Mercurial > dnsbl
annotate src/dnsbl.cpp @ 470:cef0da2a3b32
Added tag stable-6-0-77 for changeset 0370916c7626
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Wed, 16 Dec 2020 11:25:19 -0800 |
parents | f5b394bec28c |
children | 5209e92b4885 |
rev | line source |
---|---|
94 | 1 /* |
2 | |
270
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
3 Copyright (c) 2013 Carl Byington - 510 Software Group, released under |
152 | 4 the GPL version 3 or any later version at your choice available at |
5 http://www.gnu.org/licenses/gpl-3.0.txt | |
94 | 6 |
7 Based on a sample milter Copyright (c) 2000-2003 Sendmail, Inc. and its | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
8 suppliers. Inspired by the DCC by Rhyolite Software |
94 | 9 |
177 | 10 -b port The port used to talk to the dcc interface daemon |
94 | 11 -r port The port used to talk to our internal dns resolver processes |
12 -p port The port through which the MTA will connect to this milter. | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
13 -t sec The timeout value. |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
14 -c Check the config, and print a copy to stdout. Don't start the |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
15 milter or do anything with the socket. |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
16 -s Stress test by loading and deleting the current config in a loop. |
163 | 17 -d level set the debug level |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
18 -e f|t Print the results of looking up from address f and to address |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
19 t in the current config |
94 | 20 |
21 */ | |
22 | |
23 | |
24 // from sendmail sample | |
25 #include <sys/types.h> | |
26 #include <sys/stat.h> | |
27 #include <errno.h> | |
28 #include <sysexits.h> | |
29 #include <unistd.h> | |
30 | |
31 // needed for socket io | |
32 #include <sys/ioctl.h> | |
33 #include <net/if.h> | |
34 #include <arpa/inet.h> | |
35 #include <netinet/in.h> | |
36 #include <netinet/tcp.h> | |
37 #include <netdb.h> | |
38 #include <sys/socket.h> | |
39 #include <sys/un.h> | |
40 | |
41 // needed for thread | |
42 #include <pthread.h> | |
43 | |
44 // needed for std c++ collections | |
45 #include <set> | |
46 #include <map> | |
47 #include <list> | |
48 | |
49 // for the dns resolver | |
50 #include <netinet/in.h> | |
51 #include <resolv.h> | |
52 | |
53 // misc stuff needed here | |
54 #include <ctype.h> | |
55 #include <syslog.h> | |
56 #include <pwd.h> | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
57 #include <sys/wait.h> /* header for waitpid() and various macros */ |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
58 #include <signal.h> /* header for signal functions */ |
94 | 59 |
60 #include "includes.h" | |
61 | |
211
4db1457cd11a
Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents:
203
diff
changeset
|
62 #ifndef HAVE_DAEMON |
4db1457cd11a
Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents:
203
diff
changeset
|
63 #include "daemon.h" |
4db1457cd11a
Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents:
203
diff
changeset
|
64 #include "daemon.c" |
4db1457cd11a
Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents:
203
diff
changeset
|
65 #endif |
94 | 66 |
227
3fee608becbc
Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents:
225
diff
changeset
|
67 #ifndef HAVE_MEMRCHR |
3fee608becbc
Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents:
225
diff
changeset
|
68 void *memrchr(const void *a, int c, size_t len); |
3fee608becbc
Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents:
225
diff
changeset
|
69 void *memrchr(const void *a, int c, size_t len) { |
3fee608becbc
Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents:
225
diff
changeset
|
70 const unsigned char *p = (const unsigned char *)a; |
3fee608becbc
Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents:
225
diff
changeset
|
71 for (p += len-1; (const void *)p >= a; p--) |
3fee608becbc
Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents:
225
diff
changeset
|
72 if (*p == c) |
3fee608becbc
Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents:
225
diff
changeset
|
73 return (void *)p; |
3fee608becbc
Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents:
225
diff
changeset
|
74 return (void *)0; |
3fee608becbc
Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents:
225
diff
changeset
|
75 } |
3fee608becbc
Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents:
225
diff
changeset
|
76 #endif |
3fee608becbc
Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents:
225
diff
changeset
|
77 |
94 | 78 extern "C" { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
79 sfsistat mlfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
80 sfsistat mlfi_helo(SMFICTX * ctx, char *helohost); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
81 sfsistat mlfi_envfrom(SMFICTX *ctx, char **argv); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
82 sfsistat mlfi_envrcpt(SMFICTX *ctx, char **argv); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
83 sfsistat mlfi_header(SMFICTX* ctx, char* headerf, char* headerv); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
84 sfsistat mlfi_body(SMFICTX *ctx, u_char *data, size_t len); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
85 sfsistat mlfi_eom(SMFICTX *ctx); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
86 sfsistat mlfi_abort(SMFICTX *ctx); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
87 sfsistat mlfi_close(SMFICTX *ctx); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
88 void sig_chld(int signo); |
94 | 89 } |
90 | |
91 int debug_syslog = 0; | |
92 bool syslog_opened = false; | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
93 bool use_syslog = true; // false to printf |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
94 bool loader_run = true; // used to stop the config loader thread |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
95 CONFIG *config = NULL; // protected by the config_mutex |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
96 int generation = 0; // protected by the config_mutex |
432
4ffa356316d5
allow syslogging of long txt records
Carl Byington <carl@five-ten-sg.com>
parents:
430
diff
changeset
|
97 const int maxlen = maxdnslength; // used for snprintf buffers |
235
e6c66640f6f9
Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
233
diff
changeset
|
98 regex_t srs_pattern; // used to detect srs coding in mail addresses |
246
8b0f16abee53
Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
244
diff
changeset
|
99 regex_t prvs_pattern; // used to detect prvs coding in mail addresses |
350
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
100 regex_t dkim_r_pattern; // used to detect dkim signatures authenticated by the upstream opendkim milter |
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
101 regex_t dkim_s_pattern; // used to detect dkim signatures generated by the upstream opendkim milter |
322
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
102 regex_t from_pattern; // used to extract the senders mail domain from the body from: header |
94 | 103 |
104 pthread_mutex_t config_mutex; | |
105 pthread_mutex_t syslog_mutex; | |
106 pthread_mutex_t resolve_mutex; | |
107 pthread_mutex_t fd_pool_mutex; | |
136 | 108 pthread_mutex_t rate_mutex; |
94 | 109 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
110 std::set<int> fd_pool; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
111 int NULL_SOCKET = -1; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
112 const time_t ERROR_SOCKET_TIME = 60; // number of seconds between attempts to open a socket to the dns resolver process |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
113 const char *resolver_port = NULL; // unix domain socket to talk to the dns resolver process |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
114 int resolver_socket = NULL_SOCKET; // socket used to listen for resolver requests |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
115 const char *dccifd_port = NULL; // unix domain socket to talk to the dcc interface daemon |
248
b0738685bf51
latest tld list; fix uninitialized variable
Carl Byington <carl@five-ten-sg.com>
parents:
246
diff
changeset
|
116 time_t last_error_time = 0; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
117 int resolver_sock_count = 0; // protected with fd_pool_mutex |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
118 int resolver_pool_size = 0; // protected with fd_pool_mutex |
278
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
119 rates rcpt_hourly_counts; // protected with rate_mutex |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
120 rates rcpt_daily_counts; // protected with rate_mutex |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
121 auth_addresses auth_hourly_addresses; // protected with rate_mutex |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
122 auth_addresses auth_daily_addresses; // protected with rate_mutex |
94 | 123 |
124 | |
125 | |
126 ns_map::~ns_map() { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
127 for (string_map::iterator i=ns_host.begin(); i!=ns_host.end(); i++) { |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
128 const char *x = (*i).first; |
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
129 const char *y = (*i).second; |
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
130 free((void*)x); |
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
131 free((void*)y); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
132 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
133 ns_ip.clear(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
134 ns_host.clear(); |
94 | 135 } |
136 | |
137 | |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
138 void ns_map::add(const char *name, const char *refer) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
139 string_map::iterator i = ns_host.find(name); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
140 if (i != ns_host.end()) return; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
141 char *x = strdup(name); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
142 char *y = strdup(refer); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
143 ns_ip[x] = 0; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
144 ns_host[x] = y; |
94 | 145 |
146 } | |
147 | |
148 // packed structure to allow a single socket write to dump the | |
149 // length and the following answer. The packing attribute is gcc specific. | |
150 struct glommer { | |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
151 size_t length; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
152 #ifdef NS_PACKETSZ |
428
6f2db3d19a34
allow 4000 byte spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
425
diff
changeset
|
153 u_char answer[maxdnslength]; // with a resolver, we return resolver answers |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
154 #else |
252
836b7f2357f9
need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents:
249
