comparison src/dnsbl.cpp @ 331:9800776436b9

allow dkim whitelisting to override uribl hosts in the mail body
author Carl Byington <carl@five-ten-sg.com>
date Mon, 19 Dec 2016 15:32:32 -0800
parents b5b93a7e1e6d
children 89574f8a2f64
comparison
equal deleted inserted replaced
330:b5b93a7e1e6d 331:9800776436b9
1114 email++; 1114 email++;
1115 } 1115 }
1116 if (n ==0) return strdup("<>"); 1116 if (n ==0) return strdup("<>");
1117 char *key = strdup(email); 1117 char *key = strdup(email);
1118 key[n] = '\0'; 1118 key[n] = '\0';
1119 for (int i=0; i<n; i++) key[i] = tolower(key[i]); 1119 for (size_t i=0; i<n; i++) key[i] = tolower(key[i]);
1120 if ((n > 14) && (strncmp(key, "srs", 3) == 0)) { 1120 if ((n > 14) && (strncmp(key, "srs", 3) == 0)) {
1121 // might have srs coding to be removed 1121 // might have srs coding to be removed
1122 const int nmatch = 7; 1122 const int nmatch = 7;
1123 regmatch_t match[nmatch]; 1123 regmatch_t match[nmatch];
1124 if (0 == regexec(&srs_pattern, key, nmatch, match, 0)) { 1124 if (0 == regexec(&srs_pattern, key, nmatch, match, 0)) {
1592 int bulk = 0; 1592 int bulk = 0;
1593 if (priv.want_dccgrey || priv.want_dccbulk) priv.dccifd->mlfi_eom(grey, bulk); 1593 if (priv.want_dccgrey || priv.want_dccbulk) priv.dccifd->mlfi_eom(grey, bulk);
1594 1594
1595 char buf[maxlen]; 1595 char buf[maxlen];
1596 string msg; 1596 string msg;
1597 string_set alive; 1597 string_set unknowns;
1598 string_set whites;
1598 bool random = false; 1599 bool random = false;
1599 int limit = 0; 1600 int limit = 0;
1600 if (priv.dkim_signers.empty()) { 1601 if (priv.dkim_signers.empty()) {
1601 snprintf(buf, sizeof(buf), "acceptable content from %s signer *", 1602 snprintf(buf, sizeof(buf), "acceptable content from %s signer *",
1602 (priv.fromaddr) ? priv.fromaddr : token_asterisk); 1603 (priv.fromaddr) ? priv.fromaddr : token_asterisk);
1611 } 1612 }
1612 1613
1613 for (context_map::iterator i=priv.env_to.begin(); i!=priv.env_to.end(); i++) { 1614 for (context_map::iterator i=priv.env_to.begin(); i!=priv.env_to.end(); i++) {
1614 const char *rcpt = (*i).first; 1615 const char *rcpt = (*i).first;
1615 CONTEXT &con = *((*i).second); 1616 CONTEXT &con = *((*i).second);
1616 if (!con.acceptable_content(*priv.memory, score, bulk, priv.queueid, priv.dkim_signers, priv.fromaddr, msg)) { 1617 const char *st = con.acceptable_content(*priv.memory, score, bulk, priv.queueid, priv.dkim_signers, priv.fromaddr, msg);
1618 if (st == token_black) {
1617 // bad html tags or excessive hosts or 1619 // bad html tags or excessive hosts or
1618 // high spam assassin score or dcc bulk threshold exceedeed 1620 // high spam assassin score or dcc bulk threshold exceedeed
1619 // or signed by a dkim signer that we don't like 1621 // or signed by a dkim signer that we don't like
1620 // or header from requires dkim signer that is missing 1622 // or header from requires dkim signer that is missing
1621 smfi_delrcpt(ctx, (char*)rcpt); 1623 smfi_delrcpt(ctx, (char*)rcpt);
1622 } 1624 }
1623 else { 1625 else if (st == token_unknown) {
1624 alive.insert(rcpt); 1626 unknowns.insert(rcpt);
1625 random |= con.get_host_random(); 1627 random |= con.get_host_random();
1626 limit = max(limit, con.get_host_limit()); 1628 limit = max(limit, con.get_host_limit());
1627 } 1629 }
1628 } 1630 else if (st == token_white) {
1629 bool rejecting = alive.empty(); // if alive is empty, we must have set msg above in acceptable_content() 1631 whites.insert(rcpt);
1630 if (!rejecting) { 1632 }
1633 }
1634 bool rejecting = unknowns.empty() && whites.empty();
1635 if (!unknowns.empty()) {
1636 // check hosts for those recipients
1631 const char *fmt; 1637 const char *fmt;
1632 const char *found; 1638 const char *found;
1633 if (check_hosts(priv, random, limit, fmt, host, ip, found)) { 1639 if (check_hosts(priv, random, limit, fmt, host, ip, found)) {
1634 if (found) { 1640 if (found) {
1635 // uribl style 1641 // uribl style
1651 smfi_setreply(ctx, (char*)"452", (char*)"4.2.1", (char*)"temporary greylist embargoed"); 1657 smfi_setreply(ctx, (char*)"452", (char*)"4.2.1", (char*)"temporary greylist embargoed");
1652 rc = SMFIS_TEMPFAIL; 1658 rc = SMFIS_TEMPFAIL;
1653 } 1659 }
1654 else rc = SMFIS_CONTINUE; 1660 else rc = SMFIS_CONTINUE;
1655 } 1661 }
1656 else if (!priv.have_whites) { 1662 else if (!priv.have_whites && whites.empty()) {
1657 // can reject the entire message 1663 // can reject the entire message
1658 snprintf(buf, sizeof(buf), "%s", msg.c_str()); 1664 snprintf(buf, sizeof(buf), "%s", msg.c_str());
1659 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf); 1665 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
1660 rc = SMFIS_REJECT; 1666 rc = SMFIS_REJECT;
1661 } 1667 }
1662 else { 1668 else {
1663 // need to accept it but remove the recipients that don't want it 1669 // need to accept it but remove the recipients that don't want it
1664 for (string_set::iterator i=alive.begin(); i!=alive.end(); i++) { 1670 for (string_set::iterator i=unknowns.begin(); i!=unknowns.end(); i++) {
1665 const char *rcpt = *i; 1671 const char *rcpt = *i;
1666 smfi_delrcpt(ctx, (char*)rcpt); 1672 smfi_delrcpt(ctx, (char*)rcpt);
1667 } 1673 }
1668 rc = SMFIS_CONTINUE; 1674 rc = SMFIS_CONTINUE;
1669 } 1675 }