annotate src/dnsbl.cpp @ 470:cef0da2a3b32

Added tag stable-6-0-77 for changeset 0370916c7626
author Carl Byington <carl@five-ten-sg.com>
date Wed, 16 Dec 2020 11:25:19 -0800
parents f5b394bec28c
children 5209e92b4885
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1 /*
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
3 Copyright (c) 2013 Carl Byington - 510 Software Group, released under
152
c7fc218686f5 gpl3, block mail to recipients that cannot reply
carl
parents: 150
diff changeset
4 the GPL version 3 or any later version at your choice available at
c7fc218686f5 gpl3, block mail to recipients that cannot reply
carl
parents: 150
diff changeset
5 http://www.gnu.org/licenses/gpl-3.0.txt
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
6
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
7 Based on a sample milter Copyright (c) 2000-2003 Sendmail, Inc. and its
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
8 suppliers. Inspired by the DCC by Rhyolite Software
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
9
177
a4d313c2460b start embedded dcc filtering
carl
parents: 174
diff changeset
10 -b port The port used to talk to the dcc interface daemon
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
11 -r port The port used to talk to our internal dns resolver processes
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
12 -p port The port through which the MTA will connect to this milter.
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
13 -t sec The timeout value.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
14 -c Check the config, and print a copy to stdout. Don't start the
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
15 milter or do anything with the socket.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
16 -s Stress test by loading and deleting the current config in a loop.
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
17 -d level set the debug level
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
18 -e f|t Print the results of looking up from address f and to address
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
19 t in the current config
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
20
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
21 */
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
22
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
23
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
24 // from sendmail sample
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
25 #include <sys/types.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
26 #include <sys/stat.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
27 #include <errno.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
28 #include <sysexits.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
29 #include <unistd.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
30
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
31 // needed for socket io
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
32 #include <sys/ioctl.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
33 #include <net/if.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
34 #include <arpa/inet.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
35 #include <netinet/in.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
36 #include <netinet/tcp.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
37 #include <netdb.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
38 #include <sys/socket.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
39 #include <sys/un.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
40
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
41 // needed for thread
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
42 #include <pthread.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
43
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
44 // needed for std c++ collections
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
45 #include <set>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
46 #include <map>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
47 #include <list>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
48
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
49 // for the dns resolver
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
50 #include <netinet/in.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
51 #include <resolv.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
52
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
53 // misc stuff needed here
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
54 #include <ctype.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
55 #include <syslog.h>
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
56 #include <pwd.h>
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
57 #include <sys/wait.h> /* header for waitpid() and various macros */
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
58 #include <signal.h> /* header for signal functions */
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
59
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
60 #include "includes.h"
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
61
211
4db1457cd11a Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents: 203
diff changeset
62 #ifndef HAVE_DAEMON
4db1457cd11a Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents: 203
diff changeset
63 #include "daemon.h"
4db1457cd11a Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents: 203
diff changeset
64 #include "daemon.c"
4db1457cd11a Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents: 203
diff changeset
65 #endif
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
66
227
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
67 #ifndef HAVE_MEMRCHR
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
68 void *memrchr(const void *a, int c, size_t len);
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
69 void *memrchr(const void *a, int c, size_t len) {
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
70 const unsigned char *p = (const unsigned char *)a;
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
71 for (p += len-1; (const void *)p >= a; p--)
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
72 if (*p == c)
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
73 return (void *)p;
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
74 return (void *)0;
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
75 }
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
76 #endif
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 225
diff changeset
77
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
78 extern "C" {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
79 sfsistat mlfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
80 sfsistat mlfi_helo(SMFICTX * ctx, char *helohost);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
81 sfsistat mlfi_envfrom(SMFICTX *ctx, char **argv);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
82 sfsistat mlfi_envrcpt(SMFICTX *ctx, char **argv);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
83 sfsistat mlfi_header(SMFICTX* ctx, char* headerf, char* headerv);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
84 sfsistat mlfi_body(SMFICTX *ctx, u_char *data, size_t len);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
85 sfsistat mlfi_eom(SMFICTX *ctx);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
86 sfsistat mlfi_abort(SMFICTX *ctx);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
87 sfsistat mlfi_close(SMFICTX *ctx);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
88 void sig_chld(int signo);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
89 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
90
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
91 int debug_syslog = 0;
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
92 bool syslog_opened = false;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
93 bool use_syslog = true; // false to printf
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
94 bool loader_run = true; // used to stop the config loader thread
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
95 CONFIG *config = NULL; // protected by the config_mutex
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
96 int generation = 0; // protected by the config_mutex
432
4ffa356316d5 allow syslogging of long txt records
Carl Byington <carl@five-ten-sg.com>
parents: 430
diff changeset
97 const int maxlen = maxdnslength; // used for snprintf buffers
235
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
98 regex_t srs_pattern; // used to detect srs coding in mail addresses
246
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
99 regex_t prvs_pattern; // used to detect prvs coding in mail addresses
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
100 regex_t dkim_r_pattern; // used to detect dkim signatures authenticated by the upstream opendkim milter
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
101 regex_t dkim_s_pattern; // used to detect dkim signatures generated by the upstream opendkim milter
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
102 regex_t from_pattern; // used to extract the senders mail domain from the body from: header
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
103
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
104 pthread_mutex_t config_mutex;
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
105 pthread_mutex_t syslog_mutex;
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
106 pthread_mutex_t resolve_mutex;
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
107 pthread_mutex_t fd_pool_mutex;
136
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
108 pthread_mutex_t rate_mutex;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
109
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
110 std::set<int> fd_pool;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
111 int NULL_SOCKET = -1;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
112 const time_t ERROR_SOCKET_TIME = 60; // number of seconds between attempts to open a socket to the dns resolver process
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
113 const char *resolver_port = NULL; // unix domain socket to talk to the dns resolver process
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
114 int resolver_socket = NULL_SOCKET; // socket used to listen for resolver requests
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
115 const char *dccifd_port = NULL; // unix domain socket to talk to the dcc interface daemon
248
b0738685bf51 latest tld list; fix uninitialized variable
Carl Byington <carl@five-ten-sg.com>
parents: 246
diff changeset
116 time_t last_error_time = 0;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
117 int resolver_sock_count = 0; // protected with fd_pool_mutex
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
118 int resolver_pool_size = 0; // protected with fd_pool_mutex
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
119 rates rcpt_hourly_counts; // protected with rate_mutex
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
120 rates rcpt_daily_counts; // protected with rate_mutex
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
121 auth_addresses auth_hourly_addresses; // protected with rate_mutex
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
122 auth_addresses auth_daily_addresses; // protected with rate_mutex
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
123
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
124
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
125
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
126 ns_map::~ns_map() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
127 for (string_map::iterator i=ns_host.begin(); i!=ns_host.end(); i++) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
128 const char *x = (*i).first;
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
129 const char *y = (*i).second;
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
130 free((void*)x);
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
131 free((void*)y);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
132 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
133 ns_ip.clear();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
134 ns_host.clear();
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
135 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
136
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
137
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
138 void ns_map::add(const char *name, const char *refer) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
139 string_map::iterator i = ns_host.find(name);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
140 if (i != ns_host.end()) return;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
141 char *x = strdup(name);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
142 char *y = strdup(refer);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
143 ns_ip[x] = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
144 ns_host[x] = y;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
145
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
146 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
147
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
148 // packed structure to allow a single socket write to dump the
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
149 // length and the following answer. The packing attribute is gcc specific.
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
150 struct glommer {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
151 size_t length;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
152 #ifdef NS_PACKETSZ
428
6f2db3d19a34 allow 4000 byte spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 425
diff changeset
153 u_char answer[maxdnslength]; // with a resolver, we return resolver answers
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
154 #else
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
155 uint32_t answer; // without a resolver, we return a single ipv4 address in network byte order, 0 == no answer
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
156 #endif
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
157 } __attribute__ ((packed));
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
158
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
159
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
160 ////////////////////////////////////////////////
136
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
161 // helper to manipulate recipient counts
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
162 //
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
163 void incr_rcpt_count(const char *user, int &hourly, int &daily);
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
164 void incr_rcpt_count(const char *user, int &hourly, int &daily) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
165 pthread_mutex_lock(&rate_mutex);
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
166 rates::iterator i = rcpt_hourly_counts.find(user);
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
167 hourly = 1;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
168 if (i == rcpt_hourly_counts.end()) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
169 user = strdup(user);
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
170 rcpt_hourly_counts[user] = hourly;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
171 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
172 else {
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
173 hourly = ++((*i).second);
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
174 }
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
175
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
176 rates::iterator j = rcpt_daily_counts.find(user);
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
177 daily = 1;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
178 if (j == rcpt_daily_counts.end()) {
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
179 user = strdup(user);
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
180 rcpt_daily_counts[user] = daily;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
181 }
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
182 else {
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
183 daily = ++((*j).second);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
184 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
185 pthread_mutex_unlock(&rate_mutex);
136
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
186 }
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
187
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
188
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
189 void add_auth_address(const char *user, int &hourly, int &daily, uint32_t ip);
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
190 void add_auth_address(const char *user, int &hourly, int &daily, uint32_t ip) {
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
191 pthread_mutex_lock(&rate_mutex);
280
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
192 auth_addresses::iterator i = auth_hourly_addresses.find(user);
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
193 if (i == auth_hourly_addresses.end()) {
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
194 user = strdup(user);
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
195 auth_hourly_addresses[user] = new uint32_t_set;
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
196 auth_hourly_addresses[user]->insert(ip);
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
197 hourly = 1;
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
198 }
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
199 else {
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
200 uint32_t_set::iterator k = ((*i).second)->find(ip);
280
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
201 if (k == ((*i).second)->end()) ((*i).second)->insert(ip);
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
202 hourly = ((*i).second)->size();
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
203 }
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
204
280
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
205 auth_addresses::iterator j = auth_daily_addresses.find(user);
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
206 if (j == auth_daily_addresses.end()) {
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
207 user = strdup(user);
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
208 auth_daily_addresses[user] = new uint32_t_set;
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
209 auth_daily_addresses[user]->insert(ip);
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
210 daily = 1;
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
211 }
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
212 else {
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
213 uint32_t_set::iterator k = ((*j).second)->find(ip);
280
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
214 if (k == ((*j).second)->end()) ((*j).second)->insert(ip);
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
215 daily = ((*j).second)->size();
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
216 }
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
217 pthread_mutex_unlock(&rate_mutex);
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
218 }
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
219
136
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
220 ////////////////////////////////////////////////
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
221 // helper to discard the strings held by a context_map
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
222 //
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
223 void discard(context_map &cm);
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
224 void discard(context_map &cm) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
225 for (context_map::iterator i=cm.begin(); i!=cm.end(); i++) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
226 const char *x = (*i).first;
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
227 free((void*)x);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
228 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
229 cm.clear();
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
230 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
231
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
232
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
233 ////////////////////////////////////////////////
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
234 // helper to register a string in a context_map
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
235 //
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
236 void register_string(context_map &cm, const char *name, CONTEXT *con);
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
237 void register_string(context_map &cm, const char *name, CONTEXT *con) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
238 context_map::iterator i = cm.find(name);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
239 if (i != cm.end()) return;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
240 char *x = strdup(name);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
241 cm[x] = con;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
242 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
243
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
244
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
245 ////////////////////////////////////////////////
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
246 // disconnect the fd from the dns resolver process
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
247 //
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
248 void my_disconnect(int sock, bool decrement = true);
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
249 void my_disconnect(int sock, bool decrement) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
250 if (sock != NULL_SOCKET) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
251 if (decrement) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
252 pthread_mutex_lock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
253 resolver_sock_count--;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
254 pthread_mutex_unlock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
255 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
256 shutdown(sock, SHUT_RDWR);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
257 close(sock);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
258 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
259 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
260
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
261
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
262 ////////////////////////////////////////////////
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
263 // return fd connected to the dns resolver process
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
264 //
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
265 int my_connect();
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
266 int my_connect() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
267 // if we have had recent errors, don't even try to open the socket
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
268 if ((time(NULL) - last_error_time) < ERROR_SOCKET_TIME) return NULL_SOCKET;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
269
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
270 // nothing recent, maybe this time it will work
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
271 int sock = NULL_SOCKET;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
272 sockaddr_un server;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
273 memset(&server, '\0', sizeof(server));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
274 server.sun_family = AF_UNIX;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
275 strncpy(server.sun_path, resolver_port, sizeof(server.sun_path)-1);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
276 sock = socket(AF_UNIX, SOCK_STREAM, 0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
277 if (sock != NULL_SOCKET) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
278 bool rc = (connect(sock, (sockaddr *)&server, sizeof(server)) == 0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
279 if (!rc) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
280 my_disconnect(sock, false);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
281 sock = NULL_SOCKET;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
282 last_error_time = time(NULL);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
283 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
284 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
285 else last_error_time = time(NULL);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
286 if (sock != NULL_SOCKET) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
287 pthread_mutex_lock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
288 resolver_sock_count++;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
289 pthread_mutex_unlock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
290 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
291 return sock;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
292 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
293
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
294
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
295 ////////////////////////////////////////////////
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
296 // Ask a dns question and get an A record answer in network byte order.
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
297 // We don't try very hard, just using the default resolver retry settings.
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
298 // If we cannot get an answer, we just accept the mail.
414
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
299 // If the qtype is ns_t_txt, the answer is placed in my_answer which
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
300 // must be non-null, and the return value can be ignored.
414
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
301 // A null string is returned in my_answer in the case of errors.
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
302 // If the qtype is ns_t_a, one of the ip addresses is returned in network byte order,
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
303 // and if my_answer is non-null, all the ip addresses are returned in
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
304 // my_answer (in network byte order), prepended with the count.
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
305 // IP address 0 is returned in case of errors.
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
306 //
414
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
307 uint32_t dns_interface(mlfiPriv &priv, const char *question, int qtype, bool maybe_ip, ns_map *nameservers, char *my_answer, size_t my_size) {
419
91f2a127ec69 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 415
diff changeset
308 // return null string if there are no txt answers
91f2a127ec69 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 415
diff changeset
309 // return zero count if there are no a answers
91f2a127ec69 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 415
diff changeset
310 if (my_answer && my_size) memset(my_answer, 0, my_size);
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
311
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
312 // tell sendmail we are still working
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
313 #if _FFR_SMFI_PROGRESS
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
314 if (priv.eom) smfi_progress(priv.ctx);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
315 #endif
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
316
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
317 // this part can be done without locking the resolver mutex. Each
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
318 // milter thread is talking over its own socket to a separate resolver
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
319 // process, which does the actual dns resolution.
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
320 if (priv.err) return 0; // cannot ask more questions on this socket.
