dnsbl: src/dnsbl.cpp comparison

comparison src/dnsbl.cpp @ 236:c0d2e99c0a1d

Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name

author	Carl Byington <carl@five-ten-sg.com>
date	Tue, 29 Sep 2009 11:36:15 -0700
parents	e6c66640f6f9
children	7b818a4e21a4

comparison

equal deleted inserted replaced

-:e6c66640f6f9
+:c0d2e99c0a1d
 pthread_mutex_lock(&fd_pool_mutex);
 resolver_sock_count++;
 pthread_mutex_unlock(&fd_pool_mutex);
 }
 return sock;
-}
-mlfiPriv::mlfiPriv() {
-pthread_mutex_lock(&config_mutex);
-pc = config;
-pc->reference_count++;
-pthread_mutex_unlock(&config_mutex);
-get_fd();
-ctx                     = NULL;
-eom                     = false;
-ip                      = 0;
-helo                    = NULL;
-mailaddr                = NULL;
-queueid                 = NULL;
-authenticated           = NULL;
-client_name             = NULL;
-have_whites             = false;
-only_whites             = true;
-want_spamassassin       = false;
-want_dccgrey            = false;
-want_dccbulk            = false;
-allow_autowhitelisting  = true;
-content_context         = NULL;
-memory                  = NULL;
-scanner                 = NULL;
-content_suffix          = NULL;
-content_message         = NULL;
-uribl_suffix            = NULL;
-uribl_message           = NULL;
-content_host_ignore     = NULL;
-assassin                = NULL;
-dccifd                  = NULL;
-}
-mlfiPriv::~mlfiPriv() {
-return_fd();
-pthread_mutex_lock(&config_mutex);
-pc->reference_count--;
-bool last = (!pc->reference_count) && (pc != config);
-pthread_mutex_unlock(&config_mutex);
-if (last) delete pc;  // free this config, since we were the last reference to it
-if (helo) free((void*)helo);
-reset(true);
-}
-void mlfiPriv::reset(bool final) {
-while (!delayer.empty()) {
-DELAYWHITEP  dwp = delayer.front();
-const char *loto = dwp->get_loto();
-if (loto) free((void*)loto);
-delete dwp;
-delayer.pop_front();
-}
-if (mailaddr)      free((void*)mailaddr);
-if (queueid)       free((void*)queueid);
-if (authenticated) free((void*)authenticated);
-if (client_name)   free((void*)client_name);
-delayer.clear();
-discard(env_to);
-if (memory)   delete memory;
-if (scanner)  delete scanner;
-if (assassin) delete assassin;
-if (dccifd)   delete dccifd;
-if (!final) {
-ctx                     = NULL;
-eom                     = false;
-mailaddr                = NULL;
-queueid                 = NULL;
-authenticated           = NULL;
-client_name             = NULL;
-have_whites             = false;
-only_whites             = true;
-want_spamassassin       = false;
-want_dccgrey            = false;
-want_dccbulk            = false;
-allow_autowhitelisting  = true;
-content_context         = NULL;
-memory                  = NULL;
-scanner                 = NULL;
-content_suffix          = NULL;
-content_message         = NULL;
-uribl_suffix            = NULL;
-uribl_message           = NULL;
-content_host_ignore     = NULL;
-assassin                = NULL;
-dccifd                  = NULL;
-}
-}
-void mlfiPriv::get_fd() {
-err = true;
-fd  = NULL_SOCKET;
-int result = pthread_mutex_lock(&fd_pool_mutex);
-if (!result) {
-std::set<int>::iterator i;
-i = fd_pool.begin();
-if (i != fd_pool.end()) {
-// have at least one fd in the pool
-err = false;
-fd  = *i;
-fd_pool.erase(fd);
-resolver_pool_size--;
-pthread_mutex_unlock(&fd_pool_mutex);
-}
-else {
-// pool is empty, get a new fd
-pthread_mutex_unlock(&fd_pool_mutex);
-fd  = my_connect();
-err = (fd == NULL_SOCKET);
-}
-}
-else {
-// cannot lock the pool, just get a new fd
-fd  = my_connect();
-err = (fd == NULL_SOCKET);
-}
-}
-void mlfiPriv::return_fd() {
-if (err) {
-// this fd got a socket error, so close it, rather than returning it to the pool
-my_disconnect(fd);
-}
-else {
-int result = pthread_mutex_lock(&fd_pool_mutex);
-if (!result) {
-if ((resolver_sock_count > resolver_pool_size*5) || (resolver_pool_size < 5)) {
-// return the fd to the pool
-fd_pool.insert(fd);
-resolver_pool_size++;
-pthread_mutex_unlock(&fd_pool_mutex);
-}
-else {
-// more than 20% of the open resolver sockets are in the pool, and the
-// pool as at least 5 sockets. that is enough, so just close this one.
