comparison src/dnsbl.cpp @ 53:c2371bb6cf84 stable-3-5

3.5 - better error message when rejecting based on ns records on the sbl
author carl
date Sat, 17 Jul 2004 11:14:11 -0700
parents 5ef10dc14457
children 44babba1a9b9
comparison
equal deleted inserted replaced
52:a84752107aca 53:c2371bb6cf84
22 2) Add config for poison addresses. If any recipient is poison, all 22 2) Add config for poison addresses. If any recipient is poison, all
23 recipients are rejected even if they would be whitelisted, and the 23 recipients are rejected even if they would be whitelisted, and the
24 data is rejected if sent. 24 data is rejected if sent.
25 25
26 3) Add option to only allow one recipient if the return path is empty. 26 3) Add option to only allow one recipient if the return path is empty.
27
28 4) Check if the envelope from domain name primary MX points 127.0.0.0/8
27 29
28 */ 30 */
29 31
30 32
31 // from sendmail sample 33 // from sendmail sample
116 typedef map<char *, DNSBLP, ltstr> dnsblp_map; 118 typedef map<char *, DNSBLP, ltstr> dnsblp_map;
117 typedef map<char *, DNSBLLP, ltstr> dnsbllp_map; 119 typedef map<char *, DNSBLLP, ltstr> dnsbllp_map;
118 typedef set<char *, ltstr> string_set; 120 typedef set<char *, ltstr> string_set;
119 typedef set<int> int_set; 121 typedef set<int> int_set;
120 typedef list<char *> string_list; 122 typedef list<char *> string_list;
121 typedef map<char *, int, ltstr> ns_map; 123 typedef map<char *, int, ltstr> ns_mapper;
124
125 struct ns_map {
126 // all the strings are owned by the keys/values in the ns_host string map
127 string_map ns_host; // nameserver name -> host name that uses this name server
128 ns_mapper ns_ip; // nameserver name -> ip address of the name server
129 };
122 130
123 struct CONFIG { 131 struct CONFIG {
124 // the only mutable stuff once it has been loaded from the config file 132 // the only mutable stuff once it has been loaded from the config file
125 int reference_count; // protected by the global config_mutex 133 int reference_count; // protected by the global config_mutex
126 // all the rest is constant after loading from the config file 134 // all the rest is constant after loading from the config file
190 //////////////////////////////////////////////// 198 ////////////////////////////////////////////////
191 // helper to discard the strings and objects held by an ns_map 199 // helper to discard the strings and objects held by an ns_map
192 // 200 //
193 static void discard(ns_map &s); 201 static void discard(ns_map &s);
194 static void discard(ns_map &s) { 202 static void discard(ns_map &s) {
195 for (ns_map::iterator i=s.begin(); i!=s.end(); i++) { 203 for (string_map::iterator i=s.ns_host.begin(); i!=s.ns_host.end(); i++) {
196 char *x = (*i).first; 204 char *x = (*i).first;
205 char *y = (*i).second;
197 free(x); 206 free(x);
198 } 207 free(y);
199 s.clear(); 208 }
209 s.ns_ip.clear();
210 s.ns_host.clear();
200 } 211 }
201 212
202 //////////////////////////////////////////////// 213 ////////////////////////////////////////////////
203 // helper to register a string in an ns_map 214 // helper to register a string in an ns_map
204 // 215 //
205 static void register_string(ns_map &s, char *name); 216 static void register_string(ns_map &s, char *name, char *refer);
206 static void register_string(ns_map &s, char *name) { 217 static void register_string(ns_map &s, char *name, char *refer) {
207 ns_map::iterator i = s.find(name); 218 string_map::iterator i = s.ns_host.find(name);
208 if (i != s.end()) return; 219 if (i != s.ns_host.end()) return;
209 char *x = strdup(name); 220 char *x = strdup(name);
210 s[x] = 0; 221 char *y = strdup(refer);
222 s.ns_ip[x] = 0;
223 s.ns_host[x] = y;
224
211 } 225 }
212 226
213 //////////////////////////////////////////////// 227 ////////////////////////////////////////////////
214 // helper to discard the strings held by a string_set 228 // helper to discard the strings held by a string_set
215 // 229 //
467 *(n++) = '.'; 481 *(n++) = '.';
468 } 482 }
469 } 483 }
470 if (n-nam) n--; // remove trailing . 484 if (n-nam) n--; // remove trailing .
471 *n = '\0'; // null terminate it 485 *n = '\0'; // null terminate it
472 register_string(ns, nam); // ns host to lookup later 486 register_string(ns, nam, question); // ns host to lookup later
473 } 487 }
474 } 488 }
475 rrnum = 0; 489 rrnum = 0;
476 while (ns_parserr(&handle, ns_s_ar, rrnum++, &rr) == 0) { 490 while (ns_parserr(&handle, ns_s_ar, rrnum++, &rr) == 0) {
477 if (ns_rr_type(rr) == ns_t_a) { 491 if (ns_rr_type(rr) == ns_t_a) {
478 char* nam = (char*)ns_rr_name(rr); 492 char* nam = (char*)ns_rr_name(rr);
479 ns_map::iterator i = ns.find(nam); 493 ns_mapper::iterator i = ns.ns_ip.find(nam);
480 if (i != ns.end()) { 494 if (i != ns.ns_ip.end()) {
481 // we want this ip address 495 // we want this ip address
482 int address; 496 int address;
483 memcpy(&address, ns_rr_rdata(rr), sizeof(address)); 497 memcpy(&address, ns_rr_rdata(rr), sizeof(address));
484 ns[nam] = address; 498 ns.ns_ip[nam] = address;
485 } 499 }
486 } 500 }
487 } 501 }
488 } 502 }
489 int rrnum = 0; 503 int rrnum = 0;
635 } 649 }
636 } 650 }
637 } 651 }
638 } 652 }
639 lim *= 4; // allow average of 3 ns per host name 653 lim *= 4; // allow average of 3 ns per host name
640 for (ns_map::iterator i=nameservers.begin(); i!=nameservers.end(); i++) { 654 for (ns_mapper::iterator i=nameservers.ns_ip.begin(); i!=nameservers.ns_ip.end(); i++) {
641 count++; 655 count++;
642 if ((count > lim) && (lim > 0)) { 656 if ((count > lim) && (lim > 0)) {
643 if (ran) continue; // don't complain 657 if (ran) continue; // don't complain
644 discard(nameservers); 658 discard(nameservers);
645 return reject_host; 659 return reject_host;
664 int_set::iterator i = ips.find(ip); 678 int_set::iterator i = ips.find(ip);
665 if (i == ips.end()) { 679 if (i == ips.end()) {
666 ips.insert(ip); 680 ips.insert(ip);
667 status st = check_single(ip, dc.content_suffix); 681 status st = check_single(ip, dc.content_suffix);
668 if (st == reject) { 682 if (st == reject) {
669 host = register_string(priv.memory->hosts, host); // put a copy into priv.memory->hosts, and return that reference 683 string_map::iterator j = nameservers.ns_host.find(host);
684 if (j != nameservers.ns_host.end()) {
685 char *refer = (*j).second;
686 char buf[1000];
687 snprintf(buf, sizeof(buf), "%s with nameserver %s", refer, host);
688 host = register_string(priv.memory->hosts, buf); // put a copy into priv.memory->hosts, and return that reference
689 }
690 else {
691 host = register_string(priv.memory->hosts, host); // put a copy into priv.memory->hosts, and return that reference
692 }
670 discard(nameservers); 693 discard(nameservers);
671 return st; 694 return st;
672 } 695 }
673 } 696 }
674 } 697 }