Mercurial > dnsbl
changeset 140:4028de9b46dd
cleanup smtp rate limit code
author | carl |
---|---|
date | Wed, 27 Sep 2006 08:00:13 -0700 |
parents | 003026deaed1 |
children | 6256cab02248 |
files | ChangeLog NEWS configure.in dnsbl.conf src/context.cpp src/context.h src/dnsbl.cpp xml/dnsbl.in |
diffstat | 8 files changed, 35 insertions(+), 27 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Tue Sep 26 15:21:17 2006 -0700 +++ b/ChangeLog Wed Sep 27 08:00:13 2006 -0700 @@ -1,5 +1,10 @@ $Id$ +5.22 2006-09-27 + Change syntax for default rate limit. Improve hourly reset of + limits. Warning for rate limits in non default contexts to allow + nesting of client configurations. + 5.21 2006-09-26 Add SMTP AUTH recipient rate limits, to help throttle infected client machines and accounts with weak cracked passwords.
--- a/NEWS Tue Sep 26 15:21:17 2006 -0700 +++ b/NEWS Wed Sep 27 08:00:13 2006 -0700 @@ -1,5 +1,6 @@ $Id$ +5.22 2006-09-27 Cleanup rate limit code. 5.21 2006-09-26 Add SMTP AUTH recipient rate limits 5.20 2006-08-02 fully qualify all dns lookups; fix my_read() bug 5.19 2006-08-01 uribl dnsl lookups fully qualified; allow two component host names; rpm properly creates user
--- a/configure.in Tue Sep 26 15:21:17 2006 -0700 +++ b/configure.in Wed Sep 27 08:00:13 2006 -0700 @@ -1,7 +1,7 @@ AC_INIT(configure.in) AM_CONFIG_HEADER(config.h) -AM_INIT_AUTOMAKE(dnsbl,5.21) +AM_INIT_AUTOMAKE(dnsbl,5.22) AC_PATH_PROGS(BASH, bash) AC_LANG_CPLUSPLUS
--- a/dnsbl.conf Tue Sep 26 15:21:17 2006 -0700 +++ b/dnsbl.conf Wed Sep 27 08:00:13 2006 -0700 @@ -27,9 +27,10 @@ "<>" black; }; - // per recipient rates - only available in the default (first top level) context - rate_limit { - " " 30; // default specified by user name composed of a single blank + // per recipient rates - only used in the default (first top level) context + rate_limit 30 { // default + fred 100; // override default limits + joe 10; // "" }; };
--- a/src/context.cpp Tue Sep 26 15:21:17 2006 -0700 +++ b/src/context.cpp Wed Sep 27 08:00:13 2006 -0700 @@ -494,6 +494,7 @@ host_random = (parent) ? parent->host_random : false; tag_limit = (parent) ? parent->tag_limit : 0; tag_limit_message = NULL; + default_rcpt_rate = INT_MAX; } @@ -555,10 +556,9 @@ int CONTEXT::find_rate(char *user) { - if (rcpt_per_hour.empty()) return INT_MAX; + if (rcpt_per_hour.empty()) return default_rcpt_rate; rcpt_rates::iterator i = rcpt_per_hour.find(user); - if (i == rcpt_per_hour.end()) i = rcpt_per_hour.find(" "); - return (i == rcpt_per_hour.end()) ? INT_MAX : (*i).second; + return (i == rcpt_per_hour.end()) ? default_rcpt_rate : (*i).second; } @@ -804,15 +804,13 @@ } printf("%s }; \n", indent); - if (!rcpt_per_hour.empty()) { - printf("%s rate_limit { \n", indent); + printf("%s rate_limit %d { \n", indent, default_rcpt_rate); for (rcpt_rates::iterator j=rcpt_per_hour.begin(); j!=rcpt_per_hour.end(); j++) { char *u = (*j).first; int l = (*j).second; printf("%s \"%s\" \t%d; \n", indent, u, l); } printf("%s }; \n", indent); - } printf("%s }; \n", indent); } @@ -1192,6 +1190,11 @@ // bool parse_rate(TOKEN &tok, CONFIG &dc, CONTEXT &me); bool parse_rate(TOKEN &tok, CONFIG &dc, CONTEXT &me) { + char *def = tok.next(); + if (def != token_lbrace) { + tok.push(def); + me.set_default_rate(tok.nextint()); + } if (!tsa(tok, token_lbrace)) return false; while (true) { char *have = tok.next(); @@ -1201,9 +1204,7 @@ // optional separators } else { - char *limit = tok.next(); - int lim = (limit) ? atoi(limit) : 0; - me.add_rate(have, lim); + me.add_rate(have, tok.nextint()); } } return tsa(tok, token_semi); @@ -1240,7 +1241,8 @@ else if (have == token_envfrom) { if (!parse_envfrom(tok, dc, *con)) return false; } - else if ((have == token_rate) && (!parent) && (!dc.default_context)) { + else if (have == token_rate) { + if (parent || dc.default_context) tok.token_error("rate limit ignored in non default context"); if (!parse_rate(tok, dc, *con)) return false; } else if (have == token_context) {
--- a/src/context.h Tue Sep 26 15:21:17 2006 -0700 +++ b/src/context.h Wed Sep 27 08:00:13 2006 -0700 @@ -112,6 +112,7 @@ char * tag_limit_message; // error message for excessive bad html tags dnsblp_map dnsbl_names; // name to dnsbl mapping for lists that are available in this context and children dnsblp_list dnsbl_list; // list of dnsbls to be used in this context + int default_rcpt_rate; // if not specified per user rcpt_rates rcpt_per_hour; // per user limits on number of recipients per hour @@ -129,6 +130,7 @@ char* get_verify() {return verify_host;}; VERIFYP find_verify(char *to); + void set_default_rate(int limit) {default_rcpt_rate = limit;}; void add_rate(char *user, int limit) {rcpt_per_hour[user] = limit;}; int find_rate(char *user);
--- a/src/dnsbl.cpp Tue Sep 26 15:21:17 2006 -0700 +++ b/src/dnsbl.cpp Wed Sep 27 08:00:13 2006 -0700 @@ -1180,10 +1180,8 @@ // clear the recipient counts pthread_mutex_lock(&rate_mutex); for (rcpt_rates::iterator i=rcpt_counts.begin(); i!=rcpt_counts.end(); i++) { - char *x = (*i).first; - free(x); + (*i).second = 0; } - rcpt_counts.clear(); pthread_mutex_unlock(&rate_mutex); loop = 0; }
--- a/xml/dnsbl.in Tue Sep 26 15:21:17 2006 -0700 +++ b/xml/dnsbl.in Wed Sep 27 08:00:13 2006 -0700 @@ -563,7 +563,7 @@ FROM-ADDR = ADDRESS VALUE [";"] DCC-FROM = "dcc_from" "{" DCCINCLUDEFILE "}" ";" -RATE-LIMIT = "rate_limit" "{" (RATE)+ "}" +RATE-LIMIT = "rate_limit" [DEFAULTLIMIT] "{" (RATE)+ "}" RATE = USER LIMIT [";"] DEFAULT = ("white" | "black" | "unknown" | "inherit" | "") @@ -602,11 +602,10 @@ "<>" black; }; - // per recipient rates - only available in the default (first top level) context - rate_limit { - " " 30; // default specified by user name composed of a single blank + // per recipient rates - only used in the default (first top level) context + rate_limit 30 { // default fred 100; // override default limits - joe 10; + joe 10; // "" }; };