-pthread_mutex_unlock(&fd_pool_mutex);
-my_disconnect(fd);
-}
-}
-else {
-// could not lock the pool, so just close the fd
-my_disconnect(fd);
-}
-}
-}
-size_t mlfiPriv::my_write(const char *buf, size_t len) {
-if (err) return 0;
-size_t rs = 0;
-while (len) {
-size_t ws = write(fd, buf, len);
-if (ws > 0) {
-rs  += ws;
-len -= ws;
-buf += ws;
-}
-else {
-// peer closed the socket!
-rs = 0;
-err = true;
-break;
-}
-}
-return rs;
-}
-size_t mlfiPriv::my_read(char *buf, size_t len) {
-if (err) return 0;
-size_t rs = 0;
-while (len) {
-size_t ws = read(fd, buf, len);
-if (ws > 0) {
-rs  += ws;
-len -= ws;
-buf += ws;
-}
-else {
-// peer closed the socket!
-rs = 0;
-err = true;
-break;
-}
-}
-return rs;
-}
-void mlfiPriv::need_content_filter(const char *rcpt, CONTEXT &con) {
-register_string(env_to, rcpt, &con);
-if (!memory) {
-// first recipient that needs content filtering sets
-// some of the content filtering parameters
-memory        = new recorder(this, con.get_html_tags(), con.get_content_tlds(), con.get_content_cctlds());
-scanner       = new url_scanner(memory);
-content_suffix      = con.get_content_suffix();
-content_message     = con.get_content_message();
-uribl_suffix        = con.get_uribl_suffix();
-uribl_message       = con.get_uribl_message();
-content_host_ignore = &con.get_content_host_ignore();
-}
-}
-mlfiPriv* fetch_priv_from_ctx(SMFICTX *ctx);
-mlfiPriv* fetch_priv_from_ctx(SMFICTX *ctx)
-{
-mlfiPriv *priv = (struct mlfiPriv *)smfi_getpriv(ctx);
-priv->ctx = ctx;
-return priv;
-}
-#define MLFIPRIV    fetch_priv_from_ctx(ctx)
-////////////////////////////////////////////////
-// syslog a message
-//
-void my_syslog(mlfiPriv *priv, const char *text) {
-char buf[maxlen];
-if (priv) {
-snprintf(buf, sizeof(buf), "%s: %s", priv->queueid, text);
-text = buf;
-}
-if (use_syslog) {
-pthread_mutex_lock(&syslog_mutex);
-if (!syslog_opened) {
-openlog("dnsbl", LOG_PID, LOG_MAIL);
-syslog_opened = true;
-}
-syslog(LOG_NOTICE, "%s", text);
-pthread_mutex_unlock(&syslog_mutex);
-}
-else {
-printf("%s \n", text);
-}
-}
-void my_syslog(mlfiPriv *priv, const string text) {
-if (debug_syslog > 3) {
-char buf[maxlen];
-strncpy(buf, text.c_str(), sizeof(buf));
-buf[maxlen-1] = '\0';   // ensure null termination
-my_syslog(priv, buf);
-}
-}
-void my_syslog(const char *text) {
-my_syslog(NULL, text);
-}
-////////////////////////////////////////////////
-//  read a resolver request from the socket, process it, and
-//  write the result back to the socket.
