Mercurial > dnsbl
changeset 263:e118fd2c6af0
fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Sat, 21 Jul 2012 12:35:19 -0700 (2012-07-21) |
parents | 4648c7a76105 |
children | 56f55547b120 |
files | dnsbl.conf src/context.cpp src/dnsbl.cpp xml/dnsbl.in |
diffstat | 4 files changed, 20 insertions(+), 19 deletions(-) [+] |
line wrap: on
line diff
--- a/dnsbl.conf Sat Jul 21 09:16:57 2012 -0700 +++ b/dnsbl.conf Sat Jul 21 12:35:19 2012 -0700 @@ -35,8 +35,8 @@ rate_limit 30 4 { // default #fred 100; // override default limits #joe 10; // "" - #sam@somedomain.tld 500; - #@otherdomain.tld 100; + #"sam@somedomain.tld" 500; + #"@otherdomain.tld" 100; }; };
--- a/src/context.cpp Sat Jul 21 09:16:57 2012 -0700 +++ b/src/context.cpp Sat Jul 21 12:35:19 2012 -0700 @@ -854,6 +854,7 @@ bool CONTEXT::is_unauthenticated_limited(const char *user) { + if (!user) return false; rcpt_rates::iterator i = rcpt_per_hour.find(user); // look for sender user@email limiting if (i != rcpt_per_hour.end()) return true; // found user@email limiting const char *f = strchr(user, '@');
--- a/src/dnsbl.cpp Sat Jul 21 09:16:57 2012 -0700 +++ b/src/dnsbl.cpp Sat Jul 21 12:35:19 2012 -0700 @@ -1194,21 +1194,6 @@ smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient can not reply due to blacklisting"); return SMFIS_REJECT; } - if (!priv.authenticated && dc.default_context->is_unauthenticated_limited(priv.mailaddr)) { - int hourly, daily; - incr_rcpt_count(priv.mailaddr, hourly, daily); - int h_limit = dc.default_context->find_rate(priv.mailaddr); - int d_limit = dc.default_context->get_daily_multiple() * h_limit; - if (debug_syslog > 1) { - char msg[maxlen]; - snprintf(msg, sizeof(msg), "unauthenticated address %s (%d %d recipients, %d %d limits)", priv.mailaddr, hourly, daily, h_limit, d_limit); - my_syslog(&priv, msg); - } - if ((hourly > h_limit) || (daily > d_limit)){ - smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient rate limit exceeded"); - return SMFIS_REJECT; - } - } if (priv.authenticated) { int hourly, daily; incr_rcpt_count(priv.authenticated, hourly, daily); @@ -1284,6 +1269,21 @@ return SMFIS_REJECT; } } + if (!priv.authenticated && dc.default_context->is_unauthenticated_limited(priv.mailaddr)) { + int hourly, daily; + incr_rcpt_count(priv.mailaddr, hourly, daily); + int h_limit = dc.default_context->find_rate(priv.mailaddr); + int d_limit = dc.default_context->get_daily_multiple() * h_limit; + if (debug_syslog > 1) { + char msg[maxlen]; + snprintf(msg, sizeof(msg), "unauthenticated address %s (%d %d recipients, %d %d limits)", priv.mailaddr, hourly, daily, h_limit, d_limit); + my_syslog(&priv, msg); + } + if ((hourly > h_limit) || (daily > d_limit)){ + smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient rate limit exceeded"); + return SMFIS_REJECT; + } + } // we will accept the recipient, but add an auto-whitelist entry // if needed to ensure we can accept replies loto = to_lower_string(rcptaddr);
--- a/xml/dnsbl.in Sat Jul 21 09:16:57 2012 -0700 +++ b/xml/dnsbl.in Sat Jul 21 12:35:19 2012 -0700 @@ -774,8 +774,8 @@ rate_limit 30 4 { // default #fred 100; // override default limits #joe 10; // "" - #sam@somedomain.tld 500; - #@otherdomain.tld 100; + #"sam@somedomain.tld" 500; + #"@otherdomain.tld" 100; }; };