Mercurial > dnsbl
comparison src/dnsbl.cpp @ 53:c2371bb6cf84 stable-3-5
3.5 - better error message when rejecting based on ns records on the sbl
| author | carl |
|---|---|
| date | Sat, 17 Jul 2004 11:14:11 -0700 |
| parents | 5ef10dc14457 |
| children | 44babba1a9b9 |
comparison
equal
deleted
inserted
replaced
| 52:a84752107aca | 53:c2371bb6cf84 |
|---|---|
| 22 2) Add config for poison addresses. If any recipient is poison, all | 22 2) Add config for poison addresses. If any recipient is poison, all |
| 23 recipients are rejected even if they would be whitelisted, and the | 23 recipients are rejected even if they would be whitelisted, and the |
| 24 data is rejected if sent. | 24 data is rejected if sent. |
| 25 | 25 |
| 26 3) Add option to only allow one recipient if the return path is empty. | 26 3) Add option to only allow one recipient if the return path is empty. |
| 27 | |
| 28 4) Check if the envelope from domain name primary MX points 127.0.0.0/8 | |
| 27 | 29 |
| 28 */ | 30 */ |
| 29 | 31 |
| 30 | 32 |
| 31 // from sendmail sample | 33 // from sendmail sample |
| 116 typedef map<char *, DNSBLP, ltstr> dnsblp_map; | 118 typedef map<char *, DNSBLP, ltstr> dnsblp_map; |
| 117 typedef map<char *, DNSBLLP, ltstr> dnsbllp_map; | 119 typedef map<char *, DNSBLLP, ltstr> dnsbllp_map; |
| 118 typedef set<char *, ltstr> string_set; | 120 typedef set<char *, ltstr> string_set; |
| 119 typedef set<int> int_set; | 121 typedef set<int> int_set; |
| 120 typedef list<char *> string_list; | 122 typedef list<char *> string_list; |
| 121 typedef map<char *, int, ltstr> ns_map; | 123 typedef map<char *, int, ltstr> ns_mapper; |
| 124 | |
| 125 struct ns_map { | |
| 126 // all the strings are owned by the keys/values in the ns_host string map | |
| 127 string_map ns_host; // nameserver name -> host name that uses this name server | |
| 128 ns_mapper ns_ip; // nameserver name -> ip address of the name server | |
| 129 }; | |
| 122 | 130 |
| 123 struct CONFIG { | 131 struct CONFIG { |
| 124 // the only mutable stuff once it has been loaded from the config file | 132 // the only mutable stuff once it has been loaded from the config file |
| 125 int reference_count; // protected by the global config_mutex | 133 int reference_count; // protected by the global config_mutex |
| 126 // all the rest is constant after loading from the config file | 134 // all the rest is constant after loading from the config file |
| 190 //////////////////////////////////////////////// | 198 //////////////////////////////////////////////// |
| 191 // helper to discard the strings and objects held by an ns_map | 199 // helper to discard the strings and objects held by an ns_map |
| 192 // | 200 // |
| 193 static void discard(ns_map &s); | 201 static void discard(ns_map &s); |
| 194 static void discard(ns_map &s) { | 202 static void discard(ns_map &s) { |
| 195 for (ns_map::iterator i=s.begin(); i!=s.end(); i++) { | 203 for (string_map::iterator i=s.ns_host.begin(); i!=s.ns_host.end(); i++) { |
| 196 char *x = (*i).first; | 204 char *x = (*i).first; |
| 205 char *y = (*i).second; | |
| 197 free(x); | 206 free(x); |
| 198 } | 207 free(y); |
| 199 s.clear(); | 208 } |
| 209 s.ns_ip.clear(); | |
| 210 s.ns_host.clear(); | |
| 200 } | 211 } |
| 201 | 212 |
| 202 //////////////////////////////////////////////// | 213 //////////////////////////////////////////////// |
| 203 // helper to register a string in an ns_map | 214 // helper to register a string in an ns_map |
| 204 // | 215 // |
| 205 static void register_string(ns_map &s, char *name); | 216 static void register_string(ns_map &s, char *name, char *refer); |
| 206 static void register_string(ns_map &s, char *name) { | 217 static void register_string(ns_map &s, char *name, char *refer) { |