diff
changeset
|
155 uint32_t answer; // without a resolver, we return a single ipv4 address in network byte order, 0 == no answer |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
156 #endif |
94 | 157 } __attribute__ ((packed)); |
158 | |
159 | |
160 //////////////////////////////////////////////// | |
136 | 161 // helper to manipulate recipient counts |
162 // | |
255
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
163 void incr_rcpt_count(const char *user, int &hourly, int &daily); |
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
164 void incr_rcpt_count(const char *user, int &hourly, int &daily) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
165 pthread_mutex_lock(&rate_mutex); |
278
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
166 rates::iterator i = rcpt_hourly_counts.find(user); |
255
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
167 hourly = 1; |
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
168 if (i == rcpt_hourly_counts.end()) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
169 user = strdup(user); |
255
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
170 rcpt_hourly_counts[user] = hourly; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
171 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
172 else { |
255
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
173 hourly = ++((*i).second); |
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
174 } |
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
175 |
278
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
176 rates::iterator j = rcpt_daily_counts.find(user); |
255
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
177 daily = 1; |
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
178 if (j == rcpt_daily_counts.end()) { |
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
179 user = strdup(user); |
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
180 rcpt_daily_counts[user] = daily; |
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
181 } |
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
182 else { |
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
183 daily = ++((*j).second); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
184 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
185 pthread_mutex_unlock(&rate_mutex); |
136 | 186 } |
187 | |
278
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
188 |
382
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
189 void add_auth_address(const char *user, int &hourly, int &daily, uint32_t ip); |
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
190 void add_auth_address(const char *user, int &hourly, int &daily, uint32_t ip) { |
278
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
191 pthread_mutex_lock(&rate_mutex); |
280
2b77295fb9a7
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
278
diff
changeset
|
192 auth_addresses::iterator i = auth_hourly_addresses.find(user); |
2b77295fb9a7
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
278
diff
changeset
|
193 if (i == auth_hourly_addresses.end()) { |
2b77295fb9a7
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
278
diff
changeset
|
194 user = strdup(user); |
382
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
195 auth_hourly_addresses[user] = new uint32_t_set; |
278
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
196 auth_hourly_addresses[user]->insert(ip); |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
197 hourly = 1; |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
198 } |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
199 else { |
382
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
200 uint32_t_set::iterator k = ((*i).second)->find(ip); |
280
2b77295fb9a7
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
278
diff
changeset
|
201 if (k == ((*i).second)->end()) ((*i).second)->insert(ip); |
2b77295fb9a7
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
278
diff
changeset
|
202 hourly = ((*i).second)->size(); |
278
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
203 } |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
204 |
280
2b77295fb9a7
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
278
diff
changeset
|
205 auth_addresses::iterator j = auth_daily_addresses.find(user); |
2b77295fb9a7
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
278
diff
changeset
|
206 if (j == auth_daily_addresses.end()) { |
2b77295fb9a7
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
278
diff
changeset
|
207 user = strdup(user); |
382
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
208 auth_daily_addresses[user] = new uint32_t_set; |
278
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
209 auth_daily_addresses[user]->insert(ip); |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
210 daily = 1; |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
211 } |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
212 else { |
382
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
213 uint32_t_set::iterator k = ((*j).second)->find(ip); |
280
2b77295fb9a7
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
278
diff
changeset
|
214 if (k == ((*j).second)->end()) ((*j).second)->insert(ip); |
2b77295fb9a7
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
278
diff
changeset
|
215 daily = ((*j).second)->size(); |
278
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
216 } |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
217 pthread_mutex_unlock(&rate_mutex); |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
218 } |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
219 |
136 | 220 //////////////////////////////////////////////// |
94 | 221 // helper to discard the strings held by a context_map |
222 // | |
223 void discard(context_map &cm); | |
224 void discard(context_map &cm) { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
225 for (context_map::iterator i=cm.begin(); i!=cm.end(); i++) { |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
226 const char *x = (*i).first; |
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
227 free((void*)x); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
228 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
229 cm.clear(); |
94 | 230 } |
231 | |
232 | |
233 //////////////////////////////////////////////// | |
234 // helper to register a string in a context_map | |
235 // | |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
236 void register_string(context_map &cm, const char *name, CONTEXT *con); |
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
237 void register_string(context_map &cm, const char *name, CONTEXT *con) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
238 context_map::iterator i = cm.find(name); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
239 if (i != cm.end()) return; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
240 char *x = strdup(name); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
241 cm[x] = con; |
94 | 242 } |
243 | |
244 | |
245 //////////////////////////////////////////////// | |
246 // disconnect the fd from the dns resolver process | |
247 // | |
248 void my_disconnect(int sock, bool decrement = true); | |
249 void my_disconnect(int sock, bool decrement) { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
250 if (sock != NULL_SOCKET) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
251 if (decrement) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
252 pthread_mutex_lock(&fd_pool_mutex); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
253 resolver_sock_count--; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
254 pthread_mutex_unlock(&fd_pool_mutex); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
255 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
256 shutdown(sock, SHUT_RDWR); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
257 close(sock); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
258 } |
94 | 259 } |
260 | |
261 | |
262 //////////////////////////////////////////////// | |
263 // return fd connected to the dns resolver process | |
264 // | |
265 int my_connect(); | |
266 int my_connect() { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
267 // if we have had recent errors, don't even try to open the socket |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
268 if ((time(NULL) - last_error_time) < ERROR_SOCKET_TIME) return NULL_SOCKET; |
94 | 269 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
270 // nothing recent, maybe this time it will work |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
271 int sock = NULL_SOCKET; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
272 sockaddr_un server; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
273 memset(&server, '\0', sizeof(server)); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
274 server.sun_family = AF_UNIX; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
275 strncpy(server.sun_path, resolver_port, sizeof(server.sun_path)-1); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
276 sock = socket(AF_UNIX, SOCK_STREAM, 0); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
277 if (sock != NULL_SOCKET) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
278 bool rc = (connect(sock, (sockaddr *)&server, sizeof(server)) == 0); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
279 if (!rc) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
280 my_disconnect(sock, false); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
281 sock = NULL_SOCKET; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
282 last_error_time = time(NULL); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
283 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
284 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
285 else last_error_time = time(NULL); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
286 if (sock != NULL_SOCKET) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
287 pthread_mutex_lock(&fd_pool_mutex); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
288 resolver_sock_count++; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
289 pthread_mutex_unlock(&fd_pool_mutex); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
290 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
291 return sock; |
94 | 292 } |
293 | |
294 | |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
295 //////////////////////////////////////////////// |
381
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
296 // Ask a dns question and get an A record answer in network byte order. |
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
297 // We don't try very hard, just using the default resolver retry settings. |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
298 // If we cannot get an answer, we just accept the mail. |
414
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
299 // If the qtype is ns_t_txt, the answer is placed in my_answer which |
381
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
300 // must be non-null, and the return value can be ignored. |
