changeset 140:4028de9b46dd

cleanup smtp rate limit code
author carl
date Wed, 27 Sep 2006 08:00:13 -0700 (2006-09-27)
parents 003026deaed1
children 6256cab02248
files ChangeLog NEWS configure.in dnsbl.conf src/context.cpp src/context.h src/dnsbl.cpp xml/dnsbl.in
diffstat 8 files changed, 35 insertions(+), 27 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Tue Sep 26 15:21:17 2006 -0700
+++ b/ChangeLog	Wed Sep 27 08:00:13 2006 -0700
@@ -1,5 +1,10 @@
     $Id$
 
+5.22 2006-09-27
+    Change syntax for default rate limit. Improve hourly reset of
+    limits. Warning for rate limits in non default contexts to allow
+    nesting of client configurations.
+
 5.21 2006-09-26
     Add SMTP AUTH recipient rate limits, to help throttle infected
     client machines and accounts with weak cracked passwords.
--- a/NEWS	Tue Sep 26 15:21:17 2006 -0700
+++ b/NEWS	Wed Sep 27 08:00:13 2006 -0700
@@ -1,5 +1,6 @@
     $Id$
 
+5.22 2006-09-27 Cleanup rate limit code.
 5.21 2006-09-26 Add SMTP AUTH recipient rate limits
 5.20 2006-08-02 fully qualify all dns lookups; fix my_read() bug
 5.19 2006-08-01 uribl dnsl lookups fully qualified; allow two component host names; rpm properly creates user
--- a/configure.in	Tue Sep 26 15:21:17 2006 -0700
+++ b/configure.in	Wed Sep 27 08:00:13 2006 -0700
@@ -1,7 +1,7 @@
 AC_INIT(configure.in)
 
 AM_CONFIG_HEADER(config.h)
-AM_INIT_AUTOMAKE(dnsbl,5.21)
+AM_INIT_AUTOMAKE(dnsbl,5.22)
 AC_PATH_PROGS(BASH, bash)
 
 AC_LANG_CPLUSPLUS
--- a/dnsbl.conf	Tue Sep 26 15:21:17 2006 -0700
+++ b/dnsbl.conf	Wed Sep 27 08:00:13 2006 -0700
@@ -27,9 +27,10 @@
         "<>"    black;
     };
 
-    // per recipient rates - only available in the default (first top level) context
-    rate_limit {
-        " "  30;    // default specified by user name composed of a single blank
+    // per recipient rates - only used in the default (first top level) context
+    rate_limit 30 { // default
+        fred 100;   // override default limits
+        joe  10;    // ""
     };
 };
 
--- a/src/context.cpp	Tue Sep 26 15:21:17 2006 -0700
+++ b/src/context.cpp	Wed Sep 27 08:00:13 2006 -0700
@@ -494,6 +494,7 @@
 	host_random 		= (parent) ? parent->host_random : false;
 	tag_limit			= (parent) ? parent->tag_limit	 : 0;
 	tag_limit_message	= NULL;
+	default_rcpt_rate	= INT_MAX;
 }
 
 
@@ -555,10 +556,9 @@
 
 
 int CONTEXT::find_rate(char *user) {
-	if (rcpt_per_hour.empty()) return INT_MAX;
+	if (rcpt_per_hour.empty()) return default_rcpt_rate;
 	rcpt_rates::iterator i = rcpt_per_hour.find(user);
-	if (i == rcpt_per_hour.end()) i = rcpt_per_hour.find(" ");
-	return (i == rcpt_per_hour.end()) ? INT_MAX : (*i).second;
+	return (i == rcpt_per_hour.end()) ? default_rcpt_rate : (*i).second;
 }
 
 
@@ -804,15 +804,13 @@
 	}
 	printf("%s     }; \n", indent);
 
