changeset 11:2c206836b4cc

integration work on url scanner
author carl
date Thu, 22 Apr 2004 20:19:01 -0700
parents 9ca440c8d187
children 6ac6d6b822ce
files src/dnsbl.cpp src/scanner.cpp xml/dnsbl.in
diffstat 3 files changed, 15 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/dnsbl.cpp	Thu Apr 22 18:46:53 2004 -0700
+++ b/src/dnsbl.cpp	Thu Apr 22 20:19:01 2004 -0700
@@ -542,6 +542,7 @@
     if (priv.authenticated) return SMFIS_CONTINUE;
     if (priv.only_whites)   return SMFIS_CONTINUE;
     priv.scanner->scan(data, len);
+    return SMFIS_CONTINUE;
 }
 
 sfsistat mlfi_eom(SMFICTX *ctx)
--- a/src/scanner.cpp	Thu Apr 22 18:46:53 2004 -0700
+++ b/src/scanner.cpp	Thu Apr 22 20:19:01 2004 -0700
@@ -78,7 +78,7 @@
     {u_init, u_init, u_init, u_reco, e_init, e_init, e_init, m_init, m_init, m_init, b_init, b_init, b_init, b_init,  },  // 0x22 ""
     {u_init, u_init, u_init, u_reco, e_init, e_num,  e_init, m_init, m_init, m_init, b_init, b_init, b_init, b_init,  },  // 0x23 #
     {u_init, u_init, u_init, u_reco, e_init, e_init, e_init, m_init, m_init, m_init, b_init, b_init, b_init, b_init,  },  // 0x24 $
-    {u_init, u_init, u_init, u_url,  e_init, e_init, e_init, m_init, m_init, m_init, b_init, b_init, b_init, b_init,  },  // 0x25 %
+    {u_init, u_init, u_init, u_reco, e_init, e_init, e_init, m_init, m_init, m_init, b_init, b_init, b_init, b_init,  },  // 0x25 %
     {u_init, u_init, u_init, u_reco, e_amp,  e_init, e_init, m_init, m_init, m_init, b_init, b_init, b_init, b_init,  },  // 0x26 &
     {u_init, u_init, u_init, u_reco, e_init, e_init, e_init, m_init, m_init, m_init, b_init, b_init, b_init, b_init,  },  // 0x27 '
     {u_init, u_init, u_init, u_reco, e_init, e_init, e_init, m_init, m_init, m_init, b_init, b_init, b_init, b_init,  },  // 0x28 (
@@ -865,7 +865,8 @@
                 if (count > 12) {
                     pending[count-1] = 0;
                     if (strncasecmp((const char *)pending, "http://", 7) == 0) {
-                        urls->insert(strdup((const char *)pending+7));
+                        char *p = (char *)pending + 7;
+                        if (strchr(p, '.')) urls->insert(strdup(p)); // require at least one . in a dns name
                     }
                 }
                 }   // fall thru
--- a/xml/dnsbl.in	Thu Apr 22 18:46:53 2004 -0700
+++ b/xml/dnsbl.in	Thu Apr 22 20:19:01 2004 -0700
@@ -18,6 +18,11 @@
 per-recipient basis, so that fred@example.com could use SPEWS and the
 SBL, where all other users @example.com use only the SBL.
 
+<p>This milter will also decode (base64, mime, html entity) and scan
+for HTTP URLs in the body of the mail. If any of those host names
+have A records on the SBL (or a single configurable list), the mail
+will be rejected unless previously whitelisted.
+
 <p>The DNSBL milter reads a text configuration file (dnsbl.conf) on
 startup, and whenever the config file (or any of the referenced include
 files) is changed.  The entire configuration file is case insensitive.
@@ -98,6 +103,11 @@
 lookup scheme (reversed octets of the client followed by the dns
 suffix).
 
+<li>If the mail has not been accepted or rejected yet, the body content
+is scanned for HTTP URLs (after base64, mime and html entity decoding),
+and the first 20 host names are checked for their presence on the SBL.
+If any host name is on the SBL, the mail is rejected.
+
 </ol>
 
 
@@ -119,7 +129,7 @@
 line in your sendmail.mc and rebuild the .cf file
 
 <pre>
-INPUT_MAIL_FILTER(`dnsbl', `S=local:/var/run/dnsbl/dnsbl.sock, F=T, T=S:30s;R:30s;E:30s')
+INPUT_MAIL_FILTER(`dnsbl', `S=local:/var/run/dnsbl/dnsbl.sock, F=T, T=C:30s;S:2m;R:2m;E:5m')
 </pre>
 
 Read the sample <a