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
321 if (maybe_ip && (qtype == ns_t_a)) {
409
e018ed19a1cc require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents: 402
diff changeset
322 int c = 0;
410
6b03435868cb require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents: 409
diff changeset
323 const char* q = question;
409
e018ed19a1cc require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents: 402
diff changeset
324 while (*q) {
e018ed19a1cc require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents: 402
diff changeset
325 if (*q == '.') c++;
e018ed19a1cc require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents: 402
diff changeset
326 q++;
e018ed19a1cc require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents: 402
diff changeset
327 }
e018ed19a1cc require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents: 402
diff changeset
328 // might be a bare IPv4 address, try this first to avoid dns lookups that may not be needed
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
329 in_addr ip;
409
e018ed19a1cc require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents: 402
diff changeset
330 if ((c == 3) && inet_aton(question, &ip)) {
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
331 return ip.s_addr;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
332 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
333 }
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
334 int8_t qt = qtype;
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
335 priv.my_write((const char *)&qt, 1);// write the query type
328
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
336 size_t n = strlen(question);
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
337 if (question[n-1] == '.') {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
338 priv.my_write(question, n+1); // write the question including the null terminator
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
339 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
340 else {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
341 priv.my_write(question, n); // write the question
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
342 priv.my_write(".", 2); // and the fully qualified . terminator and null string terminator
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
343 }
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
344
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
345 glommer glom;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
346 char *buf = (char *)&glom;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
347 priv.my_read(buf, sizeof(glom.length));
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
348 buf += sizeof(glom.length);
390
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
349 #ifdef RESOLVER_DEBUG
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
350 char text[1000];
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
351 snprintf(text, sizeof(text), "dns_interface() wrote question %s and has answer length %d", question, glom.length);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
352 my_syslog(text);
390
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
353 #endif
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
354 if (glom.length == 0) return 0;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
355 if (glom.length > sizeof(glom.answer)) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
356 priv.err = true;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
357 return 0; // cannot process overlarge answers
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
358 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
359 priv.my_read(buf, glom.length);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
360
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
361 #ifdef NS_PACKETSZ
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
362 // now we need to lock the resolver mutex to keep the milter threads from
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
363 // stepping on each other while parsing the dns answer.
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
364 uint32_t ret_address = 0;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
365 pthread_mutex_lock(&resolve_mutex);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
366 // parse the answer
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
367 ns_msg handle;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
368 ns_rr rr;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
369 if (ns_initparse(glom.answer, glom.length, &handle) == 0) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
370 // look for ns names
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
371 if (nameservers) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
372 ns_map &ns = *nameservers;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
373 int rrnum = 0;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
374 while (ns_parserr(&handle, ns_s_ns, rrnum++, &rr) == 0) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
375 if (ns_rr_type(rr) == ns_t_ns) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
376 char nam[NS_MAXDNAME+1];
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
377 char *n = nam;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
378 const u_char *p = ns_rr_rdata(rr);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
379 while (((n-nam) < NS_MAXDNAME) && ((size_t)(p-glom.answer) < glom.length) && *p) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
380 size_t s = *(p++);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
381 if (s > 191) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
382 // compression pointer
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
383 s = (s-192)*256 + *(p++);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
384 if (s >= glom.length) break; // pointer outside bounds of answer
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
385 p = glom.answer + s;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
386 s = *(p++);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
387 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
388 if (s > 0) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
389 if ((size_t)(n-nam) >= (NS_MAXDNAME-s)) break; // destination would overflow name buffer
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
390 if ((size_t)(p-glom.answer) >= (glom.length-s)) break; // source outside bounds of answer
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
391 memcpy(n, p, s);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
392 n += s;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
393 p += s;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
394 *(n++) = '.';
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
395 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
396 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
397 if (n-nam) n--; // remove trailing .
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
398 *n = '\0'; // null terminate it
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
399 ns.add(nam, question); // ns host to lookup later
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
400 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
401 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
402 rrnum = 0;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
403 while (ns_parserr(&handle, ns_s_ar, rrnum++, &rr) == 0) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
404 if (ns_rr_type(rr) == ns_t_a) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
405 char* nam = (char*)ns_rr_name(rr);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
406 ns_mapper::iterator i = ns.ns_ip.find(nam);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
407 if (i != ns.ns_ip.end()) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
408 // we want this ip address
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
409 uint32_t address;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
410 memcpy(&address, ns_rr_rdata(rr), sizeof(address));
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
411 ns.ns_ip[nam] = address;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
412 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
413 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
414 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
415 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
416 int rrnum = 0;
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
417 if (qtype == ns_t_a) {
414
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
418 uint32_t *ans = (uint32_t *)my_answer;
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
419 size_t c = 0;
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
420 size_t m = my_size/4; // 1 + max ipv4 addresses that will fit in the answer buffer
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
421 while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) {
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
422 if (ns_rr_type(rr) == qtype) {
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
423 uint32_t address;
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
424 memcpy(&address, ns_rr_rdata(rr), sizeof(address));
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
425 ret_address = address;
414
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
426 if (ans && (c < m-1)) {
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
427 c++;
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
428 ans[c] = address;
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
429 }
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
430 }
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
431 }
414
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
432 if (ans && (c < m)) ans[0] = c;
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
433 }
414
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
434 if ((qtype == ns_t_mx) && (my_answer) && (my_size > 1)) {
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
435 uint32_t c = 0;
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
436 while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) {
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
437 if (ns_rr_type(rr) == qtype) {
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
438 char exchange[NS_MAXDNAME];
415
16451edcb962 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 414
diff changeset
439 //size_t rdlen = ns_rr_rdlen(rr);
16451edcb962 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 414
diff changeset
440 //const uint16_t pri = ns_get16(rdata);
414
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
441 const unsigned char *rdata = ns_rr_rdata(rr);
419
91f2a127ec69 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 415
diff changeset
442 int len = dn_expand(ns_msg_base(handle), ns_msg_base(handle) + ns_msg_size(handle), rdata + NS_INT16SZ, exchange, sizeof(exchange));
91f2a127ec69 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 415
diff changeset
443 if (len > 0) { // no error
91f2a127ec69 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 415
diff changeset
444 len = strlen(exchange) + 1;
91f2a127ec69 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 415
diff changeset
445 if (my_size >= (uint32_t)len+1) {
91f2a127ec69 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 415
diff changeset
446 strcpy(my_answer, exchange);
91f2a127ec69 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 415
diff changeset
447 my_answer += len;
91f2a127ec69 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 415
diff changeset
448 my_size -= len;
91f2a127ec69 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 415
diff changeset
449 c++;
91f2a127ec69 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 415
diff changeset
450 }
414
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
451 }
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
452 }
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
453 }
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
454 *my_answer = '\0'; // final trailing null
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
455 ret_address = htonl(c);
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
456 }
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
457 if ((qtype == ns_t_txt) && (my_answer) && (my_size > 7)) {
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
458 my_answer[0] = '\0'; // return null string if there are no txt answers
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
459 my_size--; // allow room for terminating null;
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
460 while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) {
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
461 if (ns_rr_type(rr) == qtype) {
384
7b7066a51c33 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 382
diff changeset
462 size_t offset = 0;
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
463 size_t rdlen = ns_rr_rdlen(rr);
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
464 const unsigned char *rdata = ns_rr_rdata(rr);
390
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
465 #ifdef RESOLVER_DEBUG
385
be7355b47051 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 384
diff changeset
466 char text[1000];
be7355b47051 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 384
diff changeset
467 snprintf(text, sizeof(text), "found txt record rdlen = %d", rdlen);
be7355b47051 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 384
diff changeset
468 my_syslog(text);
390
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
469 #endif
414
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
470 while ((offset < my_size) && rdlen) {
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
471 size_t slen = size_t(*(rdata++));
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
472 rdlen--;
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
473 size_t m = min(slen, rdlen);
414
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
474 m = min(m, my_size-offset);
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
475 memcpy(my_answer+offset, rdata, m);
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
476 offset += m;
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
477 rdata += m;
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
478 rdlen -= m;
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
479 }
414
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
480 my_answer[offset] = '\0'; // trailing null
390
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
481 #ifdef RESOLVER_DEBUG
414
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
482 snprintf(text, sizeof(text), "found txt record %s", my_answer);
385
be7355b47051 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 384
diff changeset
483 my_syslog(text);
390
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
484 #endif
414
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
485 if (strncasecmp(my_answer, "v=spf1 ", 7) == 0) break;
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
486 }
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
487 }
414
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
488 if (strncasecmp(my_answer, "v=spf1 ", 7) != 0) {
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 410
diff changeset
489 my_answer[0] = '\0'; // return null string if there are no spf1 txt answers
390
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
490 }
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
491 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
492 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
493 pthread_mutex_unlock(&resolve_mutex);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
494 #ifdef RESOLVER_DEBUG
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
495 snprintf(text, sizeof(text), "dns_interface() found ip %d", ret_address);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
496 my_syslog(text);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
497 #endif
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
498 return ret_address;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
499 #else
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
500 return glom.answer;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
501 #endif
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
502 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
503
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
504
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
505 ////////////////////////////////////////////////
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
506 // lookup a hostname on the uribl
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
507 //
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
508 // if we find hostname on the uribl, return true and point found to hostname
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
509 // as a string registered in hosts.
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
510 // otherwise, return false and preserve the value of found.
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
511 //
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
512 bool uriblookup(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) ;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
513 bool uriblookup(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) {
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
514 char buf[maxlen];
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
515 snprintf(buf, sizeof(buf), "%s.%s.", hostname, priv.uribl_suffix);
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
516 uint32_t ip = ntohl(dns_interface(priv, buf, ns_t_a));
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
517 if (ip and (ip != 0x7f000000)) {
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
518 if (debug_syslog > 2) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
519 char tmp[maxlen];
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
520 snprintf(tmp, sizeof(tmp), "found %s on %s", hostname, priv.uribl_suffix);
451
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
521 my_syslog(&priv, tmp);
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
522 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
523 found = register_string(hosts, hostname);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
524 return true;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
525 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
526 return false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
527 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
528
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
529
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
530 ////////////////////////////////////////////////
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
531 // uribl checker
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
532 // -------------
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
533 // hostname MUST not have a trailing dot. Find the tld part of
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
534 // the hostname, and add one more level. If that is listed on
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
535 // the uribl, return true and point found to the part of the
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
536 // hostname that we found as a string registered in hosts.
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
537 // Otherwise, return false and preserve the value of found.
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
538 //
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
539 bool check_uribl(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) ;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
540 bool check_uribl(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
541 in_addr ip;
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
542 if (inet_aton(hostname, &ip)) return false; // don't check ip addresses in uribls
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
543 const char* components[maxlen];
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
544 int n = 0; // number of components in the hostname
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
545 while (n < maxlen) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
546 components[n++] = hostname;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
547 const char *c = strchr(hostname, '.');
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
548 if (!c) break;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
549 hostname = c+1;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
550 }
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
551 string_set *tlds = priv.memory->get_tlds();
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
552 string_set *tldwilds = priv.memory->get_tldwilds();
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
553 string_set *tldnots = priv.memory->get_tldnots();
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
554 string_set::iterator xtlds = tlds->end();
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
555 string_set::iterator xtldwilds = tldwilds->end();
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
556 string_set::iterator xtldnots = tldnots->end();
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
557 for (int i=max(0,n-4); i<n; i++) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
558 const char* name = components[i];
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
559 bool rc = false;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
560 string_set::iterator tt = tldnots->find(name);
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
561 if (tt != xtldnots) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
562 rc = true;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
563 }
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
564 else {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
565 tt = tldwilds->find(name);
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
566 if (tt != xtldwilds) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
567 if (i > 1) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
568 rc = true;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
569 name = components[i-2];
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
570 }
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
571 else return false;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
572 }
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
573 else {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
574 tt = tlds->find(name);
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
575 if (tt != xtlds) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
576 if (i > 0) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
577 rc = true;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
578 name = components[i-1];
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
579 }
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
580 else return false;
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
581 }
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
582 }
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
583 }
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
584 if (rc) {
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
585 return uriblookup(priv, hosts, name, found);
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
586 }
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
587 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
588 return false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
589 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
590
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
591
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
592 mlfiPriv::mlfiPriv() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
593 pthread_mutex_lock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
594 pc = config;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
595 pc->reference_count++;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
596 pthread_mutex_unlock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
597 get_fd();
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
598 ctx = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
599 eom = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
600 ip = 0;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
601 helo = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
602 mailaddr = NULL;
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
603 origaddr = NULL;
321
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
604 fromaddr = NULL;
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
605 header_count = 0;
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
606 dkim_ok = true;
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
607 queueid = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
608 authenticated = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
609 client_name = NULL;
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
610 client_dns_name = NULL;
268
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
611 client_dns_forged = false;
238
7b818a4e21a4 produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents: 236
diff changeset
612 host_uribl = NULL;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
613 helo_uribl = false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
614 client_uribl = false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
615 from_uribl = false;
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
616 have_whites = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
617 only_whites = true;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
618 want_spamassassin = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
619 want_dccgrey = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
620 want_dccbulk = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
621 allow_autowhitelisting = true;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
622 content_context = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
623 memory = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
624 scanner = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
625 content_suffix = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
626 content_message = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
627 uribl_suffix = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
628 uribl_message = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
629 content_host_ignore = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
630 assassin = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
631 dccifd = NULL;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
632 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
633
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
634 mlfiPriv::~mlfiPriv() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
635 return_fd();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
636 pthread_mutex_lock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
637 pc->reference_count--;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
638 bool last = (!pc->reference_count) && (pc != config);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
639 pthread_mutex_unlock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
640 if (last) delete pc; // free this config, since we were the last reference to it
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
641 if (helo) free((void*)helo);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
642 reset(true);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
643 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
644
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
645 void mlfiPriv::reset(bool final) {
194
688ec12a3c0c delay autowhitelisting to avoid out of office reply bots
carl
parents: 193
diff changeset
646 while (!delayer.empty()) {
231
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
647 DELAYWHITEP dwp = delayer.front();
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
648 const char *loto = dwp->get_loto();
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
649 if (loto) free((void*)loto);
193
3ea79ef741a0 delay autowhitelisting to avoid out of office reply bots
carl
parents: 192
diff changeset
650 delete dwp;
3ea79ef741a0 delay autowhitelisting to avoid out of office reply bots
carl
parents: 192
diff changeset
651 delayer.pop_front();
3ea79ef741a0 delay autowhitelisting to avoid out of office reply bots
carl
parents: 192
diff changeset
652 }
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
653 if (mailaddr) free((void*)mailaddr);
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
654 if (origaddr) free((void*)origaddr);
321
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
655 if (fromaddr) free((void*)fromaddr);
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
656 if (queueid) free((void*)queueid);
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
657 if (authenticated) free((void*)authenticated);
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
658 if (client_name) free((void*)client_name);
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
659 if (client_dns_name) free((void*)client_dns_name);
326
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
660 discard(dkim_signers);
238
7b818a4e21a4 produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents: 236
diff changeset
661 discard(hosts_uribl);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
662 delayer.clear();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
663 discard(env_to);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
664 if (memory) delete memory;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
665 if (scanner) delete scanner;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
666 if (assassin) delete assassin;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
667 if (dccifd) delete dccifd;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
668 if (!final) {
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
669 ctx = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
670 eom = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
671 mailaddr = NULL;
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
672 origaddr = NULL;
321
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
673 fromaddr = NULL;
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
674 header_count = 0;
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
675 dkim_ok = true;
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
676 queueid = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
677 authenticated = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
678 client_name = NULL;
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
679 client_dns_name = NULL;
238
7b818a4e21a4 produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents: 236
diff changeset
680 host_uribl = NULL;
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
681 helo_uribl = false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
682 client_uribl = false;
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
683 from_uribl = false;
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
684 have_whites = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
685 only_whites = true;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
686 want_spamassassin = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
687 want_dccgrey = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
688 want_dccbulk = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
689 allow_autowhitelisting = true;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
690 content_context = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
691 memory = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
692 scanner = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
693 content_suffix = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
694 content_message = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
695 uribl_suffix = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
696 uribl_message = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
697 content_host_ignore = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
698 assassin = NULL;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
699 dccifd = NULL;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
700 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
701 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
702
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
703 void mlfiPriv::get_fd() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
704 err = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
705 fd = NULL_SOCKET;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
706 int result = pthread_mutex_lock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
707 if (!result) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
708 std::set<int>::iterator i;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
709 i = fd_pool.begin();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
710 if (i != fd_pool.end()) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
711 // have at least one fd in the pool
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
712 err = false;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
713 fd = *i;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
714 fd_pool.erase(fd);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
715 resolver_pool_size--;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
716 pthread_mutex_unlock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
717 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
718 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
719 // pool is empty, get a new fd
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
720 pthread_mutex_unlock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
721 fd = my_connect();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
722 err = (fd == NULL_SOCKET);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
723 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
724 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
725 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
726 // cannot lock the pool, just get a new fd
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
727 fd = my_connect();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
728 err = (fd == NULL_SOCKET);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
729 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
730 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
731
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
732 void mlfiPriv::return_fd() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
733 if (err) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
734 // this fd got a socket error, so close it, rather than returning it to the pool
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
735 my_disconnect(fd);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
736 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
737 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
738 int result = pthread_mutex_lock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
739 if (!result) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
740 if ((resolver_sock_count > resolver_pool_size*5) || (resolver_pool_size < 5)) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
741 // return the fd to the pool
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
742 fd_pool.insert(fd);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
743 resolver_pool_size++;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
744 pthread_mutex_unlock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
745 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
746 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
747 // more than 20% of the open resolver sockets are in the pool, and the
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
748 // pool as at least 5 sockets. that is enough, so just close this one.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
749 pthread_mutex_unlock(&fd_pool_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
750 my_disconnect(fd);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
751 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
752 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
753 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
754 // could not lock the pool, so just close the fd
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
755 my_disconnect(fd);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
756 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
757 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
758 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
759
177
a4d313c2460b start embedded dcc filtering
carl
parents: 174
diff changeset
760 size_t mlfiPriv::my_write(const char *buf, size_t len) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
761 if (err) return 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
762 size_t rs = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
763 while (len) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
764 size_t ws = write(fd, buf, len);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
765 if (ws > 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
766 rs += ws;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
767 len -= ws;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
768 buf += ws;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
769 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
770 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
771 // peer closed the socket!
