content_host_ignore();
-}
+	}
 }
-#define MLFIPRIV    ((struct mlfiPriv *) smfi_getpriv(ctx))
+#define MLFIPRIV	((struct mlfiPriv *) smfi_getpriv(ctx))
 ////////////////////////////////////////////////
 // syslog a message
 //
 void my_syslog(mlfiPriv *priv, char *text) {
-char buf[maxlen];
+	char buf[maxlen];
-if (priv) {
+	if (priv) {
-snprintf(buf, sizeof(buf), "%s: %s", priv->queueid, text);
+		snprintf(buf, sizeof(buf), "%s: %s", priv->queueid, text);
-text = buf;
+		text = buf;
-}
+	}
-if (use_syslog) {
+	if (use_syslog) {
-pthread_mutex_lock(&syslog_mutex);
+		pthread_mutex_lock(&syslog_mutex);
-if (!syslog_opened) {
+			if (!syslog_opened) {
-openlog("dnsbl", LOG_PID, LOG_MAIL);
+				openlog("dnsbl", LOG_PID, LOG_MAIL);
-syslog_opened = true;
+				syslog_opened = true;
-}
+			}
-syslog(LOG_NOTICE, "%s", text);
+			syslog(LOG_NOTICE, "%s", text);
-// closelog();
+			// closelog();
-// syslog_opened = false;
+			// syslog_opened = false;
-pthread_mutex_unlock(&syslog_mutex);
+		pthread_mutex_unlock(&syslog_mutex);
-}
+	}
-else {
+	else {
-printf("%s \n", text);
+		printf("%s \n", text);
-}
+	}
 }
 void my_syslog(char *text) {
-my_syslog(NULL, text);
+	my_syslog(NULL, text);
 }
 ////////////////////////////////////////////////
-//  read a resolver request from the socket, process it, and
+//	read a resolver request from the socket, process it, and
-//  write the result back to the socket.
+//	write the result back to the socket.
 void process_resolver_requests(int socket);
 void process_resolver_requests(int socket) {
 #ifdef NS_MAXDNAME
-char question[NS_MAXDNAME];
+	char question[NS_MAXDNAME];
 #else
-char question[1000];
+	char question[1000];
 #endif
-glommer glom;
+	glommer glom;
-int maxq = sizeof(question);
+	int maxq = sizeof(question);
-while (true) {
+	while (true) {
-// read a question
+		// read a question
-int rs = 0;
+		int rs = 0;
-while (true) {
+		while (true) {
-int ns = read(socket, question+rs, maxq-rs);
+			int ns = read(socket, question+rs, maxq-rs);
-if (ns > 0) {
+			if (ns > 0) {
-rs += ns;
+				rs += ns;
-if (question[rs-1] == '\0') {
+				if (question[rs-1] == '\0') {
-// last byte read was the null terminator, we are done
+					// last byte read was the null terminator, we are done
-break;
+					break;
-}
+				}
-}
+			}
-else {
+			else {
-// peer closed the socket
+				// peer closed the socket
-//my_syslog("!!child worker process, peer closed socket while reading question");
+			  //my_syslog("!!child worker process, peer closed socket while reading question");
-shutdown(socket, SHUT_RDWR);
+				shutdown(socket, SHUT_RDWR);
-close(socket);
+				close(socket);
-return;
+				return;
-}
+			}
-}
+		}
-// find the answer
+		// find the answer
 #ifdef NS_PACKETSZ
-//char text[1000];
+	  //char text[1000];
-//snprintf(text, sizeof(text), "!!child worker process has a question %s", question);
+	  //snprintf(text, sizeof(text), "!!child worker process has a question %s", question);
-//my_syslog(text);
+	  //my_syslog(text);
-glom.length = res_search(question, ns_c_in, ns_t_a, glom.answer, sizeof(glom.answer));
+		glom.length = res_search(question, ns_c_in, ns_t_a, glom.answer, sizeof(glom.answer));
-if (glom.length < 0) glom.length = 0;   // represent all errors as zero length answers
+		if (glom.length < 0) glom.length = 0;	// represent all errors as zero length answers
 #else
-glom.length = sizeof(glom.answer);
+		glom.length = sizeof(glom.answer);
-glom.answer = 0;
+		glom.answer = 0;
-struct hostent *host = gethostbyname(question);
+		struct hostent *host = gethostbyname(question);
-if (host && (host->h_addrtype == AF_INET)) {
+		if (host && (host->h_addrtype == AF_INET)) {
-memcpy(&glom.answer, host->h_addr, sizeof(glom.answer));
+			memcpy(&glom.answer, host->h_addr, sizeof(glom.answer));
-}
+		}
 #endif
-// write the answer
+		// write the answer
-char *buf = (char *)&glom;
+		char *buf = (char *)&glom;
-int   len = glom.length + sizeof(glom.length);
+		int   len = glom.length + sizeof(glom.length);
-//snprintf(text, sizeof(text), "!!child worker process writing answer length %d for total %d", glom.length, len);
+	  //snprintf(text, sizeof(text), "!!child worker process writing answer length %d for total %d", glom.length, len);
-//my_syslog(text);
+	  //my_syslog(text);
-int    ws = 0;
+		int    ws = 0;
-while (len > ws) {
+		while (len > ws) {
-int ns = write(socket, buf+ws, len-ws);
+			int ns = write(socket, buf+ws, len-ws);
-if (ns > 0) {
+			if (ns > 0) {
-ws += ns;
+				ws += ns;
-}
+			}
-else {
+			else {
-// peer closed the socket!
+				// peer closed the socket!
-//my_syslog("!!child worker process, peer closed socket while writing answer");
+			  //my_syslog("!!child worker process, peer closed socket while writing answer");
-shutdown(socket, SHUT_RDWR);
+				shutdown(socket, SHUT_RDWR);
-close(socket);
+				close(socket);
-return;
+				return;
-}
+			}
-}
+		}
-}
+	}
 }
 ////////////////////////////////////////////////
-//  ask a dns question and get an A record answer - we don't try
+//	ask a dns question and get an A record answer - we don't try
-//  very hard, just using the default resolver retry settings.
+//	very hard, just using the default resolver retry settings.
-//  If we cannot get an answer, we just accept the mail.
+//	If we cannot get an answer, we just accept the mail.
 //
 //
 int dns_interface(mlfiPriv &priv, char *question, bool maybe_ip, ns_map *nameservers);
 int dns_interface(mlfiPriv &priv, char *question, bool maybe_ip, ns_map *nameservers) {
-// this part can be done without locking the resolver mutex. Each
+	// this part can be done without locking the resolver mutex. Each
-// milter thread is talking over its own socket to a separate resolver
+	// milter thread is talking over its own socket to a separate resolver
-// process, which does the actual dns resolution.
+	// process, which does the actual dns resolution.
-if (priv.err) return 0; // cannot ask more questions on this socket.
+	if (priv.err) return 0; // cannot ask more questions on this socket.
-priv.my_write(question, strlen(question)+1);   // write the question including the null terminator
+	priv.my_write(question, strlen(question)+1);   // write the question including the null terminator
-glommer glom;
+	glommer glom;
-char *buf = (char *)&glom;
+	char *buf = (char *)&glom;
-priv.my_read(buf, sizeof(glom.length));
+	priv.my_read(buf, sizeof(glom.length));
-buf += sizeof(glom.length);
+	buf += sizeof(glom.length);
 ///char text[1000];
 ///snprintf(text, sizeof(text), "!!milter thread wrote question %s and has answer length %d", question, glom.length);
 ///my_syslog(text);
-if ((glom.length < 0) || (glom.length > sizeof(glom.answer))) {
+	if ((glom.length < 0) || (glom.length > sizeof(glom.answer))) {
-priv.err = true;
+		priv.err = true;
-return 0;  // cannot process overlarge answers
+		return 0;  // cannot process overlarge answers
-}
+	}
-priv.my_read(buf, glom.length);
+	priv.my_read(buf, glom.length);
 #ifdef NS_PACKETSZ
-// now we need to lock the resolver mutex to keep the milter threads from
+	// now we need to lock the resolver mutex to keep the milter threads from
-// stepping on each other while parsing the dns answer.