-void process_resolver_requests(int socket);
-void process_resolver_requests(int socket) {
-#ifdef NS_MAXDNAME
-char question[NS_MAXDNAME];
-#else
-char question[1000];
-#endif
-glommer glom;
-int maxq = sizeof(question);
-while (true) {
-// read a question
-int rs = 0;
-while (rs < maxq) {
-int ns = read(socket, question+rs, maxq-rs);
-if (ns > 0) {
-rs += ns;
-if (question[rs-1] == '\0') {
-// last byte read was the null terminator, we are done
-break;
-}
-}
-else {
-// peer closed the socket
-#ifdef RESOLVER_DEBUG
-my_syslog("process_resolver_requests() peer closed socket while reading question");
-#endif
-shutdown(socket, SHUT_RDWR);
-close(socket);
-return;
-}
-}
-question[rs-1] = '\0';  // ensure null termination
-// find the answer
-#ifdef NS_PACKETSZ
-#ifdef RESOLVER_DEBUG
-char text[1000];
-snprintf(text, sizeof(text), "process_resolver_requests() has a question %s", question);
-my_syslog(text);
-#endif
-int res_result = res_search(question, ns_c_in, ns_t_a, glom.answer, sizeof(glom.answer));
-if (res_result < 0) glom.length = 0;   // represent all errors as zero length answers
-else                glom.length = (size_t)res_result;
-#else
-glom.length = sizeof(glom.answer);
-glom.answer = 0;
-struct hostent *host = gethostbyname(question);
-if (host && (host->h_addrtype == AF_INET)) {
-memcpy(&glom.answer, host->h_addr, sizeof(glom.answer));
-}
-#endif
-// write the answer
-char *buf = (char *)&glom;
-int   len = glom.length + sizeof(glom.length);
-#ifdef RESOLVER_DEBUG
-snprintf(text, sizeof(text), "process_resolver_requests() writing answer length %d for total %d", glom.length, len);
-my_syslog(text);
-#endif
-int    ws = 0;
-while (len > ws) {
-int ns = write(socket, buf+ws, len-ws);
-if (ns > 0) {
-ws += ns;
-}
-else {
-// peer closed the socket!
-#ifdef RESOLVER_DEBUG
-my_syslog("process_resolver_requests() peer closed socket while writing answer");
-#endif
-shutdown(socket, SHUT_RDWR);
-close(socket);
-return;
-}
-}
-}
 }
 ////////////////////////////////////////////////
 //  ask a dns question and get an A record answer - we don't try
 #endif
 }
 ////////////////////////////////////////////////
+//  lookup the domain name part of a hostname on the uribl
+//
+//  if we find part of the hostname on the uribl, return
+//  true and point found to the part of the hostname that we found
+//  as a string registered in hosts.
+//  otherwise, return false and preserve the value of found.
+//
+bool uriblookup(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *top, const char *&found) ;
+bool uriblookup(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *top, const char *&found) {
+// top is pointer to '.' char at end of base domain, or null for ip address form
+// so for hostname of www.fred.mydomain.co.uk
+// top points to-----------------------^
+// and we end up looking at only mydomain.co.uk, ignoring the www.fred stuff
+char buf[maxlen];
+if (top) {
+// add one more component
+const char *x = (const char *)memrchr(hostname, '.', top-hostname);
+if (x) hostname = x+1;
+}
+snprintf(buf, sizeof(buf), "%s.%s.", hostname, priv.uribl_suffix);
+if (dns_interface(priv, buf, false, NULL)) {
+if (debug_syslog > 2) {
+char tmp[maxlen];
+snprintf(tmp, sizeof(tmp), "found %s on %s", hostname, priv.uribl_suffix);
+my_syslog(tmp);
+}
+found = register_string(hosts, hostname);
+return true;
+}
+return false;
+}
+////////////////////////////////////////////////
+//  uribl checker
+//  -------------
+//  hostname MUST not have a trailing dot
+//  If tld, two level lookup.
+//  Else, look up three level domain.
+//
+//  if we find part of the hostname on the uribl, return
+//  true and point found to the part of the hostname that we found
+//  as a string registered in hosts.
+//  otherwise, return false and preserve the value of found.
+//
+bool check_uribl(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) ;
+bool check_uribl(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) {
+in_addr ip;
+if (inet_aton(hostname, &ip)) {
+const u_char *src = (const u_char *)&ip.s_addr;
+if (src[0] == 127) return false;    // don't do dns lookups on localhost
+if (src[0] == 10)  return false;    // don't do dns lookups on rfc1918 space
+if ((src[0] == 192) && (src[1] == 168)) return false;
+if ((src[0] == 172) && (16 <= src[1]) && (src[1] <= 31)) return false;
+char adr[sizeof "255.255.255.255   "];
+snprintf(adr, sizeof(adr), "%u.%u.%u.%u", src[3], src[2], src[1], src[0]);
+// cannot use inet_ntop here since we want the octets reversed.