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
772 rs = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
773 err = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
774 break;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
775 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
776 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
777 return rs;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
778 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
779
177
a4d313c2460b start embedded dcc filtering
carl
parents: 174
diff changeset
780 size_t mlfiPriv::my_read(char *buf, size_t len) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
781 if (err) return 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
782 size_t rs = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
783 while (len) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
784 size_t ws = read(fd, buf, len);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
785 if (ws > 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
786 rs += ws;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
787 len -= ws;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
788 buf += ws;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
789 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
790 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
791 // peer closed the socket!
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
792 rs = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
793 err = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
794 break;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
795 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
796 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
797 return rs;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
798 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
799
377
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
800 const char *mlfiPriv::check_uribl_signers() {
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
801 if (uribl_suffix) {
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
802 for (string_set::iterator s=dkim_signers.begin(); s!=dkim_signers.end(); s++) {
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
803 if (check_uribl(*this, hosts_uribl, *s, host_uribl)) return host_uribl;
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
804 }
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
805 }
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
806 return NULL;
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
807 }
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
808
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
809 void mlfiPriv::need_content_filter(CONTEXT &con) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
810 if (!memory) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
811 // first recipient that needs content filtering sets
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
812 // some of the content filtering parameters
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
813 memory = new recorder(this, con.get_html_tags(), con.get_content_tlds(), con.get_content_tldwilds(), con.get_content_tldnots());
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
814 scanner = new url_scanner(memory);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
815 content_suffix = con.get_content_suffix();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
816 content_message = con.get_content_message();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
817 uribl_suffix = con.get_uribl_suffix();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
818 uribl_message = con.get_uribl_message();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
819 content_host_ignore = &con.get_content_host_ignore();
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
820 // if we are using uribl, test helo and client names here
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
821 if (uribl_suffix) {
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
822 if (helo) {
238
7b818a4e21a4 produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents: 236
diff changeset
823 helo_uribl = check_uribl(*this, hosts_uribl, helo, host_uribl);
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
824 }
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
825 if (client_dns_name && !helo_uribl) {
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
826 client_uribl = check_uribl(*this, hosts_uribl, client_dns_name, host_uribl);
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
827 }
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
828 if (mailaddr && !client_uribl) {
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
829 const char *f = strchr(mailaddr, '@');
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
830 if (f) from_uribl = check_uribl(*this, hosts_uribl, f+1, host_uribl);
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
831 }
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
832 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
833 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
834 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
835
186
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
836
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
837 mlfiPriv* fetch_priv_from_ctx(SMFICTX *ctx);
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
838 mlfiPriv* fetch_priv_from_ctx(SMFICTX *ctx)
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
839 {
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
840 mlfiPriv *priv = (struct mlfiPriv *)smfi_getpriv(ctx);
187
f0eda59e8afd fix null pointer dereference from missing HELO command
carl
parents: 186
diff changeset
841 priv->ctx = ctx;
186
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
842 return priv;
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
843 }
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
844 #define MLFIPRIV fetch_priv_from_ctx(ctx)
2a80c9b5d2c9 fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
845
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
846
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
847
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
848 ////////////////////////////////////////////////
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
849 // syslog a message
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
850 //
310
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
851 void my_syslog(const char *queueid, const char *text) {
436
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
852 const char* noqueue = "NOQUEUE";
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
853 if (!queueid || !queueid[0]) queueid = noqueue;
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
854
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
855 const int syslogmaxlen = 400; // buffer size
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
856 char buf[syslogmaxlen];
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
857 snprintf(buf, sizeof(buf), "%s: ", queueid);
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
858 size_t hdrlen = strlen(buf);
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
859 const size_t maxsegment = syslogmaxlen - hdrlen - 1;
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
860 size_t msglen = strlen(text);
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
861 while (msglen > 0) {
310
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
862 snprintf(buf, sizeof(buf), "%s: %s", queueid, text);
436
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
863 if (use_syslog) {
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
864 pthread_mutex_lock(&syslog_mutex);
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
865 if (!syslog_opened) {
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
866 openlog("dnsbl", LOG_PID, LOG_MAIL);
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
867 syslog_opened = true;
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
868 }
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
869 syslog(LOG_NOTICE, "%s", buf);
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
870 pthread_mutex_unlock(&syslog_mutex);
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
871 }
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
872 else {
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
873 printf("%s \n", buf);
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
874 }
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
875 size_t segmentlen = min(msglen, maxsegment);
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
876 text += segmentlen;
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
877 msglen -= segmentlen;
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
878 // assert(msglen == strlen(text))
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
879 }
436
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
880
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
881 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
882
310
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
883 void my_syslog(mlfiPriv *priv, const char *text) {
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
884 if (priv) my_syslog(priv->queueid, text);
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
885 else my_syslog((const char *)NULL, text);
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
886 }
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
887
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
888 void my_syslog(mlfiPriv *priv, const string text) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
889 if (debug_syslog > 3) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
890 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
891 strncpy(buf, text.c_str(), sizeof(buf));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
892 buf[maxlen-1] = '\0'; // ensure null termination
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
893 my_syslog(priv, buf);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
894 }
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
895 }
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
896
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
897 void my_syslog(const char *text) {
310
802e2b779ed1 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
898 my_syslog((const char *)NULL, text);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
899 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
900
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
901
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
902 ////////////////////////////////////////////////
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
903 // read a resolver request from the socket, process it, and
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
904 // write the result back to the socket.
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
905
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
906 void process_resolver_requests(int socket);
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
907 void process_resolver_requests(int socket) {
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
908 #ifdef NS_MAXDNAME
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
909 char question[NS_MAXDNAME];
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
910 #else
389
aa9795b407e8 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 388
diff changeset
911 char question[1025];
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
912 #endif
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
913 glommer glom;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
914
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
915 int maxq = sizeof(question);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
916 while (true) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
917 // read a question
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
918 int rs = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
919 while (rs < maxq) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
920 int ns = read(socket, question+rs, maxq-rs);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
921 if (ns > 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
922 rs += ns;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
923 if (question[rs-1] == '\0') {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
924 // last byte read was the null terminator, we are done
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
925 break;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
926 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
927 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
928 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
929 // peer closed the socket
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
930 #ifdef RESOLVER_DEBUG
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
931 my_syslog("process_resolver_requests() peer closed socket while reading question");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
932 #endif
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
933 shutdown(socket, SHUT_RDWR);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
934 close(socket);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
935 return;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
936 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
937 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
938 question[rs-1] = '\0'; // ensure null termination
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
939
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
940 // find the answer
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
941 #ifdef NS_PACKETSZ
388
2354a1944e49 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 387
diff changeset
942 int qt = int8_t(question[0]);
2354a1944e49 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 387
diff changeset
943 int res_result = res_query(question+1, ns_c_in, qt, glom.answer, sizeof(glom.answer));
390
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
944 #ifdef RESOLVER_DEBUG
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
945 char text[1000];
387
616e46e9b8f0 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 386
diff changeset
946 snprintf(text, sizeof(text), "process_resolver_requests() has a question %s qtype %d buf len %d result %d",
388
2354a1944e49 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 387
diff changeset
947 question+1, qt, sizeof(glom.answer), res_result);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
948 my_syslog(text);
390
bcef093b1ba6 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 389
diff changeset
949 #endif
223
da9e7f1c8160 fix unsigned signed compare, back to mixed -lresolv and libresolv.a with auto requires
Carl Byington <carl@five-ten-sg.com>
parents: 222
diff changeset
950 if (res_result < 0) glom.length = 0; // represent all errors as zero length answers
da9e7f1c8160 fix unsigned signed compare, back to mixed -lresolv and libresolv.a with auto requires
Carl Byington <carl@five-ten-sg.com>
parents: 222
diff changeset
951 else glom.length = (size_t)res_result;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
952 #else
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
953 glom.length = sizeof(glom.answer);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
954 glom.answer = 0;
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
955 int t = int8_t(question[0]);
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
956 if (t != ns_t_a) {
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
957 glom.length = 0;
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
958 }
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
959 else {
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
960 struct hostent *host = gethostbyname(question+1);
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
961 if (host && (host->h_addrtype == AF_INET)) {
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
962 memcpy(&glom.answer, host->h_addr, sizeof(glom.answer));
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
963 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
964 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
965 #endif
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
966
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
967 // write the answer
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
968 char *buf = (char *)&glom;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
969 int len = glom.length + sizeof(glom.length);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
970 #ifdef RESOLVER_DEBUG
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
971 snprintf(text, sizeof(text), "process_resolver_requests() writing answer length %d for total %d", glom.length, len);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
972 my_syslog(text);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
973 #endif
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
974 int ws = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
975 while (len > ws) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
976 int ns = write(socket, buf+ws, len-ws);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
977 if (ns > 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
978 ws += ns;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
979 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
980 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
981 // peer closed the socket!
