Mercurial > dnsbl
diff src/dnsbl.cpp @ 377:7fd39f029936
reject if dkim signer is listed on surbl
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Sat, 18 Feb 2017 15:06:32 -0800 |
| parents | 9fc05f3a824f |
| children | e42923f8f3fd |
line wrap: on
line diff
--- a/src/dnsbl.cpp Wed Feb 08 11:40:44 2017 -0800 +++ b/src/dnsbl.cpp Sat Feb 18 15:06:32 2017 -0800 @@ -720,6 +720,16 @@ return rs; } +const char *mlfiPriv::check_uribl_signers() { + const char *st; + if (uribl_suffix) { + for (string_set::iterator s=dkim_signers.begin(); s!=dkim_signers.end(); s++) { + if (check_uribl(*this, hosts_uribl, *s, host_uribl)) return host_uribl; + } + } + return NULL; +} + void mlfiPriv::need_content_filter(CONTEXT &con) { if (!memory) { // first recipient that needs content filtering sets @@ -1628,6 +1638,8 @@ string_set whites; bool random = false; int limit = 0; + const char *signer = NULL; + bool checked_signers = false; if (priv.dkim_signers.empty()) { snprintf(buf, sizeof(buf), "acceptable content from %s signer *", (priv.fromaddr) ? priv.fromaddr : token_asterisk); @@ -1653,10 +1665,27 @@ smfi_delrcpt(ctx, (char*)rcpt); } else if (st == token_unknown) { + if (!checked_signers) { + signer = priv.check_uribl_signers(); + checked_signers = true; + if (signer) { + snprintf(buf, sizeof(buf), "dkim signer %s on uribl", signer); + my_syslog(&priv, buf); + snprintf(buf, sizeof(buf), "Mail rejected - dkim signed by %s", signer); + msg = string(buf); + } + } + if (signer) { + // dkim signer is on the uribl + smfi_delrcpt(ctx, (char*)rcpt); + } + else { + // still unknown unknowns.insert(rcpt); random |= con.get_host_random(); limit = max(limit, con.get_host_limit()); } + } else if (st == token_white) { whites.insert(rcpt); }