Mercurial > dnsbl
changeset 179:8b86a894514d
embedded dcc filtering
| author | carl |
|---|---|
| date | Sat, 06 Oct 2007 10:56:35 -0700 |
| parents | d6531c702be3 |
| children | 7a722f482bfb |
| files | ChangeLog Makefile.am NEWS dnsbl.conf sendmail.st src/context.h src/dnsbl.cpp xml/dnsbl.in |
| diffstat | 8 files changed, 48 insertions(+), 22 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Thu Oct 04 22:45:21 2007 -0700 +++ b/ChangeLog Sat Oct 06 10:56:35 2007 -0700 @@ -1,6 +1,6 @@ $Id$ -6.11 2007-10-04 +6.11 2007-10-06 Add DCC filtering via dccifd. Drop to 60 seconds the time we will keep idle smtp verify sockets around. This needs to be about half the value of confTO_COMMAND configured on the verify targets.
--- a/Makefile.am Thu Oct 04 22:45:21 2007 -0700 +++ b/Makefile.am Sat Oct 06 10:56:35 2007 -0700 @@ -1,7 +1,7 @@ SUBDIRS = src man html info hackdir = $(sysconfdir)/dnsbl hack_SCRIPTS = dnsbl -hack_DATA = dnsbl.conf hosts-ignore.conf html-tags.conf tld.conf cctld.conf +hack_DATA = dnsbl.conf hosts-ignore.conf html-tags.conf tld.conf cctld.conf dnsblnogrey CLEANFILES = dnsbl xml/dnsbl xml/Makefile EXTRA_DIST = $(hack_DATA) dnsbl.spec $(wildcard xml/h*) $(wildcard xml/M*) $(wildcard xml/d*) @@ -19,4 +19,5 @@ chown dnsbl:root $(sysconfdir)/dnsbl/.spamassassin /sbin/chkconfig --del dnsbl /sbin/chkconfig --add dnsbl + if [ -d /var/dcc/userdirs/local ]; then mv -f $(sysconfdir)/dnsbl/dnsblnogrey /var/dcc/userdirs/local ; fi
--- a/NEWS Thu Oct 04 22:45:21 2007 -0700 +++ b/NEWS Sat Oct 06 10:56:35 2007 -0700 @@ -1,6 +1,6 @@ $Id$ -6.11 2007-10-04 Add DCC filtering via dccifd. Fix static buffer referenced by multiple threads. +6.11 2007-10-06 Add DCC filtering via dccifd. Fix static buffer referenced by multiple threads. 6.10 2007-09-23 Don't whitelist addresses with embedded blanks, or the empty path. 6.09 2007-09-06 Fix memory leak. Update timestamps when receiving from auto-whitelisted sender. 6.08 2007-08-30 Don't do generic reverse dns filtering on authenticated connections.
--- a/dnsbl.conf Thu Oct 04 22:45:21 2007 -0700 +++ b/dnsbl.conf Sat Oct 06 10:56:35 2007 -0700 @@ -64,6 +64,7 @@ env_to { # !! replace this with your domain names # child contexts are not allowed to specify recipient addresses outside these domains + # if this is a backup-mx, you need to include here domains for which you relay to the primary mx include "/etc/mail/local-host-names"; };
--- a/src/context.h Thu Oct 04 22:45:21 2007 -0700 +++ b/src/context.h Sat Oct 06 10:56:35 2007 -0700 @@ -218,11 +218,11 @@ void set_bulk(int b) {dcc_bulk_threshold = b; }; bool get_content_filtering() {return content_filtering; }; - bool get_require() {return require_match; }; - bool get_grey() {return dcc_greylist; }; - int get_bulk() {return dcc_bulk_threshold;}; - int get_host_limit() {return host_limit; }; - bool get_host_random() {return host_random; }; + bool get_require() {return content_filtering && require_match; }; + bool get_grey() {return content_filtering && dcc_greylist; }; + int get_bulk() {return (content_filtering) ? dcc_bulk_threshold : 0;}; + int get_host_limit() {return (content_filtering) ? host_limit : 0;}; + bool get_host_random() {return (content_filtering) ? host_random : 0;}; int get_spamassassin_limit() {return (content_filtering) ? spamassassin_limit : 0;}; char* get_content_suffix(); char* get_content_message();
--- a/src/dnsbl.cpp Thu Oct 04 22:45:21 2007 -0700 +++ b/src/dnsbl.cpp Sat Oct 06 10:56:35 2007 -0700 @@ -782,6 +782,7 @@ if ((src[0] == 172) && (16 <= src[1]) && (src[1] <= 31)) return false; char adr[sizeof "255.255.255.255 "]; snprintf(adr, sizeof(adr), "%u.%u.%u.