+return (uriblookup(priv, hosts, adr, NULL, found));
+}
+const char *top, *top2, *top3;
+top = strrchr(hostname, '.');
+if (top) {
+top2 = (const char *)memrchr(hostname, '.', top-hostname);
+if (top2) {
+string_set::iterator i = priv.memory->get_cctlds()->find(top2+1);
+string_set::iterator x = priv.memory->get_cctlds()->end();
+// if we have a 2-level-cctld, just look at top three levels of the name
+if (i != x) return uriblookup(priv, hosts, hostname, top2, found);
+// if we have more than 3 levels in the name, look at the top three levels of the name
+top3 = (const char *)memrchr(hostname, '.', top2-hostname);
+if (top3 && uriblookup(priv, hosts, hostname, top2, found)) return true;
+// if that was not found, fall thru to looking at the top two levels
+}
+// look at the top two levels of the name
+return uriblookup(priv, hosts, hostname, top, found);
+}
+return false;
+}
+mlfiPriv::mlfiPriv() {
+pthread_mutex_lock(&config_mutex);
+pc = config;
+pc->reference_count++;
+pthread_mutex_unlock(&config_mutex);
+get_fd();
+ctx                     = NULL;
+eom                     = false;
+ip                      = 0;
+helo                    = NULL;
+mailaddr                = NULL;
+queueid                 = NULL;
+authenticated           = NULL;
+client_name             = NULL;
+helo_uribl              = false;
+client_uribl            = false;
+from_uribl              = false;
+have_whites             = false;
+only_whites             = true;
+want_spamassassin       = false;
+want_dccgrey            = false;
+want_dccbulk            = false;
+allow_autowhitelisting  = true;
+content_context         = NULL;
+memory                  = NULL;
+scanner                 = NULL;
+content_suffix          = NULL;
+content_message         = NULL;
+uribl_suffix            = NULL;
+uribl_message           = NULL;
+content_host_ignore     = NULL;
+assassin                = NULL;
+dccifd                  = NULL;
+}
+mlfiPriv::~mlfiPriv() {
+return_fd();
+pthread_mutex_lock(&config_mutex);
+pc->reference_count--;
+bool last = (!pc->reference_count) && (pc != config);
+pthread_mutex_unlock(&config_mutex);
+if (last) delete pc;  // free this config, since we were the last reference to it
+if (helo) free((void*)helo);
+reset(true);
+}
+void mlfiPriv::reset(bool final) {
+while (!delayer.empty()) {
+DELAYWHITEP  dwp = delayer.front();
+const char *loto = dwp->get_loto();
+if (loto) free((void*)loto);
+delete dwp;
+delayer.pop_front();
+}
+if (mailaddr)      free((void*)mailaddr);
+if (queueid)       free((void*)queueid);
+if (authenticated) free((void*)authenticated);
+if (client_name)   free((void*)client_name);
+delayer.clear();
+discard(env_to);
+if (memory)   delete memory;
+if (scanner)  delete scanner;
+if (assassin) delete assassin;
+if (dccifd)   delete dccifd;
+if (!final) {
+ctx                     = NULL;
+eom                     = false;
+mailaddr                = NULL;
+queueid                 = NULL;
+authenticated           = NULL;
+client_name             = NULL;
+helo_uribl              = false;
+client_uribl            = false;
+from_uribl              = false;
+have_whites             = false;
+only_whites             = true;
+want_spamassassin       = false;
+want_dccgrey            = false;
+want_dccbulk            = false;
+allow_autowhitelisting  = true;
+content_context         = NULL;
+memory                  = NULL;
+scanner                 = NULL;
+content_suffix          = NULL;
+content_message         = NULL;
+uribl_suffix            = NULL;
+uribl_message           = NULL;
+content_host_ignore     = NULL;
+assassin                = NULL;
+dccifd                  = NULL;
+}
+}
+void mlfiPriv::get_fd() {
+err = true;
+fd  = NULL_SOCKET;
+int result = pthread_mutex_lock(&fd_pool_mutex);
+if (!result) {
+std::set<int>::iterator i;
+i = fd_pool.begin();
+if (i != fd_pool.end()) {
+// have at least one fd in the pool
+err = false;
+fd  = *i;
+fd_pool.erase(fd);
+resolver_pool_size--;
+pthread_mutex_unlock(&fd_pool_mutex);
+}
+else {
+// pool is empty, get a new fd
+pthread_mutex_unlock(&fd_pool_mutex);
+fd  = my_connect();
+err = (fd == NULL_SOCKET);
+}
+}
+else {
+// cannot lock the pool, just get a new fd
+fd  = my_connect();
+err = (fd == NULL_SOCKET);
+}
+}
+void mlfiPriv::return_fd() {
+if (err) {
+// this fd got a socket error, so close it, rather than returning it to the pool
+my_disconnect(fd);
+}
+else {
+int result = pthread_mutex_lock(&fd_pool_mutex);
+if (!result) {
+if ((resolver_sock_count > resolver_pool_size*5) || (resolver_pool_size < 5)) {
+// return the fd to the pool
+fd_pool.insert(fd);
+resolver_pool_size++;
+pthread_mutex_unlock(&fd_pool_mutex);
+}
+else {
+// more than 20% of the open resolver sockets are in the pool, and the
+// pool as at least 5 sockets. that is enough, so just close this one.
