# HG changeset patch # User carl # Date 1090088051 25200 # Node ID c2371bb6cf84d80a828bdc58bb8f026b6d93ba44 # Parent a84752107aca0d1003bc7c0ed4b9aeaf9d0b9d41 3.5 - better error message when rejecting based on ns records on the sbl diff -r a84752107aca -r c2371bb6cf84 ChangeLog --- a/ChangeLog Thu Jul 15 23:01:41 2004 -0700 +++ b/ChangeLog Sat Jul 17 11:14:11 2004 -0700 @@ -1,8 +1,14 @@ $Id$ +3.5 2004-07-17 + Extend the error message for content filtering when the NS record + points to an ip address on the SBL. Include the original host name + that referenced that NS name. + + 3.4 2004-07-15 - Tokens with two consecutive periods cannot be ip addresses - or host names. + Tokens with two consecutive periods cannot be ip addresses or host + names. Updated dnsbl.spec file for building rpms from John Gunkel. diff -r a84752107aca -r c2371bb6cf84 dnsbl.spec.in --- a/dnsbl.spec.in Thu Jul 15 23:01:41 2004 -0700 +++ b/dnsbl.spec.in Sat Jul 17 11:14:11 2004 -0700 @@ -1,6 +1,6 @@ Summary: DNSBL Sendmail Milter Name: dnsbl -Version: 3.4 +Version: 3.5 Release: 2 Copyright: GPL Group: System Environment/Daemons diff -r a84752107aca -r c2371bb6cf84 package.bash --- a/package.bash Thu Jul 15 23:01:41 2004 -0700 +++ b/package.bash Sat Jul 17 11:14:11 2004 -0700 @@ -1,6 +1,6 @@ #!/bin/bash -VER=dnsbl-3.4 +VER=dnsbl-3.5 mkdir $VER target1=/home/httpd/html/510sg/util/dnsbl.tar.gz target2=/home/httpd/html/510sg/dnsbl.conf diff -r a84752107aca -r c2371bb6cf84 src/dnsbl.cpp --- a/src/dnsbl.cpp Thu Jul 15 23:01:41 2004 -0700 +++ b/src/dnsbl.cpp Sat Jul 17 11:14:11 2004 -0700 @@ -25,6 +25,8 @@ 3) Add option to only allow one recipient if the return path is empty. +4) Check if the envelope from domain name primary MX points 127.0.0.0/8 + */ @@ -118,7 +120,13 @@ typedef set string_set; typedef set int_set; typedef list string_list; -typedef map ns_map; +typedef map ns_mapper; + +struct ns_map { + // all the strings are owned by the keys/values in the ns_host string map + string_map ns_host; // nameserver name -> host name that uses this name server + ns_mapper ns_ip; // nameserver name -> ip address of the name server +}; struct CONFIG { // the only mutable stuff once it has been loaded from the config file @@ -192,22 +200,28 @@ // static void discard(ns_map &s); static void discard(ns_map &s) { - for (ns_map::iterator i=s.begin(); i!=s.end(); i++) { + for (string_map::iterator i=s.ns_host.begin(); i!=s.ns_host.end(); i++) { char *x = (*i).first; + char *y = (*i).second; free(x); + free(y); } - s.clear(); + s.ns_ip.clear(); + s.ns_host.clear(); } //////////////////////////////////////////////// // helper to register a string in an ns_map // -static void register_string(ns_map &s, char *name); -static void register_string(ns_map &s, char *name) { - ns_map::iterator i = s.find(name); - if (i != s.end()) return; +static void register_string(ns_map &s, char *name, char *refer); +static void register_string(ns_map &s, char *name, char *refer) { + string_map::iterator i = s.ns_host.find(name); + if (i != s.ns_host.end()) return; char *x = strdup(name); - s[x] = 0; + char *y = strdup(refer); + s.ns_ip[x] = 0; + s.ns_host[x] = y; + } //////////////////////////////////////////////// @@ -469,19 +483,19 @@ } if (n-nam) n--; // remove trailing . *n = '\0'; // null terminate it - register_string(ns, nam); // ns host to lookup later + register_string(ns, nam, question); // ns host to lookup later } } rrnum = 0; while (ns_parserr(&handle, ns_s_ar, rrnum++, &rr) == 0) { if (ns_rr_type(rr) == ns_t_a) { char* nam = (char*)ns_rr_name(rr); - ns_map::iterator i = ns.find(nam); - if (i != ns.end()) { + ns_mapper::iterator i = ns.ns_ip.find(nam); + if (i != ns.ns_ip.end()) { // we want this ip address int address; memcpy(&address, ns_rr_rdata(rr), sizeof(address)); - ns[nam] = address; + ns.ns_ip[nam] = address; } } } @@ -637,7 +651,7 @@ } } lim *= 4; // allow average of 3 ns per host name - for (ns_map::iterator i=nameservers.begin(); i!=nameservers.end(); i++) { + for (ns_mapper::iterator i=nameservers.ns_ip.begin(); i!=nameservers.ns_ip.end(); i++) { count++; if ((count > lim) && (lim > 0)) { if (ran) continue; // don't complain @@ -666,7 +680,16 @@ ips.insert(ip); status st = check_single(ip, dc.content_suffix); if (st == reject) { + string_map::iterator j = nameservers.ns_host.find(host); + if (j != nameservers.ns_host.end()) { + char *refer = (*j).second; + char buf[1000]; + snprintf(buf, sizeof(buf), "%s with nameserver %s", refer, host); + host = register_string(priv.memory->hosts, buf); // put a copy into priv.memory->hosts, and return that reference + } + else { host = register_string(priv.memory->hosts, host); // put a copy into priv.memory->hosts, and return that reference + } discard(nameservers); return st; } diff -r a84752107aca -r c2371bb6cf84 xml/dnsbl.in --- a/xml/dnsbl.in Thu Jul 15 23:01:41 2004 -0700 +++ b/xml/dnsbl.in Sat Jul 17 11:14:11 2004 -0700 @@ -2,7 +2,7 @@ -DNSBL Sendmail milter +DNSBL Sendmail milter - Version 3.5
Introduction