414
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
301 // A null string is returned in my_answer in the case of errors. |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
302 // If the qtype is ns_t_a, one of the ip addresses is returned in network byte order, |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
303 // and if my_answer is non-null, all the ip addresses are returned in |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
304 // my_answer (in network byte order), prepended with the count. |
382
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
305 // IP address 0 is returned in case of errors. |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
306 // |
414
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
307 uint32_t dns_interface(mlfiPriv &priv, const char *question, int qtype, bool maybe_ip, ns_map *nameservers, char *my_answer, size_t my_size) { |
419
91f2a127ec69
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
415
diff
changeset
|
308 // return null string if there are no txt answers |
91f2a127ec69
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
415
diff
changeset
|
309 // return zero count if there are no a answers |
91f2a127ec69
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
415
diff
changeset
|
310 if (my_answer && my_size) memset(my_answer, 0, my_size); |
382
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
311 |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
312 // tell sendmail we are still working |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
313 #if _FFR_SMFI_PROGRESS |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
314 if (priv.eom) smfi_progress(priv.ctx); |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
315 #endif |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
316 |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
317 // this part can be done without locking the resolver mutex. Each |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
318 // milter thread is talking over its own socket to a separate resolver |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
319 // process, which does the actual dns resolution. |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
320 if (priv.err) return 0; // cannot ask more questions on this socket. |
381
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
321 if (maybe_ip && (qtype == ns_t_a)) { |
409
e018ed19a1cc
require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents:
402
diff
changeset
|
322 int c = 0; |
410
6b03435868cb
require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents:
409
diff
changeset
|
323 const char* q = question; |
409
e018ed19a1cc
require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents:
402
diff
changeset
|
324 while (*q) { |
e018ed19a1cc
require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents:
402
diff
changeset
|
325 if (*q == '.') c++; |
e018ed19a1cc
require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents:
402
diff
changeset
|
326 q++; |
e018ed19a1cc
require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents:
402
diff
changeset
|
327 } |
e018ed19a1cc
require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents:
402
diff
changeset
|
328 // might be a bare IPv4 address, try this first to avoid dns lookups that may not be needed |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
329 in_addr ip; |
409
e018ed19a1cc
require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents:
402
diff
changeset
|
330 if ((c == 3) && inet_aton(question, &ip)) { |
252
836b7f2357f9
need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents:
249
diff
changeset
|
331 return ip.s_addr; |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
332 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
333 } |
381
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
334 int8_t qt = qtype; |
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
335 priv.my_write((const char *)&qt, 1);// write the query type |
328
b4f766947202
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
327
diff
changeset
|
336 size_t n = strlen(question); |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
337 if (question[n-1] == '.') { |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
338 priv.my_write(question, n+1); // write the question including the null terminator |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
339 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
340 else { |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
341 priv.my_write(question, n); // write the question |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
342 priv.my_write(".", 2); // and the fully qualified . terminator and null string terminator |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
343 } |
381
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
344 |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
345 glommer glom; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
346 char *buf = (char *)&glom; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
347 priv.my_read(buf, sizeof(glom.length)); |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
348 buf += sizeof(glom.length); |
390
bcef093b1ba6
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
389
diff
changeset
|
349 #ifdef RESOLVER_DEBUG |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
350 char text[1000]; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
351 snprintf(text, sizeof(text), "dns_interface() wrote question %s and has answer length %d", question, glom.length); |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
352 my_syslog(text); |
390
bcef093b1ba6
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
389
diff
changeset
|
353 #endif |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
354 if (glom.length == 0) return 0; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
355 if (glom.length > sizeof(glom.answer)) { |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
356 priv.err = true; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
357 return 0; // cannot process overlarge answers |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
358 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
359 priv.my_read(buf, glom.length); |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
360 |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
361 #ifdef NS_PACKETSZ |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
362 // now we need to lock the resolver mutex to keep the milter threads from |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
363 // stepping on each other while parsing the dns answer. |
252
836b7f2357f9
need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents:
249
diff
changeset
|
364 uint32_t ret_address = 0; |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
365 pthread_mutex_lock(&resolve_mutex); |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
366 // parse the answer |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
367 ns_msg handle; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
368 ns_rr rr; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
369 if (ns_initparse(glom.answer, glom.length, &handle) == 0) { |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
370 // look for ns names |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
371 if (nameservers) { |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
372 ns_map &ns = *nameservers; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
373 int rrnum = 0; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
374 while (ns_parserr(&handle, ns_s_ns, rrnum++, &rr) == 0) { |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
375 if (ns_rr_type(rr) == ns_t_ns) { |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
376 char nam[NS_MAXDNAME+1]; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
377 char *n = nam; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
378 const u_char *p = ns_rr_rdata(rr); |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
379 while (((n-nam) < NS_MAXDNAME) && ((size_t)(p-glom.answer) < glom.length) && *p) { |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
380 size_t s = *(p++); |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
381 if (s > 191) { |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
382 // compression pointer |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
383 s = (s-192)*256 + *(p++); |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
384 if (s >= glom.length) break; // pointer outside bounds of answer |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
385 p = glom.answer + s; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
386 s = *(p++); |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
387 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
388 if (s > 0) { |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
389 if ((size_t)(n-nam) >= (NS_MAXDNAME-s)) break; // destination would overflow name buffer |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
390 if ((size_t)(p-glom.answer) >= (glom.length-s)) break; // source outside bounds of answer |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
391 memcpy(n, p, s); |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
392 n += s; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
393 p += s; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
394 *(n++) = '.'; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
395 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
396 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
397 if (n-nam) n--; // remove trailing . |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
398 *n = '\0'; // null terminate it |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
399 ns.add(nam, question); // ns host to lookup later |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
400 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
401 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
402 rrnum = 0; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
403 while (ns_parserr(&handle, ns_s_ar, rrnum++, &rr) == 0) { |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
404 if (ns_rr_type(rr) == ns_t_a) { |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
405 char* nam = (char*)ns_rr_name(rr); |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
406 ns_mapper::iterator i = ns.ns_ip.find(nam); |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
407 if (i != ns.ns_ip.end()) { |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
408 // we want this ip address |
252
836b7f2357f9
need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents:
249
diff
changeset
|
409 uint32_t address; |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
410 memcpy(&address, ns_rr_rdata(rr), sizeof(address)); |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
411 ns.ns_ip[nam] = address; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
412 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
413 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
