annotate src/dnsbl.h @ 407:29d54e7028f6 stable-6-0-54

document dmarc vs dnsbl dkim/spf; switch to . rather than " " for dkim impossible signer
author Carl Byington <carl@five-ten-sg.com>
date Thu, 30 Mar 2017 10:26:30 -0700
parents c378e9d03f37
children f9165d9aa689
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
143
ecb40aa3eaa5 require two periods for ip addresses
carl
parents: 136
diff changeset
1 /*
ecb40aa3eaa5 require two periods for ip addresses
carl
parents: 136
diff changeset
2
152
c7fc218686f5 gpl3, block mail to recipients that cannot reply
carl
parents: 143
diff changeset
3 Copyright (c) 2007 Carl Byington - 510 Software Group, released under
c7fc218686f5 gpl3, block mail to recipients that cannot reply
carl
parents: 143
diff changeset
4 the GPL version 3 or any later version at your choice available at
c7fc218686f5 gpl3, block mail to recipients that cannot reply
carl
parents: 143
diff changeset
5 http://www.gnu.org/licenses/gpl-3.0.txt
143
ecb40aa3eaa5 require two periods for ip addresses
carl
parents: 136
diff changeset
6
ecb40aa3eaa5 require two periods for ip addresses
carl
parents: 136
diff changeset
7 */
ecb40aa3eaa5 require two periods for ip addresses
carl
parents: 136
diff changeset
8
119
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com>
carl
parents: 86
diff changeset
9 #ifndef dnsbl_include
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com>
carl
parents: 86
diff changeset
10 #define dnsbl_include
74
b7449114ebb0 start coding on new config syntax
carl
parents:
diff changeset
11
b7449114ebb0 start coding on new config syntax
carl
parents:
diff changeset
12 #include "context.h"
163
97d7da45fe2a spamassassin changes
carl
parents: 152
diff changeset
13 #include "spamass.h"
178
d6531c702be3 embedded dcc filtering
carl
parents: 177
diff changeset
14 #include "dccifd.h"
74
b7449114ebb0 start coding on new config syntax
carl
parents:
diff changeset
15
86
c1280cd3e248 add multiple debug syslog levels, remove duplicate dnsbl definitions
carl
parents: 76
diff changeset
16 extern int debug_syslog;
180
7a722f482bfb embedded dcc filtering
carl
parents: 178
diff changeset
17 #define dccbulk 1000
74
b7449114ebb0 start coding on new config syntax
carl
parents:
diff changeset
18
b7449114ebb0 start coding on new config syntax
carl
parents:
diff changeset
19 class recorder;
b7449114ebb0 start coding on new config syntax
carl
parents:
diff changeset
20 class url_scanner;
b7449114ebb0 start coding on new config syntax
carl
parents:
diff changeset
21
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
22
74
b7449114ebb0 start coding on new config syntax
carl
parents:
diff changeset
23 ////////////////////////////////////////////////
119
d9d2f8699621 uribl patch from Jeff Evans <jeffe@tricab.com>
carl
parents: 86
diff changeset
24 // mail filter private data, held for us by sendmail
74
b7449114ebb0 start coding on new config syntax
carl
parents:
diff changeset
25 //
b7449114ebb0 start coding on new config syntax
carl
parents:
diff changeset
26 struct mlfiPriv
b7449114ebb0 start coding on new config syntax
carl
parents:
diff changeset
27 {
187
f0eda59e8afd fix null pointer dereference from missing HELO command
carl
parents: 180
diff changeset
28 // callback specific data
f0eda59e8afd fix null pointer dereference from missing HELO command
carl
parents: 180
diff changeset
29 SMFICTX *ctx; // updated everytime we fetch this priv pointer from the ctx
190
004b855c6c1f fix null pointer dereference from missing HELO command
carl
parents: 187
diff changeset
30 bool eom; // are we in eom function, so progress function can be called?
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
31 // connection specific data
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
32 CONFIG *pc; // global filtering configuration
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
33 int fd; // to talk to dns resolver process
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
34 bool err; // did we get any errors on the resolver socket?