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
982 #ifdef RESOLVER_DEBUG
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
983 my_syslog("process_resolver_requests() peer closed socket while writing answer");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
984 #endif
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
985 shutdown(socket, SHUT_RDWR);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
986 close(socket);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
987 return;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
988 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
989 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
990 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
991 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
992
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
993
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
994 ////////////////////////////////////////////////
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
995 // check a single dns list, return ip address in network byte order
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
996 //
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
997 uint32_t check_single(mlfiPriv &priv, uint32_t ip, const char *suffix);
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
998 uint32_t check_single(mlfiPriv &priv, uint32_t ip, const char *suffix) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
999 // make a dns question
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1000 const u_char *src = (const u_char *)&ip;
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1001 if (src[0] == 127) return 0; // don't do dns lookups on localhost
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1002 if (src[0] == 10) return 0; // don't do dns lookups on rfc1918 space
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1003 if ((src[0] == 192) && (src[1] == 168)) return 0;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1004 if ((src[0] == 172) && (16 <= src[1]) && (src[1] <= 31)) return 0;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1005 #ifdef NS_MAXDNAME
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1006 char question[NS_MAXDNAME];
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1007 #else
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1008 char question[1000];
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1009 #endif
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1010 snprintf(question, sizeof(question), "%u.%u.%u.%u.%s.", src[3], src[2], src[1], src[0], suffix);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1011 // ask the question, if we get an A record it implies a blacklisted ip address
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
1012 return dns_interface(priv, question, ns_t_a);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1013 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1014
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1015
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1016 ////////////////////////////////////////////////
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1017 // check a single dnsbl
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1018 //
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
1019 bool check_single(mlfiPriv &priv, uint32_t ip, DNSBL &bl);
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
1020 bool check_single(mlfiPriv &priv, uint32_t ip, DNSBL &bl) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1021 return check_single(priv, ip, bl.suffix);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1022 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1023
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1024
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1025 ////////////////////////////////////////////////
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1026 // check a single dnswl
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1027 //
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
1028 bool check_single(mlfiPriv &priv, uint32_t ip, DNSWL &wl);
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
1029 bool check_single(mlfiPriv &priv, uint32_t ip, DNSWL &wl) {
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
1030 uint32_t r = ntohl(check_single(priv, ip, wl.suffix));
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
1031 uint32_t v = (uint32_t)0x7f000000;
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
1032 uint32_t m = (uint32_t)0xffff0000;
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
1033 uint32_t m2 = (uint32_t)0x000000ff;
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1034 if ((r & m) == v) {
252
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
1035 uint32_t l = r & m2;
836b7f2357f9 need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
1036 if ((int)l >= wl.level) return true;
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1037 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1038 return false;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1039 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1040
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1041
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1042 ////////////////////////////////////////////////
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1043 // check the dnsbls specified for this recipient
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1044 //
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1045 bool check_dnsbl(mlfiPriv &priv, dnsblp_list &dnsbll, DNSBLP &rejectlist);
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1046 bool check_dnsbl(mlfiPriv &priv, dnsblp_list &dnsbll, DNSBLP &rejectlist) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1047 for (dnsblp_list::iterator i=dnsbll.begin(); i!=dnsbll.end(); i++) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1048 DNSBLP dp = *i; // non null by construction
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1049 bool st;
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1050 map<DNSBLP, bool>::iterator f = priv.checked_black.find(dp);
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1051 if (f == priv.checked_black.end()) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1052 // have not checked this list yet
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1053 st = check_single(priv, priv.ip, *dp);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1054 rejectlist = dp;
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1055 priv.checked_black[dp] = st;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1056 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1057 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1058 st = (*f).second;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1059 rejectlist = (*f).first;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1060 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1061 if (st) return st;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1062 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1063 return false;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1064 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1065
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1066
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1067 ////////////////////////////////////////////////
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1068 // check the dnswls specified for this recipient
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1069 //
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1070 bool check_dnswl(mlfiPriv &priv, dnswlp_list &dnswll, DNSWLP &acceptlist);
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1071 bool check_dnswl(mlfiPriv &priv, dnswlp_list &dnswll, DNSWLP &acceptlist) {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1072 for (dnswlp_list::iterator i=dnswll.begin(); i!=dnswll.end(); i++) {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1073 DNSWLP dp = *i; // non null by construction
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1074 bool st;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1075 map<DNSWLP, bool>::iterator f = priv.checked_white.find(dp);
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1076 if (f == priv.checked_white.end()) {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1077 // have not checked this list yet
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1078 st = check_single(priv, priv.ip, *dp);
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1079 acceptlist = dp;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1080 priv.checked_white[dp] = st;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1081 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1082 else {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1083 st = (*f).second;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1084 acceptlist = (*f).first;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1085 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1086 if (st) return st;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1087 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1088 return false;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1089 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1090
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1091
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1092 ////////////////////////////////////////////////
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1093 // check the hosts from the body against the content filter and uribl dnsbls
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1094 //
124
ea6f9c812faa put hostname in smtp message for uribl style lookups
carl
parents: 123
diff changeset
1095 //
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
1096 bool check_hosts(mlfiPriv &priv, bool random, int limit, const char *&msg, const char *&host, uint32_t &ip, const char *&found);
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
1097 bool check_hosts(mlfiPriv &priv, bool random, int limit, const char *&msg, const char *&host, uint32_t &ip, const char *&found) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1098 found = NULL; // normally ip address style
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1099 if (!priv.content_suffix && !priv.uribl_suffix) return false; // nothing to check
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1100 string_set &hosts = priv.memory->get_hosts();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1101 string_set &ignore = *priv.content_host_ignore;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1102
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1103 int count = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1104 int cnt = hosts.size(); // number of hosts we could look at
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
1105 uint32_t_set ips;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1106 ns_map nameservers;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1107 for (string_set::iterator i=hosts.begin(); i!=hosts.end(); i++) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1108 host = *i; // a reference into hosts, which will live until this smtp transaction is closed
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1109
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1110 // don't bother looking up hosts on the ignore list
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1111 string_set::iterator j = ignore.find(host);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1112 if (j != ignore.end()) continue;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1113
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1114 // try to only look at limit/cnt fraction of the available cnt host names in random mode
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1115 if ((cnt > limit) && (limit > 0) && random) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1116 int r = rand() % cnt;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1117 if (r >= limit) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1118 if (debug_syslog > 2) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1119 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1120 snprintf(buf, sizeof(buf), "host %s skipped", host);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1121 my_syslog(&priv, buf);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1122 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1123 continue;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1124 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1125 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1126 count++;
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
1127 ip = dns_interface(priv, host, ns_t_a, true, &nameservers);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1128 if (debug_syslog > 2) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1129 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1130 if (ip) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1131 char adr[sizeof "255.255.255.255 "];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1132 adr[0] = '\0';
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1133 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1134 snprintf(buf, sizeof(buf), "host %s found at %s", host, adr);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1135 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1136 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1137 snprintf(buf, sizeof(buf), "host %s not found", host);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1138 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1139 my_syslog(&priv, buf);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1140 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1141 if (ip) {
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
1142 uint32_t_set::iterator i = ips.find(ip);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1143 if (i == ips.end()) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1144 // we haven't looked this up yet
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1145 ips.insert(ip);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1146 // check dnsbl style list
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1147 if (priv.content_suffix && check_single(priv, ip, priv.content_suffix)) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1148 msg = priv.content_message;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1149 return true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1150 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1151 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1152 }
467
f5b394bec28c allow checking names without A records on uribl lists; improve extraction of fake TLDs from our RPZ zone
Carl Byington <carl@five-ten-sg.com>
parents: 465
diff changeset
1153 // Check uribl & surbl style list
f5b394bec28c allow checking names without A records on uribl lists; improve extraction of fake TLDs from our RPZ zone
Carl Byington <carl@five-ten-sg.com>
parents: 465
diff changeset
1154 if (priv.uribl_suffix && check_uribl(priv, hosts, host, found)) {
f5b394bec28c allow checking names without A records on uribl lists; improve extraction of fake TLDs from our RPZ zone
Carl Byington <carl@five-ten-sg.com>
parents: 465
diff changeset
1155 msg = priv.uribl_message;
f5b394bec28c allow checking names without A records on uribl lists; improve extraction of fake TLDs from our RPZ zone
Carl Byington <carl@five-ten-sg.com>
parents: 465
diff changeset
1156 return true;
f5b394bec28c allow checking names without A records on uribl lists; improve extraction of fake TLDs from our RPZ zone
Carl Byington <carl@five-ten-sg.com>
parents: 465
diff changeset
1157 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1158 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1159 limit *= 4; // allow average of 3 ns per host name
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1160 for (ns_mapper::iterator i=nameservers.ns_ip.begin(); i!=nameservers.ns_ip.end(); i++) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1161 count++;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1162 if ((count > limit) && (limit > 0)) return false; // too many name servers to check them all
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1163 host = (*i).first; // a transient reference that needs to be replaced before we return it
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1164 ip = (*i).second;
425
1b7a785610f5 hosts-ignore.conf can be used to ignore nameserver names
Carl Byington <carl@five-ten-sg.com>
parents: 419
diff changeset
1165
1b7a785610f5 hosts-ignore.conf can be used to ignore nameserver names
Carl Byington <carl@five-ten-sg.com>
parents: 419
diff changeset
1166 // don't bother looking up nameserver names on the ignore list
1b7a785610f5 hosts-ignore.conf can be used to ignore nameserver names
Carl Byington <carl@five-ten-sg.com>
parents: 419
diff changeset
1167 string_set::iterator j = ignore.find(host);
1b7a785610f5 hosts-ignore.conf can be used to ignore nameserver names
Carl Byington <carl@five-ten-sg.com>
parents: 419
diff changeset
1168 if (j != ignore.end()) continue;
1b7a785610f5 hosts-ignore.conf can be used to ignore nameserver names
Carl Byington <carl@five-ten-sg.com>
parents: 419
diff changeset
1169
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 379
diff changeset
1170 if (!ip) ip = dns_interface(priv, host, ns_t_a);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1171 if (debug_syslog > 2) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1172 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1173 if (ip) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1174 char adr[sizeof "255.255.255.255 "];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1175 adr[0] = '\0';
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1176 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1177 snprintf(buf, sizeof(buf), "ns %s found at %s", host, adr);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1178 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1179 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1180 snprintf(buf, sizeof(buf), "ns %s not found", host);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1181 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1182 my_syslog(&priv, buf);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1183 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1184 if (ip) {
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
1185 uint32_t_set::iterator i = ips.find(ip);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1186 if (i == ips.end()) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1187 ips.insert(ip);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1188 if (check_single(priv, ip, priv.content_suffix)) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1189 msg = priv.content_message;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1190 string_map::iterator j = nameservers.ns_host.find(host);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1191 if (j != nameservers.ns_host.end()) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1192 const char *refer = (*j).second;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1193 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1194 snprintf(buf, sizeof(buf), "%s with nameserver %s", refer, host);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1195 host = register_string(hosts, buf); // put a copy into hosts, and return that reference
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1196 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1197 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1198 host = register_string(hosts, host); // put a copy into hosts, and return that reference
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1199 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1200 return true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1201 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1202 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1203 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1204 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1205 return false;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1206 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1207
127
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes
carl
parents: 126
diff changeset
1208
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1209 ////////////////////////////////////////////////
127
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes
carl
parents: 126
diff changeset
1210 //
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes
carl
parents: 126
diff changeset
1211 // this email address is passed in from sendmail, and will normally be
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1212 // enclosed in <>. I think older versions of sendmail supplied the <>
127
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes
carl
parents: 126
diff changeset
1213 // wrapper if the mail client did not, but the current version does not do
2b1a4701e856 sendmail no longer guarantees <> wrapper on envelopes
carl
parents: 126
diff changeset
1214 // that. So the <> wrapper is now optional. It may have mixed case, just
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1215 // as the mail client sent it. We dup the string and convert the duplicate
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1216 // to lower case. Some clients enclose the entire address in single quotes,
246
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1217 // so we strip those as well. We also remove the SRS and prvs coding.
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1218 //
346
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1219 const char *to_lower_string(const char *email, bool srs = true);
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1220 const char *to_lower_string(const char *email, bool srs) {
266
582cfb9c4031 fix unauthenticated rate limit bug for empty mail from
Carl Byington <carl@five-ten-sg.com>
parents: 263
diff changeset
1221 if (!email) return strdup("<>");
328
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1222 size_t n = strlen(email);
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1223 if ((n > 1) && (email[0] == '<') && (email[n-1] == '>')) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1224 n -= 2;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1225 email++;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1226 }
328
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1227 if ((n > 1) && (email[0] == '\'') && (email[n-1] == '\'')) {
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1228 n -= 2;
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1229 email++;
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1230 }
352
f5a6740cabee need to lowercase the domain extracted from the from header so it will match the keys in dkim_from
Carl Byington <carl@five-ten-sg.com>
parents: 350
diff changeset
1231 if (n == 0) return strdup("<>");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1232 char *key = strdup(email);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1233 key[n] = '\0';
331
9800776436b9 allow dkim whitelisting to override uribl hosts in the mail body
Carl Byington <carl@five-ten-sg.com>
parents: 330
diff changeset
1234 for (size_t i=0; i<n; i++) key[i] = tolower(key[i]);
346
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1235
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1236 if (srs) {
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1237 if ((n > 14) && (strncmp(key, "srs", 3) == 0)) {
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1238 // might have srs coding to be removed
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1239 const int nmatch = 7;
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1240 regmatch_t match[nmatch];
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1241 if (0 == regexec(&srs_pattern, key, nmatch, match, 0)) {
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1242 int s4 = match[5].rm_so; // domain
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1243 int e4 = match[5].rm_eo;
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1244 int s5 = match[6].rm_so; // user
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1245 int e5 = match[6].rm_eo;
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1246 if ((s4 != -1) && (s5 != -1)) {
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1247 char *newkey = strdup(key); // large enough
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1248 key[e4] = '\0';
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1249 key[e5] = '\0';
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1250 strcpy(newkey, key+s5); // user
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1251 strcat(newkey, "@"); // @
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1252 strcat(newkey, key+s4); // domain
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1253 free(key);
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1254 key = newkey;
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1255 }
235
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1256 }
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
1257 }
346
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1258 if ((n > 7) && (strncmp(key, "prvs", 4) == 0)) {
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1259 // might have prvs coding to be removed
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1260 const int nmatch = 3;
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1261 regmatch_t match[nmatch];
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1262 if (0 == regexec(&prvs_pattern, key, nmatch, match, 0)) {
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1263 int s2 = match[2].rm_so; // user@domain
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1264 if (s2 != -1) {
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1265 char *newkey = strdup(key+s2); // user@domain
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1266 free(key);
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1267 key = newkey;
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1268 }
246
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1269 }
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1270 }
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
1271 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1272 return key;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1273 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1274
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1275
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1276 ////////////////////////////////////////////////
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1277 // start of sendmail milter interfaces
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1278 //
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1279 sfsistat mlfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1280 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1281 // allocate some private memory
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1282 mlfiPriv *priv = new mlfiPriv;
286
9bd5388bf469 Fix possible segfault in mlfi_connect, hostaddr might be null
Carl Byington <carl@five-ten-sg.com>
parents: 284
diff changeset
1283 if (hostaddr && (hostaddr->sa_family == AF_INET)) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1284 priv->ip = ((struct sockaddr_in *)hostaddr)->sin_addr.s_addr;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1285 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1286 // save the private data
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1287 smfi_setpriv(ctx, (void*)priv);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1288
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1289 // continue processing
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1290 return SMFIS_CONTINUE;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1291 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1292
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1293 sfsistat mlfi_helo(SMFICTX * ctx, char *helohost)
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1294 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1295 mlfiPriv &priv = *MLFIPRIV;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1296 priv.helo = strdup(helohost);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1297 return SMFIS_CONTINUE;
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1298 }
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1299
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1300 sfsistat mlfi_envfrom(SMFICTX *ctx, char **from)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1301 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1302 mlfiPriv &priv = *MLFIPRIV;
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1303 CONFIG &dc = *priv.pc;
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1304 priv.origaddr = to_lower_string(from[0], false);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1305 priv.mailaddr = to_lower_string(from[0]);
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1306 priv.queueid = strdup(smfi_getsymval(ctx, (char*)"i"));
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1307 priv.authenticated = smfi_getsymval(ctx, (char*)"{auth_authen}");
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1308 priv.client_name = smfi_getsymval(ctx, (char*)"_");
191
2a67d31099c3 fix null pointer dereference from missing HELO command
carl
parents: 190
diff changeset
1309 if (!priv.helo) priv.helo = strdup("unknown");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1310 if (priv.authenticated) priv.authenticated = strdup(priv.authenticated);
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1311 if (priv.client_name) {
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1312 priv.client_name = strdup(priv.client_name);
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1313 const char *p = strstr(priv.client_name, " [");
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1314 if (p) {
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1315 uint pp = p - priv.client_name;
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1316 priv.client_dns_name = strdup(priv.client_name);
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1317 priv.client_dns_name[pp] = '\0';
259
be939802c64e add recipient rate limits by email from address or domain
Carl Byington <carl@five-ten-sg.com>
parents: 257
diff changeset
1318 //char text[500];
be939802c64e add recipient rate limits by email from address or domain
Carl Byington <carl@five-ten-sg.com>
parents: 257
diff changeset
1319 //snprintf(text, sizeof(text), "found simple dns client name %s", priv.client_dns_name);
be939802c64e add recipient rate limits by email from address or domain
Carl Byington <carl@five-ten-sg.com>
parents: 257
diff changeset
1320 //my_syslog(text);
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1321 }
268
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1322 p = strstr(priv.client_name, "] (may be forged)");
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1323 if (p) {
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1324 priv.client_dns_forged = true;
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1325 if (priv.client_dns_name) {
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1326 char text[500];
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1327 snprintf(text, sizeof(text), "forged dns client name %s", priv.client_dns_name);
438
1686cb639269 code cleanup
Carl Byington <carl@five-ten-sg.com>
parents: 436
diff changeset
1328 my_syslog(&priv, text);
268
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1329 }
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1330 }
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
1331 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1332 if (spamc != spamc_empty) {
465
79e944269c0b SA needs original rfc5321 envelope from to do proper spf checking. Remove some debug code.