+	// stepping on each other while parsing the dns answer.
-int ret_address = 0;
+	int ret_address = 0;
-pthread_mutex_lock(&resolve_mutex);
+	pthread_mutex_lock(&resolve_mutex);
-if (glom.length > 0) {
+		if (glom.length > 0) {
-// parse the answer
+			// parse the answer
-ns_msg handle;
+			ns_msg handle;
-ns_rr  rr;
+			ns_rr  rr;
-if (ns_initparse(glom.answer, glom.length, &handle) == 0) {
+			if (ns_initparse(glom.answer, glom.length, &handle) == 0) {
-// look for ns names
+				// look for ns names
-if (nameservers) {
+				if (nameservers) {
-ns_map &ns = *nameservers;
+					ns_map &ns = *nameservers;
-int rrnum = 0;
+					int rrnum = 0;
-while (ns_parserr(&handle, ns_s_ns, rrnum++, &rr) == 0) {
+					while (ns_parserr(&handle, ns_s_ns, rrnum++, &rr) == 0) {
-if (ns_rr_type(rr) == ns_t_ns) {
+						if (ns_rr_type(rr) == ns_t_ns) {
-char nam[NS_MAXDNAME+1];
+							char nam[NS_MAXDNAME+1];
-char         *n = nam;
+							char		 *n = nam;
-const u_char *p = ns_rr_rdata(rr);
+							const u_char *p = ns_rr_rdata(rr);
-while (((n-nam) < NS_MAXDNAME) && ((p-glom.answer) < glom.length) && *p) {
+							while (((n-nam) < NS_MAXDNAME) && ((p-glom.answer) < glom.length) && *p) {
-size_t s = *(p++);
+								size_t s = *(p++);
-if (s > 191) {
+								if (s > 191) {
-// compression pointer
+									// compression pointer
-s = (s-192)*256 + *(p++);
+									s = (s-192)*256 + *(p++);
-if (s >= glom.length) break; // pointer outside bounds of answer
+									if (s >= glom.length) break; // pointer outside bounds of answer
-p = glom.answer + s;
+									p = glom.answer + s;
-s = *(p++);
+									s = *(p++);
-}
+								}
-if (s > 0) {
+								if (s > 0) {
-if ((n-nam)         >= (NS_MAXDNAME-s)) break;  // destination would overflow name buffer
+									if ((n-nam) 		>= (NS_MAXDNAME-s)) break;	// destination would overflow name buffer
-if ((p-glom.answer) >= (glom.length-s)) break;  // source outside bounds of answer
+									if ((p-glom.answer) >= (glom.length-s)) break;	// source outside bounds of answer
-memcpy(n, p, s);
+									memcpy(n, p, s);
-n += s;
+									n += s;
-p += s;
+									p += s;
-*(n++) = '.';
+									*(n++) = '.';
-}
+								}
-}
+							}
-if (n-nam) n--;             // remove trailing .
+							if (n-nam) n--; 			// remove trailing .
-*n = '\0';                  // null terminate it
+							*n = '\0';                  // null terminate it
-ns.add(nam, question);      // ns host to lookup later
+							ns.add(nam, question);		// ns host to lookup later
-}
+						}
-}
+					}
-rrnum = 0;
+					rrnum = 0;
-while (ns_parserr(&handle, ns_s_ar, rrnum++, &rr) == 0) {
+					while (ns_parserr(&handle, ns_s_ar, rrnum++, &rr) == 0) {
-if (ns_rr_type(rr) == ns_t_a) {
+						if (ns_rr_type(rr) == ns_t_a) {
-char* nam = (char*)ns_rr_name(rr);
+							char* nam = (char*)ns_rr_name(rr);
-ns_mapper::iterator i = ns.ns_ip.find(nam);
+							ns_mapper::iterator i = ns.ns_ip.find(nam);
-if (i != ns.ns_ip.end()) {
+							if (i != ns.ns_ip.end()) {
-// we want this ip address
+								// we want this ip address
-int address;
+								int address;
-memcpy(&address, ns_rr_rdata(rr), sizeof(address));
+								memcpy(&address, ns_rr_rdata(rr), sizeof(address));
-ns.ns_ip[nam] = address;
+								ns.ns_ip[nam] = address;
-}
+							}
-}
+						}
-}
+					}
-}
+				}
-int rrnum = 0;
+				int rrnum = 0;
-while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) {
+				while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) {
-if (ns_rr_type(rr) == ns_t_a) {
+					if (ns_rr_type(rr) == ns_t_a) {
-int address;
+						int address;
-memcpy(&address, ns_rr_rdata(rr), sizeof(address));
+						memcpy(&address, ns_rr_rdata(rr), sizeof(address));
-ret_address = address;
+						ret_address = address;
-}
+					}
-}
+				}
-}
+			}
-}
+		}
-if (maybe_ip && !ret_address) {
+		if (maybe_ip && !ret_address) {
-// might be a bare ip address
+			// might be a bare ip address
-in_addr ip;
+			in_addr ip;
-if (inet_aton(question, &ip)) {
+			if (inet_aton(question, &ip)) {
-ret_address = ip.s_addr;
+				ret_address = ip.s_addr;
-}
+			}
-}
+		}
-pthread_mutex_unlock(&resolve_mutex);
+	pthread_mutex_unlock(&resolve_mutex);
-return ret_address;
+	return ret_address;
 #else
-return glom.answer;
+	return glom.answer;
 #endif
 }
 ////////////////////////////////////////////////
-//  check a single dnsbl
+//	check a single dnsbl
 //
 bool check_single(mlfiPriv &priv, int ip, char *suffix);
 bool check_single(mlfiPriv &priv, int ip, char *suffix) {
-// make a dns question
+	// make a dns question
-const u_char *src = (const u_char *)&ip;
+	const u_char *src = (const u_char *)&ip;
-if (src[0] == 127) return false;    // don't do dns lookups on localhost
+	if (src[0] == 127) return false;	// don't do dns lookups on localhost
 #ifdef NS_MAXDNAME
-char question[NS_MAXDNAME];
+	char question[NS_MAXDNAME];
 #else
-char question[1000];
+	char question[1000];
 #endif
-snprintf(question, sizeof(question), "%u.%u.%u.%u.%s.", src[3], src[2], src[1], src[0], suffix);
+	snprintf(question, sizeof(question), "%u.%u.%u.%u.%s.", src[3], src[2], src[1], src[0], suffix);
-// ask the question, if we get an A record it implies a blacklisted ip address
+	// ask the question, if we get an A record it implies a blacklisted ip address
-return dns_interface(priv, question, false, NULL);
+	return dns_interface(priv, question, false, NULL);
 }
 ////////////////////////////////////////////////
-//  check a single dnsbl
+//	check a single dnsbl
 //
 bool check_single(mlfiPriv &priv, int ip, DNSBL &bl);
 bool check_single(mlfiPriv &priv, int ip, DNSBL &bl) {
-return check_single(priv, ip, bl.suffix);
+	return check_single(priv, ip, bl.suffix);
 }
 ////////////////////////////////////////////////
-//  check the dnsbls specified for this recipient
+//	check the dnsbls specified for this recipient
 //
 bool check_dnsbl(mlfiPriv &priv, dnsblp_list &dnsbll, DNSBLP &rejectlist);
 bool check_dnsbl(mlfiPriv &priv, dnsblp_list &dnsbll, DNSBLP &rejectlist) {
-if (priv.authenticated) return false;
+	if (priv.authenticated) return false;
-for (dnsblp_list::iterator i=dnsbll.begin(); i!=dnsbll.end(); i++) {
+	for (dnsblp_list::iterator i=dnsbll.begin(); i!=dnsbll.end(); i++) {
-DNSBLP dp = *i;     // non null by construction
+		DNSBLP dp = *i; 	// non null by construction
-bool st;
+		bool st;
-map<DNSBLP, bool>::iterator f = priv.checked.find(dp);
+		map<DNSBLP, bool>::iterator f = priv.checked.find(dp);
-if (f == priv.checked.end()) {
+		if (f == priv.checked.end()) {
-// have not checked this list yet
+			// have not checked this list yet
-st = check_single(priv, priv.ip, *dp);