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
35 uint32_t ip; // ip4 address of the smtp client in network order
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
36 const char *helo; // helo from client
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 242
diff changeset
37 map<DNSBLP, bool> checked_black; // map of dnsblp to result of (ip listed on that dnsbl)
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 242
diff changeset
38 map<DNSWLP, bool> checked_white; // map of dnswlp to result of (ip listed on that dnswl)
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
39 // message specific data
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 326
diff changeset
40 const char *origaddr; // envelope from value, lowercase, no srs/pvrs unwrapping
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 326
diff changeset
41 const char *mailaddr; // envelope from value, lowercase, srs/pvrs unwapped
321
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 310
diff changeset
42 const char *fromaddr; // header from value, set by mlfi_header()
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 310
diff changeset
43 int header_count; // count of headers already seen
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
44 bool dkim_ok; // ok to proceed with dkim checking
326
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 322
diff changeset
45 string_set dkim_signers; // non empty if message was validly signed, set of signers
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
46 const char *queueid; // sendmail queue id
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
47 const char *authenticated; // client authenticated? if so, suppress all dnsbl checks, but check rate limits
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
48 const char *client_name; // fully qualified host name of the smtp client xxx [ip.ad.dr.es] (may be forged)
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
49 char *client_dns_name; // fully qualified host name of the smtp client xxx
268
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 257
diff changeset
50 bool client_dns_forged; // rdns mismatch
377
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 350
diff changeset
51 const char *host_uribl; // pointer to helo/client/from/signer host name if found on uribl
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 350
diff changeset
52 string_set hosts_uribl; // string set to hold the helo/client/from/signer host name if found on uribl
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
53 bool helo_uribl; // helo value on uribl
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
54 bool client_uribl; // client_name on uribl
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
55 bool from_uribl; // envelope from value on uribl
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
56 bool have_whites; // have at least one whitelisted recipient? need to accept content and remove all non-whitelisted recipients if it fails
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
57 bool only_whites; // every recipient is whitelisted?
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
58 bool want_spamassassin; // at least one non-whitelisted recipient has a non zero spamassassin limit
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
59 bool want_dccgrey; // at least one non-whitelisted recipient wants dcc greylisting
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
60 bool want_dccbulk; // at least one non-whitelisted recipient wants dcc bulk filtering
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 214
diff changeset
61 bool allow_autowhitelisting; // precedence:bulk or content-type:multipart/report headers prevent autowhitelisting
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 190
diff changeset
62 delay_whitelist delayer; // to remember autowhitelisting until we see headers
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
63 CONTEXT *content_context; // first non-whitelisted recipient with a content filtering context
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
64 context_map env_to; // map each non-whitelisted recipient to their filtering context
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
65 recorder *memory; // memory for the content scanner
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
66 url_scanner *scanner; // object to handle body scanning
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
67 const char *content_suffix; // for url body filtering based on ip addresses of hostnames in the body
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
68 const char *content_message; // ""
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
69 const char *uribl_suffix; // for uribl body filtering based on hostnames in the body
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
70 const char *uribl_message; // ""
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
71 string_set *content_host_ignore; // ""
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
72 SpamAssassin *assassin;
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
73 DccInterface *dccifd;
76
81f1e400e8ab start coding on new config syntax
carl
parents: 74
diff changeset
74
74
b7449114ebb0 start coding on new config syntax
carl
parents:
diff changeset
75
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
76 mlfiPriv();
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
77 ~mlfiPriv();
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
78 void reset(bool final = false); // for a new message
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
79 void get_fd();
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
80 void return_fd();
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
81 size_t my_read(char *buf, size_t len);
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 192
diff changeset
82 size_t my_write(const char *buf, size_t len);
377
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 350
diff changeset
83 const char *check_uribl_signers();
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 326
diff changeset
84 void need_content_filter(CONTEXT &con);
74
b7449114ebb0 start coding on new config syntax
carl
parents:
diff changeset
85 };
b7449114ebb0 start coding on new config syntax
carl
parents:
diff changeset
86
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
87 struct ns_map {
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
88 // all the strings are owned by the keys/values in the ns_host string map
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
89 string_map ns_host; // nameserver name -> host name that uses this name server
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
90 ns_mapper ns_ip; // nameserver name -> ipv4 address of the name server
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
91 ~ns_map();
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
92 void add(const char *name, const char *refer);
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
93 };
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
94
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
95 void my_syslog(const char *queueid, const char *text);
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
96 void my_syslog(mlfiPriv *priv, const char *text);
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
97 void my_syslog(mlfiPriv *priv, const string text);
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
98 void my_syslog(const char *text);
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
99 uint32_t dns_interface(mlfiPriv &priv, const char *question, int qtype, bool maybe_ip = false, ns_map *nameservers = NULL, char *txt_answer = NULL, size_t txt_size = 0);
74
b7449114ebb0 start coding on new config syntax
carl
parents:
diff changeset
100
b7449114ebb0 start coding on new config syntax
carl
parents:
diff changeset
101 #endif