Carl Byington <carl@five-ten-sg.com>
parents: 458
diff changeset
1333 // SA needs original address to do proper SPF checking
79e944269c0b SA needs original rfc5321 envelope from to do proper spf checking. Remove some debug code.
Carl Byington <carl@five-ten-sg.com>
parents: 458
diff changeset
1334 priv.assassin = new SpamAssassin(&priv, priv.ip, priv.helo, priv.origaddr, priv.queueid);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1335 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1336 if (dccifd_port) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1337 priv.dccifd = new DccInterface(dccifd_port, &priv, priv.ip, priv.helo, priv.mailaddr);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1338 }
290
bb69fdc3acaa Unique ip connection limits only apply to authenticated connections
Carl Byington <carl@five-ten-sg.com>
parents: 286
diff changeset
1339 if (priv.authenticated) {
284
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1340 int hourly, daily;
290
bb69fdc3acaa Unique ip connection limits only apply to authenticated connections
Carl Byington <carl@five-ten-sg.com>
parents: 286
diff changeset
1341 add_auth_address(priv.authenticated, hourly, daily, priv.ip);
bb69fdc3acaa Unique ip connection limits only apply to authenticated connections
Carl Byington <carl@five-ten-sg.com>
parents: 286
diff changeset
1342 int h_limit = dc.default_context->find_address_limit(priv.authenticated);
284
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1343 int d_limit = dc.default_context->get_daily_address_multiple() * h_limit;
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1344 if (debug_syslog > 1) {
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1345 char msg[maxlen];
290
bb69fdc3acaa Unique ip connection limits only apply to authenticated connections
Carl Byington <carl@five-ten-sg.com>
parents: 286
diff changeset
1346 snprintf(msg, sizeof(msg), "connect for %s (%d %d addresses, %d %d limits)", priv.authenticated, hourly, daily, h_limit, d_limit);
284
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1347 my_syslog(&priv, msg);
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1348 }
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1349 if ((hourly > h_limit) || (daily > d_limit)){
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1350 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"unique connection ip address limit exceeded");
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1351 return SMFIS_REJECT;
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1352 }
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
1353 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1354 return SMFIS_CONTINUE;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1355 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1356
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1357 sfsistat mlfi_envrcpt(SMFICTX *ctx, char **rcpt)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1358 {
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1359 DNSBLP rejectlist = NULL; // list that caused the reject
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1360 mlfiPriv &priv = *MLFIPRIV;
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1361 CONFIG &dc = *priv.pc;
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1362 const char *rcptaddr = rcpt[0];
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1363 const char *loto = to_lower_string(rcptaddr);
342
6d27b4f45799 allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents: 340
diff changeset
1364 bool self = (strcmp(loto, priv.mailaddr) == 0);
6d27b4f45799 allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents: 340
diff changeset
1365 const u_char *src = (const u_char *)&priv.ip;
6d27b4f45799 allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents: 340
diff changeset
1366 bool local_source = (src[0] == 127);
6d27b4f45799 allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents: 340
diff changeset
1367 bool from_root = (strncasecmp(priv.mailaddr, "root@", 5) == 0);
174
da0c41b9f672 don't whitelist addresses with embedded spaces
carl
parents: 173
diff changeset
1368
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1369 // some version of sendmail allowed rcpt to:<> and passed it thru to the milters
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1370 if (strcmp(loto, "<>") == 0) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1371 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"bogus recipient");
286
9bd5388bf469 Fix possible segfault in mlfi_connect, hostaddr might be null
Carl Byington <carl@five-ten-sg.com>
parents: 284
diff changeset
1372 free((void*)loto); // cppcheck static analysis found memory leak
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1373 return SMFIS_REJECT;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1374 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1375 // priv.mailaddr sending original message to loto
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1376 CONTEXT &con = *(dc.find_context(loto)->find_context(priv.mailaddr));
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1377 VERIFYP ver = con.find_verify(loto);
233
5c3e9bf45bb5 Add whitelisting by regex expression filtering.
Carl Byington <carl@five-ten-sg.com>
parents: 231
diff changeset
1378 const char *fromvalue = con.find_from(priv.mailaddr, true, priv.queueid);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1379 // tell spam assassin and dccifd about this recipient
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1380 if (priv.assassin) priv.assassin->mlfi_envrcpt(ctx, loto);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1381 if (priv.dccifd) priv.dccifd->mlfi_envrcpt(ctx, loto, con.get_grey() && !priv.authenticated);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1382 // loto sending a reply back to priv.mailaddr
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1383 CONTEXT &con2 = *(dc.find_context(priv.mailaddr)->find_context(loto));
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1384 const char *replyvalue = con2.find_from(loto);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1385 if (debug_syslog > 1) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1386 char buf[maxlen];
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1387 char buf2[maxlen];
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1388 char msg[maxlen];
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1389 snprintf(msg, sizeof(msg), "from <%s> to <%s> using context %s state %s reply context %s state %s", priv.mailaddr, loto, con.get_full_name(buf,maxlen), fromvalue, con2.get_full_name(buf2,maxlen), replyvalue);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1390 my_syslog(&priv, msg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1391 }
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1392 free((void*)loto);
340
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1393 status st = oksofar;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1394 if (replyvalue == token_black) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1395 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient can not reply due to blacklisting");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1396 return SMFIS_REJECT;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1397 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1398 if (priv.authenticated) {
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1399 int hourly, daily;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1400 incr_rcpt_count(priv.authenticated, hourly, daily);
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1401 int h_limit = dc.default_context->find_rate_limit(priv.authenticated);
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1402 int d_limit = dc.default_context->get_daily_rate_multiple() * h_limit;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1403 if (debug_syslog > 1) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1404 char msg[maxlen];
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1405 snprintf(msg, sizeof(msg), "authenticated id %s (%d %d recipients, %d %d limits)", priv.authenticated, hourly, daily, h_limit, d_limit);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1406 my_syslog(&priv, msg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1407 }
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1408 if ((hourly > h_limit) || (daily > d_limit)){
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1409 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient rate limit exceeded");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1410 return SMFIS_REJECT;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1411 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1412 st = white;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1413 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1414 else if (fromvalue == token_black) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1415 st = black;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1416 }
342
6d27b4f45799 allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents: 340
diff changeset
1417 else if ((fromvalue == token_white) && (local_source || from_root)) {
6d27b4f45799 allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents: 340
diff changeset
1418 st = white;
6d27b4f45799 allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents: 340
diff changeset
1419 }
216
784030ac71f1 Never whitelist self addressed mail. Changes for Fedora 10 and const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 214
diff changeset
1420 else if ((fromvalue == token_white) && !self) {
330
b5b93a7e1e6d ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents: 329
diff changeset
1421 // whitelisting based on envelope from value, but ignore it if
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1422 // we have a dkim requirement for the original domain
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1423 const char *domain = strchr(priv.origaddr, '@');
436
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
1424 if (domain && !local_source) {
338
f375a67ee516 set st in all paths; missing +1 to avoid lookup starting with @
Carl Byington <carl@five-ten-sg.com>
parents: 337
diff changeset
1425 DKIMP dk = con.find_dkim_from(domain+1);
330
b5b93a7e1e6d ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents: 329
diff changeset
1426 if (dk && (dk->action == token_require_signed)) {
b5b93a7e1e6d ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents: 329
diff changeset
1427 my_syslog(&priv, "dkim require_signed overrides envelope from whitelist");
451
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1428 st = whitesofar;
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1429 }
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1430 else if (dk && (dk->action == token_unsigned_black)) {
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1431 my_syslog(&priv, "dkim unsigned_black overrides envelope from whitelist");
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1432 st = whitesofar;
330
b5b93a7e1e6d ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents: 329
diff changeset
1433 }
b5b93a7e1e6d ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents: 329
diff changeset
1434 else st = white;
b5b93a7e1e6d ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents: 329
diff changeset
1435 }
b5b93a7e1e6d ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents: 329
diff changeset
1436 else st = white; // might be <>, envelope from has no @
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1437 }
340
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1438
458
6c1c2bd9fb54 ignore dnswl entries if the sender is <>
Carl Byington <carl@five-ten-sg.com>
parents: 456
diff changeset
1439 if (((st == oksofar) || (st == whitesofar)) && (strcmp(priv.mailaddr, "<>") != 0)) {
6c1c2bd9fb54 ignore dnswl entries if the sender is <>
Carl Byington <carl@five-ten-sg.com>
parents: 456
diff changeset
1440 // check the dns based whitelists if the sender was not empty
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1441 DNSWLP acceptlist = NULL; // list that caused the whitelisting
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1442 if (check_dnswl(priv, con.get_dnswl_list(), acceptlist)) {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1443 st = white;
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1444 if (debug_syslog > 1) {
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1445 char msg[maxlen];
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1446 snprintf(msg, sizeof(msg), "whitelisted by %s", acceptlist->name);
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1447 my_syslog(&priv, msg);
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1448 }
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1449 }
451
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1450 }
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1451
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1452 if (st == oksofar) {
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1453 // check the dns based blacklists
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1454 if (check_dnsbl(priv, con.get_dnsbl_list(), rejectlist)) {
340
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1455 // reject the recipient based on some dnsbl
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1456 char adr[sizeof "255.255.255.255 "];
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1457 adr[0] = '\0';
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1458 inet_ntop(AF_INET, (const u_char *)&priv.ip, adr, sizeof(adr));
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1459 char buf[maxlen];
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1460 snprintf(buf, sizeof(buf), rejectlist->message, adr, adr);
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1461 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1462 return SMFIS_REJECT;
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 248
diff changeset
1463 }
268
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1464 // check forged rdns
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1465 if (con.get_requirerdns() && (!priv.client_dns_name || priv.client_dns_forged)) {
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1466 // reject the recipient based on forged reverse dns
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1467 char buf[maxlen];
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1468 snprintf(buf, sizeof(buf), "%s is not acceptable", priv.client_name);
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1469 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1470 return SMFIS_REJECT;
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1471 }
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 266
diff changeset
1472 // check generic rdns
301
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1473 if (priv.client_dns_name) {
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1474 const char *msg = con.generic_match(priv.client_dns_name);
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1475 if (msg) {
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1476 // reject the recipient based on generic reverse dns
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1477 char buf[maxlen];
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1478 snprintf(buf, sizeof(buf), msg, priv.client_name);
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1479 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1480 return SMFIS_REJECT;
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 296
diff changeset
1481 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1482 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1483 }
340
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1484
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1485 if (st == black) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1486 // reject the recipient based on blacklisting either from or to
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1487 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"no such user");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1488 return SMFIS_REJECT;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1489 }
340
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1490
203
92a5c866bdfa Verify from/to pairs even if they might be explicitly whitelisted.