+			st = check_single(priv, priv.ip, *dp);
-rejectlist = dp;
+			rejectlist = dp;
-priv.checked[dp] = st;
+			priv.checked[dp] = st;
-}
+		}
-else {
+		else {
-st = (*f).second;
+			st = (*f).second;
-rejectlist = (*f).first;
+			rejectlist = (*f).first;
-}
+		}
-if (st) return st;
+		if (st) return st;
-}
+	}
-return false;
+	return false;
 }
 ////////////////////////////////////////////////
-//  check the hosts from the body against the content dnsbl
+//	check the hosts from the body against the content dnsbl
 //
 bool check_hosts(mlfiPriv &priv, bool random, int limit, char *&host, int &ip);
 bool check_hosts(mlfiPriv &priv, bool random, int limit, char *&host, int &ip) {
-CONFIG     &dc     = *priv.pc;
+	CONFIG	   &dc	   = *priv.pc;
-string_set &hosts  = priv.memory->get_hosts();
+	string_set &hosts  = priv.memory->get_hosts();
-string_set &ignore = *priv.content_host_ignore;
+	string_set &ignore = *priv.content_host_ignore;
-char       *suffix = priv.content_suffix;
+	char	   *suffix = priv.content_suffix;
-int count = 0;
+	int count = 0;
-int   cnt = hosts.size();   // number of hosts we could look at
+	int   cnt = hosts.size();	// number of hosts we could look at
-int_set ips;
+	int_set ips;
-ns_map  nameservers;
+	ns_map	nameservers;
-for (string_set::iterator i=hosts.begin(); i!=hosts.end(); i++) {
+	for (string_set::iterator i=hosts.begin(); i!=hosts.end(); i++) {
-host = *i;  // a reference into hosts, which will live until this smtp transaction is closed
+		host = *i;	// a reference into hosts, which will live until this smtp transaction is closed
-// don't bother looking up hosts on the ignore list
+		// don't bother looking up hosts on the ignore list
-string_set::iterator j = ignore.find(host);
+		string_set::iterator j = ignore.find(host);
-if (j != ignore.end()) continue;
+		if (j != ignore.end()) continue;
-// try to only look at limit/cnt fraction of the available cnt host names in random mode
+		// try to only look at limit/cnt fraction of the available cnt host names in random mode
-if ((cnt > limit) && (limit > 0) && random) {
+		if ((cnt > limit) && (limit > 0) && random) {
-int r = rand() % cnt;
+			int r = rand() % cnt;
-if (r >= limit) {
+			if (r >= limit) {
-if (debug_syslog > 2) {
+				if (debug_syslog > 2) {
-char buf[maxlen];
+					char buf[maxlen];
-snprintf(buf, sizeof(buf), "host %s skipped", host);
+					snprintf(buf, sizeof(buf), "host %s skipped", host);
-my_syslog(&priv, buf);
+					my_syslog(&priv, buf);
-}
+				}
-continue;
+				continue;
-}
+			}
-}
+		}
-count++;
+		count++;
-ip = dns_interface(priv, host, true, &nameservers);
+		ip = dns_interface(priv, host, true, &nameservers);
-if (debug_syslog > 2) {
+		if (debug_syslog > 2) {
-char buf[maxlen];
+			char buf[maxlen];
-if (ip) {
+			if (ip) {
-char adr[sizeof "255.255.255.255"];
+				char adr[sizeof "255.255.255.255"];
-adr[0] = '\0';
+				adr[0] = '\0';
-inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
+				inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
-snprintf(buf, sizeof(buf), "host %s found at %s", host, adr);
+				snprintf(buf, sizeof(buf), "host %s found at %s", host, adr);
-}
+			}
-else {
+			else {
-snprintf(buf, sizeof(buf), "host %s not found", host);
+				snprintf(buf, sizeof(buf), "host %s not found", host);
-}
+			}
-my_syslog(&priv, buf);
+			my_syslog(&priv, buf);
-}
+		}
-if (ip) {
+		if (ip) {
-int_set::iterator i = ips.find(ip);
+			int_set::iterator i = ips.find(ip);
-if (i == ips.end()) {
+			if (i == ips.end()) {
-ips.insert(ip);
+				ips.insert(ip);
-if (check_single(priv, ip, suffix)) {
+				if (check_single(priv, ip, suffix)) {
-return true;
+					return true;
-}
+				}
-}
+			}
-}
+		}
-}
+	}
-limit *= 4;   // allow average of 3 ns per host name
+	limit *= 4;   // allow average of 3 ns per host name
-for (ns_mapper::iterator i=nameservers.ns_ip.begin(); i!=nameservers.ns_ip.end(); i++) {
+	for (ns_mapper::iterator i=nameservers.ns_ip.begin(); i!=nameservers.ns_ip.end(); i++) {
-count++;
+		count++;
-if ((count > limit) && (limit > 0)) {
+		if ((count > limit) && (limit > 0)) {
-if (random) continue; // don't complain
+			if (random) continue; // don't complain
-return true;
+			return true;
-}
+		}
-host = (*i).first;  // a transient reference that needs to be replaced before we return it
+		host = (*i).first;	// a transient reference that needs to be replaced before we return it
-ip   = (*i).second;
+		ip	 = (*i).second;
-if (!ip) ip = dns_interface(priv, host, false, NULL);
+		if (!ip) ip = dns_interface(priv, host, false, NULL);
-if (debug_syslog > 2) {
+		if (debug_syslog > 2) {
-char buf[maxlen];
+			char buf[maxlen];
-if (ip) {
+			if (ip) {
-char adr[sizeof "255.255.255.255"];
+				char adr[sizeof "255.255.255.255"];
-adr[0] = '\0';
+				adr[0] = '\0';
-inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
+				inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
-snprintf(buf, sizeof(buf), "ns %s found at %s", host, adr);
+				snprintf(buf, sizeof(buf), "ns %s found at %s", host, adr);
-}
+			}
-else {
+			else {
-snprintf(buf, sizeof(buf), "ns %s not found", host);
+				snprintf(buf, sizeof(buf), "ns %s not found", host);
-}
+			}
-my_syslog(&priv, buf);
+			my_syslog(&priv, buf);
-}
+		}
-if (ip) {
+		if (ip) {
-int_set::iterator i = ips.find(ip);
+			int_set::iterator i = ips.find(ip);
-if (i == ips.end()) {
+			if (i == ips.end()) {
-ips.insert(ip);
+				ips.insert(ip);
-if (check_single(priv, ip, suffix)) {
+				if (check_single(priv, ip, suffix)) {
-string_map::iterator j = nameservers.ns_host.find(host);
+					string_map::iterator j = nameservers.ns_host.find(host);
-if (j != nameservers.ns_host.end()) {
+					if (j != nameservers.ns_host.end()) {
-char *refer = (*j).second;
+						char *refer = (*j).second;
-char buf[maxlen];
+						char buf[maxlen];
-snprintf(buf, sizeof(buf), "%s with nameserver %s", refer, host);
+						snprintf(buf, sizeof(buf), "%s with nameserver %s", refer, host);
-host = register_string(hosts, buf);    // put a copy into hosts, and return that reference
+						host = register_string(hosts, buf);    // put a copy into hosts, and return that reference
-}
+					}
-else {
+					else {
-host = register_string(hosts, host);   // put a copy into hosts, and return that reference
+						host = register_string(hosts, host);   // put a copy into hosts, and return that reference
-}
+					}
-return true;
+					return true;
-}
+				}
-}
+			}
-}
+		}
-}
+	}
-return false;
+	return false;
 }
 ////////////////////////////////////////////////
 // this email address is passed in from sendmail, and will
 // as the mail client sent it. We dup the string and convert
 // the duplicate to lower case.
