# HG changeset patch
# User carl
# Date 1160940197 25200
# Node ID 31ff00ea6bfb2a61df1a8085f80cf25f921a7fed
# Parent  ecb40aa3eaa5cef2495b17b5f087425b7a09b0b6
allow parent/child to share a fully qualified env_to address


diff -r ecb40aa3eaa5 -r 31ff00ea6bfb ChangeLog
--- a/ChangeLog	Tue Oct 10 19:12:16 2006 -0700
+++ b/ChangeLog	Sun Oct 15 12:23:17 2006 -0700
@@ -1,5 +1,10 @@
     $Id$
 
+5.24 2006-10-15
+    Allow child and parent context to specify the same fully qualified
+    env_to address. Only dump the rate limit for the default context
+    with -c switch.
+
 5.23 2006-10-10
     Require two periods in ip addresses.
 
diff -r ecb40aa3eaa5 -r 31ff00ea6bfb configure.in
--- a/configure.in	Tue Oct 10 19:12:16 2006 -0700
+++ b/configure.in	Sun Oct 15 12:23:17 2006 -0700
@@ -1,7 +1,7 @@
 AC_INIT(configure.in)
 
 AM_CONFIG_HEADER(config.h)
-AM_INIT_AUTOMAKE(dnsbl,5.23)
+AM_INIT_AUTOMAKE(dnsbl,5.24)
 AC_PATH_PROGS(BASH, bash)
 
 AC_LANG_CPLUSPLUS
diff -r ecb40aa3eaa5 -r 31ff00ea6bfb dnsbl.conf
--- a/dnsbl.conf	Tue Oct 10 19:12:16 2006 -0700
+++ b/dnsbl.conf	Sun Oct 15 12:23:17 2006 -0700
@@ -27,10 +27,10 @@
         "<>"    black;
     };
 
-    // per recipient rates - only used in the default (first top level) context
+    // hourly recipient rate limit by smtp auth client id
     rate_limit 30 { // default
-        fred 100;   // override default limits
-        joe  10;    // ""
+        #fred 100;   // override default limits
+        #joe  10;    // ""
     };
 };
 
diff -r ecb40aa3eaa5 -r 31ff00ea6bfb src/context.cpp
--- a/src/context.cpp	Tue Oct 10 19:12:16 2006 -0700
+++ b/src/context.cpp	Sun Oct 15 12:23:17 2006 -0700
@@ -464,11 +464,11 @@
 
 
 void CONFIG::dump() {
-	if (default_context) default_context->dump();
+	if (default_context) default_context->dump(true);
 	for (context_list::iterator i=contexts.begin(); i!=contexts.end(); i++) {
 		CONTEXTP c = *i;
 		CONTEXTP p = c->get_parent();
-		if (!p && (c != default_context)) c->dump();
+		if (!p && (c != default_context)) c->dump(false);
 	}
 	char buf[maxlen];
 	for (context_map::iterator i=env_to.begin(); i!=env_to.end(); i++) {
@@ -530,7 +530,11 @@
 	if (*x == '\0') return true;    // always allow covering addresses with no domain name, eg abuse@
 	if (!parent && env_to.empty()) return true; // empty env_to at global level covers everything
 	string_set::iterator i = env_to.find(x);
-	if (i != env_to.end()) return true;
+	if (i != env_to.end()) return true; 		// we cover the entire domain
+	if (x != to) {
+		i = env_to.find(to);
+		if (i != env_to.end()) return true; 	// we cover the specific email address
+	}
 	return false;
 }
 
@@ -686,7 +690,7 @@
 }
 
 
-void CONTEXT::dump(int level) {
+void CONTEXT::dump(bool isdefault, int level) {
 	char indent[maxlen];
 	int i = min(maxlen-1, level*4);
 	memset(indent, ' ', i);
@@ -782,7 +786,7 @@
 
 	for (context_map::iterator i=children.begin(); i!=children.end(); i++) {
 		CONTEXTP c = (*i).second;
-		c->dump(level+1);
+		c->dump(false, level+1);
 	}
 
 	printf("%s     env_from %s { \t// %s\n", indent, env_from_default, fullname);
@@ -804,6 +808,7 @@
 	}
 	printf("%s     }; \n", indent);
 
+	if (isdefault) {
 	printf("%s     rate_limit %d { \n", indent, default_rcpt_rate);
 	for (rcpt_rates::iterator j=rcpt_per_hour.begin(); j!=rcpt_per_hour.end(); j++) {
 		char	*u = (*j).first;
@@ -811,6 +816,7 @@
 		printf("%s         \"%s\" \t%d; \n", indent, u, l);
 	}
 	printf("%s     }; \n", indent);
+	}
 
 	printf("%s }; \n", indent);
 }
diff -r ecb40aa3eaa5 -r 31ff00ea6bfb src/context.h
--- a/src/context.h	Tue Oct 10 19:12:16 2006 -0700
+++ b/src/context.h	Sun Oct 15 12:23:17 2006 -0700
@@ -186,7 +186,7 @@
 	bool		acceptable_content(recorder &memory, char *&msg);
 	bool		ignore_host(char *host);
 
-	void		dump(int level = 0);
+	void		dump(bool isdefault, int level = 0);
 };
 
 
diff -r ecb40aa3eaa5 -r 31ff00ea6bfb xml/dnsbl.in
--- a/xml/dnsbl.in	Tue Oct 10 19:12:16 2006 -0700
+++ b/xml/dnsbl.in	Sun Oct 15 12:23:17 2006 -0700
@@ -254,7 +254,7 @@
             <para>
                 If the client has authenticated with sendmail, the rate limits are
                 checked.  If the authenticated user has not exceeded the hourly rate
-                limits, then the mail is accepted, the filtering contexts are not used,
+                limit, then the mail is accepted, the filtering contexts are not used,
                 the dns lists are not checked, and the body content is not scanned.  If
                 the client has not authenticated with sendmail, we follow these steps
                 for each recipient.
@@ -576,6 +576,7 @@
             <literallayout class="monospaced"><![CDATA[
 context main-default {
     // outbound dnsbl filtering to catch our own customers that end up on the sbl
+    dnsbl   localp  partial.blackholes.five-ten-sg.com  "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
     dnsbl   local   blackholes.five-ten-sg.com  "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
     dnsbl   sbl     sbl-xbl.spamhaus.org        "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
     dnsbl   dul     dul.dnsbl.sorbs.net         "Mail from %s rejected - dul; see http://www.sorbs.net/lookup.shtml?%s";
@@ -602,7 +603,7 @@
         "<>"    black;
     };
 
-    // per recipient rates - only used in the default (first top level) context
+    // hourly recipient rate limit by smtp auth client id
     rate_limit 30 { // default
         fred 100;   // override default limits
         joe  10;    // ""