-	if (!rcpt_per_hour.empty()) {
-		printf("%s     rate_limit { \n", indent);
+	printf("%s     rate_limit %d { \n", indent, default_rcpt_rate);
 		for (rcpt_rates::iterator j=rcpt_per_hour.begin(); j!=rcpt_per_hour.end(); j++) {
 			char	*u = (*j).first;
 			int 	 l = (*j).second;
 			printf("%s         \"%s\" \t%d; \n", indent, u, l);
 		}
 		printf("%s     }; \n", indent);
-	}
 
 	printf("%s }; \n", indent);
 }
@@ -1192,6 +1190,11 @@
 //
 bool parse_rate(TOKEN &tok, CONFIG &dc, CONTEXT &me);
 bool parse_rate(TOKEN &tok, CONFIG &dc, CONTEXT &me) {
+	char *def = tok.next();
+	if (def != token_lbrace) {
+		tok.push(def);
+		me.set_default_rate(tok.nextint());
+	}
 	if (!tsa(tok, token_lbrace)) return false;
 	while (true) {
 		char *have = tok.next();
@@ -1201,9 +1204,7 @@
 			// optional separators
 		}
 		else {
-			char *limit = tok.next();
-			int lim = (limit) ? atoi(limit) : 0;
-			me.add_rate(have, lim);
+			me.add_rate(have, tok.nextint());
 		}
 	}
 	return tsa(tok, token_semi);
@@ -1240,7 +1241,8 @@
 		else if (have == token_envfrom) {
 			if (!parse_envfrom(tok, dc, *con)) return false;
 		}
-		else if ((have == token_rate) && (!parent) && (!dc.default_context)) {
+		else if (have == token_rate) {
+			if (parent || dc.default_context) tok.token_error("rate limit ignored in non default context");
 			if (!parse_rate(tok, dc, *con)) return false;
 		}
 		else if (have == token_context) {
--- a/src/context.h	Tue Sep 26 15:21:17 2006 -0700
+++ b/src/context.h	Wed Sep 27 08:00:13 2006 -0700
@@ -112,6 +112,7 @@
 	char *			tag_limit_message;	// error message for excessive bad html tags
 	dnsblp_map		dnsbl_names;		// name to dnsbl mapping for lists that are available in this context and children
 	dnsblp_list 	dnsbl_list; 		// list of dnsbls to be used in this context
+	int 			default_rcpt_rate;	// if not specified per user
 	rcpt_rates		rcpt_per_hour;		// per user limits on number of recipients per hour
 
 
@@ -129,6 +130,7 @@
 	char*		get_verify()								{return verify_host;};
 	VERIFYP 	find_verify(char *to);
 
+	void		set_default_rate(int limit) 				{default_rcpt_rate	 = limit;};
 	void		add_rate(char *user, int limit) 			{rcpt_per_hour[user] = limit;};
 	int 		find_rate(char *user);
 
--- a/src/dnsbl.cpp	Tue Sep 26 15:21:17 2006 -0700
+++ b/src/dnsbl.cpp	Wed Sep 27 08:00:13 2006 -0700
@@ -1180,10 +1180,8 @@
 			// clear the recipient counts
 			pthread_mutex_lock(&rate_mutex);
 				for (rcpt_rates::iterator i=rcpt_counts.begin(); i!=rcpt_counts.end(); i++) {
-					char *x = (*i).first;
-					free(x);
+					(*i).second = 0;
 				}
-				rcpt_counts.clear();
 			pthread_mutex_unlock(&rate_mutex);
 			loop = 0;
 		}
--- a/xml/dnsbl.in	Tue Sep 26 15:21:17 2006 -0700
+++ b/xml/dnsbl.in	Wed Sep 27 08:00:13 2006 -0700
@@ -563,7 +563,7 @@
 FROM-ADDR  = ADDRESS VALUE [";"]
 DCC-FROM   = "dcc_from" "{" DCCINCLUDEFILE "}" ";"
 
-RATE-LIMIT = "rate_limit" "{" (RATE)+ "}"
+RATE-LIMIT = "rate_limit" [DEFAULTLIMIT] "{" (RATE)+ "}"
 RATE       = USER LIMIT [";"]
 
 DEFAULT    = ("white" | "black" | "unknown" | "inherit" | "")
@@ -602,11 +602,10 @@
         "<>"    black;
     };
 
-    // per recipient rates - only available in the default (first top level) context
-    rate_limit {
-        " "  30;    // default specified by user name composed of a single blank
+    // per recipient rates - only used in the default (first top level) context
+    rate_limit 30 { // default
         fred 100;   // override default limits
-        joe  10;
+        joe  10;    // ""
     };
 };