 //
 char *to_lower_string(char *email);
 char *to_lower_string(char *email) {
-int n = strlen(email)-2;
+	int n = strlen(email)-2;
-if (n < 1) return strdup(email);
+	if (n < 1) return strdup(email);
-char *key = strdup(email+1);
+	char *key = strdup(email+1);
-key[n] = '\0';
+	key[n] = '\0';
-for (int i=0; i<n; i++) key[i] = tolower(key[i]);
+	for (int i=0; i<n; i++) key[i] = tolower(key[i]);
-return key;
+	return key;
 }
 ////////////////////////////////////////////////
 // start of sendmail milter interfaces
 //
 sfsistat mlfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr)
 {
-// allocate some private memory
+	// allocate some private memory
-mlfiPriv *priv = new mlfiPriv;
+	mlfiPriv *priv = new mlfiPriv;
-if (hostaddr->sa_family == AF_INET) {
+	if (hostaddr->sa_family == AF_INET) {
-priv->ip = ((struct sockaddr_in *)hostaddr)->sin_addr.s_addr;
+		priv->ip = ((struct sockaddr_in *)hostaddr)->sin_addr.s_addr;
-}
+	}
-// save the private data
+	// save the private data
-smfi_setpriv(ctx, (void*)priv);
+	smfi_setpriv(ctx, (void*)priv);
-// continue processing
+	// continue processing
-return SMFIS_CONTINUE;
+	return SMFIS_CONTINUE;
 }
 sfsistat mlfi_envfrom(SMFICTX *ctx, char **from)
 {
-mlfiPriv &priv = *MLFIPRIV;
+	mlfiPriv &priv = *MLFIPRIV;
-priv.mailaddr      = to_lower_string(from[0]);
+	priv.mailaddr	   = to_lower_string(from[0]);
-priv.authenticated = (smfi_getsymval(ctx, "{auth_authen}") != NULL);
+	priv.authenticated = (smfi_getsymval(ctx, "{auth_authen}") != NULL);
-return SMFIS_CONTINUE;
+	return SMFIS_CONTINUE;
 }
 sfsistat mlfi_envrcpt(SMFICTX *ctx, char **rcpt)
 {
-DNSBLP rejectlist = NULL;   // list that caused the reject
+	DNSBLP rejectlist = NULL;	// list that caused the reject
-mlfiPriv &priv = *MLFIPRIV;
+	mlfiPriv &priv = *MLFIPRIV;
-CONFIG &dc = *priv.pc;
+	CONFIG &dc = *priv.pc;
-if (!priv.queueid) priv.queueid = strdup(smfi_getsymval(ctx, "i"));
+	if (!priv.queueid) priv.queueid = strdup(smfi_getsymval(ctx, "i"));
-char *rcptaddr  = rcpt[0];
+	char *rcptaddr	= rcpt[0];
-char *loto      = to_lower_string(rcptaddr);
+	char *loto		= to_lower_string(rcptaddr);
-CONTEXT    &con = *(dc.find_context(loto)->find_context(priv.mailaddr));
+	CONTEXT    &con = *(dc.find_context(loto)->find_context(priv.mailaddr));
-if (debug_syslog > 1) {
+	if (debug_syslog > 1) {
-char buf[maxlen];
+		char buf[maxlen];
-char msg[maxlen];
+		char msg[maxlen];
-snprintf(msg, sizeof(msg), "from <%s> to <%s> using context %s", priv.mailaddr, loto, con.get_full_name(buf,maxlen));
+		snprintf(msg, sizeof(msg), "from <%s> to <%s> using context %s", priv.mailaddr, loto, con.get_full_name(buf,maxlen));
-my_syslog(&priv, msg);
+		my_syslog(&priv, msg);
-}
+	}
-char *fromvalue = con.find_from(priv.mailaddr);
+	char *fromvalue = con.find_from(priv.mailaddr);
-free(loto);
+	free(loto);
-status st;
+	status st;
-if (fromvalue == token_black) {
+	if (fromvalue == token_black) {
-st = black;
+		st = black;
-}
+	}
-else if (fromvalue == token_white) {
+	else if (fromvalue == token_white) {
-st = white;
+		st = white;
-}
+	}
-else {
+	else {
-// check the dns based lists
+		// check the dns based lists
-st = (check_dnsbl(priv, con.get_dnsbl_list(), rejectlist)) ? reject : oksofar;
+		st = (check_dnsbl(priv, con.get_dnsbl_list(), rejectlist)) ? reject : oksofar;
-}
+	}
-if (st == reject) {
+	if (st == reject) {
-// reject the recipient based on some dnsbl
+		// reject the recipient based on some dnsbl
-char adr[sizeof "255.255.255.255"];
+		char adr[sizeof "255.255.255.255"];
-adr[0] = '\0';
+		adr[0] = '\0';
-inet_ntop(AF_INET, (const u_char *)&priv.ip, adr, sizeof(adr));
+		inet_ntop(AF_INET, (const u_char *)&priv.ip, adr, sizeof(adr));
-char buf[maxlen];
+		char buf[maxlen];
-snprintf(buf, sizeof(buf), rejectlist->message, adr, adr);
+		snprintf(buf, sizeof(buf), rejectlist->message, adr, adr);
-smfi_setreply(ctx, "550", "5.7.1", buf);
+		smfi_setreply(ctx, "550", "5.7.1", buf);
-return SMFIS_REJECT;
+		return SMFIS_REJECT;
-}
+	}
-else if (st == black) {
+	else if (st == black) {
-// reject the recipient based on blacklisting either from or to
+		// reject the recipient based on blacklisting either from or to
-smfi_setreply(ctx, "550", "5.7.1", "no such user");
+		smfi_setreply(ctx, "550", "5.7.1", "no such user");
-return SMFIS_REJECT;
+		return SMFIS_REJECT;
-}
+	}
-else {
+	else {
-// accept the recipient
+		// accept the recipient
-if (!con.get_content_filtering()) st = white;
+		if (!con.get_content_filtering()) st = white;
-if (st == oksofar) {
+		if (st == oksofar) {
-// but remember the non-whites
+			// but remember the non-whites
-priv.need_content_filter(rcptaddr, con);
+			priv.need_content_filter(rcptaddr, con);
-priv.only_whites = false;
+			priv.only_whites = false;
-}
+		}
-if (st == white) {
+		if (st == white) {
-priv.have_whites = true;
+			priv.have_whites = true;
-}
+		}
-return SMFIS_CONTINUE;
+		return SMFIS_CONTINUE;
-}
+	}
 }
 sfsistat mlfi_body(SMFICTX *ctx, u_char *data, size_t len)
 {
-mlfiPriv &priv = *MLFIPRIV;
+	mlfiPriv &priv = *MLFIPRIV;
-if (priv.authenticated)       return SMFIS_CONTINUE;
+	if (priv.authenticated) 	  return SMFIS_CONTINUE;
-if (priv.only_whites)         return SMFIS_CONTINUE;
+	if (priv.only_whites)		  return SMFIS_CONTINUE;
-priv.scanner->scan(data, len);
+	priv.scanner->scan(data, len);
-return SMFIS_CONTINUE;
+	return SMFIS_CONTINUE;
 }
 sfsistat mlfi_eom(SMFICTX *ctx)
 {
-sfsistat  rc;
+	sfsistat  rc;
-mlfiPriv &priv = *MLFIPRIV;
+	mlfiPriv &priv = *MLFIPRIV;
-CONFIG   &dc   = *priv.pc;
+	CONFIG	 &dc   = *priv.pc;
-char     *host = NULL;
+	char	 *host = NULL;
-int       ip;
+	int 	  ip;
-status    st;
+	status	  st;
-// process end of message
+	// process end of message
-if (priv.authenticated || priv.only_whites) rc = SMFIS_CONTINUE;