%u", src[3], src[2], src[1], src[0]); + // cannot use inet_ntop here since we want the octets reversed. return (uriblookup(priv, hosts, adr, NULL, found)); } @@ -988,7 +989,7 @@ priv.assassin = new SpamAssassin(&priv, priv.ip, priv.helo, priv.mailaddr, priv.queueid); } if (dccifd_port) { - priv.dccifd = new DccInterface(dccifd_port, &priv, priv.ip, priv.helo, priv.mailaddr, priv.queueid); + priv.dccifd = new DccInterface(dccifd_port, &priv, priv.ip, priv.helo, priv.mailaddr); } return SMFIS_CONTINUE; } @@ -1006,13 +1007,13 @@ smfi_setreply(ctx, "550", "5.7.1", "bogus recipient"); return SMFIS_REJECT; } - - if (priv.assassin) priv.assassin->mlfi_envrcpt(ctx, loto); - if (priv.dccifd) priv.dccifd->mlfi_envrcpt(loto); // priv.mailaddr sending original message to loto CONTEXT &con = *(dc.find_context(loto)->find_context(priv.mailaddr)); VERIFYP ver = con.find_verify(loto); char *fromvalue = con.find_from(priv.mailaddr, true); + // tell spam assassin and dccifd about this recipient + if (priv.assassin) priv.assassin->mlfi_envrcpt(ctx, loto); + if (priv.dccifd) priv.dccifd->mlfi_envrcpt(loto, con.get_grey()); // loto sending a reply back to priv.mailaddr CONTEXT &con2 = *(dc.find_context(priv.mailaddr)->find_context(loto)); char *replyvalue = con2.find_from(loto); @@ -1104,6 +1105,11 @@ else { free(loto); } + + // accept the recipient + if (!con.get_content_filtering()) st = white; + + if (st == oksofar) { // remember first content filtering context if (con.get_content_filtering()) { if (!priv.content_context) priv.content_context = &con; @@ -1112,10 +1118,7 @@ return SMFIS_TEMPFAIL; } } - // accept the recipient - if (!con.get_content_filtering()) st = white; - if (st == oksofar) { - // but remember the non-whites + // remember the non-whites priv.need_content_filter(rcptaddr, con); priv.only_whites = false; priv.want_spamassassin |= (priv.assassin) && // have spam assassin available and
--- a/xml/dnsbl.in Thu Oct 04 22:45:21 2007 -0700 +++ b/xml/dnsbl.in Sat Oct 06 10:56:35 2007 -0700 @@ -34,6 +34,7 @@ <arg><option>-s</option></arg> <arg><option>-d <replaceable class="parameter">n</replaceable></option></arg> <arg><option>-e <replaceable class="parameter">from|to</replaceable></option></arg> + <arg><option>-b <replaceable class="parameter">local-domain-socket</replaceable></option></arg> <arg><option>-r <replaceable class="parameter">local-domain-socket</replaceable></option></arg> <arg><option>-p <replaceable class="parameter">sendmail-socket</replaceable></option></arg> <arg><option>-t <replaceable class="parameter">timeout</replaceable></option></arg> @@ -72,7 +73,14 @@ </para></listitem> </varlistentry> <varlistentry> - <term>-r <replaceable class="parameter">local-domain-socket</replaceable></term> + <term>-b <replaceable class="parameter">local-domain-socket-file-name</replaceable></term> + <listitem><para> + Set the local socket used for the connection to the dccifd daemon. + This is typically /var/dcc/dccifd. + </para></listitem> + </varlistentry> + <varlistentry> + <term>-r <replaceable class="parameter">local-domain-socket-file-name</replaceable></term> <listitem><para> Set the local socket used for the connection to our own dns resolver processes. </para></listitem> @@ -248,6 +256,18 @@ be appropriately tagged and used only for the domains controlled by each of those clients. </para> + <para> + You can now use (via dccifd) different dcc filtering parameters on a per + context basis. See the dcc_greylist and dcc_bulk_threshold statements + in the <citerefentry> <refentrytitle>@PACKAGE@.conf</refentrytitle> + <manvolnum>5</manvolnum> </citerefentry> configuration. Those + statements are only active if you supply the <option>-b</option> option + on the dnsbl command line. If you use the dcc via the standard dcc + milter (dccm), then connections from clients that use SMTP AUTH are + still subject to greylisting. If you use the dcc via dccifd and this + milter, then connections from clients that use SMTP AUTH are never + subject to greylisting. + </para> </refsect1> <refsect1 id='definitions.1'> @@ -704,6 +724,7 @@ env_to { # !! replace this with your domain names # child contexts are not allowed to specify recipient addresses outside these domains + # if this is a backup-mx, you need to include here domains for which you relay to the primary mx include "/etc/mail/local-host-names"; };