Carl Byington <carl@five-ten-sg.com>
parents: 194
diff changeset
1491 if (ver) {
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1492 // try to verify the original from/to pair of addresses even if it might be explicitly whitelisted
346
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1493 const char *loto = to_lower_string(rcptaddr, false);
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1494 bool rc = ver->ok(priv.queueid, priv.origaddr, loto);
346
66969443a012 need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents: 344
diff changeset
1495 free((void*)loto);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1496 if (!rc) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1497 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"no such user");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1498 return SMFIS_REJECT;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1499 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1500 }
340
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1501
263
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1502 if (!priv.authenticated && dc.default_context->is_unauthenticated_limited(priv.mailaddr)) {
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1503 int hourly, daily;
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1504 incr_rcpt_count(priv.mailaddr, hourly, daily);
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1505 int h_limit = dc.default_context->find_rate_limit(priv.mailaddr);
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1506 int d_limit = dc.default_context->get_daily_rate_multiple() * h_limit;
263
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1507 if (debug_syslog > 1) {
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1508 char msg[maxlen];
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1509 snprintf(msg, sizeof(msg), "unauthenticated address %s (%d %d recipients, %d %d limits)", priv.mailaddr, hourly, daily, h_limit, d_limit);
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1510 my_syslog(&priv, msg);
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1511 }
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1512 if ((hourly > h_limit) || (daily > d_limit)){
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1513 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient rate limit exceeded");
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1514 return SMFIS_REJECT;
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1515 }
e118fd2c6af0 fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 259
diff changeset
1516 }
340
be776a246f97 when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents: 338
diff changeset
1517
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1518 // we will accept the recipient, but add an auto-whitelist entry
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1519 // if needed to ensure we can accept replies
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1520 loto = to_lower_string(rcptaddr);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1521 WHITELISTERP w = con2.find_autowhite(loto, priv.mailaddr);
291
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 290
diff changeset
1522
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1523 // check if local part is too big
458
6c1c2bd9fb54 ignore dnswl entries if the sender is <>
Carl Byington <carl@five-ten-sg.com>
parents: 456
diff changeset
1524 const int max_local_size = 35;
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1525 const char *p = strchr(loto, '@');
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1526 int len = (p) ? p-loto : max_local_size;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1527 if (len >= max_local_size) w = NULL; // too big, pretend we don't have a whitelister
291
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 290
diff changeset
1528
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 290
diff changeset
1529 // ignore auto whitelisting from outgoing mail from localhost
342
6d27b4f45799 allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents: 340
diff changeset
1530 if (local_source) w = NULL; // outgoing mail from localhost, pretend we don't have a whitelister
291
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 290
diff changeset
1531
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1532 // record it if we have a whitelister
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1533 if (w) {
231
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1534 DELAYWHITEP dwp = new DELAYWHITE(loto, w, &con2); // dwp takes ownership of the string
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1535 priv.delayer.push_back(dwp);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1536 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1537 else {
231
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1538 free((void*)loto); // or we free it here
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1539 }
179
8b86a894514d embedded dcc filtering
carl
parents: 178
diff changeset
1540
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1541 // accept the recipient
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1542 if (!con.get_content_filtering()) st = white;
179
8b86a894514d embedded dcc filtering
carl
parents: 178
diff changeset
1543
451
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1544 if ((st == oksofar) || (st == whitesofar)) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1545 // remember first content filtering context
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1546 if (con.get_content_filtering()) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1547 if (!priv.content_context) priv.content_context = &con;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1548 else if (con.get_require() && (priv.content_context != &con)) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1549 smfi_setreply(ctx, (char*)"452", (char*)"4.2.1", (char*)"incompatible filtering contexts");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1550 return SMFIS_TEMPFAIL;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1551 }
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1552 priv.need_content_filter(con);
451
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1553 if (st == oksofar) {
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1554 char bu[maxlen];
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1555 bool uri = false;
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1556 // content filtering implies also checking helo name on uribl (if enabled)
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1557 if (priv.helo_uribl) {
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1558 snprintf(bu, sizeof(bu), "(helo %s)", priv.host_uribl);
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1559 uri = true;
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1560 }
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1561 // content filtering implies also checking client reverse dns name on uribl (if enabled)
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1562 if (priv.client_uribl) {
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1563 snprintf(bu, sizeof(bu), "(rdns %s)", priv.host_uribl);
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1564 uri = true;
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1565 }
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1566 // content filtering implies also checking mail from domain name on uribl (if enabled)
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1567 if (priv.from_uribl) {
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1568 snprintf(bu, sizeof(bu), "(from %s)", priv.host_uribl);
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1569 uri = true;
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1570 }
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1571 if (uri) {
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1572 char buf[maxlen];
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1573 snprintf(buf, sizeof(buf), priv.uribl_message, bu, priv.host_uribl);
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1574 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1575 return SMFIS_REJECT;
f2bc221240e8 add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1576 }
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1577 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1578 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1579 // remember the non-whites
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
1580 register_string(priv.env_to, rcptaddr, &con);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1581 priv.only_whites = false;
456
2cf7183a911c add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 451
diff changeset
1582 if (st == oksofar) {
2cf7183a911c add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 451
diff changeset
1583 priv.want_spamassassin |= (priv.assassin) && // have spam assassin available and
2cf7183a911c add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 451
diff changeset
1584 (con.get_spamassassin_limit() != 0); // want to use it with a non-zero score
2cf7183a911c add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 451
diff changeset
1585 priv.want_dccgrey |= (priv.dccifd) && // have dcc interface and
2cf7183a911c add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 451
diff changeset
1586 (con.get_grey()); // want to use it for greylisting
2cf7183a911c add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 451
diff changeset
1587 priv.want_dccbulk |= (priv.dccifd) && // have dcc interface and
2cf7183a911c add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 451
diff changeset
1588 (con.get_bulk() != 0); // want to use it for bulk detection
2cf7183a911c add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents: 451
diff changeset
1589 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1590 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1591 if (st == white) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1592 priv.have_whites = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1593 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1594 return SMFIS_CONTINUE;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1595 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1596
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1597 sfsistat mlfi_header(SMFICTX* ctx, char* headerf, char* headerv)
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1598 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1599 mlfiPriv &priv = *MLFIPRIV;
321
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
1600 priv.header_count++;
337
d68fda9be1c1 need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents: 335
diff changeset
1601 char *value = headerv;
d68fda9be1c1 need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents: 335
diff changeset
1602 if ((priv.header_count < 4) || (strcasecmp(headerf, "from") == 0)) {
d68fda9be1c1 need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents: 335
diff changeset
1603 for (size_t i=0; i<strlen(value); i++) {
d68fda9be1c1 need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents: 335
diff changeset
1604 if (value[i] < 0x20) value[i] = ' ';
d68fda9be1c1 need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents: 335
diff changeset
1605 }
d68fda9be1c1 need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents: 335
diff changeset
1606 }
d68fda9be1c1 need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents: 335
diff changeset
1607
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1608 if (priv.dkim_ok) {
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1609 if ((priv.header_count == 1) && (strcasecmp(headerf, "DKIM-Filter") != 0)) priv.dkim_ok = false;
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1610 if (priv.header_count == 2) {
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1611 if ((strcasecmp(headerf, "Authentication-Results") == 0) &&
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1612 (strncasecmp(headerv, token_myhostname, strlen(token_myhostname)) == 0)) {
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1613 const int nmatch = 2;
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1614 regmatch_t match[nmatch];
326
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1615 while (true) {
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1616 if (0 == regexec(&dkim_r_pattern, value, nmatch, match, 0)) {
326
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1617 int s1 = match[1].rm_so; // domain
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1618 int e1 = match[1].rm_eo;
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1619 if (s1 != -1) {
337
d68fda9be1c1 need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents: 335
diff changeset
1620 char save = value[e1];
d68fda9be1c1 need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents: 335
diff changeset
1621 value[e1] = '\0';
d68fda9be1c1 need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents: 335
diff changeset
1622 priv.dkim_signers.insert(strdup(value+s1));
d68fda9be1c1 need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents: 335
diff changeset
1623 value[e1] = save;
d68fda9be1c1 need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents: 335
diff changeset
1624 value += e1 + 1;
326
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1625 }
327
51846836ec92 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 326
diff changeset
1626 else break;
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1627 }
326
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1628 else break;
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1629 }
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1630 }
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1631 else if (strcasecmp(headerf, "DKIM-Signature") == 0) {
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1632 const int nmatch = 2;
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1633 regmatch_t match[nmatch];
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1634 if (0 == regexec(&dkim_s_pattern, value, nmatch, match, 0)) {
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1635 int s1 = match[1].rm_so; // domain
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1636 int e1 = match[1].rm_eo;
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1637 if (s1 != -1) {
356
90d433d1382e when extracting header fields, need to preserve the header value since that will be used by subsequent (dcc,spamd,etc) milters
Carl Byington <carl@five-ten-sg.com>
parents: 354
diff changeset
1638 char save = value[e1];
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1639 value[e1] = '\0';
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1640 priv.dkim_signers.insert(strdup(value+s1));
356
90d433d1382e when extracting header fields, need to preserve the header value since that will be used by subsequent (dcc,spamd,etc) milters
Carl Byington <carl@five-ten-sg.com>
parents: 354
diff changeset
1641 value[e1] = save;
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1642 }
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1643 }
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1644 }
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1645 else priv.dkim_ok = false;
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1646 }
328
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1647 }
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1648
334
a4f2fda72422 missing ==0 testing for from header, we were scanning all the non-from headers
Carl Byington <carl@five-ten-sg.com>
parents: 333
diff changeset
1649 // only look at the first from header
358
ef7479b2d64f use the last @domain in the from: header
Carl Byington <carl@five-ten-sg.com>
parents: 356
diff changeset
1650 // this does NOT fully parse rfc2822 from: headers. In particular, embedded
ef7479b2d64f use the last @domain in the from: header
Carl Byington <carl@five-ten-sg.com>
parents: 356
diff changeset
1651 // comments and quoted @ are not handled.
335
354b15b8b263 header from may appear very early in unsigned messages
Carl Byington <carl@five-ten-sg.com>
parents: 334
diff changeset
1652 if ((!priv.fromaddr) && (strcasecmp(headerf, "from") == 0)) {
328
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1653 const int nmatch = 2;
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1654 regmatch_t match[nmatch];
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
1655 if (0 == regexec(&from_pattern, value, nmatch, match, 0)) {
328
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1656 int s1 = match[1].rm_so; // domain
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1657 int e1 = match[1].rm_eo;
b4f766947202 allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 327
diff changeset
1658 if (s1 != -1) {
356
90d433d1382e when extracting header fields, need to preserve the header value since that will be used by subsequent (dcc,spamd,etc) milters
Carl Byington <carl@five-ten-sg.com>
parents: 354
diff changeset
1659 char save = value[e1];
337
d68fda9be1c1 need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents: 335
diff changeset
1660 value[e1] = '\0';
352
f5a6740cabee need to lowercase the domain extracted from the from header so it will match the keys in dkim_from
Carl Byington <carl@five-ten-sg.com>
parents: 350
diff changeset
1661 priv.fromaddr = to_lower_string(value+s1, false);
356
90d433d1382e when extracting header fields, need to preserve the header value since that will be used by subsequent (dcc,spamd,etc) milters
Carl Byington <carl@five-ten-sg.com>
parents: 354
diff changeset
1662 value[e1] = save;
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1663 }
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1664 }
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1665 }
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1666
231
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1667 // headers that avoid autowhitelisting
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
1668 if (((strcasecmp(headerf, "precedence") == 0) && (strcasecmp(headerv, "bulk") == 0)) ||
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
1669 ((strcasecmp(headerf, "content-type") == 0) && (strncasecmp(headerv, "multipart/report", 16) == 0))) {
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
1670 priv.allow_autowhitelisting = false;
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
1671 }
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
1672
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1673 // other headers are only needed for content filtering
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1674 if (priv.authenticated) return SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1675 if (priv.only_whites) return SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1676 if (priv.want_spamassassin) priv.assassin->mlfi_header(headerf, headerv);
443
0df77bbb7fc2 always call dcc code so we get log entries
Carl Byington <carl@five-ten-sg.com>
parents: 438
diff changeset
1677 if (priv.dccifd) priv.dccifd->mlfi_header(ctx, headerf, headerv);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1678 return SMFIS_CONTINUE;
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1679 }
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1680
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1681 sfsistat mlfi_eoh(SMFICTX* ctx)
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1682 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1683 mlfiPriv &priv = *MLFIPRIV;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1684 // delayed autowhitelisting
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1685 while (!priv.delayer.empty()) {
231
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1686 DELAYWHITEP dwp = priv.delayer.front();
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1687 const char *loto = dwp->get_loto();
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
1688 if (priv.allow_autowhitelisting) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1689 WHITELISTERP w = dwp->get_w();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1690 CONTEXTP con2 = dwp->get_con();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1691 if (debug_syslog > 1) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1692 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1693 char msg[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1694 snprintf(msg, sizeof(msg), "whitelist reply from <%s> in context %s", loto, con2->get_full_name(buf,maxlen));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1695 my_syslog(&priv, msg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1696 }
231
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1697 w->sent(loto); // don't free it, the whitelister takes ownership of the string
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1698 }
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1699 else {
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1700 if (debug_syslog > 1) {
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1701 char msg[maxlen];
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1702 snprintf(msg, sizeof(msg), "avoid whitelist reply from <%s> for outgoing auto-responder", loto);
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1703 my_syslog(&priv, msg);
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1704 }
4d6bd04d93fa Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
1705 if (loto) free((void*)loto);// or we free it here
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1706 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1707 delete dwp;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1708 priv.delayer.pop_front();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1709 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1710 // content filtering
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1711 if (priv.authenticated) return SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1712 if (priv.only_whites) return SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1713 if (priv.want_spamassassin) priv.assassin->mlfi_eoh();
443
0df77bbb7fc2 always call dcc code so we get log entries
Carl Byington <carl@five-ten-sg.com>
parents: 438
diff changeset
1714 if (priv.dccifd) priv.dccifd->mlfi_eoh();
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1715 return SMFIS_CONTINUE;
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1716 }
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1717
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1718 sfsistat mlfi_body(SMFICTX *ctx, u_char *data, size_t len)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1719 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1720 mlfiPriv &priv = *MLFIPRIV;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1721 if (priv.authenticated) return SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1722 if (priv.only_whites) return SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1723 if (priv.want_spamassassin) priv.assassin->mlfi_body(data, len);
443
0df77bbb7fc2 always call dcc code so we get log entries
Carl Byington <carl@five-ten-sg.com>
parents: 438
diff changeset
1724 if (priv.dccifd) priv.dccifd->mlfi_body(data, len);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1725 priv.scanner->scan(data, len);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1726 return SMFIS_CONTINUE;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1727 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1728
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1729 sfsistat mlfi_eom(SMFICTX *ctx)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1730 {
402
9096d2676c13 suppress duplicate calls to acceptable_content for messages with multiple recipients using the same filtering context
Carl Byington <carl@five-ten-sg.com>
parents: 393
diff changeset
1731 sfsistat rc;
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1732 mlfiPriv &priv = *MLFIPRIV;
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1733 const char *host = NULL;
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
1734 uint32_t ip;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1735 // process end of message
190
004b855c6c1f fix null pointer dereference from missing HELO command
carl
parents: 188
diff changeset
1736 priv.eom = true;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1737 if (priv.authenticated || priv.only_whites) rc = SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1738 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1739 // assert env_to not empty, it contains the
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1740 // non-whitelisted folks that want content filtering
436
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
1741 const u_char *src = (const u_char *)&priv.ip;
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
1742 bool local_source = (src[0] == 127);
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
1743 int score = (priv.want_spamassassin) ? priv.assassin->mlfi_eom() : 0;
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
1744 bool grey = false;
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
1745 int bulk = 0;
443
0df77bbb7fc2 always call dcc code so we get log entries
Carl Byington <carl@five-ten-sg.com>
parents: 438
diff changeset
1746 if (priv.dccifd) priv.dccifd->mlfi_eom(grey, bulk);
0df77bbb7fc2 always call dcc code so we get log entries
Carl Byington <carl@five-ten-sg.com>
parents: 438
diff changeset
1747 if (!priv.want_dccgrey) grey = false;
0df77bbb7fc2 always call dcc code so we get log entries
Carl Byington <carl@five-ten-sg.com>
parents: 438
diff changeset
1748 if (!priv.want_dccbulk) bulk = 0;
178
d6531c702be3 embedded dcc filtering
carl
parents: 177
diff changeset
1749
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1750 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1751 string msg;
331
9800776436b9 allow dkim whitelisting to override uribl hosts in the mail body
Carl Byington <carl@five-ten-sg.com>
parents: 330
diff changeset
1752 string_set unknowns;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1753 bool random = false;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1754 int limit = 0;
377
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
1755 const char *signer = NULL;
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
1756 bool checked_signers = false;
326
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1757 if (priv.dkim_signers.empty()) {
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1758 snprintf(buf, sizeof(buf), "acceptable content from %s signer *",
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1759 (priv.fromaddr) ? priv.fromaddr : token_asterisk);
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1760 my_syslog(&priv, buf);
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1761 }
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1762 else {
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1763 for (string_set::iterator s=priv.dkim_signers.begin(); s!=priv.dkim_signers.end(); s++) {
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1764 snprintf(buf, sizeof(buf), "acceptable content from %s signer %s",