414 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
415 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
416 int rrnum = 0; |
381
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
417 if (qtype == ns_t_a) { |
414
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
418 uint32_t *ans = (uint32_t *)my_answer; |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
419 size_t c = 0; |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
420 size_t m = my_size/4; // 1 + max ipv4 addresses that will fit in the answer buffer |
381
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
421 while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) { |
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
422 if (ns_rr_type(rr) == qtype) { |
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
423 uint32_t address; |
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
424 memcpy(&address, ns_rr_rdata(rr), sizeof(address)); |
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
425 ret_address = address; |
414
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
426 if (ans && (c < m-1)) { |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
427 c++; |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
428 ans[c] = address; |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
429 } |
381
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
430 } |
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
431 } |
414
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
432 if (ans && (c < m)) ans[0] = c; |
381
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
433 } |
414
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
434 if ((qtype == ns_t_mx) && (my_answer) && (my_size > 1)) { |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
435 uint32_t c = 0; |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
436 while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) { |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
437 if (ns_rr_type(rr) == qtype) { |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
438 char exchange[NS_MAXDNAME]; |
415
16451edcb962
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
414
diff
changeset
|
439 //size_t rdlen = ns_rr_rdlen(rr); |
16451edcb962
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
414
diff
changeset
|
440 //const uint16_t pri = ns_get16(rdata); |
414
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
441 const unsigned char *rdata = ns_rr_rdata(rr); |
419
91f2a127ec69
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
415
diff
changeset
|
442 int len = dn_expand(ns_msg_base(handle), ns_msg_base(handle) + ns_msg_size(handle), rdata + NS_INT16SZ, exchange, sizeof(exchange)); |
91f2a127ec69
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
415
diff
changeset
|
443 if (len > 0) { // no error |
91f2a127ec69
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
415
diff
changeset
|
444 len = strlen(exchange) + 1; |
91f2a127ec69
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
415
diff
changeset
|
445 if (my_size >= (uint32_t)len+1) { |
91f2a127ec69
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
415
diff
changeset
|
446 strcpy(my_answer, exchange); |
91f2a127ec69
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
415
diff
changeset
|
447 my_answer += len; |
91f2a127ec69
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
415
diff
changeset
|
448 my_size -= len; |
91f2a127ec69
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
415
diff
changeset
|
449 c++; |
91f2a127ec69
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
415
diff
changeset
|
450 } |
414
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
451 } |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
452 } |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
453 } |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
454 *my_answer = '\0'; // final trailing null |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
455 ret_address = htonl(c); |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
456 } |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
457 if ((qtype == ns_t_txt) && (my_answer) && (my_size > 7)) { |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
458 my_answer[0] = '\0'; // return null string if there are no txt answers |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
459 my_size--; // allow room for terminating null; |
381
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
460 while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) { |
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
461 if (ns_rr_type(rr) == qtype) { |
384
7b7066a51c33
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
382
diff
changeset
|
462 size_t offset = 0; |
381
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
463 size_t rdlen = ns_rr_rdlen(rr); |
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
464 const unsigned char *rdata = ns_rr_rdata(rr); |
390
bcef093b1ba6
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
389
diff
changeset
|
465 #ifdef RESOLVER_DEBUG |
385
be7355b47051
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
384
diff
changeset
|
466 char text[1000]; |
be7355b47051
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
384
diff
changeset
|
467 snprintf(text, sizeof(text), "found txt record rdlen = %d", rdlen); |
be7355b47051
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
384
diff
changeset
|
468 my_syslog(text); |
390
bcef093b1ba6
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
389
diff
changeset
|
469 #endif |
414
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
470 while ((offset < my_size) && rdlen) { |
381
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
471 size_t slen = size_t(*(rdata++)); |
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
472 rdlen--; |
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
473 size_t m = min(slen, rdlen); |
414
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
474 m = min(m, my_size-offset); |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
475 memcpy(my_answer+offset, rdata, m); |
381
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
476 offset += m; |
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
477 rdata += m; |
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
478 rdlen -= m; |
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
479 } |
414
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
480 my_answer[offset] = '\0'; // trailing null |
390
bcef093b1ba6
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
389
diff
changeset
|
481 #ifdef RESOLVER_DEBUG |
414
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
482 snprintf(text, sizeof(text), "found txt record %s", my_answer); |
385
be7355b47051
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
384
diff
changeset
|
483 my_syslog(text); |
390
bcef093b1ba6
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
389
diff
changeset
|
484 #endif |
414
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
485 if (strncasecmp(my_answer, "v=spf1 ", 7) == 0) break; |
381
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
486 } |
382
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
487 } |
414
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
488 if (strncasecmp(my_answer, "v=spf1 ", 7) != 0) { |
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
410
diff
changeset
|
489 my_answer[0] = '\0'; // return null string if there are no spf1 txt answers |
390
bcef093b1ba6
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
389
diff
changeset
|
490 } |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
491 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
492 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
493 pthread_mutex_unlock(&resolve_mutex); |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
494 #ifdef RESOLVER_DEBUG |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
495 snprintf(text, sizeof(text), "dns_interface() found ip %d", ret_address); |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
496 my_syslog(text); |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
497 #endif |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
498 return ret_address; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
499 #else |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
500 return glom.answer; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
501 #endif |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
502 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
503 |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
504 |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
505 //////////////////////////////////////////////// |
270
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
506 // lookup a hostname on the uribl |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
507 // |
270
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
508 // if we find hostname on the uribl, return true and point found to hostname |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
509 // as a string registered in hosts. |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
510 // otherwise, return false and preserve the value of found. |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
511 // |
270
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
512 bool uriblookup(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) ; |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
513 bool uriblookup(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) { |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
514 char buf[maxlen]; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
515 snprintf(buf, sizeof(buf), "%s.%s.", hostname, priv.uribl_suffix); |
381
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
516 uint32_t ip = ntohl(dns_interface(priv, buf, ns_t_a)); |
270
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
517 if (ip and (ip != 0x7f000000)) { |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
518 if (debug_syslog > 2) { |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
519 char tmp[maxlen]; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
520 snprintf(tmp, sizeof(tmp), "found %s on %s", hostname, priv.uribl_suffix); |
451
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
521 my_syslog(&priv, tmp); |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
522 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
523 found = register_string(hosts, hostname); |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
524 return true; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
525 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
526 return false; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
527 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
528 |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
529 |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
530 //////////////////////////////////////////////// |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