+	if (priv.authenticated || priv.only_whites) rc = SMFIS_CONTINUE;
-else {
+	else {
-// assert env_to not empty
+		// assert env_to not empty
-char buf[maxlen];
+		char buf[maxlen];
-char *msg = NULL;
+		char *msg = NULL;
-string_set alive;
+		string_set alive;
-bool random = false;
+		bool random = false;
-int  limit  = 0;
+		int  limit	= 0;
-for (context_map::iterator i=priv.env_to.begin(); i!=priv.env_to.end(); i++) {
+		for (context_map::iterator i=priv.env_to.begin(); i!=priv.env_to.end(); i++) {
-char *rcpt   = (*i).first;
+			char *rcpt	 = (*i).first;
-CONTEXT &con = *((*i).second);
+			CONTEXT &con = *((*i).second);
-if (!con.acceptable_content(*priv.memory, msg)) {
+			if (!con.acceptable_content(*priv.memory, msg)) {
-// bad html tags or excessive hosts
+				// bad html tags or excessive hosts
-smfi_delrcpt(ctx, rcpt);
+				smfi_delrcpt(ctx, rcpt);
-}
+			}
-else {
+			else {
-alive.insert(rcpt);
+				alive.insert(rcpt);
-random |= con.get_host_random();
+				random |= con.get_host_random();
-limit   = max(limit, con.get_host_limit());
+				limit	= max(limit, con.get_host_limit());
-}
+			}
-}
+		}
-bool rejecting = alive.empty(); // if alive is empty, we must have set msg above in acceptable_content()
+		bool rejecting = alive.empty(); // if alive is empty, we must have set msg above in acceptable_content()
-if (!rejecting) {
+		if (!rejecting) {
-if (check_hosts(priv, random, limit, host, ip)) {
+			if (check_hosts(priv, random, limit, host, ip)) {
-char adr[sizeof "255.255.255.255"];
+				char adr[sizeof "255.255.255.255"];
-adr[0] = '\0';
+				adr[0] = '\0';
-inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
+				inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
-snprintf(buf, sizeof(buf), priv.content_message, host, adr);
+				snprintf(buf, sizeof(buf), priv.content_message, host, adr);
-msg = buf;
+				msg = buf;
-rejecting = true;
+				rejecting = true;
-}
+			}
-}
+		}
-if (!rejecting) {
+		if (!rejecting) {
-rc = SMFIS_CONTINUE;
+			rc = SMFIS_CONTINUE;
-}
+		}
-else if (!priv.have_whites) {
+		else if (!priv.have_whites) {
-// can reject the entire message
+			// can reject the entire message
-smfi_setreply(ctx, "550", "5.7.1", msg);
+			smfi_setreply(ctx, "550", "5.7.1", msg);
-rc = SMFIS_REJECT;
+			rc = SMFIS_REJECT;
-}
+		}
-else {
+		else {
-// need to accept it but remove the recipients that don't want it
+			// need to accept it but remove the recipients that don't want it
-for (string_set::iterator i=alive.begin(); i!=alive.end(); i++) {
+			for (string_set::iterator i=alive.begin(); i!=alive.end(); i++) {
-char *rcpt = *i;
+				char *rcpt = *i;
-smfi_delrcpt(ctx, rcpt);
+				smfi_delrcpt(ctx, rcpt);
-}
+			}
-rc = SMFIS_CONTINUE;
+			rc = SMFIS_CONTINUE;
-}
+		}
-}
+	}
-// reset for a new message on the same connection
+	// reset for a new message on the same connection
-mlfi_abort(ctx);
+	mlfi_abort(ctx);
-return rc;
+	return rc;
 }
 sfsistat mlfi_abort(SMFICTX *ctx)
 {
-mlfiPriv &priv = *MLFIPRIV;
+	mlfiPriv &priv = *MLFIPRIV;
-priv.reset();
+	priv.reset();
-return SMFIS_CONTINUE;
+	return SMFIS_CONTINUE;
 }
 sfsistat mlfi_close(SMFICTX *ctx)
 {
-mlfiPriv *priv = MLFIPRIV;
+	mlfiPriv *priv = MLFIPRIV;
-if (!priv) return SMFIS_CONTINUE;
+	if (!priv) return SMFIS_CONTINUE;
-delete priv;
+	delete priv;
-smfi_setpriv(ctx, NULL);
+	smfi_setpriv(ctx, NULL);
-return SMFIS_CONTINUE;
+	return SMFIS_CONTINUE;
 }
 struct smfiDesc smfilter =
 {
-"DNSBL",            // filter name
+	"DNSBL",            // filter name
-SMFI_VERSION,       // version code -- do not change
+	SMFI_VERSION,		// version code -- do not change
-SMFIF_DELRCPT,      // flags
+	SMFIF_DELRCPT,		// flags
-mlfi_connect,       // connection info filter
+	mlfi_connect,		// connection info filter
-NULL,               // SMTP HELO command filter
+	NULL,				// SMTP HELO command filter
-mlfi_envfrom,       // envelope sender filter
+	mlfi_envfrom,		// envelope sender filter
-mlfi_envrcpt,       // envelope recipient filter
+	mlfi_envrcpt,		// envelope recipient filter
-NULL,               // header filter
+	NULL,				// header filter
-NULL,               // end of header
+	NULL,				// end of header
-mlfi_body,          // body block filter
+	mlfi_body,			// body block filter
-mlfi_eom,           // end of message
+	mlfi_eom,			// end of message
-mlfi_abort,         // message aborted
+	mlfi_abort, 		// message aborted
-mlfi_close,         // connection cleanup
+	mlfi_close, 		// connection cleanup
 };
 ////////////////////////////////////////////////
-//  reload the config
+//	reload the config
 //
 CONFIG* new_conf();
 CONFIG* new_conf() {
-CONFIG *newc = new CONFIG;
+	CONFIG *newc = new CONFIG;
-pthread_mutex_lock(&config_mutex);
+	pthread_mutex_lock(&config_mutex);
-newc->generation = generation++;
+		newc->generation = generation++;
-pthread_mutex_unlock(&config_mutex);
+	pthread_mutex_unlock(&config_mutex);
-if (debug_syslog) {
+	if (debug_syslog) {
-char buf[maxlen];
+		char buf[maxlen];
-snprintf(buf, sizeof(buf), "loading configuration generation %d", newc->generation);
+		snprintf(buf, sizeof(buf), "loading configuration generation %d", newc->generation);
-my_syslog(buf);
+		my_syslog(buf);
-}
+	}
-if (load_conf(*newc, "dnsbl.conf")) {
+	if (load_conf(*newc, "dnsbl.conf")) {
-newc->load_time = time(NULL);
+		newc->load_time = time(NULL);
-return newc;
+		return newc;
-}
+	}
-delete newc;
+	delete newc;
-return NULL;
+	return NULL;
 }
 ////////////////////////////////////////////////
-//  thread to watch the old config files for changes
+//	thread to watch the old config files for changes
-//  and reload when needed. we also cleanup old
+//	and reload when needed. we also cleanup old
-//  configs whose reference count has gone to zero.
+//	configs whose reference count has gone to zero.