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1765 (priv.fromaddr) ? priv.fromaddr : token_asterisk, *s);
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1766 my_syslog(&priv, buf);
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1767 }
5e4b5540c8cc allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents: 325
diff changeset
1768 }
323
a6de27b0a1e9 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 322
diff changeset
1769
402
9096d2676c13 suppress duplicate calls to acceptable_content for messages with multiple recipients using the same filtering context
Carl Byington <carl@five-ten-sg.com>
parents: 393
diff changeset
1770 CONTEXT *con = NULL;
415
16451edcb962 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 414
diff changeset
1771 const char *st = token_black;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1772 for (context_map::iterator i=priv.env_to.begin(); i!=priv.env_to.end(); i++) {
402
9096d2676c13 suppress duplicate calls to acceptable_content for messages with multiple recipients using the same filtering context
Carl Byington <carl@five-ten-sg.com>
parents: 393
diff changeset
1773 const char *rcpt = (*i).first;
9096d2676c13 suppress duplicate calls to acceptable_content for messages with multiple recipients using the same filtering context
Carl Byington <carl@five-ten-sg.com>
parents: 393
diff changeset
1774 CONTEXT *next = (*i).second;
9096d2676c13 suppress duplicate calls to acceptable_content for messages with multiple recipients using the same filtering context
Carl Byington <carl@five-ten-sg.com>
parents: 393
diff changeset
1775 if (con != next) {
9096d2676c13 suppress duplicate calls to acceptable_content for messages with multiple recipients using the same filtering context
Carl Byington <carl@five-ten-sg.com>
parents: 393
diff changeset
1776 con = next;
436
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
1777 st = con->acceptable_content(local_source, *priv.memory, score, bulk, priv.queueid, priv.dkim_signers, priv.fromaddr, &priv, msg);
402
9096d2676c13 suppress duplicate calls to acceptable_content for messages with multiple recipients using the same filtering context
Carl Byington <carl@five-ten-sg.com>
parents: 393
diff changeset
1778 }
331
9800776436b9 allow dkim whitelisting to override uribl hosts in the mail body
Carl Byington <carl@five-ten-sg.com>
parents: 330
diff changeset
1779 if (st == token_black) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1780 // bad html tags or excessive hosts or
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1781 // high spam assassin score or dcc bulk threshold exceedeed
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1782 // or signed by a dkim signer that we don't like
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
1783 // or header from requires dkim signer that is missing
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1784 smfi_delrcpt(ctx, (char*)rcpt);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1785 }
331
9800776436b9 allow dkim whitelisting to override uribl hosts in the mail body
Carl Byington <carl@five-ten-sg.com>
parents: 330
diff changeset
1786 else if (st == token_unknown) {
377
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
1787 if (!checked_signers) {
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
1788 signer = priv.check_uribl_signers();
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
1789 checked_signers = true;
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
1790 if (signer) {
379
e42923f8f3fd better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
1791 snprintf(buf, sizeof(buf), "dkim signer %s listed on %s", signer, priv.uribl_suffix);
377
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
1792 my_syslog(&priv, buf);
379
e42923f8f3fd better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
1793 snprintf(buf, sizeof(buf), "Mail rejected - dkim signed by %s listed on %s", signer, priv.uribl_suffix);
377
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
1794 msg = string(buf);
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
1795 }
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
1796 }
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
1797 if (signer) {
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
1798 // dkim signer is on the uribl
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
1799 smfi_delrcpt(ctx, (char*)rcpt);
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
1800 }
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
1801 else {
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
1802 // still unknown
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
1803 unknowns.insert(rcpt);
402
9096d2676c13 suppress duplicate calls to acceptable_content for messages with multiple recipients using the same filtering context
Carl Byington <carl@five-ten-sg.com>
parents: 393
diff changeset
1804 random |= con->get_host_random();
9096d2676c13 suppress duplicate calls to acceptable_content for messages with multiple recipients using the same filtering context
Carl Byington <carl@five-ten-sg.com>
parents: 393
diff changeset
1805 limit = max(limit, con->get_host_limit());
377
7fd39f029936 reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 366
diff changeset
1806 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1807 }
331
9800776436b9 allow dkim whitelisting to override uribl hosts in the mail body
Carl Byington <carl@five-ten-sg.com>
parents: 330
diff changeset
1808 else if (st == token_white) {
379
e42923f8f3fd better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
1809 priv.have_whites = true;
331
9800776436b9 allow dkim whitelisting to override uribl hosts in the mail body
Carl Byington <carl@five-ten-sg.com>
parents: 330
diff changeset
1810 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1811 }
379
e42923f8f3fd better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
1812 bool rejecting_unknowns = unknowns.empty();
e42923f8f3fd better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
1813 if (!rejecting_unknowns) {
331
9800776436b9 allow dkim whitelisting to override uribl hosts in the mail body
Carl Byington <carl@five-ten-sg.com>
parents: 330
diff changeset
1814 // check hosts for those recipients
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1815 const char *fmt;
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1816 const char *found;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1817 if (check_hosts(priv, random, limit, fmt, host, ip, found)) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1818 if (found) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1819 // uribl style
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1820 snprintf(buf, sizeof(buf), fmt, host, found);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1821 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1822 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1823 // dnsbl style
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1824 char adr[sizeof "255.255.255.255 "];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1825 adr[0] = '\0';
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1826 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1827 snprintf(buf, sizeof(buf), fmt, host, adr);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1828 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1829 msg = string(buf);
379
e42923f8f3fd better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
1830 rejecting_unknowns = true;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1831 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1832 }
379
e42923f8f3fd better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
1833 if (!rejecting_unknowns) {
e42923f8f3fd better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
1834 // greylist the unknowns if we don't have any whitelisted recipients
e42923f8f3fd better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
1835 if (priv.want_dccgrey && grey && !priv.have_whites) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1836 smfi_setreply(ctx, (char*)"452", (char*)"4.2.1", (char*)"temporary greylist embargoed");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1837 rc = SMFIS_TEMPFAIL;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1838 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1839 else rc = SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1840 }
379
e42923f8f3fd better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
1841 else if (!priv.have_whites) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1842 // can reject the entire message
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1843 snprintf(buf, sizeof(buf), "%s", msg.c_str());
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1844 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1845 rc = SMFIS_REJECT;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1846 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1847 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1848 // need to accept it but remove the recipients that don't want it
331
9800776436b9 allow dkim whitelisting to override uribl hosts in the mail body
Carl Byington <carl@five-ten-sg.com>
parents: 330
diff changeset
1849 for (string_set::iterator i=unknowns.begin(); i!=unknowns.end(); i++) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1850 const char *rcpt = *i;
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1851 smfi_delrcpt(ctx, (char*)rcpt);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1852 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1853 rc = SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1854 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1855 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1856 // reset for a new message on the same connection
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1857 mlfi_abort(ctx);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1858 return rc;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1859 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1860
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1861 sfsistat mlfi_abort(SMFICTX *ctx)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1862 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1863 mlfiPriv &priv = *MLFIPRIV;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1864 priv.reset();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1865 return SMFIS_CONTINUE;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1866 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1867
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1868 sfsistat mlfi_close(SMFICTX *ctx)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1869 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1870 mlfiPriv *priv = MLFIPRIV;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1871 if (!priv) return SMFIS_CONTINUE;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1872 delete priv;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1873 smfi_setpriv(ctx, NULL);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1874 return SMFIS_CONTINUE;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1875 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1876
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1877 struct smfiDesc smfilter =
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1878 {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1879 (char*)"DNSBL", // filter name
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1880 SMFI_VERSION, // version code -- do not change
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1881 SMFIF_DELRCPT, // flags
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1882 mlfi_connect, // connection info filter
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1883 mlfi_helo, // SMTP HELO command filter
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1884 mlfi_envfrom, // envelope sender filter
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1885 mlfi_envrcpt, // envelope recipient filter
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1886 mlfi_header, // header filter
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1887 mlfi_eoh, // end of header
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1888 mlfi_body, // body block filter
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1889 mlfi_eom, // end of message
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1890 mlfi_abort, // message aborted
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1891 mlfi_close, // connection cleanup
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1892 };
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1893
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1894
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1895 ////////////////////////////////////////////////
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1896 // reload the config
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1897 //
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1898 CONFIG* new_conf();
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1899 CONFIG* new_conf() {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1900 CONFIG *newc = new CONFIG;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1901 pthread_mutex_lock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1902 newc->generation = generation++;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1903 pthread_mutex_unlock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1904 if (debug_syslog) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1905 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1906 snprintf(buf, sizeof(buf), "loading configuration generation %d", newc->generation);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1907 my_syslog(buf);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1908 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1909 if (load_conf(*newc, "dnsbl.conf")) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1910 newc->load_time = time(NULL);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1911 return newc;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1912 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1913 delete newc;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1914 return NULL;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1915 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1916
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1917
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1918 ////////////////////////////////////////////////
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1919 // thread to watch the old config files for changes
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1920 // and reload when needed.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1921 // we also clear the SMTP AUTH recipient counts hourly
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1922 //
163
97d7da45fe2a spamassassin changes
carl
parents: 162
diff changeset
1923 extern "C" {void* config_loader(void *arg);}
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1924 void* config_loader(void *arg) {
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1925 int loop1 = 0;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1926 int loop2 = 0;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1927 while (loader_run) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1928 sleep(180); // look for modifications every 3 minutes
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1929 if (!loader_run) break;
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1930 loop1++;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1931 loop2++;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1932 if (loop1 == 20) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1933 // three minutes thru each loop, 20 loops per hour
280
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
1934 // clear the recipient hourly counts and hourly sets of ip connection addresses
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1935 pthread_mutex_lock(&rate_mutex);
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1936 for (rates::iterator i=rcpt_hourly_counts.begin(); i!=rcpt_hourly_counts.end(); i++) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1937 (*i).second = 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1938 }
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1939 for (auth_addresses::iterator j=auth_hourly_addresses.begin(); j!=auth_hourly_addresses.end(); j++) {
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1940 delete (*j).second;
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
1941 (*j).second = new uint32_t_set;
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1942 }
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1943 pthread_mutex_unlock(&rate_mutex);
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1944 loop1 = 0;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1945 }
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1946 if (loop2 == 480) {
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1947 // three minutes thru each loop, 480 loops per day
280
2b77295fb9a7 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
1948 // clear the recipient daily counts and daily sets of connection ip addresses
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1949 pthread_mutex_lock(&rate_mutex);
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1950 for (rates::iterator i=rcpt_daily_counts.begin(); i!=rcpt_daily_counts.end(); i++) {
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1951 (*i).second = 0;
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1952 }
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1953 for (auth_addresses::iterator j=auth_daily_addresses.begin(); j!=auth_daily_addresses.end(); j++) {
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1954 delete (*j).second;
382
c378e9d03f37 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
1955 (*j).second = new uint32_t_set;
278
368572c57013 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 272
diff changeset
1956 }
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1957 pthread_mutex_unlock(&rate_mutex);
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 252
diff changeset
1958 loop2 = 0;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1959 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1960 CONFIG &dc = *config;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1961 time_t then = dc.load_time;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1962 struct stat st;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1963 bool reload = false;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1964 for (string_set::iterator i=dc.config_files.begin(); i!=dc.config_files.end(); i++) {
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1965 const char *fn = *i;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1966 if (stat(fn, &st)) reload = true; // file disappeared
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1967 else if (st.st_mtime > then) reload = true; // file modified
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1968 if (reload) break;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1969 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1970 if (reload) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1971 CONFIG *newc = new_conf();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1972 if (newc) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1973 // replace the global config pointer
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1974 pthread_mutex_lock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1975 CONFIG *pc = config;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1976 bool last = pc && (!pc->reference_count);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1977 config = newc;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1978 pthread_mutex_unlock(&config_mutex);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1979 if (last) delete pc; // there were no references to this config
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1980 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1981 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1982 // failed to load new config
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1983 my_syslog("failed to load new configuration");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1984 system("echo 'failed to load new dnsbl configuration from /etc/dnsbl' | mail -s 'error in /etc/dnsbl configuration' root");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1985 // update the load time on the current config to prevent complaining every 3 minutes
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1986 dc.load_time = time(NULL);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1987 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1988 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1989 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1990 return NULL;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1991 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1992
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1993
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1994 void usage(const char *prog);
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
1995 void usage(const char *prog)
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
1996 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1997 fprintf(stderr, "Usage: %s [-d [level]] [-c] [-s] [-e from|to] [-b dccifd-addr] -r port -p sm-sock-addr [-t timeout]\n", prog);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1998 fprintf(stderr, "where dccifd_addr is for the connection to dccifd\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
1999 fprintf(stderr, " and should be local-domain-socket-file-name\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2000 fprintf(stderr, "where port is for the connection to our own dns resolver processes\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2001 fprintf(stderr, " and should be local-domain-socket-file-name\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2002 fprintf(stderr, "where sm-sock-addr is for the connection to sendmail\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2003 fprintf(stderr, " and should be one of\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2004 fprintf(stderr, " inet:port@ip-address\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2005 fprintf(stderr, " local:local-domain-socket-file-name\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2006 fprintf(stderr, "-c will load and dump the config to stdout\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2007 fprintf(stderr, "-s will stress test the config loading code by repeating the load/free cycle\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2008 fprintf(stderr, " in an infinte loop.\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2009 fprintf(stderr, "-d will set the syslog message level, currently 0 to 3\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2010 fprintf(stderr, "-e will print the results of looking up the from and to addresses in the\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2011 fprintf(stderr, " current config. The | character is used to separate the from and to\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2012 fprintf(stderr, " addresses in the argument to the -e switch\n");
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2013 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2014
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2015
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2016
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
2017 void setup_socket(const char *sock);
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
2018 void setup_socket(const char *sock) {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2019 unlink(sock);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2020 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2021
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2022
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2023 /*
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2024 * The signal handler function -- only gets called when a SIGCHLD
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2025 * is received, ie when a child terminates
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2026 */
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2027 void sig_chld(int signo)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2028 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2029 int status;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2030 /* Wait for any child without blocking */
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2031 while (waitpid(-1, &status, WNOHANG) > 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2032 // ignore child exit status, we only do this to cleanup zombies
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2033 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2034 }
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2035
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2036
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2037 int main(int argc, char**argv)
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2038 {
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2039 token_init();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2040 bool check = false;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2041 bool stress = false;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2042 bool setconn = false;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2043 bool setreso = false;
244
ef97c7cd4a6e const correctness fixes from new gcc, libresolv.a moved to glibc-static on newer distributions
Carl Byington <carl@five-ten-sg.com>
parents: 242
diff changeset
2044 char *email = NULL;
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2045 int c;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2046 const char *args = "b:r:p:t:e:d:chs";
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2047 extern char *optarg;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2048
235
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
2049 // setup srs coding detection
296
05b604c99e06 allow broken SRS0+ rather than the correct SRS0= tag
Carl Byington <carl@five-ten-sg.com>
parents: 293
diff changeset
2050 if (regcomp(&srs_pattern, "^srs(0|1)(=|\\+)([^=]+)=([^=]+)=([^=]+)=([^@]+)@", REG_ICASE | REG_EXTENDED)) {
235
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
2051 printf("cannot compile regex pattern to find srs coding in mail addresses\n");
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
2052 exit(3);
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
2053 }
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
2054
246
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
2055 // setup prvs coding detection
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
2056 if (regcomp(&prvs_pattern, "^prvs=([^=]+)=(.+)$", REG_ICASE | REG_EXTENDED)) {
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