531 // uribl checker |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
532 // ------------- |
270
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
533 // hostname MUST not have a trailing dot. Find the tld part of |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
534 // the hostname, and add one more level. If that is listed on |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
535 // the uribl, return true and point found to the part of the |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
536 // hostname that we found as a string registered in hosts. |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
537 // Otherwise, return false and preserve the value of found. |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
538 // |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
539 bool check_uribl(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) ; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
540 bool check_uribl(mlfiPriv &priv, string_set &hosts, const char *hostname, const char *&found) { |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
541 in_addr ip; |
270
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
542 if (inet_aton(hostname, &ip)) return false; // don't check ip addresses in uribls |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
543 const char* components[maxlen]; |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
544 int n = 0; // number of components in the hostname |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
545 while (n < maxlen) { |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
546 components[n++] = hostname; |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
547 const char *c = strchr(hostname, '.'); |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
548 if (!c) break; |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
549 hostname = c+1; |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
550 } |
270
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
551 string_set *tlds = priv.memory->get_tlds(); |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
552 string_set *tldwilds = priv.memory->get_tldwilds(); |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
553 string_set *tldnots = priv.memory->get_tldnots(); |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
554 string_set::iterator xtlds = tlds->end(); |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
555 string_set::iterator xtldwilds = tldwilds->end(); |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
556 string_set::iterator xtldnots = tldnots->end(); |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
557 for (int i=max(0,n-4); i<n; i++) { |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
558 const char* name = components[i]; |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
559 bool rc = false; |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
560 string_set::iterator tt = tldnots->find(name); |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
561 if (tt != xtldnots) { |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
562 rc = true; |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
563 } |
270
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
564 else { |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
565 tt = tldwilds->find(name); |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
566 if (tt != xtldwilds) { |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
567 if (i > 1) { |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
568 rc = true; |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
569 name = components[i-2]; |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
570 } |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
571 else return false; |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
572 } |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
573 else { |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
574 tt = tlds->find(name); |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
575 if (tt != xtlds) { |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
576 if (i > 0) { |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
577 rc = true; |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
578 name = components[i-1]; |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
579 } |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
580 else return false; |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
581 } |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
582 } |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
583 } |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
584 if (rc) { |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
585 return uriblookup(priv, hosts, name, found); |
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
586 } |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
587 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
588 return false; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
589 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
590 |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
591 |
94 | 592 mlfiPriv::mlfiPriv() { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
593 pthread_mutex_lock(&config_mutex); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
594 pc = config; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
595 pc->reference_count++; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
596 pthread_mutex_unlock(&config_mutex); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
597 get_fd(); |
230
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
598 ctx = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
599 eom = false; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
600 ip = 0; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
601 helo = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
602 mailaddr = NULL; |
350
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
603 origaddr = NULL; |
321
e172dc10fe24
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
311
diff
changeset
|
604 fromaddr = NULL; |
e172dc10fe24
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
311
diff
changeset
|
605 header_count = 0; |
322
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
606 dkim_ok = true; |
230
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
607 queueid = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
608 authenticated = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
609 client_name = NULL; |
257
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
610 client_dns_name = NULL; |
268
f941563c2a95
Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents:
266
diff
changeset
|
611 client_dns_forged = false; |
238
7b818a4e21a4
produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents:
236
diff
changeset
|
612 host_uribl = NULL; |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
613 helo_uribl = false; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
614 client_uribl = false; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
615 from_uribl = false; |
230
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
616 have_whites = false; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
617 only_whites = true; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
618 want_spamassassin = false; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
619 want_dccgrey = false; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
620 want_dccbulk = false; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
621 allow_autowhitelisting = true; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
622 content_context = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
623 memory = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
624 scanner = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
625 content_suffix = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
626 content_message = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
627 uribl_suffix = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
628 uribl_message = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
629 content_host_ignore = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
630 assassin = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
631 dccifd = NULL; |
94 | 632 } |
633 | |
634 mlfiPriv::~mlfiPriv() { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
635 return_fd(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
636 pthread_mutex_lock(&config_mutex); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
637 pc->reference_count--; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
638 bool last = (!pc->reference_count) && (pc != config); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
639 pthread_mutex_unlock(&config_mutex); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
640 if (last) delete pc; // free this config, since we were the last reference to it |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
641 if (helo) free((void*)helo); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
642 reset(true); |
94 | 643 } |
644 | |
645 void mlfiPriv::reset(bool final) { | |
194
688ec12a3c0c
delay autowhitelisting to avoid out of office reply bots
carl
parents:
193
diff
changeset
|
646 while (!delayer.empty()) { |
231
4d6bd04d93fa
Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents:
230
diff
changeset
|
647 DELAYWHITEP dwp = delayer.front(); |
4d6bd04d93fa
Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents:
230
diff
changeset
|
648 const char *loto = dwp->get_loto(); |
4d6bd04d93fa
Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents:
230
diff
changeset
|
649 if (loto) free((void*)loto); |
193
3ea79ef741a0
delay autowhitelisting to avoid out of office reply bots
carl
parents:
192
diff
changeset
|
650 delete dwp; |
3ea79ef741a0
delay autowhitelisting to avoid out of office reply bots
carl
parents:
192
diff
changeset
|
651 delayer.pop_front(); |
3ea79ef741a0
delay autowhitelisting to avoid out of office reply bots
carl
parents:
192
diff
changeset
|
652 } |
257
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
653 if (mailaddr) free((void*)mailaddr); |
350
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
654 if (origaddr) free((void*)origaddr); |
321
e172dc10fe24
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
311
diff
changeset
|
655 if (fromaddr) free((void*)fromaddr); |
257
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
656 if (queueid) free((void*)queueid); |
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
657 if (authenticated) free((void*)authenticated); |
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
658 if (client_name) free((void*)client_name); |
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
659 if (client_dns_name) free((void*)client_dns_name); |
326
5e4b5540c8cc
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
325
diff
changeset
|
660 discard(dkim_signers); |
238
7b818a4e21a4
produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents:
236
diff
changeset
|