 //
 void* config_loader(void *arg);
 void* config_loader(void *arg) {
-typedef set<CONFIG *> configp_set;
+	typedef set<CONFIG *> configp_set;
-configp_set old_configs;
+	configp_set old_configs;
-while (loader_run) {
+	while (loader_run) {
-sleep(180);  // look for modifications every 3 minutes
+		sleep(180);  // look for modifications every 3 minutes
-if (!loader_run) break;
+		if (!loader_run) break;
-CONFIG &dc = *config;
+		CONFIG &dc = *config;
-time_t then = dc.load_time;
+		time_t then = dc.load_time;
-struct stat st;
+		struct stat st;
-bool reload = false;
+		bool reload = false;
-for (string_set::iterator i=dc.config_files.begin(); i!=dc.config_files.end(); i++) {
+		for (string_set::iterator i=dc.config_files.begin(); i!=dc.config_files.end(); i++) {
-char *fn = *i;
+			char *fn = *i;
-if (stat(fn, &st))           reload = true; // file disappeared
+			if (stat(fn, &st))			 reload = true; // file disappeared
-else if (st.st_mtime > then) reload = true; // file modified
+			else if (st.st_mtime > then) reload = true; // file modified
-if (reload) break;
+			if (reload) break;
-}
+		}
-if (reload) {
+		if (reload) {
-CONFIG *newc = new_conf();
+			CONFIG *newc = new_conf();
-// replace the global config pointer
+			if (newc) {
-pthread_mutex_lock(&config_mutex);
+				// replace the global config pointer
-CONFIG *old = config;
+				pthread_mutex_lock(&config_mutex);
-config = newc;
+					CONFIG *old = config;
-pthread_mutex_unlock(&config_mutex);
+					config = newc;
-if (old) old_configs.insert(old);
+				pthread_mutex_unlock(&config_mutex);
-}
+				if (old) old_configs.insert(old);
-// now look for old configs with zero ref counts
+			}
-for (configp_set::iterator i=old_configs.begin(); i!=old_configs.end(); ) {
+			else {
-CONFIG *old = *i;
+				// failed to load new config
-if (!old->reference_count) {
+				my_syslog("failed to load new configuration");
-if (debug_syslog) {
+				system("echo 'failed to load new dnsbl configuration from /etc/dnsbl' | mail -s 'error in /etc/dnsbl configuration' root");
-char buf[maxlen];
+				// update the load time on the current config to prevent complaining every 3 minutes
-snprintf(buf, sizeof(buf), "freeing memory for old configuration generation %d", old->generation);
+				dc.load_time = time(NULL);
-my_syslog(buf);
+			}
-}
+		}
-delete old; // destructor does all the work
+		// now look for old configs with zero ref counts
-old_configs.erase(i++);
+		for (configp_set::iterator i=old_configs.begin(); i!=old_configs.end(); ) {
-}
+			CONFIG *old = *i;
-else i++;
+			if (!old->reference_count) {
-}
+				if (debug_syslog) {
-}
+					char buf[maxlen];
-return NULL;
+					snprintf(buf, sizeof(buf), "freeing memory for old configuration generation %d", old->generation);
+					my_syslog(buf);
+				}
+				delete old; // destructor does all the work
+				old_configs.erase(i++);
+			}
+			else i++;
+		}
+	}
+	return NULL;
 }
 void usage(char *prog);
 void usage(char *prog)
 {
-fprintf(stderr, "Usage: %s  [-d [level]] [-c] [-s] [-e from|to] -r port -p sm-sock-addr [-t timeout]\n", prog);
+	fprintf(stderr, "Usage: %s  [-d [level]] [-c] [-s] [-e from|to] -r port -p sm-sock-addr [-t timeout]\n", prog);
-fprintf(stderr, "where port is for the connection to our own dns resolver processes\n");
+	fprintf(stderr, "where port is for the connection to our own dns resolver processes\n");
-fprintf(stderr, "    and should be local-domain-socket-file-name\n");
+	fprintf(stderr, "    and should be local-domain-socket-file-name\n");
-fprintf(stderr, "where sm-sock-addr is for the connection to sendmail\n");
+	fprintf(stderr, "where sm-sock-addr is for the connection to sendmail\n");
-fprintf(stderr, "    and should be one of\n");
+	fprintf(stderr, "    and should be one of\n");
-fprintf(stderr, "        inet:port@ip-address\n");
+	fprintf(stderr, "        inet:port@ip-address\n");
-fprintf(stderr, "        local:local-domain-socket-file-name\n");
+	fprintf(stderr, "        local:local-domain-socket-file-name\n");
-fprintf(stderr, "-c will load and dump the config to stdout\n");
+	fprintf(stderr, "-c will load and dump the config to stdout\n");
-fprintf(stderr, "-s will stress test the config loading code by repeating the load/free cycle\n");
+	fprintf(stderr, "-s will stress test the config loading code by repeating the load/free cycle\n");
-fprintf(stderr, "        in an infinte loop.\n");
+	fprintf(stderr, "        in an infinte loop.\n");
-fprintf(stderr, "-d will set the syslog message level, currently 0 to 3");
+	fprintf(stderr, "-d will set the syslog message level, currently 0 to 3");
-fprintf(stderr, "-e will print the results of looking up the from and to addresses in the\n");
+	fprintf(stderr, "-e will print the results of looking up the from and to addresses in the\n");
-fprintf(stderr, "        current config. The | character is used to separate the from and to\n");
+	fprintf(stderr, "        current config. The | character is used to separate the from and to\n");
-fprintf(stderr, "        addresses in the argument to the -e switch\n");
+	fprintf(stderr, "        addresses in the argument to the -e switch\n");
 }
 void setup_socket(char *sock);
 void setup_socket(char *sock) {
-unlink(sock);
+	unlink(sock);
-//  sockaddr_un addr;
+	//	sockaddr_un addr;
-//  memset(&addr, '\0', sizeof addr);
+	//	memset(&addr, '\0', sizeof addr);
-//  addr.sun_family = AF_UNIX;
+	//	addr.sun_family = AF_UNIX;
-//  strncpy(addr.sun_path, sock, sizeof(addr.sun_path)-1);
+	//	strncpy(addr.sun_path, sock, sizeof(addr.sun_path)-1);
-//  int s = socket(AF_UNIX, SOCK_STREAM, 0);
+	//	int s = socket(AF_UNIX, SOCK_STREAM, 0);
-//  bind(s, (sockaddr*)&addr, sizeof(addr));
+	//	bind(s, (sockaddr*)&addr, sizeof(addr));
-//  close(s);
+	//	close(s);
 }
 /*
 * The signal handler function -- only gets called when a SIGCHLD
 * is received, ie when a child terminates
 */
 void sig_chld(int signo)
 {
-int status;
+	int status;
-/* Wait for any child without blocking */
+	/* Wait for any child without blocking */
-while (waitpid(-1, &status, WNOHANG) > 0) {
+	while (waitpid(-1, &status, WNOHANG) > 0) {
-// ignore child exit status, we only do this to cleanup zombies
+		// ignore child exit status, we only do this to cleanup zombies
-}
+	}
 }
 int main(int argc, char**argv)
 {
-token_init();
+	token_init();
-bool check   = false;
+	bool check	 = false;
-bool stress  = false;
+	bool stress  = false;
-bool setconn = false;
+	bool setconn = false;
-bool setreso = false;
+	bool setreso = false;
-char *email = NULL;
+	char *email = NULL;
-int c;
+	int c;
-const char *args = "r:p:t:e:d:chs";
+	const char *args = "r:p:t:e:d:chs";
-extern char *optarg;
+	extern char *optarg;
-// Process command line options
+	// Process command line options
-while ((c = getopt(argc, argv, args)) != -1) {
+	while ((c = getopt(argc, argv, args)) != -1) {
