Mercurial > dnsbl

diff src/dnsbl.cpp @ 451:f2bc221240e8 stable-6-0-70

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add unsigned_black for enforcement of dmarc policy
author Carl Byington <carl@five-ten-sg.com>
date Mon, 04 Jun 2018 16:25:06 -0700
parents 0df77bbb7fc2
children 2cf7183a911c
line wrap: on
line diff
--- a/src/dnsbl.cpp	Tue Apr 10 13:00:55 2018 -0700
+++ b/src/dnsbl.cpp	Mon Jun 04 16:25:06 2018 -0700
@@ -518,7 +518,7 @@
         if (debug_syslog > 2) {
             char tmp[maxlen];
             snprintf(tmp, sizeof(tmp), "found %s on %s", hostname, priv.uribl_suffix);
-            my_syslog(tmp);
+            my_syslog(&priv, tmp);
         }
         found = register_string(hosts, hostname);
         return true;
@@ -1424,15 +1424,19 @@
             DKIMP dk = con.find_dkim_from(domain+1);
             if (dk && (dk->action == token_require_signed)) {
                 my_syslog(&priv, "dkim require_signed overrides envelope from whitelist");
-                st = oksofar;
+                st = whitesofar;
+            }
+            else if (dk && (dk->action == token_unsigned_black)) {
+                my_syslog(&priv, "dkim unsigned_black overrides envelope from whitelist");
+                st = whitesofar;
             }
             else st = white;
         }
         else st = white;    // might be <>, envelope from has no @
     }
 
-    if (st == oksofar) {
-        // check the dns based lists, whitelist first
+    if ((st == oksofar) || (st == whitesofar)) {
+        // check the dns based whitelists
         DNSWLP acceptlist = NULL;   // list that caused the whitelisting
         if (check_dnswl(priv, con.get_dnswl_list(), acceptlist)) {
             st = white;
@@ -1442,7 +1446,11 @@
                 my_syslog(&priv, msg);
             }
         }
-        else if (check_dnsbl(priv, con.get_dnsbl_list(), rejectlist)) {
+    }
+
+    if (st == oksofar) {
+        // check the dns based blacklists
+        if (check_dnsbl(priv, con.get_dnsbl_list(), rejectlist)) {
             // reject the recipient based on some dnsbl
             char adr[sizeof "255.255.255.255   "];
             adr[0] = '\0';
@@ -1452,9 +1460,6 @@
             smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
             return SMFIS_REJECT;
         }
-    }
-
-    if (st == oksofar) {
         // check forged rdns
         if (con.get_requirerdns() && (!priv.client_dns_name || priv.client_dns_forged)) {
             // reject the recipient based on forged reverse dns
@@ -1535,7 +1540,7 @@
     // accept the recipient
     if (!con.get_content_filtering()) st = white;
 
-    if (st == oksofar) {
+    if ((st == oksofar) || (st == whitesofar)) {
         // remember first content filtering context
         if (con.get_content_filtering()) {
             if (!priv.content_context) priv.content_context = &con;
@@ -1544,6 +1549,7 @@
                 return SMFIS_TEMPFAIL;
             }
             priv.need_content_filter(con);
+            if (st == oksofar) {
             char bu[maxlen];
             bool uri = false;
             // content filtering implies also checking helo name on uribl (if enabled)
@@ -1568,6 +1574,7 @@
                 return SMFIS_REJECT;
             }
         }
+        }
         // remember the non-whites
         register_string(priv.env_to, rcptaddr, &con);
         priv.only_whites = false;