Mercurial > dnsbl
changeset 162:c4bce911c276 stable-6-03
don't add auto whitelist for A to A
author | carl |
---|---|
date | Sat, 14 Jul 2007 12:25:17 -0700 |
parents | d384df37491f |
children | 97d7da45fe2a |
files | ChangeLog Makefile.cvs NEWS configure.in m4/acx_pthread.m4 src/Makefile.am src/context.cpp src/context.h src/dnsbl.cpp xml/dnsbl.in |
diffstat | 10 files changed, 309 insertions(+), 20 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Tue Jul 10 14:09:23 2007 -0700 +++ b/ChangeLog Sat Jul 14 12:25:17 2007 -0700 @@ -1,5 +1,8 @@ $Id$ +6.03 2007-07-14 + Don't add auto whitelist entries for our own domains. + 6.02 2007-07-10 Allow manual updates to the auto whitelisting files, mainly for scp or rsync synchronization between primary and backup mx
--- a/Makefile.cvs Tue Jul 10 14:09:23 2007 -0700 +++ b/Makefile.cvs Sat Jul 14 12:25:17 2007 -0700 @@ -1,7 +1,7 @@ default: all all: - aclocal + aclocal -I m4 autoheader automake autoconf
--- a/NEWS Tue Jul 10 14:09:23 2007 -0700 +++ b/NEWS Sat Jul 14 12:25:17 2007 -0700 @@ -1,5 +1,6 @@ $Id$ +6.03 2007-07-14 Don't add auto whitelist entries for our own domains. 6.02 2007-07-10 Allow manual updates to the auto whitelisting files. 6.01 2007-07-07 GPL3. Block mail to recipients that cannot reply. Start auto whitelisting. 5.30 2007-06-09 Selinux fixes
--- a/configure.in Tue Jul 10 14:09:23 2007 -0700 +++ b/configure.in Sat Jul 14 12:25:17 2007 -0700 @@ -1,6 +1,6 @@ AC_PREREQ(2.59) -AC_INIT(dnsbl,6.02,carl@five-ten-sg.com) +AC_INIT(dnsbl,6.03,carl@five-ten-sg.com) AC_CONFIG_SRCDIR([config.h.in]) AC_CONFIG_HEADER([config.h]) @@ -34,6 +34,9 @@ AC_FUNC_STAT AC_CHECK_FUNCS([gethostbyname gethostname memmove memset socket strchr strdup strncasecmp strrchr strstr strtol]) +# check for posix threads +ACX_PTHREAD + AC_CONFIG_FILES([Makefile dnsbl.spec html/Makefile
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/m4/acx_pthread.m4 Sat Jul 14 12:25:17 2007 -0700 @@ -0,0 +1,280 @@ +##### http://autoconf-archive.cryp.to/acx_pthread.html +# +# SYNOPSIS +# +# ACX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]]) +# +# DESCRIPTION +# +# This macro figures out how to build C programs using POSIX threads. +# It sets the PTHREAD_LIBS output variable to the threads library and +# linker flags, and the PTHREAD_CFLAGS output variable to any special +# C compiler flags that are needed. (The user can also force certain +# compiler flags/libs to be tested by setting these environment +# variables.) +# +# Also sets PTHREAD_CC to any special C compiler that is needed for +# multi-threaded programs (defaults to the value of CC otherwise). +# (This is necessary on AIX to use the special cc_r compiler alias.) +# +# NOTE: You are assumed to not only compile your program with these +# flags, but also link it with them as well. e.g. you should link +# with $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS +# $LIBS +# +# If you are only building threads programs, you may wish to use +# these variables in your default LIBS, CFLAGS, and CC: +# +# LIBS="$PTHREAD_LIBS $LIBS" +# CFLAGS="$CFLAGS $PTHREAD_CFLAGS" +# CC="$PTHREAD_CC" +# +# In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute +# constant has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to +# that name (e.g. PTHREAD_CREATE_UNDETACHED on AIX). +# +# ACTION-IF-FOUND is a list of shell commands to run if a threads +# library is found, and ACTION-IF-NOT-FOUND is a list of commands to +# run it if it is not found. If ACTION-IF-FOUND is not specified, the +# default action will define HAVE_PTHREAD. +# +# Please let the authors know if this macro fails on any platform, or +# if you have any other suggestions or comments. This macro was based +# on work