-switch (c) {
+		switch (c) {
-case 'r':
+			case 'r':
-if (optarg == NULL || *optarg == '\0') {
+				if (optarg == NULL || *optarg == '\0') {
-fprintf(stderr, "Illegal resolver socket: %s\n", optarg);
+					fprintf(stderr, "Illegal resolver socket: %s\n", optarg);
-exit(EX_USAGE);
+					exit(EX_USAGE);
-}
+				}
-resolver_port = strdup(optarg);
+				resolver_port = strdup(optarg);
-setup_socket(resolver_port);
+				setup_socket(resolver_port);
-setreso = true;
+				setreso = true;
-break;
+				break;
-case 'p':
+			case 'p':
-if (optarg == NULL || *optarg == '\0') {
+				if (optarg == NULL || *optarg == '\0') {
-fprintf(stderr, "Illegal sendmail socket: %s\n", optarg);
+					fprintf(stderr, "Illegal sendmail socket: %s\n", optarg);
-exit(EX_USAGE);
+					exit(EX_USAGE);
-}
+				}
-if (smfi_setconn(optarg) == MI_FAILURE) {
+				if (smfi_setconn(optarg) == MI_FAILURE) {
-fprintf(stderr, "smfi_setconn failed\n");
+					fprintf(stderr, "smfi_setconn failed\n");
-exit(EX_SOFTWARE);
+					exit(EX_SOFTWARE);
-}
+				}
-if (strncasecmp(optarg, "unix:", 5) == 0)  setup_socket(optarg + 5);
+					 if (strncasecmp(optarg, "unix:", 5) == 0)  setup_socket(optarg + 5);
-else if (strncasecmp(optarg, "local:", 6) == 0) setup_socket(optarg + 6);
+				else if (strncasecmp(optarg, "local:", 6) == 0) setup_socket(optarg + 6);
-setconn = true;
+				setconn = true;
-break;
+				break;
-case 't':
+			case 't':
-if (optarg == NULL || *optarg == '\0') {
+				if (optarg == NULL || *optarg == '\0') {
-fprintf(stderr, "Illegal timeout: %s\n", optarg);
+					fprintf(stderr, "Illegal timeout: %s\n", optarg);
-exit(EX_USAGE);
+					exit(EX_USAGE);
-}
+				}
-if (smfi_settimeout(atoi(optarg)) == MI_FAILURE) {
+				if (smfi_settimeout(atoi(optarg)) == MI_FAILURE) {
-fprintf(stderr, "smfi_settimeout failed\n");
+					fprintf(stderr, "smfi_settimeout failed\n");
-exit(EX_SOFTWARE);
+					exit(EX_SOFTWARE);
-}
+				}
-break;
+				break;
-case 'e':
+			case 'e':
-if (email) free(email);
+				if (email) free(email);
-email = strdup(optarg);
+				email = strdup(optarg);
-break;
+				break;
-case 'c':
+			case 'c':
-check = true;
+				check = true;
-break;
+				break;
-case 's':
+			case 's':
-stress = true;
+				stress = true;
-break;
+				break;
-case 'd':
+			case 'd':
-if (optarg == NULL || *optarg == '\0') debug_syslog = 1;
+				if (optarg == NULL || *optarg == '\0') debug_syslog = 1;
-else                                   debug_syslog = atoi(optarg);
+				else								   debug_syslog = atoi(optarg);
-break;
+				break;
-case 'h':
+			case 'h':
-default:
+			default:
-usage(argv[0]);
+				usage(argv[0]);
-exit(EX_USAGE);
+				exit(EX_USAGE);
-}
+		}
-}
+	}
-if (check) {
+	if (check) {
-use_syslog   = false;
+		use_syslog	 = false;
-debug_syslog = 10;
+		debug_syslog = 10;
-CONFIG *conf = new_conf();
+		CONFIG *conf = new_conf();
-if (conf) {
+		if (conf) {
-conf->dump();
+			conf->dump();
-delete conf;
+			delete conf;
-return 0;
+			return 0;
-}
+		}
-else {
+		else {
-return 1;   // config failed to load
+			return 1;	// config failed to load
-}
+		}
-}
+	}
-if (stress) {
+	if (stress) {
-fprintf(stdout, "stress testing\n");
+		fprintf(stdout, "stress testing\n");
-while (1) {
+		while (1) {
-for (int i=0; i<10; i++) {
+			for (int i=0; i<10; i++) {
-CONFIG *conf = new_conf();
+				CONFIG *conf = new_conf();
-if (conf) delete conf;
+				if (conf) delete conf;
-}
+			}
-fprintf(stdout, ".");
+			fprintf(stdout, ".");
-fflush(stdout);
+			fflush(stdout);
-sleep(1);
+			sleep(1);
-}
+		}
-}
+	}
-if (email) {
+	if (email) {
-char *x = strchr(email, '|');
+		char *x = strchr(email, '|');
-if (x) {
+		if (x) {
-*x = '\0';
+			*x = '\0';
-char *from = strdup(email);
+			char *from = strdup(email);
-char *to   = strdup(x+1);
+			char *to   = strdup(x+1);
-use_syslog = false;
+			use_syslog = false;
-CONFIG *conf = new_conf();
+			CONFIG *conf = new_conf();
-if (conf) {
+			if (conf) {
-CONTEXTP con = conf->find_context(to);
+				CONTEXTP con = conf->find_context(to);
-char buf[maxlen];
+				char buf[maxlen];
-fprintf(stdout, "envelope to   <%s> finds context %s\n", to, con->get_full_name(buf,maxlen));
+				fprintf(stdout, "envelope to   <%s> finds context %s\n", to, con->get_full_name(buf,maxlen));
-CONTEXTP fc = con->find_context(from);
+				CONTEXTP fc = con->find_context(from);
-fprintf(stdout, "envelope from <%s> finds context %s\n", from, fc->get_full_name(buf,maxlen));
+				fprintf(stdout, "envelope from <%s> finds context %s\n", from, fc->get_full_name(buf,maxlen));
-char *st = fc->find_from(from);
+				char *st = fc->find_from(from);
-fprintf(stdout, "envelope from <%s> finds status %s\n", from, st);
+				fprintf(stdout, "envelope from <%s> finds status %s\n", from, st);
-delete conf;
+				delete conf;
-}
+			}
-}
+		}
-return 0;
+		return 0;
-}
+	}
-if (!setconn) {
+	if (!setconn) {
-fprintf(stderr, "%s: Missing required -p argument\n", argv[0]);
+		fprintf(stderr, "%s: Missing required -p argument\n", argv[0]);
-usage(argv[0]);
+		usage(argv[0]);
-exit(EX_USAGE);
+		exit(EX_USAGE);
-}
+	}
-if (!setreso) {
+	if (!setreso) {
-fprintf(stderr, "%s: Missing required -r argument\n", argv[0]);
+		fprintf(stderr, "%s: Missing required -r argument\n", argv[0]);
-usage(argv[0]);
+		usage(argv[0]);
-exit(EX_USAGE);
+		exit(EX_USAGE);
-}
+	}
-if (smfi_register(smfilter) == MI_FAILURE) {
+	if (smfi_register(smfilter) == MI_FAILURE) {
-fprintf(stderr, "smfi_register failed\n");
+		fprintf(stderr, "smfi_register failed\n");
-exit(EX_UNAVAILABLE);
+		exit(EX_UNAVAILABLE);
-}
+	}
-// switch to background mode
+	// switch to background mode
-if (daemon(1,0) < 0) {
+	if (daemon(1,0) < 0) {
-fprintf(stderr, "daemon() call failed\n");
+		fprintf(stderr, "daemon() call failed\n");
-exit(EX_UNAVAILABLE);
+		exit(EX_UNAVAILABLE);
-}
+	}
-// write the pid
+	// write the pid
-const char *pidpath = "/var/run/dnsbl.pid";
+	const char *pidpath = "/var/run/dnsbl.pid";
-unlink(pidpath);
+	unlink(pidpath);
-FILE *f = fopen(pidpath, "w");
+	FILE *f = fopen(pidpath, "w");
-if (f) {
+	if (f) {
 #ifdef linux
-// from a comment in the DCC source code:
+		// from a comment in the DCC source code:
-// Linux threads are broken.  Signals given the
+		// Linux threads are broken.  Signals given the
-// original process are delivered to only the
+		// original process are delivered to only the
-// thread that happens to have that PID.  The
+		// thread that happens to have that PID.  The
-// sendmail libmilter thread that needs to hear
+		// sendmail libmilter thread that needs to hear
-// SIGINT and other signals does not, and that breaks
+		// SIGINT and other signals does not, and that breaks
-// scripts that need to stop milters.
+		// scripts that need to stop milters.
-// However, signaling the process group works.
+		// However, signaling the process group works.
