Mercurial > dnsbl

comparison src/dnsbl.cpp @ 263:e118fd2c6af0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
author Carl Byington <carl@five-ten-sg.com>
date Sat, 21 Jul 2012 12:35:19 -0700
parents be939802c64e
children 582cfb9c4031
comparison
equal deleted inserted replaced
262:4648c7a76105 263:e118fd2c6af0
1192 status st; 1192 status st;
1193 if (replyvalue == token_black) { 1193 if (replyvalue == token_black) {
1194 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient can not reply due to blacklisting"); 1194 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient can not reply due to blacklisting");
1195 return SMFIS_REJECT; 1195 return SMFIS_REJECT;
1196 } 1196 }
1197 if (priv.authenticated) {
1198 int hourly, daily;
1199 incr_rcpt_count(priv.authenticated, hourly, daily);
1200 int h_limit = dc.default_context->find_rate(priv.authenticated);
1201 int d_limit = dc.default_context->get_daily_multiple() * h_limit;
1202 if (debug_syslog > 1) {
1203 char msg[maxlen];
1204 snprintf(msg, sizeof(msg), "authenticated id %s (%d %d recipients, %d %d limits)", priv.authenticated, hourly, daily, h_limit, d_limit);
1205 my_syslog(&priv, msg);
1206 }
1207 if ((hourly > h_limit) || (daily > d_limit)){
1208 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient rate limit exceeded");
1209 return SMFIS_REJECT;
1210 }
1211 st = white;
1212 }
1213 else if (fromvalue == token_black) {
1214 st = black;
1215 }
1216 else if ((fromvalue == token_white) && !self) {
1217 st = white;
1218 }
1219 else {
1220 // check the dns based lists, whitelist first
1221 DNSWLP acceptlist = NULL; // list that caused the whitelisting
1222 if (check_dnswl(priv, con.get_dnswl_list(), acceptlist)) {
1223 st = white;
1224 if (debug_syslog > 1) {
1225 char msg[maxlen];
1226 snprintf(msg, sizeof(msg), "whitelisted by %s", acceptlist->name);
1227 my_syslog(&priv, msg);
1228 }
1229 }
1230 else if (check_dnsbl(priv, con.get_dnsbl_list(), rejectlist)) {
1231 st = reject;
1232 }
1233 else {
1234 st = oksofar;
1235 }
1236 }
1237 if (st == reject) {
1238 // reject the recipient based on some dnsbl
1239 char adr[sizeof "255.255.255.255 "];
1240 adr[0] = '\0';
1241 inet_ntop(AF_INET, (const u_char *)&priv.ip, adr, sizeof(adr));
1242 char buf[maxlen];
1243 snprintf(buf, sizeof(buf), rejectlist->message, adr, adr);
1244 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
1245 return SMFIS_REJECT;
1246 }
1247 if (st == oksofar) {
1248 const char *msg = con.generic_match(priv.client_name);
1249 if (msg) {
1250 // reject the recipient based on generic reverse dns
1251 char buf[maxlen];
1252 snprintf(buf, sizeof(buf), msg, priv.client_name);
1253 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
1254 return SMFIS_REJECT;
1255 }
1256 }
1257 if (st == black) {
1258 // reject the recipient based on blacklisting either from or to
1259 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"no such user");
1260 return SMFIS_REJECT;
1261 }
1262 if (ver) {
1263 // try to verify this from/to pair of addresses even if it might be explicitly whitelisted
1264 const char *loto = to_lower_string(rcptaddr);
1265 bool rc = ver->ok(priv.mailaddr, loto);
1266 free((void*)loto);
1267 if (!rc) {
1268 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"no such user");
1269 return SMFIS_REJECT;
1270 }
1271 }
1197 if (!priv.authenticated && dc.default_context->is_unauthenticated_limited(priv.mailaddr)) { 1272 if (!priv.authenticated && dc.default_context->is_unauthenticated_limited(priv.mailaddr)) {
1198 int hourly, daily; 1273 int hourly, daily;
1199 incr_rcpt_count(priv.mailaddr, hourly, daily); 1274 incr_rcpt_count(priv.mailaddr, hourly, daily);
1200 int h_limit = dc.default_context->find_rate(priv.mailaddr); 1275 int h_limit = dc.default_context->find_rate(priv.mailaddr);