by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) +# (with help from M. Frigo), as well as ac_pthread and hb_pthread +# macros posted by Alejandro Forero Cuervo to the autoconf macro +# repository. We are also grateful for the helpful feedback of +# numerous users. +# +# LAST MODIFICATION +# +# 2006-05-29 +# +# COPYLEFT +# +# Copyright (c) 2006 Steven G. Johnson <stevenj@alum.mit.edu> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. +# +# As a special exception, the respective Autoconf Macro's copyright +# owner gives unlimited permission to copy, distribute and modify the +# configure scripts that are the output of Autoconf when processing +# the Macro. You need not follow the terms of the GNU General Public +# License when using or distributing such scripts, even though +# portions of the text of the Macro appear in them. The GNU General +# Public License (GPL) does govern all other use of the material that +# constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the +# Autoconf Macro released by the Autoconf Macro Archive. When you +# make and distribute a modified version of the Autoconf Macro, you +# may extend this special exception to the GPL to apply to your +# modified version as well. + +AC_DEFUN([ACX_PTHREAD], [ +AC_REQUIRE([AC_CANONICAL_HOST]) +AC_LANG_SAVE +AC_LANG_C +acx_pthread_ok=no + +# We used to check for pthread.h first, but this fails if pthread.h +# requires special compiler flags (e.g. on True64 or Sequent). +# It gets checked for in the link test anyway. + +# First of all, check if the user has set any of the PTHREAD_LIBS, +# etcetera environment variables, and if threads linking works using +# them: +if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + save_LIBS="$LIBS" + LIBS="$PTHREAD_LIBS $LIBS" + AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS]) + AC_TRY_LINK_FUNC(pthread_join, acx_pthread_ok=yes) + AC_MSG_RESULT($acx_pthread_ok) + if test x"$acx_pthread_ok" = xno; then + PTHREAD_LIBS="" + PTHREAD_CFLAGS="" + fi + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" +fi + +# We must check for the threads library under a number of different +# names; the ordering is very important because some systems +# (e.g. DEC) have both -lpthread and -lpthreads, where one of the +# libraries is broken (non-POSIX). + +# Create a list of thread flags to try. Items starting with a "-" are +# C compiler flags, and other items are library names, except for "none" +# which indicates that we try without any flags at all, and "pthread-config" +# which is a program returning the flags for the Pth emulation library. + +acx_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" + +# The ordering *is* (sometimes) important. Some notes on the +# individual items follow: + +# pthreads: AIX (must check this before -lpthread) +# none: in case threads are in libc; should be tried before -Kthread and +# other compiler flags to prevent continual compiler warnings +# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) +# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) +# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) +# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads) +# -pthreads: Solaris/gcc +# -mthreads: Mingw32/gcc, Lynx/gcc +# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it +# doesn't hurt to check since this sometimes defines pthreads too; +# also defines -D_REENTRANT) +# ... -mt is also the pthreads flag for HP/aCC +# pthread: Linux, etcetera +# --thread-safe: KAI C++ +# pthread-config: use pthread-config program (for GNU Pth library) + +case "${host_cpu}-${host_os}" in + *solaris*) + + # On Solaris (at least, for some versions), libc contains stubbed + # (non-functional) versions of the pthreads routines, so link-based + # tests