661 discard(hosts_uribl); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
662 delayer.clear(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
663 discard(env_to); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
664 if (memory) delete memory; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
665 if (scanner) delete scanner; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
666 if (assassin) delete assassin; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
667 if (dccifd) delete dccifd; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
668 if (!final) { |
230
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
669 ctx = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
670 eom = false; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
671 mailaddr = NULL; |
350
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
672 origaddr = NULL; |
321
e172dc10fe24
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
311
diff
changeset
|
673 fromaddr = NULL; |
e172dc10fe24
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
311
diff
changeset
|
674 header_count = 0; |
322
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
675 dkim_ok = true; |
230
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
676 queueid = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
677 authenticated = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
678 client_name = NULL; |
257
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
679 client_dns_name = NULL; |
238
7b818a4e21a4
produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents:
236
diff
changeset
|
680 host_uribl = NULL; |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
681 helo_uribl = false; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
682 client_uribl = false; |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
683 from_uribl = false; |
230
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
684 have_whites = false; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
685 only_whites = true; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
686 want_spamassassin = false; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
687 want_dccgrey = false; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
688 want_dccbulk = false; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
689 allow_autowhitelisting = true; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
690 content_context = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
691 memory = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
692 scanner = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
693 content_suffix = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
694 content_message = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
695 uribl_suffix = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
696 uribl_message = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
697 content_host_ignore = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
698 assassin = NULL; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
699 dccifd = NULL; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
700 } |
94 | 701 } |
702 | |
703 void mlfiPriv::get_fd() { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
704 err = true; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
705 fd = NULL_SOCKET; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
706 int result = pthread_mutex_lock(&fd_pool_mutex); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
707 if (!result) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
708 std::set<int>::iterator i; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
709 i = fd_pool.begin(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
710 if (i != fd_pool.end()) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
711 // have at least one fd in the pool |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
712 err = false; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
713 fd = *i; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
714 fd_pool.erase(fd); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
715 resolver_pool_size--; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
716 pthread_mutex_unlock(&fd_pool_mutex); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
717 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
718 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
719 // pool is empty, get a new fd |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
720 pthread_mutex_unlock(&fd_pool_mutex); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
721 fd = my_connect(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
722 err = (fd == NULL_SOCKET); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
723 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
724 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
725 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
726 // cannot lock the pool, just get a new fd |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
727 fd = my_connect(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
728 err = (fd == NULL_SOCKET); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
729 } |
94 | 730 } |
731 | |
732 void mlfiPriv::return_fd() { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
733 if (err) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
734 // this fd got a socket error, so close it, rather than returning it to the pool |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
735 my_disconnect(fd); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
736 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
737 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
738 int result = pthread_mutex_lock(&fd_pool_mutex); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
739 if (!result) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
740 if ((resolver_sock_count > resolver_pool_size*5) || (resolver_pool_size < 5)) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
741 // return the fd to the pool |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
742 fd_pool.insert(fd); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
743 resolver_pool_size++; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
744 pthread_mutex_unlock(&fd_pool_mutex); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
745 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
746 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
747 // more than 20% of the open resolver sockets are in the pool, and the |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
748 // pool as at least 5 sockets. that is enough, so just close this one. |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
749 pthread_mutex_unlock(&fd_pool_mutex); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
750 my_disconnect(fd); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
751 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
752 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
753 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
754 // could not lock the pool, so just close the fd |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
755 my_disconnect(fd); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
756 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
757 } |
94 | 758 } |
759 | |
177 | 760 size_t mlfiPriv::my_write(const char *buf, size_t len) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
761 if (err) return 0; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
762 size_t rs = 0; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
763 while (len) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
764 size_t ws = write(fd, buf, len); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
765 if (ws > 0) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
766 rs += ws; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
767 len -= ws; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
768 buf += ws; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
769 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
770 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
771 // peer closed the socket! |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
772 rs = 0; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
773 err = true; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
774 break; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
775 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
776 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
777 return rs; |
94 | 778 } |
779 | |
177 | 780 size_t mlfiPriv::my_read(char *buf, size_t len) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
781 if (err) return 0; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
782 size_t rs = 0; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
783 while (len) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
784 size_t ws = read(fd, buf, len); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
785 if (ws > 0) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
786 rs += ws; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
787 len -= ws; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
788 buf += ws; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
789 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
790 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
791 // peer closed the socket! |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
792 rs = 0; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
793 err = true; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
794 break; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
795 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
796 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
797 return rs; |
94 | 798 } |
799 | |
377
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
800 const char *mlfiPriv::check_uribl_signers() { |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
801 if (uribl_suffix) { |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
802 for (string_set::iterator s=dkim_signers.begin(); s!=dkim_signers.end(); s++) { |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
803 if (check_uribl(*this, hosts_uribl, *s, host_uribl)) return host_uribl; |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
804 } |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
805 } |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
806 return NULL; |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
807 } |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
808 |
350
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
809 void mlfiPriv::need_content_filter(CONTEXT &con) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
810 if (!memory) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
811 // first recipient that needs content filtering sets |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
812 // some of the content filtering parameters |
270
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
