Mercurial > dnsbl
diff src/dnsbl.cpp @ 16:2ae8d953f1d0
add scanning for bare hostnames
| author | carl |
|---|---|
| date | Thu, 29 Apr 2004 21:56:22 -0700 |
| parents | 443aa0e8c6fa |
| children | 041ea016b684 |
line wrap: on
line diff
--- a/src/dnsbl.cpp Tue Apr 27 20:26:52 2004 -0700 +++ b/src/dnsbl.cpp Thu Apr 29 21:56:22 2004 -0700 @@ -11,6 +11,8 @@ -t sec The timeout value. -c Check the config, and print a copy to stdout. Don't start the milter or do anything with the socket. +-d Add debug syslog entries + TODO: 1) Add config for max_recipients for each mail domain. Recipients in @@ -147,6 +149,7 @@ } } +static bool debug_syslog = false; static string_set all_strings; // owns all the strings, only modified by the config loader thread static CONFIG * config = NULL; // protected by the config_mutex @@ -178,6 +181,19 @@ return x; } +//////////////////////////////////////////////// +// syslog a message +// +static void my_syslog(char *text); +static void my_syslog(char *text) { + pthread_mutex_lock(&syslog_mutex); + openlog("dnsbl", LOG_PID, LOG_MAIL); + syslog(LOG_NOTICE, "%s", text); + closelog(); + pthread_mutex_unlock(&syslog_mutex); +} + + // include the content scanner #include "scanner.cpp" @@ -240,19 +256,6 @@ //////////////////////////////////////////////// -// syslog a message -// -static void my_syslog(char *text); -static void my_syslog(char *text) { - pthread_mutex_lock(&syslog_mutex); - openlog("dnsbl", LOG_PID, LOG_MAIL); - syslog(LOG_NOTICE, "%s", text); - closelog(); - pthread_mutex_unlock(&syslog_mutex); -} - - -//////////////////////////////////////////////// // register a global string // static char* register_string(char *name); @@ -358,6 +361,7 @@ // static int dns_interface(char *question); static int dns_interface(char *question) { +#ifdef NS_PACKETSZ u_char answer[NS_PACKETSZ]; int length = res_search(question, ns_c_in, ns_t_a, answer, sizeof(answer)); if (length < 0) return 0; // error in getting answer @@ -374,6 +378,14 @@ } } return 0; +#else + struct hostent *host = gethostbyname(question); + if (!host) return 0; + if (host->h_addrtype != AF_INET) return 0; + int address; + memcpy(&address, host->h_addr, sizeof(address)); + return address; +#endif } static int protected_dns_interface(char *question); @@ -394,7 +406,11 @@ // make a dns question const u_char *src = (const u_char *)&ip; if (src[0] == 127) return oksofar; // don't do dns lookups on localhost +#ifdef NS_MAXDNAME char question[NS_MAXDNAME]; +#else + char question[1000]; +#endif snprintf(question, sizeof(question), "%u.%u.%u.%u.%s.", src[3], src[2], src[1], src[0], suffix); // ask the question, if we get an A record it implies a blacklisted ip address return (protected_dns_interface(question)) ? reject : oksofar; @@ -441,20 +457,30 @@ //////////////////////////////////////////////// // check the dnsbls specified for this recipient // -static status check_hosts(mlfiPriv &priv, char *&url, int &ip); -static status check_hosts(mlfiPriv &priv, char *&url, int &ip) { +static status check_hosts(mlfiPriv &priv, char *&host, int &ip); +static status check_hosts(mlfiPriv &priv, char *&host, int &ip) { CONFIG &dc = *priv.pc; if (!dc.content_suffix) return oksofar; int count = 0; for (string_set::iterator i=priv.hosts.begin(); i!=priv.hosts.end(); i++) { count++; if (count > 20) return oksofar; // silly to check too many hosts - url = *i; - // char buf[200]; - // snprintf(buf, sizeof(buf), "looking for url %s", url); - // my_syslog(buf); - ip = protected_dns_interface(url); + host = *i; + if (debug_syslog) { + char buf[200]; + snprintf(buf, sizeof(buf), "looking for host %s", host); + my_syslog(buf); + } + ip = protected_dns_interface(host); if (ip) { + if (debug_syslog) { + char adr[sizeof "255.255.255.255"]; + adr[0] = '\0'; + inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr)); + char buf[200]; + snprintf(buf, sizeof(buf), "found host %s at %s", host, adr); + my_syslog(buf); + } status st = check_single(ip, dc.content_suffix); if (st == reject) return st; } @@ -565,12 +591,12 @@ { sfsistat rc; mlfiPriv &priv = *MLFIPRIV; - char *url = NULL; + char *host = NULL; int ip; // process end of message if (priv.authenticated || priv.only_whites || - (check_hosts(priv, url, ip) == oksofar)) rc = SMFIS_CONTINUE; + (check_hosts(priv, host, ip) == oksofar)) rc = SMFIS_CONTINUE; else { if (!priv.have_whites) { // can reject the entire message @@ -578,7 +604,7 @@ adr[0] = '\0'; inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr)); char buf[2000]; - snprintf(buf, sizeof(buf), priv.pc->content_message, url, adr); + snprintf(buf, sizeof(buf), priv.pc->content_message, host, adr); smfi_setreply(ctx, "550", "5.7.1", buf); rc = SMFIS_REJECT; } @@ -985,11 +1011,12 @@ static void usage(char *prog); static void usage(char *prog) { - fprintf(stderr, "Usage: %s [-c] -p socket-addr [-t timeout]\n", prog); + fprintf(stderr, "Usage: %s [-d] [-c] -p socket-addr [-t timeout]\n", prog); fprintf(stderr, "where socket-addr is for the connection to sendmail and should be one of\n"); fprintf(stderr, " inet:port@local-ip-address\n"); fprintf(stderr, " local:local-domain-socket-file-name\n"); fprintf(stderr, "-c will load and dump the config to stdout\n"); + fprintf(stderr, "-d will add some syslog debug messages\n"); } @@ -998,7 +1025,7 @@ bool check = false; bool setconn = false; int c; - const char *args = "p:t:hc"; + const char *args = "p:t:hcd"; extern char *optarg; // Process command line options @@ -1034,6 +1061,10 @@ check = true; break; + case 'd': + debug_syslog = true; + break; + case 'h': default: usage(argv[0]);