Mercurial > dnsbl
diff src/dnsbl.cpp @ 451:f2bc221240e8 stable-6-0-70
add unsigned_black for enforcement of dmarc policy
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Mon, 04 Jun 2018 16:25:06 -0700 |
parents | 0df77bbb7fc2 |
children | 2cf7183a911c |
line wrap: on
line diff
--- a/src/dnsbl.cpp Tue Apr 10 13:00:55 2018 -0700 +++ b/src/dnsbl.cpp Mon Jun 04 16:25:06 2018 -0700 @@ -518,7 +518,7 @@ if (debug_syslog > 2) { char tmp[maxlen]; snprintf(tmp, sizeof(tmp), "found %s on %s", hostname, priv.uribl_suffix); - my_syslog(tmp); + my_syslog(&priv, tmp); } found = register_string(hosts, hostname); return true; @@ -1424,15 +1424,19 @@ DKIMP dk = con.find_dkim_from(domain+1); if (dk && (dk->action == token_require_signed)) { my_syslog(&priv, "dkim require_signed overrides envelope from whitelist"); - st = oksofar; + st = whitesofar; + } + else if (dk && (dk->action == token_unsigned_black)) { + my_syslog(&priv, "dkim unsigned_black overrides envelope from whitelist"); + st = whitesofar; } else st = white; } else st = white; // might be <>, envelope from has no @ } - if (st == oksofar) { - // check the dns based lists, whitelist first + if ((st == oksofar) || (st == whitesofar)) { + // check the dns based whitelists DNSWLP acceptlist = NULL; // list that caused the whitelisting if (check_dnswl(priv, con.get_dnswl_list(), acceptlist)) { st = white; @@ -1442,7 +1446,11 @@ my_syslog(&priv, msg); } } - else if (check_dnsbl(priv, con.get_dnsbl_list(), rejectlist)) { + } + + if (st == oksofar) { + // check the dns based blacklists + if (check_dnsbl(priv, con.get_dnsbl_list(), rejectlist)) { // reject the recipient based on some dnsbl char adr[sizeof "255.255.255.255 "]; adr[0] = '\0'; @@ -1452,9 +1460,6 @@ smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf); return SMFIS_REJECT; } - } - - if (st == oksofar) { // check forged rdns if (con.get_requirerdns() && (!priv.client_dns_name || priv.client_dns_forged)) { // reject the recipient based on forged reverse dns @@ -1535,7 +1540,7 @@ // accept the recipient if (!con.get_content_filtering()) st = white; - if (st == oksofar) { + if ((st == oksofar) || (st == whitesofar)) { // remember first content filtering context if (con.get_content_filtering()) { if (!priv.content_context) priv.content_context = &con; @@ -1544,6 +1549,7 @@ return SMFIS_TEMPFAIL; } priv.need_content_filter(con); + if (st == oksofar) { char bu[maxlen]; bool uri = false; // content filtering implies also checking helo name on uribl (if enabled) @@ -1568,6 +1574,7 @@ return SMFIS_REJECT; } } + } // remember the non-whites register_string(priv.env_to, rcptaddr, &con); priv.only_whites = false;