will erroneously succeed. (We need to link with -pthreads/-mt/ + # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather + # a function called by this macro, so we could check for that, but + # who knows whether they'll stub that too in a future libc.) So, + # we'll just look for -pthreads and -lpthread first: + + acx_pthread_flags="-pthreads pthread -mt -pthread $acx_pthread_flags" + ;; +esac + +if test x"$acx_pthread_ok" = xno; then +for flag in $acx_pthread_flags; do + + case $flag in + none) + AC_MSG_CHECKING([whether pthreads work without any flags]) + ;; + + -*) + AC_MSG_CHECKING([whether pthreads work with $flag]) + PTHREAD_CFLAGS="$flag" + ;; + + pthread-config) + AC_CHECK_PROG(acx_pthread_config, pthread-config, yes, no) + if test x"$acx_pthread_config" = xno; then continue; fi + PTHREAD_CFLAGS="`pthread-config --cflags`" + PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" + ;; + + *) + AC_MSG_CHECKING([for the pthreads library -l$flag]) + PTHREAD_LIBS="-l$flag" + ;; + esac + + save_LIBS="$LIBS" + save_CFLAGS="$CFLAGS" + LIBS="$PTHREAD_LIBS $LIBS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + + # Check for various functions. We must include pthread.h, + # since some functions may be macros. (On the Sequent, we + # need a special flag -Kthread to make this header compile.) + # We check for pthread_join because it is in -lpthread on IRIX + # while pthread_create is in libc. We check for pthread_attr_init + # due to DEC craziness with -lpthreads. We check for + # pthread_cleanup_push because it is one of the few pthread + # functions on Solaris that doesn't have a non-functional libc stub. + # We try pthread_create on general principles. + AC_TRY_LINK([#include <pthread.h>], + [pthread_t th; pthread_join(th, 0); + pthread_attr_init(0); pthread_cleanup_push(0, 0); + pthread_create(0,0,0,0); pthread_cleanup_pop(0); ], + [acx_pthread_ok=yes]) + + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" + + AC_MSG_RESULT($acx_pthread_ok) + if test "x$acx_pthread_ok" = xyes; then + break; + fi + + PTHREAD_LIBS="" + PTHREAD_CFLAGS="" +done +fi + +# Various other checks: +if test "x$acx_pthread_ok" = xyes; then + save_LIBS="$LIBS" + LIBS="$PTHREAD_LIBS $LIBS" + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + + # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. + AC_MSG_CHECKING([for joinable pthread attribute]) + attr_name=unknown + for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do + AC_TRY_LINK([#include <pthread.h>], [int attr=$attr; return attr;], + [attr_name=$attr; break]) + done + AC_MSG_RESULT($attr_name) + if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then + AC_DEFINE_UNQUOTED(PTHREAD_CREATE_JOINABLE, $attr_name, + [Define to necessary symbol if this constant + uses a non-standard name on your system.]) + fi + + AC_MSG_CHECKING([if more special flags are required for pthreads]) + flag=no + case "${host_cpu}-${host_os}" in + *-aix* | *-freebsd* | *-darwin*) flag="-D_THREAD_SAFE";; + *solaris* | *-osf* | *-hpux*) flag="-D_REENTRANT";; + esac + AC_MSG_RESULT(${flag}) + if test "x$flag" != xno; then + PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS" + fi + + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" + + # More AIX lossage: must compile with xlc_r or cc_r + if test x"$GCC" != xyes; then + AC_CHECK_PROGS(PTHREAD_CC, xlc_r cc_r, ${CC}) + else + PTHREAD_CC=$CC + fi +else + PTHREAD_CC="$CC" +fi + +AC_SUBST(PTHREAD_LIBS) +AC_SUBST(PTHREAD_CFLAGS) +AC_SUBST(PTHREAD_CC) + +# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: +if test x"$acx_pthread_ok" = xyes; then + ifelse([$1],,AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]),[$1]) + : +else + acx_pthread_ok=no + $2 +fi +AC_LANG_RESTORE +])dnl ACX_PTHREAD
