changeset 144:31ff00ea6bfb stable-5-24

allow parent/child to share a fully qualified env_to address
author carl
date Sun, 15 Oct 2006 12:23:17 -0700 (2006-10-15)
parents ecb40aa3eaa5
children 9b9bab1d3c21
files ChangeLog configure.in dnsbl.conf src/context.cpp src/context.h xml/dnsbl.in
diffstat 6 files changed, 31 insertions(+), 19 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Tue Oct 10 19:12:16 2006 -0700
+++ b/ChangeLog	Sun Oct 15 12:23:17 2006 -0700
@@ -1,5 +1,10 @@
     $Id$
 
+5.24 2006-10-15
+    Allow child and parent context to specify the same fully qualified
+    env_to address. Only dump the rate limit for the default context
+    with -c switch.
+
 5.23 2006-10-10
     Require two periods in ip addresses.
 
--- a/configure.in	Tue Oct 10 19:12:16 2006 -0700
+++ b/configure.in	Sun Oct 15 12:23:17 2006 -0700
@@ -1,7 +1,7 @@
 AC_INIT(configure.in)
 
 AM_CONFIG_HEADER(config.h)
-AM_INIT_AUTOMAKE(dnsbl,5.23)
+AM_INIT_AUTOMAKE(dnsbl,5.24)
 AC_PATH_PROGS(BASH, bash)
 
 AC_LANG_CPLUSPLUS
--- a/dnsbl.conf	Tue Oct 10 19:12:16 2006 -0700
+++ b/dnsbl.conf	Sun Oct 15 12:23:17 2006 -0700
@@ -27,10 +27,10 @@
         "<>"    black;
     };
 
-    // per recipient rates - only used in the default (first top level) context
+    // hourly recipient rate limit by smtp auth client id
     rate_limit 30 { // default
-        fred 100;   // override default limits
-        joe  10;    // ""
+        #fred 100;   // override default limits
+        #joe  10;    // ""
     };
 };
 
--- a/src/context.cpp	Tue Oct 10 19:12:16 2006 -0700
+++ b/src/context.cpp	Sun Oct 15 12:23:17 2006 -0700
@@ -464,11 +464,11 @@
 
 
 void CONFIG::dump() {
-	if (default_context) default_context->dump();
+	if (default_context) default_context->dump(true);
 	for (context_list::iterator i=contexts.begin(); i!=contexts.end(); i++) {
 		CONTEXTP c = *i;
 		CONTEXTP p = c->get_parent();
-		if (!p && (c != default_context)) c->dump();
+		if (!p && (c != default_context)) c->dump(false);
 	}
 	char buf[maxlen];
 	for (context_map::iterator i=env_to.begin(); i!=env_to.end(); i++) {
@@ -530,7 +530,11 @@
 	if (*x == '\0') return true;    // always allow covering addresses with no domain name, eg abuse@
 	if (!parent && env_to.empty()) return true; // empty env_to at global level covers everything
 	string_set::iterator i = env_to.find(x);
-	if (i != env_to.end()) return true;
+	if (i != env_to.end()) return true; 		// we cover the entire domain
+	if (x != to) {
+		i = env_to.find(to);
+		if (i != env_to.end()) return true; 	// we cover the specific email address
+	}
 	return false;
 }
 
@@ -686,7 +690,7 @@
 }
 
 
-void CONTEXT::dump(int level) {
+void CONTEXT::dump(bool isdefault, int level) {
 	char indent[maxlen];
 	int i = min(maxlen-1, level*4);
 	memset(indent, ' ', i);
@@ -782,7 +786,7 @@
 
 	for (context_map::iterator i=children.begin(); i!=children.end(); i++) {
 		CONTEXTP c = (*i).second;
-		c->dump(level+1);
+		c->dump(false, level+1);
 	}
 
 	printf("%s     env_from %s { \t// %s\n", indent, env_from_default, fullname);
@@ -804,6 +808,7 @@
 	}
 	printf("%s     }; \n", indent);
 
+	if (isdefault) {
 	printf("%s     rate_limit %d { \n", indent, default_rcpt_rate);
 	for (rcpt_rates::iterator j=rcpt_per_hour.begin(); j!=rcpt_per_hour.end(); j++) {
 		char	*u = (*j).first;
@@ -811,6 +816,7 @@
 		printf("%s         \"%s\" \t%d; \n", indent, u, l);
 	}
 	printf("%s     }; \n", indent);
+	}
 
 	printf("%s }; \n", indent);
 }
--- a/src/context.h	Tue Oct 10 19:12:16 2006 -0700
+++ b/src/context.h	Sun Oct 15 12:23:17 2006 -0700
@@ -186,7 +186,7 @@
 	bool		acceptable_content(recorder &memory, char *&msg);
 	bool		ignore_host(char *host);
 
-	void		dump(int level = 0);
+	void		dump(bool isdefault, int level = 0);
 };
 
 
--- a/xml/dnsbl.in	Tue Oct 10 19:12:16 2006 -0700
+++ b/xml/dnsbl.in	Sun Oct 15 12:23:17 2006 -0700
@@ -254,7 +254,7 @@
             <para>
                 If the client has authenticated with sendmail, the rate limits are
                 checked.  If the authenticated user has not exceeded the hourly rate
-                limits, then the mail is accepted, the filtering contexts are not used,
+                limit, then the mail is accepted, the filtering contexts are not used,
                 the dns lists are not checked, and the body content is not scanned.  If
                 the client has not authenticated with sendmail, we follow these steps
                 for each recipient.
@@ -576,6 +576,7 @@
             <literallayout class="monospaced"><![CDATA[
 context main-default {
     // outbound dnsbl filtering to catch our own customers that end up on the sbl
+    dnsbl   localp  partial.blackholes.five-ten-sg.com  "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
     dnsbl   local   blackholes.five-ten-sg.com  "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
     dnsbl   sbl     sbl-xbl.spamhaus.org        "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
     dnsbl   dul     dul.dnsbl.sorbs.net         "Mail from %s rejected - dul; see http://www.sorbs.net/lookup.shtml?%s";
@@ -602,7 +603,7 @@
         "<>"    black;
     };
 
-    // per recipient rates - only used in the default (first top level) context
+    // hourly recipient rate limit by smtp auth client id
     rate_limit 30 { // default
         fred 100;   // override default limits
         joe  10;    // ""