813 memory = new recorder(this, con.get_html_tags(), con.get_content_tlds(), con.get_content_tldwilds(), con.get_content_tldnots()); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
814 scanner = new url_scanner(memory); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
815 content_suffix = con.get_content_suffix(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
816 content_message = con.get_content_message(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
817 uribl_suffix = con.get_uribl_suffix(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
818 uribl_message = con.get_uribl_message(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
819 content_host_ignore = &con.get_content_host_ignore(); |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
820 // if we are using uribl, test helo and client names here |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
821 if (uribl_suffix) { |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
822 if (helo) { |
238
7b818a4e21a4
produce correct uribl message
Carl Byington <carl@five-ten-sg.com>
parents:
236
diff
changeset
|
823 helo_uribl = check_uribl(*this, hosts_uribl, helo, host_uribl); |
257
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
824 } |
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
825 if (client_dns_name && !helo_uribl) { |
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
826 client_uribl = check_uribl(*this, hosts_uribl, client_dns_name, host_uribl); |
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
827 } |
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
828 if (mailaddr && !client_uribl) { |
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
829 const char *f = strchr(mailaddr, '@'); |
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
830 if (f) from_uribl = check_uribl(*this, hosts_uribl, f+1, host_uribl); |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
831 } |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
832 } |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
833 } |
94 | 834 } |
835 | |
186
2a80c9b5d2c9
fix null pointer dereference from missing HELO command
carl
parents:
185
diff
changeset
|
836 |
2a80c9b5d2c9
fix null pointer dereference from missing HELO command
carl
parents:
185
diff
changeset
|
837 mlfiPriv* fetch_priv_from_ctx(SMFICTX *ctx); |
2a80c9b5d2c9
fix null pointer dereference from missing HELO command
carl
parents:
185
diff
changeset
|
838 mlfiPriv* fetch_priv_from_ctx(SMFICTX *ctx) |
2a80c9b5d2c9
fix null pointer dereference from missing HELO command
carl
parents:
185
diff
changeset
|
839 { |
2a80c9b5d2c9
fix null pointer dereference from missing HELO command
carl
parents:
185
diff
changeset
|
840 mlfiPriv *priv = (struct mlfiPriv *)smfi_getpriv(ctx); |
187
f0eda59e8afd
fix null pointer dereference from missing HELO command
carl
parents:
186
diff
changeset
|
841 priv->ctx = ctx; |
186
2a80c9b5d2c9
fix null pointer dereference from missing HELO command
carl
parents:
185
diff
changeset
|
842 return priv; |
2a80c9b5d2c9
fix null pointer dereference from missing HELO command
carl
parents:
185
diff
changeset
|
843 } |
2a80c9b5d2c9
fix null pointer dereference from missing HELO command
carl
parents:
185
diff
changeset
|
844 #define MLFIPRIV fetch_priv_from_ctx(ctx) |
2a80c9b5d2c9
fix null pointer dereference from missing HELO command
carl
parents:
185
diff
changeset
|
845 |
94 | 846 |
847 | |
848 //////////////////////////////////////////////// | |
849 // syslog a message | |
850 // | |
310
802e2b779ed1
enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents:
301
diff
changeset
|
851 void my_syslog(const char *queueid, const char *text) { |
436
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
852 const char* noqueue = "NOQUEUE"; |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
853 if (!queueid || !queueid[0]) queueid = noqueue; |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
854 |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
855 const int syslogmaxlen = 400; // buffer size |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
856 char buf[syslogmaxlen]; |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
857 snprintf(buf, sizeof(buf), "%s: ", queueid); |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
858 size_t hdrlen = strlen(buf); |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
859 const size_t maxsegment = syslogmaxlen - hdrlen - 1; |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
860 size_t msglen = strlen(text); |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
861 while (msglen > 0) { |
310
802e2b779ed1
enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents:
301
diff
changeset
|
862 snprintf(buf, sizeof(buf), "%s: %s", queueid, text); |
436
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
863 if (use_syslog) { |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
864 pthread_mutex_lock(&syslog_mutex); |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
865 if (!syslog_opened) { |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
866 openlog("dnsbl", LOG_PID, LOG_MAIL); |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
867 syslog_opened = true; |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
868 } |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
869 syslog(LOG_NOTICE, "%s", buf); |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
870 pthread_mutex_unlock(&syslog_mutex); |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
871 } |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
872 else { |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
873 printf("%s \n", buf); |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
874 } |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
875 size_t segmentlen = min(msglen, maxsegment); |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
876 text += segmentlen; |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
877 msglen -= segmentlen; |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
878 // assert(msglen == strlen(text)) |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
879 } |
436
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
880 |
94 | 881 } |
882 | |
310
802e2b779ed1
enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents:
301
diff
changeset
|
883 void my_syslog(mlfiPriv *priv, const char *text) { |
802e2b779ed1
enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents:
301
diff
changeset
|
884 if (priv) my_syslog(priv->queueid, text); |
802e2b779ed1
enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents:
301
diff
changeset
|
885 else my_syslog((const char *)NULL, text); |
802e2b779ed1
enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents:
301
diff
changeset
|
886 } |
802e2b779ed1
enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents:
301
diff
changeset
|
887 |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
888 void my_syslog(mlfiPriv *priv, const string text) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
889 if (debug_syslog > 3) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
890 char buf[maxlen]; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
891 strncpy(buf, text.c_str(), sizeof(buf)); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
892 buf[maxlen-1] = '\0'; // ensure null termination |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
893 my_syslog(priv, buf); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
894 } |
163 | 895 } |
896 | |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
897 void my_syslog(const char *text) { |
310
802e2b779ed1
enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents:
301
diff
changeset
|
898 my_syslog((const char *)NULL, text); |
94 | 899 } |
900 | |
901 | |
902 //////////////////////////////////////////////// | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
903 // read a resolver request from the socket, process it, and |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
904 // write the result back to the socket. |
94 | 905 |
906 void process_resolver_requests(int socket); | |
907 void process_resolver_requests(int socket) { | |
908 #ifdef NS_MAXDNAME | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
909 char question[NS_MAXDNAME]; |
94 | 910 #else |
389
aa9795b407e8
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
388
diff
changeset
|
911 char question[1025]; |
94 | 912 #endif |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
913 glommer glom; |
94 | 914 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
915 int maxq = sizeof(question); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
916 while (true) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
917 // read a question |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
918 int rs = 0; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
919 while (rs < maxq) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
920 int ns = read(socket, question+rs, maxq-rs); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
921 if (ns > 0) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
922 rs += ns; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
923 if (question[rs-1] == '\0') { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
924 // last byte read was the null terminator, we are done |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
925 break; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
926 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
927 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
928 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
929 // peer closed the socket |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
930 #ifdef RESOLVER_DEBUG |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
931 my_syslog("process_resolver_requests() peer closed socket while reading question"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
932 #endif |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
933 shutdown(socket, SHUT_RDWR); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
934 close(socket); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
935 return; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
936 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
937 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
938 question[rs-1] = '\0'; // ensure null termination |
94 | 939 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
940 // find the answer |
94 | 941 #ifdef NS_PACKETSZ |
388
2354a1944e49
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
387
diff
changeset
|
942 int qt = int8_t(question[0]); |
2354a1944e49
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
387
diff
changeset
|
943 int res_result = res_query(question+1, ns_c_in, qt, glom.answer, sizeof(glom.answer)); |
390
bcef093b1ba6
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
389
diff
changeset
|
944 #ifdef RESOLVER_DEBUG |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
945 char text[1000]; |
387
616e46e9b8f0
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
386
diff
changeset
|
946 snprintf(text, sizeof(text), "process_resolver_requests() has a question %s qtype %d buf len %d result %d", |
