--- a/src/dnsbl.cpp	Sun Aug 07 11:26:37 2005 -0700
+++ b/src/dnsbl.cpp	Sun Sep 18 10:19:58 2005 -0700
@@ -17,13 +17,6 @@
 -e f|t	 Print the results of looking up from address f and to address
 		 t in the current config
 
-
-TODO:
-
-1) Add option for using smtp connections to verify addresses from backup
-mx machines. This allows the backup mx to learn the valid addresses
-on the primary machine.
-
 */
 
 
@@ -98,7 +91,7 @@
 int    NULL_SOCKET		 = -1;
 char  *resolver_port	 = NULL;		 // unix domain socket to talk to the dns resolver process
 int    resolver_socket	 = NULL_SOCKET;  // socket used to listen for resolver requests
-time_t ERROR_SOCKET_TIME = 60;			 // number of seconds between attempts to open the spam filter socket
+time_t ERROR_SOCKET_TIME = 60;			 // number of seconds between attempts to open a socket to the dns resolver process
 time_t last_error_time;
 int    resolver_sock_count = 0; 		 // protected with fd_pool_mutex
 int    resolver_pool_size  = 0; 		 // protected with fd_pool_mutex
@@ -430,7 +423,7 @@
 	while (true) {
 		// read a question
 		int rs = 0;
-		while (true) {
+		while (rs < maxq) {
 			int ns = read(socket, question+rs, maxq-rs);
 			if (ns > 0) {
 				rs += ns;
@@ -447,6 +440,7 @@
 				return;
 			}
 		}
+		question[rs-1] = '\0';  // ensure null termination
 
 		// find the answer
 #ifdef NS_PACKETSZ
@@ -627,7 +621,6 @@
 //
 bool check_dnsbl(mlfiPriv &priv, dnsblp_list &dnsbll, DNSBLP &rejectlist);
 bool check_dnsbl(mlfiPriv &priv, dnsblp_list &dnsbll, DNSBLP &rejectlist) {
-	if (priv.authenticated) return false;
 	for (dnsblp_list::iterator i=dnsbll.begin(); i!=dnsbll.end(); i++) {
 		DNSBLP dp = *i; 	// non null by construction
 		bool st;
@@ -805,16 +798,20 @@
 	char *rcptaddr	= rcpt[0];
 	char *loto		= to_lower_string(rcptaddr);
 	CONTEXT    &con = *(dc.find_context(loto)->find_context(priv.mailaddr));
+	VERIFYP 	ver = con.find_verify(loto);
 	if (debug_syslog > 1) {
 		char buf[maxlen];
 		char msg[maxlen];
 		snprintf(msg, sizeof(msg), "from <%s> to <%s> using context %s", priv.mailaddr, loto, con.get_full_name(buf,maxlen));
 		my_syslog(&priv, msg);
 	}
+	free(loto);
 	char *fromvalue = con.find_from(priv.mailaddr);
-	free(loto);
 	status st;
-	if (fromvalue == token_black) {
+	if (priv.authenticated) {
+		st = white;
+	}
+	else if (fromvalue == token_black) {
 		st = black;
 	}
 	else if (fromvalue == token_white) {
@@ -834,12 +831,21 @@
 		smfi_setreply(ctx, "550", "5.7.1", buf);
 		return SMFIS_REJECT;
 	}
-	else if (st == black) {
+	if (st == black) {
 		// reject the recipient based on blacklisting either from or to
 		smfi_setreply(ctx, "550", "5.7.1", "no such user");
 		return SMFIS_REJECT;
 	}
-	else {
+	if (ver && (st != white)) {
+		// try to verify this from/to pair of addresses since it is not explicitly whitelisted
+		char *loto = to_lower_string(rcptaddr);
+		bool rc = ver->ok(priv.mailaddr, loto);
+		free(loto);
+		if (!rc) {
+			smfi_setreply(ctx, "550", "5.7.1", "no such user");
+			return SMFIS_REJECT;
+		}
+	}
 		// accept the recipient
 		if (!con.get_content_filtering()) st = white;
 		if (st == oksofar) {
@@ -852,7 +858,6 @@
 		}
 		return SMFIS_CONTINUE;
 	}
-}
 
 sfsistat mlfi_body(SMFICTX *ctx, u_char *data, size_t len)
 {
@@ -1055,7 +1060,7 @@
 	fprintf(stderr, "-c will load and dump the config to stdout\n");
 	fprintf(stderr, "-s will stress test the config loading code by repeating the load/free cycle\n");
 	fprintf(stderr, "        in an infinte loop.\n");
-	fprintf(stderr, "-d will set the syslog message level, currently 0 to 3");
+	fprintf(stderr, "-d will set the syslog message level, currently 0 to 3\n");
 	fprintf(stderr, "-e will print the results of looking up the from and to addresses in the\n");
 	fprintf(stderr, "        current config. The | character is used to separate the from and to\n");
 	fprintf(stderr, "        addresses in the argument to the -e switch\n");
@@ -1358,6 +1363,10 @@
 		my_syslog("failed to create config loader thread");
 	if (pthread_detach(tid))
 		my_syslog("failed to detach config loader thread");
+	if (pthread_create(&tid, 0, verify_closer, 0))
+		my_syslog("failed to create verify closer thread");
+	if (pthread_detach(tid))
+		my_syslog("failed to detach verify closer thread");
 
 	time_t starting = time(NULL);
 	int rc = smfi_main();