Mercurial > dnsbl
comparison src/dnsbl.cpp @ 331:9800776436b9
allow dkim whitelisting to override uribl hosts in the mail body
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Mon, 19 Dec 2016 15:32:32 -0800 |
| parents | b5b93a7e1e6d |
| children | 89574f8a2f64 |
comparison
equal
deleted
inserted
replaced
| 330:b5b93a7e1e6d | 331:9800776436b9 |
|---|---|
| 1114 email++; | 1114 email++; |
| 1115 } | 1115 } |
| 1116 if (n ==0) return strdup("<>"); | 1116 if (n ==0) return strdup("<>"); |
| 1117 char *key = strdup(email); | 1117 char *key = strdup(email); |
| 1118 key[n] = '\0'; | 1118 key[n] = '\0'; |
| 1119 for (int i=0; i<n; i++) key[i] = tolower(key[i]); | 1119 for (size_t i=0; i<n; i++) key[i] = tolower(key[i]); |
| 1120 if ((n > 14) && (strncmp(key, "srs", 3) == 0)) { | 1120 if ((n > 14) && (strncmp(key, "srs", 3) == 0)) { |
| 1121 // might have srs coding to be removed | 1121 // might have srs coding to be removed |
| 1122 const int nmatch = 7; | 1122 const int nmatch = 7; |
| 1123 regmatch_t match[nmatch]; | 1123 regmatch_t match[nmatch]; |
| 1124 if (0 == regexec(&srs_pattern, key, nmatch, match, 0)) { | 1124 if (0 == regexec(&srs_pattern, key, nmatch, match, 0)) { |
| 1592 int bulk = 0; | 1592 int bulk = 0; |
| 1593 if (priv.want_dccgrey || priv.want_dccbulk) priv.dccifd->mlfi_eom(grey, bulk); | 1593 if (priv.want_dccgrey || priv.want_dccbulk) priv.dccifd->mlfi_eom(grey, bulk); |
| 1594 | 1594 |
| 1595 char buf[maxlen]; | 1595 char buf[maxlen]; |
| 1596 string msg; | 1596 string msg; |
| 1597 string_set alive; | 1597 string_set unknowns; |
| 1598 string_set whites; | |
| 1598 bool random = false; | 1599 bool random = false; |
| 1599 int limit = 0; | 1600 int limit = 0; |
| 1600 if (priv.dkim_signers.empty()) { | 1601 if (priv.dkim_signers.empty()) { |
| 1601 snprintf(buf, sizeof(buf), "acceptable content from %s signer *", | 1602 snprintf(buf, sizeof(buf), "acceptable content from %s signer *", |
| 1602 (priv.fromaddr) ? priv.fromaddr : token_asterisk); | 1603 (priv.fromaddr) ? priv.fromaddr : token_asterisk); |
| 1611 } | 1612 } |
| 1612 | 1613 |
| 1613 for (context_map::iterator i=priv.env_to.begin(); i!=priv.env_to.end(); i++) { | 1614 for (context_map::iterator i=priv.env_to.begin(); i!=priv.env_to.end(); i++) { |
| 1614 const char *rcpt = (*i).first; | 1615 const char *rcpt = (*i).first; |
| 1615 CONTEXT &con = *((*i).second); | 1616 CONTEXT &con = *((*i).second); |
| 1616 if (!con.acceptable_content(*priv.memory, score, bulk, priv.queueid, priv.dkim_signers, priv.fromaddr, msg)) { | 1617 const char *st = con.acceptable_content(*priv.memory, score, bulk, priv.queueid, priv.dkim_signers, priv.fromaddr, msg); |
| 1618 if (st == token_black) { | |
| 1617 // bad html tags or excessive hosts or | 1619 // bad html tags or excessive hosts or |
| 1618 // high spam assassin score or dcc bulk threshold exceedeed | 1620 // high spam assassin score or dcc bulk threshold exceedeed |
| 1619 // or signed by a dkim signer that we don't like | 1621 // or signed by a dkim signer that we don't like |
| 1620 // or header from requires dkim signer that is missing | 1622 // or header from requires dkim signer that is missing |
| 1621 smfi_delrcpt(ctx, (char*)rcpt); | 1623 smfi_delrcpt(ctx, (char*)rcpt); |
| 1622 } | 1624 } |
| 1623 else { | 1625 else if (st == token_unknown) { |
| 1624 alive.insert(rcpt); | 1626 unknowns.insert(rcpt); |
| 1625 random |= con.get_host_random(); | 1627 random |= con.get_host_random(); |
| 1626 limit = max(limit, con.get_host_limit()); | 1628 limit = max(limit, con.get_host_limit()); |
| 1627 } | 1629 } |
| 1628 } | 1630 else if (st == token_white) { |
| 1629 bool rejecting = alive.empty(); // if alive is empty, we must have set msg above in acceptable_content() | 1631 whites.insert(rcpt); |
| 1630 if (!rejecting) { | 1632 } |
| 1633 } | |
| 1634 bool rejecting = unknowns.empty() && whites.empty(); | |
| 1635 if (!unknowns.empty()) { | |
| 1636 // check hosts for those recipients | |
| 1631 const char *fmt; | 1637 const char *fmt; |
| 1632 const char *found; | 1638 const char *found; |
| 1633 if (check_hosts(priv, random, limit, fmt, host, ip, found)) { | 1639 if (check_hosts(priv, random, limit, fmt, host, ip, found)) { |
| 1634 if (found) { | 1640 if (found) { |
| 1635 // uribl style | 1641 // uribl style |
| 1651 smfi_setreply(ctx, (char*)"452", (char*)"4.2.1", (char*)"temporary greylist embargoed"); | 1657 smfi_setreply(ctx, (char*)"452", (char*)"4.2.1", (char*)"temporary greylist embargoed"); |
| 1652 rc = SMFIS_TEMPFAIL; | 1658 rc = SMFIS_TEMPFAIL; |
| 1653 } | 1659 } |
| 1654 else rc = SMFIS_CONTINUE; | 1660 else rc = SMFIS_CONTINUE; |
| 1655 } | 1661 } |
| 1656 else if (!priv.have_whites) { | 1662 else if (!priv.have_whites && whites.empty()) { |
| 1657 // can reject the entire message | 1663 // can reject the entire message |
| 1658 snprintf(buf, sizeof(buf), "%s", msg.c_str()); | 1664 snprintf(buf, sizeof(buf), "%s", msg.c_str()); |
| 1659 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf); | 1665 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf); |
| 1660 rc = SMFIS_REJECT; | 1666 rc = SMFIS_REJECT; |
| 1661 } | 1667 } |
| 1662 else { | 1668 else { |
| 1663 // need to accept it but remove the recipients that don't want it | 1669 // need to accept it but remove the recipients that don't want it |
| 1664 for (string_set::iterator i=alive.begin(); i!=alive.end(); i++) { | 1670 for (string_set::iterator i=unknowns.begin(); i!=unknowns.end(); i++) { |
| 1665 const char *rcpt = *i; | 1671 const char *rcpt = *i; |
| 1666 smfi_delrcpt(ctx, (char*)rcpt); | 1672 smfi_delrcpt(ctx, (char*)rcpt); |
| 1667 } | 1673 } |
| 1668 rc = SMFIS_CONTINUE; | 1674 rc = SMFIS_CONTINUE; |
| 1669 } | 1675 } |