changeset 263:e118fd2c6af0

fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
author Carl Byington <carl@five-ten-sg.com>
date Sat, 21 Jul 2012 12:35:19 -0700
parents 4648c7a76105
children 56f55547b120
files dnsbl.conf src/context.cpp src/dnsbl.cpp xml/dnsbl.in
diffstat 4 files changed, 20 insertions(+), 19 deletions(-) [+]
line wrap: on
line diff
--- a/dnsbl.conf	Sat Jul 21 09:16:57 2012 -0700
+++ b/dnsbl.conf	Sat Jul 21 12:35:19 2012 -0700
@@ -35,8 +35,8 @@
     rate_limit 30 4 { // default
         #fred 100;   // override default limits
         #joe  10;    // ""
-        #sam@somedomain.tld  500;
-        #@otherdomain.tld    100;
+        #"sam@somedomain.tld"  500;
+        #"@otherdomain.tld"    100;
     };
 };
 
--- a/src/context.cpp	Sat Jul 21 09:16:57 2012 -0700
+++ b/src/context.cpp	Sat Jul 21 12:35:19 2012 -0700
@@ -854,6 +854,7 @@
 
 
 bool CONTEXT::is_unauthenticated_limited(const char *user) {
+    if (!user) return false;
     rcpt_rates::iterator i = rcpt_per_hour.find(user);  // look for sender user@email limiting
     if (i != rcpt_per_hour.end()) return true;          // found user@email limiting
     const char *f = strchr(user, '@');
--- a/src/dnsbl.cpp	Sat Jul 21 09:16:57 2012 -0700
+++ b/src/dnsbl.cpp	Sat Jul 21 12:35:19 2012 -0700
@@ -1194,21 +1194,6 @@
         smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient can not reply due to blacklisting");
         return SMFIS_REJECT;
     }
-    if (!priv.authenticated && dc.default_context->is_unauthenticated_limited(priv.mailaddr)) {
-        int hourly, daily;
-        incr_rcpt_count(priv.mailaddr, hourly, daily);
-        int h_limit = dc.default_context->find_rate(priv.mailaddr);
-        int d_limit = dc.default_context->get_daily_multiple() * h_limit;
-        if (debug_syslog > 1) {
-            char msg[maxlen];
-            snprintf(msg, sizeof(msg), "unauthenticated address %s (%d %d recipients, %d %d limits)", priv.mailaddr, hourly, daily, h_limit, d_limit);
-            my_syslog(&priv, msg);
-        }
-        if ((hourly > h_limit) || (daily > d_limit)){
-            smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient rate limit exceeded");
-            return SMFIS_REJECT;
-        }
-    }
     if (priv.authenticated) {
         int hourly, daily;
         incr_rcpt_count(priv.authenticated, hourly, daily);
@@ -1284,6 +1269,21 @@
             return SMFIS_REJECT;
         }
     }
+    if (!priv.authenticated && dc.default_context->is_unauthenticated_limited(priv.mailaddr)) {
+        int hourly, daily;
+        incr_rcpt_count(priv.mailaddr, hourly, daily);
+        int h_limit = dc.default_context->find_rate(priv.mailaddr);
+        int d_limit = dc.default_context->get_daily_multiple() * h_limit;
+        if (debug_syslog > 1) {
+            char msg[maxlen];
+            snprintf(msg, sizeof(msg), "unauthenticated address %s (%d %d recipients, %d %d limits)", priv.mailaddr, hourly, daily, h_limit, d_limit);
+            my_syslog(&priv, msg);
+        }
+        if ((hourly > h_limit) || (daily > d_limit)){
+            smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient rate limit exceeded");
+            return SMFIS_REJECT;
+        }
+    }
     // we will accept the recipient, but add an auto-whitelist entry
     // if needed to ensure we can accept replies
     loto = to_lower_string(rcptaddr);
--- a/xml/dnsbl.in	Sat Jul 21 09:16:57 2012 -0700
+++ b/xml/dnsbl.in	Sat Jul 21 12:35:19 2012 -0700
@@ -774,8 +774,8 @@
     rate_limit 30 4 { // default
         #fred 100;   // override default limits
         #joe  10;    // ""
-        #sam@somedomain.tld  500;
-        #@otherdomain.tld    100;
+        #"sam@somedomain.tld"  500;
+        #"@otherdomain.tld"    100;
     };
 };