-fprintf(f, "-%d\n", (u_int)getpgrp());
+		fprintf(f, "-%d\n", (u_int)getpgrp());
 #else
-fprintf(f, "%d\n", (u_int)getpid());
+		fprintf(f, "%d\n", (u_int)getpid());
 #endif
-fclose(f);
+		fclose(f);
-}
+	}
-// initialize the thread sync objects
+	// initialize the thread sync objects
-pthread_mutex_init(&config_mutex, 0);
+	pthread_mutex_init(&config_mutex, 0);
-pthread_mutex_init(&syslog_mutex, 0);
+	pthread_mutex_init(&syslog_mutex, 0);
-pthread_mutex_init(&resolve_mutex, 0);
+	pthread_mutex_init(&resolve_mutex, 0);
-pthread_mutex_init(&fd_pool_mutex, 0);
+	pthread_mutex_init(&fd_pool_mutex, 0);
-// drop root privs
+	// drop root privs
-struct passwd *pw = getpwnam("dnsbl");
+	struct passwd *pw = getpwnam("dnsbl");
-if (pw) {
+	if (pw) {
-if (setgid(pw->pw_gid) == -1) {
+		if (setgid(pw->pw_gid) == -1) {
-my_syslog("failed to switch to group dnsbl");
+			my_syslog("failed to switch to group dnsbl");
-}
+		}
-if (setuid(pw->pw_uid) == -1) {
+		if (setuid(pw->pw_uid) == -1) {
-my_syslog("failed to switch to user dnsbl");
+			my_syslog("failed to switch to user dnsbl");
-}
+		}
-}
+	}
-// fork off the resolver listener process
+	// load the initial config
-pid_t child = fork();
+	config = new_conf();
-if (child < 0) {
+	if (!config) {
-my_syslog("failed to create resolver listener process");
+		my_syslog("failed to load initial configuration, quitting");
-exit(0);
+		exit(1);
-}
+	}
-if (child == 0) {
-// we are the child - dns resolver listener process
+	// fork off the resolver listener process
-resolver_socket = socket(AF_UNIX, SOCK_STREAM, 0);
+	pid_t child = fork();
-if (resolver_socket < 0) {
+	if (child < 0) {
-my_syslog("child failed to create resolver socket");
+		my_syslog("failed to create resolver listener process");
-exit(0);   // failed
+		exit(0);
-}
+	}
-sockaddr_un server;
+	if (child == 0) {
-memset(&server, '\0', sizeof(server));
+		// we are the child - dns resolver listener process
-server.sun_family = AF_UNIX;
+		resolver_socket = socket(AF_UNIX, SOCK_STREAM, 0);
-strncpy(server.sun_path, resolver_port, sizeof(server.sun_path)-1);
+		if (resolver_socket < 0) {
-//try to bind the address to the socket.
+			my_syslog("child failed to create resolver socket");
-if (bind(resolver_socket, (sockaddr *)&server, sizeof(server)) < 0) {
+			exit(0);   // failed
-// bind failed
+		}
-shutdown(resolver_socket, SHUT_RDWR);
+		sockaddr_un server;
-close(resolver_socket);
+		memset(&server, '\0', sizeof(server));
-my_syslog("child failed to bind resolver socket");
+		server.sun_family = AF_UNIX;
-exit(0);   // failed
+		strncpy(server.sun_path, resolver_port, sizeof(server.sun_path)-1);
-}
+		//try to bind the address to the socket.
-//listen on the socket.
+		if (bind(resolver_socket, (sockaddr *)&server, sizeof(server)) < 0) {
-if (listen(resolver_socket, 10) < 0) {
+			// bind failed
-// listen failed
+			shutdown(resolver_socket, SHUT_RDWR);
-shutdown(resolver_socket, SHUT_RDWR);
+			close(resolver_socket);
-close(resolver_socket);
+			my_syslog("child failed to bind resolver socket");
-my_syslog("child failed to listen to resolver socket");
+			exit(0);   // failed
-exit(0);   // failed
+		}
-}
+		//listen on the socket.
-// setup sigchld handler to prevent zombies
+		if (listen(resolver_socket, 10) < 0) {
-struct sigaction act;
+			// listen failed
-act.sa_handler = sig_chld;      // Assign sig_chld as our SIGCHLD handler
+			shutdown(resolver_socket, SHUT_RDWR);
-sigemptyset(&act.sa_mask);      // We don't want to block any other signals in this example
+			close(resolver_socket);
-act.sa_flags = SA_NOCLDSTOP;    // only want children that have terminated
+			my_syslog("child failed to listen to resolver socket");
-if (sigaction(SIGCHLD, &act, NULL) < 0) {
+			exit(0);   // failed
-my_syslog("child failed to setup SIGCHLD handler");
+		}
-exit(0);   // failed
+		// setup sigchld handler to prevent zombies
-}
+		struct sigaction act;
-while (true) {
+		act.sa_handler = sig_chld;		// Assign sig_chld as our SIGCHLD handler
-sockaddr_un client;
+		sigemptyset(&act.sa_mask);		// We don't want to block any other signals in this example
-socklen_t   clientlen = sizeof(client);
+		act.sa_flags = SA_NOCLDSTOP;	// only want children that have terminated
-int s = accept(resolver_socket, (sockaddr *)&client, &clientlen);
+		if (sigaction(SIGCHLD, &act, NULL) < 0) {
-if (s > 0) {
+			my_syslog("child failed to setup SIGCHLD handler");
-// accept worked, it did not get cancelled before we could accept it
+			exit(0);   // failed
-// fork off a process to handle this connection
+		}
-int newchild = fork();
+		while (true) {
-if (newchild == 0) {
+			sockaddr_un client;
-// this is the worker process
+			socklen_t	clientlen = sizeof(client);
-// child does not need the listening socket
+			int s = accept(resolver_socket, (sockaddr *)&client, &clientlen);
-close(resolver_socket);
+			if (s > 0) {
-process_resolver_requests(s);
+				// accept worked, it did not get cancelled before we could accept it
-exit(0);
+				// fork off a process to handle this connection
-}
+				int newchild = fork();
-else {
+				if (newchild == 0) {
-// this is the parent
+					// this is the worker process
-// parent does not need the accepted socket
+					// child does not need the listening socket
-close(s);
+					close(resolver_socket);
-}
+					process_resolver_requests(s);
-}
+					exit(0);
-}
+				}
-exit(0);    // make sure we don't fall thru.
+				else {
-}
+					// this is the parent
-else {
+					// parent does not need the accepted socket
-sleep(2);   // allow child to get started
+					close(s);
-}
+				}
+			}
-// load the initial config
+		}
-config = new_conf();
+		exit(0);	// make sure we don't fall thru.
+	}
-// only create threads after the fork() in daemon
+	else {
-pthread_t tid;
+		sleep(2);	// allow child to get started
-if (pthread_create(&tid, 0, config_loader, 0))
+	}
-my_syslog("failed to create config loader thread");
-if (pthread_detach(tid))
+	// only create threads after the fork() in daemon
-my_syslog("failed to detach config loader thread");
+	pthread_t tid;
+	if (pthread_create(&tid, 0, config_loader, 0))
-time_t starting = time(NULL);
+		my_syslog("failed to create config loader thread");
-int rc = smfi_main();
+	if (pthread_detach(tid))
-if ((rc != MI_SUCCESS) && (time(NULL) > starting+5*60)) {
+		my_syslog("failed to detach config loader thread");
-my_syslog("trying to restart after smfi_main()");
-loader_run = false;     // eventually the config loader thread will terminate
+	time_t starting = time(NULL);
-execvp(argv[0], argv);
+	int rc = smfi_main();
-}
+	if ((rc != MI_SUCCESS) && (time(NULL) > starting+5*60)) {
-exit((rc == MI_SUCCESS) ? 0 : EX_UNAVAILABLE);
+		my_syslog("trying to restart after smfi_main()");
-}
+		loader_run = false; 	// eventually the config loader thread will terminate
+		execvp(argv[0], argv);
+	}
+	exit((rc == MI_SUCCESS) ? 0 : EX_UNAVAILABLE);
+}

Mercurial > dnsbl

comparison src/dnsbl.cpp @ 89:946fc1bcfb2c stable-5-3