+pthread_mutex_unlock(&fd_pool_mutex);
+my_disconnect(fd);
+}
+}
+else {
+// could not lock the pool, so just close the fd
+my_disconnect(fd);
+}
+}
+}
+size_t mlfiPriv::my_write(const char *buf, size_t len) {
+if (err) return 0;
+size_t rs = 0;
+while (len) {
+size_t ws = write(fd, buf, len);
+if (ws > 0) {
+rs  += ws;
+len -= ws;
+buf += ws;
+}
+else {
+// peer closed the socket!
+rs = 0;
+err = true;
+break;
+}
+}
+return rs;
+}
+size_t mlfiPriv::my_read(char *buf, size_t len) {
+if (err) return 0;
+size_t rs = 0;
+while (len) {
+size_t ws = read(fd, buf, len);
+if (ws > 0) {
+rs  += ws;
+len -= ws;
+buf += ws;
+}
+else {
+// peer closed the socket!
+rs = 0;
+err = true;
+break;
+}
+}
+return rs;
+}
+void mlfiPriv::need_content_filter(const char *rcpt, CONTEXT &con) {
+if (!memory) {
+// first recipient that needs content filtering sets
+// some of the content filtering parameters
+memory        = new recorder(this, con.get_html_tags(), con.get_content_tlds(), con.get_content_cctlds());
+scanner       = new url_scanner(memory);
+content_suffix      = con.get_content_suffix();
+content_message     = con.get_content_message();
+uribl_suffix        = con.get_uribl_suffix();
+uribl_message       = con.get_uribl_message();
+content_host_ignore = &con.get_content_host_ignore();
+// if we are using uribl, test helo and client names here
+if (uribl_suffix) {
+const char *found = NULL;
+string_set hosts;
+if (helo) {
+helo_uribl = check_uribl(*this, hosts, helo, found);
+}
+if (client_name && !helo_uribl) {
+client_uribl = check_uribl(*this, hosts, client_name, found);
+}
+if (mailaddr && !client_uribl) {
+char *f = strchr(mailaddr, '@');
+if (f) from_uribl = check_uribl(*this, hosts, f+1, found);
+}
+discard(hosts);
+}
+}
+}
+mlfiPriv* fetch_priv_from_ctx(SMFICTX *ctx);
+mlfiPriv* fetch_priv_from_ctx(SMFICTX *ctx)
+{
+mlfiPriv *priv = (struct mlfiPriv *)smfi_getpriv(ctx);
+priv->ctx = ctx;
+return priv;
+}
+#define MLFIPRIV    fetch_priv_from_ctx(ctx)
+////////////////////////////////////////////////
+// syslog a message
+//
+void my_syslog(mlfiPriv *priv, const char *text) {
+char buf[maxlen];
+if (priv) {
+snprintf(buf, sizeof(buf), "%s: %s", priv->queueid, text);
+text = buf;
+}
+if (use_syslog) {
+pthread_mutex_lock(&syslog_mutex);
+if (!syslog_opened) {
+openlog("dnsbl", LOG_PID, LOG_MAIL);
+syslog_opened = true;
+}
+syslog(LOG_NOTICE, "%s", text);
+pthread_mutex_unlock(&syslog_mutex);
+}
+else {
+printf("%s \n", text);
+}
+}
+void my_syslog(mlfiPriv *priv, const string text) {
+if (debug_syslog > 3) {
+char buf[maxlen];
+strncpy(buf, text.c_str(), sizeof(buf));
+buf[maxlen-1] = '\0';   // ensure null termination
+my_syslog(priv, buf);
+}
+}
+void my_syslog(const char *text) {
+my_syslog(NULL, text);
+}
+////////////////////////////////////////////////
+//  read a resolver request from the socket, process it, and
+//  write the result back to the socket.