| 207 ns_map::iterator i = s.find(name); | 218 string_map::iterator i = s.ns_host.find(name); |
| 208 if (i != s.end()) return; | 219 if (i != s.ns_host.end()) return; |
| 209 char *x = strdup(name); | 220 char *x = strdup(name); |
| 210 s[x] = 0; | 221 char *y = strdup(refer); |
| 222 s.ns_ip[x] = 0; | |
| 223 s.ns_host[x] = y; | |
| 224 | |
| 211 } | 225 } |
| 212 | 226 |
| 213 //////////////////////////////////////////////// | 227 //////////////////////////////////////////////// |
| 214 // helper to discard the strings held by a string_set | 228 // helper to discard the strings held by a string_set |
| 215 // | 229 // |
| 467 *(n++) = '.'; | 481 *(n++) = '.'; |
| 468 } | 482 } |
| 469 } | 483 } |
| 470 if (n-nam) n--; // remove trailing . | 484 if (n-nam) n--; // remove trailing . |
| 471 *n = '\0'; // null terminate it | 485 *n = '\0'; // null terminate it |
| 472 register_string(ns, nam); // ns host to lookup later | 486 register_string(ns, nam, question); // ns host to lookup later |
| 473 } | 487 } |
| 474 } | 488 } |
| 475 rrnum = 0; | 489 rrnum = 0; |
| 476 while (ns_parserr(&handle, ns_s_ar, rrnum++, &rr) == 0) { | 490 while (ns_parserr(&handle, ns_s_ar, rrnum++, &rr) == 0) { |
| 477 if (ns_rr_type(rr) == ns_t_a) { | 491 if (ns_rr_type(rr) == ns_t_a) { |
| 478 char* nam = (char*)ns_rr_name(rr); | 492 char* nam = (char*)ns_rr_name(rr); |
| 479 ns_map::iterator i = ns.find(nam); | 493 ns_mapper::iterator i = ns.ns_ip.find(nam); |
| 480 if (i != ns.end()) { | 494 if (i != ns.ns_ip.end()) { |
| 481 // we want this ip address | 495 // we want this ip address |
| 482 int address; | 496 int address; |
| 483 memcpy(&address, ns_rr_rdata(rr), sizeof(address)); | 497 memcpy(&address, ns_rr_rdata(rr), sizeof(address)); |
| 484 ns[nam] = address; | 498 ns.ns_ip[nam] = address; |
| 485 } | 499 } |
| 486 } | 500 } |
| 487 } | 501 } |
| 488 } | 502 } |
| 489 int rrnum = 0; | 503 int rrnum = 0; |
| 635 } | 649 } |
| 636 } | 650 } |
| 637 } | 651 } |
| 638 } | 652 } |
| 639 lim *= 4; // allow average of 3 ns per host name | 653 lim *= 4; // allow average of 3 ns per host name |
| 640 for (ns_map::iterator i=nameservers.begin(); i!=nameservers.end(); i++) { | 654 for (ns_mapper::iterator i=nameservers.ns_ip.begin(); i!=nameservers.ns_ip.end(); i++) { |
| 641 count++; | 655 count++; |
| 642 if ((count > lim) && (lim > 0)) { | 656 if ((count > lim) && (lim > 0)) { |
| 643 if (ran) continue; // don't complain | 657 if (ran) continue; // don't complain |
| 644 discard(nameservers); | 658 discard(nameservers); |
| 645 return reject_host; | 659 return reject_host; |
| 664 int_set::iterator i = ips.find(ip); | 678 int_set::iterator i = ips.find(ip); |
| 665 if (i == ips.end()) { | 679 if (i == ips.end()) { |
| 666 ips.insert(ip); | 680 ips.insert(ip); |
| 667 status st = check_single(ip, dc.content_suffix); | 681 status st = check_single(ip, dc.content_suffix); |
| 668 if (st == reject) { | 682 if (st == reject) { |
| 669 host = register_string(priv.memory->hosts, host); // put a copy into priv.memory->hosts, and return that reference | 683 string_map::iterator j = nameservers.ns_host.find(host); |
| 684 if (j != nameservers.ns_host.end()) { | |
| 685 char *refer = (*j).second; | |
| 686 char buf[1000]; | |
| 687 snprintf(buf, sizeof(buf), "%s with nameserver %s", refer, host); | |
| 688 host = register_string(priv.memory->hosts, buf); // put a copy into priv.memory->hosts, and return that reference | |
| 689 } | |
| 690 else { | |
| 691 host = register_string(priv.memory->hosts, host); // put a copy into priv.memory->hosts, and return that reference | |
| 692 } | |
| 670 discard(nameservers); | 693 discard(nameservers); |
| 671 return st; | 694 return st; |
| 672 } | 695 } |
| 673 } | 696 } |
| 674 } | 697 } |