--- a/src/Makefile.am Tue Jul 10 14:09:23 2007 -0700 +++ b/src/Makefile.am Sat Jul 14 12:25:17 2007 -0700 @@ -6,9 +6,9 @@ INCLUDES= $(all_includes) # the library search path. -dnsbl_LDFLAGS = -pthread +dnsbl_LDFLAGS = $(PTHREAD_CFLAGS) $(PTHREAD_LIBS) dnsbl_LDADD = $(all_libraries) /usr/lib/libresolv.a -lmilter # default compile flags -dnsbl_CXXFLAGS = -pthread +dnsbl_CXXFLAGS = $(PTHREAD_CFLAGS)
--- a/src/context.cpp Tue Jul 10 14:09:23 2007 -0700 +++ b/src/context.cpp Sat Jul 14 12:25:17 2007 -0700 @@ -516,14 +516,9 @@ bool WHITELISTER::is_white(char *from) { - bool rc = false; pthread_mutex_lock(&mutex); autowhite_sent::iterator i = rcpts.find(from); - if (i != rcpts.end()) { - time_t when = (*i).second; - time_t now = time(NULL); - rc = (when+(days*8640) > now); - } + bool rc = (i != rcpts.end()); pthread_mutex_unlock(&mutex); return rc; } @@ -738,11 +733,11 @@ } -WHITELISTERP CONTEXT::find_autowhite(char *to) { - if (whitelister && cover_env_to(to)) +WHITELISTERP CONTEXT::find_autowhite(char *from, char *to) { + if (whitelister && cover_env_to(to) && !cover_env_to(from)) return whitelister; else if (parent) - return parent->find_autowhite(to); + return parent->find_autowhite(from, to); else return NULL; }
--- a/src/context.h Tue Jul 10 14:09:23 2007 -0700 +++ b/src/context.h Sat Jul 14 12:25:17 2007 -0700 @@ -166,7 +166,7 @@ void set_whitelister(WHITELISTERP v) {whitelister = v;}; void set_autowhite(char *fn) {autowhite_file = fn;}; char* get_autowhite() {return autowhite_file;}; - WHITELISTERP find_autowhite(char *to); + WHITELISTERP find_autowhite(char *from, char *to); void set_default_rate(int limit) {default_rcpt_rate = limit;}; void add_rate(char *user, int limit) {rcpt_per_hour[user] = limit;};
--- a/src/dnsbl.cpp Tue Jul 10 14:09:23 2007 -0700 +++ b/src/dnsbl.cpp Sat Jul 14 12:25:17 2007 -0700 @@ -1023,9 +1023,9 @@ } // we will accept the recipient, but add an auto-whitelist entry // if needed to ensure we can accept replies - WHITELISTERP w = con2.find_autowhite(priv.mailaddr); + loto = to_lower_string(rcptaddr); + WHITELISTERP w = con2.find_autowhite(loto, priv.mailaddr); if (w) { - char *loto = to_lower_string(rcptaddr); if (debug_syslog > 1) { char buf[maxlen]; char msg[maxlen]; @@ -1034,6 +1034,9 @@ } w->sent(loto); // don't free it, the whitelister takes ownership of the string } + else { + free(loto); + } // accept the recipient if (!con.get_content_filtering()) st = white; if (st == oksofar) {
--- a/xml/dnsbl.in Tue Jul 10 14:09:23 2007 -0700 +++ b/xml/dnsbl.in Sat Jul 14 12:25:17 2007 -0700 @@ -176,11 +176,15 @@ allowed to relay thru this mail server with no spam filtering. </para> <para> - Consider the case of a message from A to B passing thru this milter. - If that message is not blocked, then we might eventually see a reply + Consider the case of a message from A to B passing thru this milter. If + that message is not blocked, then we might eventually see a reply message from B to A. If the filtering context for A includes an - autowhite entry, then this milter will add an entry in that file to - whitelist such replies for a configurable time period. Such autowhite + autowhite entry, and that context does <emphasis>not</emphasis> cover B + as a recipient, then this milter will add an entry in that file to + whitelist such replies for a configurable time period. Suppose A and B + are in the same domain, or at least use the same filtering context. In + that case we don't want to add a whitelist entry for B, since that would + then allow spammers to send mail from B (forged) to B. Such autowhite files need to be writeable by the dnsbl user, where all the other dnsbl configuration files only need to be readable by the dnsbl user. </para>