1201 int d_limit = dc.default_context->get_daily_multiple() * h_limit; 1276 int d_limit = dc.default_context->get_daily_multiple() * h_limit;
1204 snprintf(msg, sizeof(msg), "unauthenticated address %s (%d %d recipients, %d %d limits)", priv.mailaddr, hourly, daily, h_limit, d_limit); 1279 snprintf(msg, sizeof(msg), "unauthenticated address %s (%d %d recipients, %d %d limits)", priv.mailaddr, hourly, daily, h_limit, d_limit);
1205 my_syslog(&priv, msg); 1280 my_syslog(&priv, msg);
1206 } 1281 }
1207 if ((hourly > h_limit) || (daily > d_limit)){ 1282 if ((hourly > h_limit) || (daily > d_limit)){
1208 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient rate limit exceeded"); 1283 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient rate limit exceeded");
1209 return SMFIS_REJECT;
1210 }
1211 }
1212 if (priv.authenticated) {
1213 int hourly, daily;
1214 incr_rcpt_count(priv.authenticated, hourly, daily);
1215 int h_limit = dc.default_context->find_rate(priv.authenticated);
1216 int d_limit = dc.default_context->get_daily_multiple() * h_limit;
1217 if (debug_syslog > 1) {
1218 char msg[maxlen];
1219 snprintf(msg, sizeof(msg), "authenticated id %s (%d %d recipients, %d %d limits)", priv.authenticated, hourly, daily, h_limit, d_limit);
1220 my_syslog(&priv, msg);
1221 }
1222 if ((hourly > h_limit) || (daily > d_limit)){
1223 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient rate limit exceeded");
1224 return SMFIS_REJECT;
1225 }
1226 st = white;
1227 }
1228 else if (fromvalue == token_black) {
1229 st = black;
1230 }
1231 else if ((fromvalue == token_white) && !self) {
1232 st = white;
1233 }
1234 else {
1235 // check the dns based lists, whitelist first
1236 DNSWLP acceptlist = NULL; // list that caused the whitelisting
1237 if (check_dnswl(priv, con.get_dnswl_list(), acceptlist)) {
1238 st = white;
1239 if (debug_syslog > 1) {
1240 char msg[maxlen];
1241 snprintf(msg, sizeof(msg), "whitelisted by %s", acceptlist->name);
1242 my_syslog(&priv, msg);
1243 }
1244 }
1245 else if (check_dnsbl(priv, con.get_dnsbl_list(), rejectlist)) {
1246 st = reject;
1247 }
1248 else {
1249 st = oksofar;
1250 }
1251 }
1252 if (st == reject) {
1253 // reject the recipient based on some dnsbl
1254 char adr[sizeof "255.255.255.255 "];
1255 adr[0] = '\0';
1256 inet_ntop(AF_INET, (const u_char *)&priv.ip, adr, sizeof(adr));
1257 char buf[maxlen];
1258 snprintf(buf, sizeof(buf), rejectlist->message, adr, adr);
1259 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
1260 return SMFIS_REJECT;
1261 }
1262 if (st == oksofar) {
1263 const char *msg = con.generic_match(priv.client_name);
1264 if (msg) {
1265 // reject the recipient based on generic reverse dns
1266 char buf[maxlen];
1267 snprintf(buf, sizeof(buf), msg, priv.client_name);
1268 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
1269 return SMFIS_REJECT;
1270 }
1271 }
1272 if (st == black) {
1273 // reject the recipient based on blacklisting either from or to
1274 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"no such user");
1275 return SMFIS_REJECT;
1276 }
1277 if (ver) {
1278 // try to verify this from/to pair of addresses even if it might be explicitly whitelisted
1279 const char *loto = to_lower_string(rcptaddr);
1280 bool rc = ver->ok(priv.mailaddr, loto);
1281 free((void*)loto);
1282 if (!rc) {
1283 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"no such user");
1284 return SMFIS_REJECT; 1284 return SMFIS_REJECT;
1285 } 1285 }
1286 } 1286 }
1287 // we will accept the recipient, but add an auto-whitelist entry 1287 // we will accept the recipient, but add an auto-whitelist entry
1288 // if needed to ensure we can accept replies 1288 // if needed to ensure we can accept replies