+void process_resolver_requests(int socket);
+void process_resolver_requests(int socket) {
+#ifdef NS_MAXDNAME
+char question[NS_MAXDNAME];
+#else
+char question[1000];
+#endif
+glommer glom;
+int maxq = sizeof(question);
+while (true) {
+// read a question
+int rs = 0;
+while (rs < maxq) {
+int ns = read(socket, question+rs, maxq-rs);
+if (ns > 0) {
+rs += ns;
+if (question[rs-1] == '\0') {
+// last byte read was the null terminator, we are done
+break;
+}
+}
+else {
+// peer closed the socket
+#ifdef RESOLVER_DEBUG
+my_syslog("process_resolver_requests() peer closed socket while reading question");
+#endif
+shutdown(socket, SHUT_RDWR);
+close(socket);
+return;
+}
+}
+question[rs-1] = '\0';  // ensure null termination
+// find the answer
+#ifdef NS_PACKETSZ
+#ifdef RESOLVER_DEBUG
+char text[1000];
+snprintf(text, sizeof(text), "process_resolver_requests() has a question %s", question);
+my_syslog(text);
+#endif
+int res_result = res_search(question, ns_c_in, ns_t_a, glom.answer, sizeof(glom.answer));
+if (res_result < 0) glom.length = 0;   // represent all errors as zero length answers
+else                glom.length = (size_t)res_result;
+#else
+glom.length = sizeof(glom.answer);
+glom.answer = 0;
+struct hostent *host = gethostbyname(question);
+if (host && (host->h_addrtype == AF_INET)) {
+memcpy(&glom.answer, host->h_addr, sizeof(glom.answer));
+}
+#endif
+// write the answer
+char *buf = (char *)&glom;
+int   len = glom.length + sizeof(glom.length);
+#ifdef RESOLVER_DEBUG
+snprintf(text, sizeof(text), "process_resolver_requests() writing answer length %d for total %d", glom.length, len);
+my_syslog(text);
+#endif
+int    ws = 0;
+while (len > ws) {
+int ns = write(socket, buf+ws, len-ws);
+if (ns > 0) {
+ws += ns;
+}
+else {
+// peer closed the socket!
+#ifdef RESOLVER_DEBUG
+my_syslog("process_resolver_requests() peer closed socket while writing answer");
+#endif
+shutdown(socket, SHUT_RDWR);
+close(socket);
+return;
+}
+}
+}
+}
+////////////////////////////////////////////////
 //  check a single dnsbl
 //
 bool check_single(mlfiPriv &priv, int ip, const char *suffix);
 bool check_single(mlfiPriv &priv, int ip, const char *suffix) {
 // make a dns question
 else {
 st = (*f).second;
 rejectlist = (*f).first;
 }
 if (st) return st;
-}
-return false;
-}
-////////////////////////////////////////////////
-//  lookup the domain name part of a hostname on the uribl
-//
-//  if we find part of the hostname on the uribl, return
-//  true and point found to the part of the hostname that we found
-//  as a string registered in hosts.
-//  otherwise, return false and preserve the value of found.
-//
-bool uriblookup(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *top, const char *&found) ;
-bool uriblookup(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *top, const char *&found) {
-// top is pointer to '.' char at end of base domain, or null for ip address form
-// so for hostname of www.fred.mydomain.co.uk
-// top points to-----------------------^
-// and we end up looking at only mydomain.co.uk, ignoring the www.fred stuff
-char buf[maxlen];
-if (top) {
-// add one more component
-const char *x = (const char *)memrchr(hostname, '.', top-hostname);
-if (x) hostname = x+1;
-}
-snprintf(buf, sizeof(buf), "%s.%s.", hostname, priv.uribl_suffix);
-if (dns_interface(priv, buf, false, NULL)) {
-if (debug_syslog > 2) {
-char tmp[maxlen];
-snprintf(tmp, sizeof(tmp), "found %s on %s", hostname, priv.uribl_suffix);
-my_syslog(tmp);
-}
-found = register_string(hosts, hostname);
-return true;
-}
-return false;
-}
-////////////////////////////////////////////////
-//  uribl checker
-//  -------------
-//  hostname MUST not have a trailing dot
-//  If tld, two level lookup.