2057 printf("cannot compile regex pattern to find prvs coding in mail addresses\n");
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
2058 exit(3);
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
2059 }
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
2060
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
2061 // setup dkim results signature detection
366
9fc05f3a824f allow upstream opendkim header to be wrapped
Carl Byington <carl@five-ten-sg.com>
parents: 364
diff changeset
2062 if (regcomp(&dkim_r_pattern, "\\sdkim=pass\\s*.[0-9]*-bit key.\\s*header.d=([^ ]+)\\s", REG_ICASE | REG_EXTENDED)) {
364
df45a2377632 allow upstream opendkim header to be wrapped
Carl Byington <carl@five-ten-sg.com>
parents: 358
diff changeset
2063 printf("cannot compile regex pattern to find dkim results signatures\n");
350
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
2064 exit(3);
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
2065 }
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
2066
f4ca91f49cb6 send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents: 348
diff changeset
2067 // setup dkim results signature detection
364
df45a2377632 allow upstream opendkim header to be wrapped
Carl Byington <carl@five-ten-sg.com>
parents: 358
diff changeset
2068 if (regcomp(&dkim_s_pattern, "\\sd=([^;]+);", REG_ICASE | REG_EXTENDED)) {
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
2069 printf("cannot compile regex pattern to find dkim signatures\n");
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
2070 exit(3);
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
2071 }
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
2072
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
2073 // setup from domain extraction
358
ef7479b2d64f use the last @domain in the from: header
Carl Byington <carl@five-ten-sg.com>
parents: 356
diff changeset
2074 if (regcomp(&from_pattern, ".*@([a-zA-Z0-9.-]+)", REG_ICASE | REG_EXTENDED)) {
322
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
2075 printf("cannot compile regex pattern to find dkim signatures\n");
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
2076 exit(3);
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
2077 }
9f8411f3919c add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 321
diff changeset
2078
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2079 // Process command line options
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2080 while ((c = getopt(argc, argv, args)) != -1) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2081 switch (c) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2082 case 'b':
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2083 if (optarg == NULL || *optarg == '\0') {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2084 fprintf(stderr, "Illegal dccifd socket: %s\n", optarg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2085 exit(EX_USAGE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2086 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2087 dccifd_port = strdup(optarg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2088 break;
177
a4d313c2460b start embedded dcc filtering
carl
parents: 174
diff changeset
2089
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2090 case 'r':
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2091 if (optarg == NULL || *optarg == '\0') {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2092 fprintf(stderr, "Illegal resolver socket: %s\n", optarg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2093 exit(EX_USAGE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2094 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2095 resolver_port = strdup(optarg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2096 setup_socket(resolver_port);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2097 setreso = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2098 break;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2099
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2100 case 'p':
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2101 if (optarg == NULL || *optarg == '\0') {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2102 fprintf(stderr, "Illegal sendmail socket: %s\n", optarg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2103 exit(EX_USAGE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2104 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2105 if (smfi_setconn(optarg) == MI_FAILURE) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2106 fprintf(stderr, "smfi_setconn failed\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2107 exit(EX_SOFTWARE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2108 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2109 if (strncasecmp(optarg, "unix:", 5) == 0) setup_socket(optarg + 5);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2110 else if (strncasecmp(optarg, "local:", 6) == 0) setup_socket(optarg + 6);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2111 setconn = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2112 break;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2113
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2114 case 't':
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2115 if (optarg == NULL || *optarg == '\0') {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2116 fprintf(stderr, "Illegal timeout: %s\n", optarg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2117 exit(EX_USAGE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2118 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2119 if (smfi_settimeout(atoi(optarg)) == MI_FAILURE) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2120 fprintf(stderr, "smfi_settimeout failed\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2121 exit(EX_SOFTWARE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2122 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2123 break;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2124
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2125 case 'e':
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
2126 if (email) free((void*)email);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2127 email = strdup(optarg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2128 break;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2129
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2130 case 'c':
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2131 check = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2132 break;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2133
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2134 case 's':
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2135 stress = true;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2136 break;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2137
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2138 case 'd':
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2139 if (optarg == NULL || *optarg == '\0') debug_syslog = 1;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2140 else debug_syslog = atoi(optarg);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2141 break;
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2142
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2143 case 'h':
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2144 default:
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2145 usage(argv[0]);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2146 exit(EX_USAGE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2147 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2148 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2149
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2150 if (check) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2151 use_syslog = false;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2152 debug_syslog = 10;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2153 CONFIG *conf = new_conf();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2154 if (conf) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2155 conf->dump();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2156 delete conf;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2157 clear_strings(); // for valgrind checking
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2158 return 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2159 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2160 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2161 return 1; // config failed to load
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2162 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2163 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2164
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2165 if (stress) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2166 fprintf(stdout, "stress testing\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2167 while (1) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2168 for (int i=0; i<10; i++) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2169 CONFIG *conf = new_conf();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2170 if (conf) delete conf;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2171 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2172 fprintf(stdout, ".");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2173 fflush(stdout);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2174 sleep(1);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2175 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2176 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2177
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2178 if (email) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2179 char *x = strchr(email, '|');
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2180 if (x) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2181 *x = '\0';
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
2182 const char *from = to_lower_string(email);
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
2183 const char *to = to_lower_string(x+1);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2184 use_syslog = false;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2185 CONFIG *conf = new_conf();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2186 if (conf) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2187 CONTEXTP con = conf->find_context(to);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2188 char buf[maxlen];
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2189 fprintf(stdout, "envelope to <%s> finds context %s\n", to, con->get_full_name(buf,maxlen));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2190 CONTEXTP fc = con->find_context(from);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2191 fprintf(stdout, "envelope from <%s> finds context %s\n", from, fc->get_full_name(buf,maxlen));
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
2192 const char *st = fc->find_from(from);
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2193 fprintf(stdout, "envelope from <%s> finds status %s\n", from, st);
216
784030ac71f1 Never whitelist self addressed mail. Changes for Fedora 10 and const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 214
diff changeset
2194 bool self = (strcmp(from, to) == 0);
784030ac71f1 Never whitelist self addressed mail. Changes for Fedora 10 and const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 214
diff changeset
2195 if ((st == token_white) && self) fprintf(stdout, "ignore self whitelisting\n");
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2196 delete conf;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2197 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2198 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2199 return 0;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2200 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2201
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2202 if (!setconn) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2203 fprintf(stderr, "%s: Missing required -p argument\n", argv[0]);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2204 usage(argv[0]);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2205 exit(EX_USAGE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2206 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2207
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2208 if (!setreso) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2209 fprintf(stderr, "%s: Missing required -r argument\n", argv[0]);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2210 usage(argv[0]);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2211 exit(EX_USAGE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2212 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2213
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2214 if (smfi_register(smfilter) == MI_FAILURE) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2215 fprintf(stderr, "smfi_register failed\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2216 exit(EX_UNAVAILABLE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2217 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2218
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2219 // switch to background mode
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2220 if (daemon(1,0) < 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2221 fprintf(stderr, "daemon() call failed\n");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2222 exit(EX_UNAVAILABLE);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2223 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2224
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2225 // write the pid
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2226 const char *pidpath = "/var/run/dnsbl.pid";
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2227 unlink(pidpath);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2228 FILE *f = fopen(pidpath, "w");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2229 if (f) {
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2230 #ifdef linux
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2231 // from a comment in the DCC source code:
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2232 // Linux threads are broken. Signals given the
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2233 // original process are delivered to only the
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2234 // thread that happens to have that PID. The
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2235 // sendmail libmilter thread that needs to hear
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2236 // SIGINT and other signals does not, and that breaks
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2237 // scripts that need to stop milters.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2238 // However, signaling the process group works.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2239 fprintf(f, "-%d\n", (u_int)getpgrp());
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2240 #else
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2241 fprintf(f, "%d\n", (u_int)getpid());
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2242 #endif
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2243 fclose(f);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2244 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2245
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2246 // initialize the thread sync objects
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2247 pthread_mutex_init(&config_mutex, 0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2248 pthread_mutex_init(&syslog_mutex, 0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2249 pthread_mutex_init(&resolve_mutex, 0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2250 pthread_mutex_init(&fd_pool_mutex, 0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2251 pthread_mutex_init(&verifier_mutex, 0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2252 pthread_mutex_init(&whitelister_mutex, 0);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2253
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2254 // drop root privs
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2255 struct passwd *pw = getpwnam("dnsbl");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2256 if (pw) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2257 if (setgid(pw->pw_gid) == -1) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2258 my_syslog("failed to switch to group dnsbl");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2259 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2260 if (setuid(pw->pw_uid) == -1) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2261 my_syslog("failed to switch to user dnsbl");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2262 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2263 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2264
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2265 // load the initial config
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2266 config = new_conf();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2267 if (!config) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2268 my_syslog("failed to load initial configuration, quitting");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2269 exit(1);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2270 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2271
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2272 // fork off the resolver listener process
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2273 pid_t child = fork();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2274 if (child < 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2275 my_syslog("failed to create resolver listener process");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2276 exit(0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2277 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2278 if (child == 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2279 // we are the child - dns resolver listener process
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2280 resolver_socket = socket(AF_UNIX, SOCK_STREAM, 0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2281 if (resolver_socket < 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2282 my_syslog("child failed to create resolver socket");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2283 exit(0); // failed
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2284 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2285 sockaddr_un server;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2286 memset(&server, '\0', sizeof(server));
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2287 server.sun_family = AF_UNIX;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2288 strncpy(server.sun_path, resolver_port, sizeof(server.sun_path)-1);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2289 //try to bind the address to the socket.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2290 if (bind(resolver_socket, (sockaddr *)&server, sizeof(server)) < 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2291 // bind failed
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2292 shutdown(resolver_socket, SHUT_RDWR);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2293 close(resolver_socket);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2294 my_syslog("child failed to bind resolver socket");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2295 exit(0); // failed
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2296 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2297 //listen on the socket.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2298 if (listen(resolver_socket, 10) < 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2299 // listen failed
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2300 shutdown(resolver_socket, SHUT_RDWR);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2301 close(resolver_socket);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2302 my_syslog("child failed to listen to resolver socket");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2303 exit(0); // failed
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2304 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2305 // setup sigchld handler to prevent zombies
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2306 struct sigaction act;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2307 act.sa_handler = sig_chld; // Assign sig_chld as our SIGCHLD handler
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2308 sigemptyset(&act.sa_mask); // We don't want to block any other signals in this example
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2309 act.sa_flags = SA_NOCLDSTOP; // only want children that have terminated
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2310 if (sigaction(SIGCHLD, &act, NULL) < 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2311 my_syslog("child failed to setup SIGCHLD handler");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2312 exit(0); // failed
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2313 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2314 while (true) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2315 sockaddr_un client;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2316 socklen_t clientlen = sizeof(client);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2317 int s = accept(resolver_socket, (sockaddr *)&client, &clientlen);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2318 if (s > 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2319 // accept worked, it did not get cancelled before we could accept it
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2320 // fork off a process to handle this connection
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2321 int newchild = fork();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2322 if (newchild == 0) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2323 // this is the worker process
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2324 // child does not need the listening socket
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2325 close(resolver_socket);
220
495cfe5caead try to allow mixed -lresolv and libresolv.a for ns_parserr
Carl Byington <carl@five-ten-sg.com>
parents: 216
diff changeset
2326 #ifdef NS_PACKETSZ
495cfe5caead try to allow mixed -lresolv and libresolv.a for ns_parserr
Carl Byington <carl@five-ten-sg.com>
parents: 216
diff changeset
2327 res_init();
495cfe5caead try to allow mixed -lresolv and libresolv.a for ns_parserr
Carl Byington <carl@five-ten-sg.com>
parents: 216
diff changeset
2328 _res.retry = 2;
495cfe5caead try to allow mixed -lresolv and libresolv.a for ns_parserr
Carl Byington <carl@five-ten-sg.com>
parents: 216
diff changeset
2329 _res.retrans = RES_TIMEOUT;
393
dffedbdc8566 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 390
diff changeset
2330 #ifdef RES_USE_EDNS0
389
aa9795b407e8 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 388
diff changeset
2331 _res.options |= RES_USE_EDNS0;
220
495cfe5caead try to allow mixed -lresolv and libresolv.a for ns_parserr
Carl Byington <carl@five-ten-sg.com>
parents: 216
diff changeset
2332 #endif
393
dffedbdc8566 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 390
diff changeset
2333 #endif
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2334 process_resolver_requests(s);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2335 exit(0);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2336 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2337 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2338 // this is the parent
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2339 // parent does not need the accepted socket
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2340 close(s);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2341 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2342 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2343 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2344 exit(0); // make sure we don't fall thru.
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2345 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2346 else {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2347 sleep(2); // allow child to get started
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2348 }
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2349
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2350 // only create threads after the fork() in daemon
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2351 pthread_t tid;
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2352 if (pthread_create(&tid, 0, config_loader, 0))
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2353 my_syslog("failed to create config loader thread");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2354 if (pthread_detach(tid))
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2355 my_syslog("failed to detach config loader thread");
153
8d7c439bb6fa add auto whitelisting
carl
parents: 152
diff changeset
2356
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2357 if (pthread_create(&tid, 0, verify_closer, 0))
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2358 my_syslog("failed to create verify closer thread");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2359 if (pthread_detach(tid))
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2360 my_syslog("failed to detach verify closer thread");
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2361
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2362 if (pthread_create(&tid, 0, whitelister_writer, 0))
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2363 my_syslog("failed to create autowhite writer thread");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2364 if (pthread_detach(tid))
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2365 my_syslog("failed to detach autowhite writer thread");
153
8d7c439bb6fa add auto whitelisting
carl
parents: 152
diff changeset
2366
192
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2367 time_t starting = time(NULL);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2368 int rc = smfi_main();
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2369 if ((rc != MI_SUCCESS) && (time(NULL) > starting+5*60)) {
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2370 my_syslog("trying to restart after smfi_main()");
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2371 loader_run = false; // eventually the config loader thread will terminate
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2372 execvp(argv[0], argv);
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2373 }
8f4a9a37d4d9 delay autowhitelisting to avoid out of office reply bots
carl
parents: 191
diff changeset
2374 exit((rc == MI_SUCCESS) ? 0 : EX_UNAVAILABLE);
94
e107ade3b1c0 fix dos line terminators
carl
parents: 92
diff changeset
2375 }