Mercurial > dnsbl
diff src/dnsbl.cpp @ 268:f941563c2a95 stable-6-0-34
Add require_rdns checking
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Wed, 22 May 2013 11:29:44 -0700 |
| parents | 582cfb9c4031 |
| children | f92f24950bd3 |
line wrap: on
line diff
--- a/src/dnsbl.cpp Sat Jul 21 13:13:07 2012 -0700 +++ b/src/dnsbl.cpp Wed May 22 11:29:44 2013 -0700 @@ -488,6 +488,7 @@ authenticated = NULL; client_name = NULL; client_dns_name = NULL; + client_dns_forged = false; host_uribl = NULL; helo_uribl = false; client_uribl = false; @@ -1149,6 +1150,15 @@ //snprintf(text, sizeof(text), "found simple dns client name %s", priv.client_dns_name); //my_syslog(text); } + p = strstr(priv.client_name, "] (may be forged)"); + if (p) { + priv.client_dns_forged = true; + if (priv.client_dns_name) { + char text[500]; + snprintf(text, sizeof(text), "forged dns client name %s", priv.client_dns_name); + my_syslog(text); + } + } } if (spamc != spamc_empty) { priv.assassin = new SpamAssassin(&priv, priv.ip, priv.helo, priv.mailaddr, priv.queueid); @@ -1247,6 +1257,15 @@ return SMFIS_REJECT; } if (st == oksofar) { + // check forged rdns + if (con.get_requirerdns() && (!priv.client_dns_name || priv.client_dns_forged)) { + // reject the recipient based on forged reverse dns + char buf[maxlen]; + snprintf(buf, sizeof(buf), "%s is not acceptable", priv.client_name); + smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf); + return SMFIS_REJECT; + } + // check generic rdns const char *msg = con.generic_match(priv.client_name); if (msg) { // reject the recipient based on generic reverse dns @@ -1323,12 +1342,12 @@ snprintf(bu, sizeof(bu), "(helo %s)", priv.host_uribl); uri = true; } - // content filterint implies also checking client reverse dns name on uribl (if enabled) + // content filtering implies also checking client reverse dns name on uribl (if enabled) if (priv.client_uribl) { snprintf(bu, sizeof(bu), "(rdns %s)", priv.host_uribl); uri = true; } - // content filterint implies also checking mail from domain name on uribl (if enabled) + // content filtering implies also checking mail from domain name on uribl (if enabled) if (priv.from_uribl) { snprintf(bu, sizeof(bu), "(from %s)", priv.host_uribl); uri = true;