-//  Else, look up three level domain.
-//
-//  if we find part of the hostname on the uribl, return
-//  true and point found to the part of the hostname that we found
-//  as a string registered in hosts.
-//  otherwise, return false and preserve the value of found.
-//
-bool check_uribl(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) ;
-bool check_uribl(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) {
-in_addr ip;
-if (inet_aton(hostname, &ip)) {
-const u_char *src = (const u_char *)&ip.s_addr;
-if (src[0] == 127) return false;    // don't do dns lookups on localhost
-if (src[0] == 10)  return false;    // don't do dns lookups on rfc1918 space
-if ((src[0] == 192) && (src[1] == 168)) return false;
-if ((src[0] == 172) && (16 <= src[1]) && (src[1] <= 31)) return false;
-char adr[sizeof "255.255.255.255   "];
-snprintf(adr, sizeof(adr), "%u.%u.%u.%u", src[3], src[2], src[1], src[0]);
-// cannot use inet_ntop here since we want the octets reversed.
-return (uriblookup(priv, hosts, adr, NULL, found));
-}
-const char *top, *top2, *top3;
-top = strrchr(hostname, '.');
-if (top) {
-top2 = (const char *)memrchr(hostname, '.', top-hostname);
-if (top2) {
-string_set::iterator i = priv.memory->get_cctlds()->find(top2+1);
-string_set::iterator x = priv.memory->get_cctlds()->end();
-// if we have a 2-level-cctld, just look at top three levels of the name
-if (i != x) return uriblookup(priv, hosts, hostname, top2, found);
-// if we have more than 3 levels in the name, look at the top three levels of the name
-top3 = (const char *)memrchr(hostname, '.', top2-hostname);
-if (top3 && uriblookup(priv, hosts, hostname, top2, found)) return true;
-// if that was not found, fall thru to looking at the top two levels
-}
-// look at the top two levels of the name
-return uriblookup(priv, hosts, hostname, top, found);
 }
 return false;
 }
 if (!priv.content_context) priv.content_context = &con;
 else if (con.get_require() && (priv.content_context != &con)) {
 smfi_setreply(ctx, (char*)"452", (char*)"4.2.1", (char*)"incompatible filtering contexts");
 return SMFIS_TEMPFAIL;
 }
+priv.need_content_filter(rcptaddr, con);
+char bu[maxlen];
+bool uri = false;
+// content filtering implies also checking helo name on uribl (if enabled)
+if (priv.helo_uribl) {
+snprintf(bu, sizeof(bu), "(helo %s)", priv.helo);
+uri = true;
+}
+// content filterint implies also checking client reverse dns name on uribl (if enabled)
+if (priv.client_uribl) {
+snprintf(bu, sizeof(bu), "(rdns %s)", priv.client_name);
+uri = true;
+}
+// content filterint implies also checking mail from domain name on uribl (if enabled)
+if (priv.from_uribl) {
+snprintf(bu, sizeof(bu), "(from %s)", priv.mailaddr);
+uri = true;
+}
+if (uri) {
+char buf[maxlen];
+snprintf(buf, sizeof(buf), priv.uribl_message, bu);
+smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
+return SMFIS_REJECT;
+}
 }
 // remember the non-whites
-priv.need_content_filter(rcptaddr, con);
+register_string(priv.env_to, rcptaddr, &con);
 priv.only_whites = false;
 priv.want_spamassassin |= (priv.assassin) &&                    // have spam assassin available and
 (con.get_spamassassin_limit() != 0);  // want to use it with a non-zero score
 priv.want_dccgrey      |= (priv.dccifd) &&                      // have dcc interface and
 (con.get_grey());                     // want to use it for greylisting
 if (email) {
 char *x = strchr(email, '|');
 if (x) {
 *x = '\0';
-char *from = strdup(email);
+const char *from = to_lower_string(email);
-char *to   = strdup(x+1);
+const char *to   = to_lower_string(x+1);
 use_syslog = false;
 CONFIG *conf = new_conf();
 if (conf) {
 CONTEXTP con = conf->find_context(to);
 char buf[maxlen];

Mercurial > dnsbl

comparison src/dnsbl.cpp @ 236:c0d2e99c0a1d