388
2354a1944e49
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
387
diff
changeset
|
947 question+1, qt, sizeof(glom.answer), res_result); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
948 my_syslog(text); |
390
bcef093b1ba6
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
389
diff
changeset
|
949 #endif |
223
da9e7f1c8160
fix unsigned signed compare, back to mixed -lresolv and libresolv.a with auto requires
Carl Byington <carl@five-ten-sg.com>
parents:
222
diff
changeset
|
950 if (res_result < 0) glom.length = 0; // represent all errors as zero length answers |
da9e7f1c8160
fix unsigned signed compare, back to mixed -lresolv and libresolv.a with auto requires
Carl Byington <carl@five-ten-sg.com>
parents:
222
diff
changeset
|
951 else glom.length = (size_t)res_result; |
94 | 952 #else |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
953 glom.length = sizeof(glom.answer); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
954 glom.answer = 0; |
382
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
955 int t = int8_t(question[0]); |
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
956 if (t != ns_t_a) { |
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
957 glom.length = 0; |
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
958 } |
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
959 else { |
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
960 struct hostent *host = gethostbyname(question+1); |
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
961 if (host && (host->h_addrtype == AF_INET)) { |
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
962 memcpy(&glom.answer, host->h_addr, sizeof(glom.answer)); |
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
963 } |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
964 } |
94 | 965 #endif |
966 | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
967 // write the answer |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
968 char *buf = (char *)&glom; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
969 int len = glom.length + sizeof(glom.length); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
970 #ifdef RESOLVER_DEBUG |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
971 snprintf(text, sizeof(text), "process_resolver_requests() writing answer length %d for total %d", glom.length, len); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
972 my_syslog(text); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
973 #endif |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
974 int ws = 0; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
975 while (len > ws) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
976 int ns = write(socket, buf+ws, len-ws); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
977 if (ns > 0) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
978 ws += ns; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
979 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
980 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
981 // peer closed the socket! |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
982 #ifdef RESOLVER_DEBUG |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
983 my_syslog("process_resolver_requests() peer closed socket while writing answer"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
984 #endif |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
985 shutdown(socket, SHUT_RDWR); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
986 close(socket); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
987 return; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
988 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
989 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
990 } |
94 | 991 } |
992 | |
993 | |
994 //////////////////////////////////////////////// | |
252
836b7f2357f9
need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents:
249
diff
changeset
|
995 // check a single dns list, return ip address in network byte order |
94 | 996 // |
382
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
997 uint32_t check_single(mlfiPriv &priv, uint32_t ip, const char *suffix); |
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
998 uint32_t check_single(mlfiPriv &priv, uint32_t ip, const char *suffix) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
999 // make a dns question |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1000 const u_char *src = (const u_char *)&ip; |
249 | 1001 if (src[0] == 127) return 0; // don't do dns lookups on localhost |
1002 if (src[0] == 10) return 0; // don't do dns lookups on rfc1918 space | |
1003 if ((src[0] == 192) && (src[1] == 168)) return 0; | |
1004 if ((src[0] == 172) && (16 <= src[1]) && (src[1] <= 31)) return 0; | |
94 | 1005 #ifdef NS_MAXDNAME |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1006 char question[NS_MAXDNAME]; |
94 | 1007 #else |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1008 char question[1000]; |
94 | 1009 #endif |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1010 snprintf(question, sizeof(question), "%u.%u.%u.%u.%s.", src[3], src[2], src[1], src[0], suffix); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1011 // ask the question, if we get an A record it implies a blacklisted ip address |
381
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
1012 return dns_interface(priv, question, ns_t_a); |
94 | 1013 } |
1014 | |
1015 | |
1016 //////////////////////////////////////////////// | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1017 // check a single dnsbl |
94 | 1018 // |
382
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
1019 bool check_single(mlfiPriv &priv, uint32_t ip, DNSBL &bl); |
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
1020 bool check_single(mlfiPriv &priv, uint32_t ip, DNSBL &bl) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1021 return check_single(priv, ip, bl.suffix); |
94 | 1022 } |
1023 | |
1024 | |
1025 //////////////////////////////////////////////// | |
249 | 1026 // check a single dnswl |
1027 // | |
382
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
1028 bool check_single(mlfiPriv &priv, uint32_t ip, DNSWL &wl); |
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
1029 bool check_single(mlfiPriv &priv, uint32_t ip, DNSWL &wl) { |
252
836b7f2357f9
need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents:
249
diff
changeset
|
1030 uint32_t r = ntohl(check_single(priv, ip, wl.suffix)); |
836b7f2357f9
need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents:
249
diff
changeset
|
1031 uint32_t v = (uint32_t)0x7f000000; |
836b7f2357f9
need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents:
249
diff
changeset
|
1032 uint32_t m = (uint32_t)0xffff0000; |
836b7f2357f9
need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents:
249
diff
changeset
|
1033 uint32_t m2 = (uint32_t)0x000000ff; |
249 | 1034 if ((r & m) == v) { |
252
836b7f2357f9
need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents:
249
diff
changeset
|
1035 uint32_t l = r & m2; |
836b7f2357f9
need ntohl() before using masks that are defined in host byte order
Carl Byington <carl@five-ten-sg.com>
parents:
249
diff
changeset
|
1036 if ((int)l >= wl.level) return true; |
249 | 1037 } |
1038 return false; | |
1039 } | |
1040 | |
1041 | |
1042 //////////////////////////////////////////////// | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1043 // check the dnsbls specified for this recipient |
94 | 1044 // |
1045 bool check_dnsbl(mlfiPriv &priv, dnsblp_list &dnsbll, DNSBLP &rejectlist); | |
1046 bool check_dnsbl(mlfiPriv &priv, dnsblp_list &dnsbll, DNSBLP &rejectlist) { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1047 for (dnsblp_list::iterator i=dnsbll.begin(); i!=dnsbll.end(); i++) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1048 DNSBLP dp = *i; // non null by construction |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1049 bool st; |
249 | 1050 map<DNSBLP, bool>::iterator f = priv.checked_black.find(dp); |
1051 if (f == priv.checked_black.end()) { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1052 // have not checked this list yet |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1053 st = check_single(priv, priv.ip, *dp); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1054 rejectlist = dp; |
249 | 1055 priv.checked_black[dp] = st; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1056 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1057 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1058 st = (*f).second; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1059 rejectlist = (*f).first; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1060 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1061 if (st) return st; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1062 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1063 return false; |
94 | 1064 } |
1065 | |
1066 | |
1067 //////////////////////////////////////////////// | |
249 | 1068 // check the dnswls specified for this recipient |
1069 // | |
1070 bool check_dnswl(mlfiPriv &priv, dnswlp_list &dnswll, DNSWLP &acceptlist); | |
1071 bool check_dnswl(mlfiPriv &priv, dnswlp_list &dnswll, DNSWLP &acceptlist) { | |
1072 for (dnswlp_list::iterator i=dnswll.begin(); i!=dnswll.end(); i++) { | |
1073 DNSWLP dp = *i; // non null by construction | |
1074 bool st; | |
1075 map<DNSWLP, bool>::iterator f = priv.checked_white.find(dp); | |
1076 if (f == priv.checked_white.end()) { | |
1077 // have not checked this list yet | |
1078 st = check_single(priv, priv.ip, *dp); | |
1079 acceptlist = dp; | |
1080 priv.checked_white[dp] = st; | |
1081 } | |
1082 else { | |
1083 st = (*f).second; | |
1084 acceptlist = (*f).first; | |
1085 } | |
1086 if (st) return st; | |
1087 } | |
1088 return false; | |
1089 } | |
1090 | |
1091 | |
1092 //////////////////////////////////////////////// | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1093 // check the hosts from the body against the content filter and uribl dnsbls |
94 | 1094 // |
124 | 1095 // |
382
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
1096 bool check_hosts(mlfiPriv &priv, bool random, int limit, const char *&msg, const char *&host, uint32_t &ip, const char *&found); |
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
1097 bool check_hosts(mlfiPriv &priv, bool random, int limit, const char *&msg, const char *&host, uint32_t &ip, const char *&found) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1098 found = NULL; // normally ip address style |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1099 if (!priv.content_suffix && !priv.uribl_suffix) return false; // nothing to check |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1100 string_set &hosts = priv.memory->get_hosts(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1101 string_set &ignore = *priv.content_host_ignore; |
94 | 1102 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1103 int count = 0; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1104 int cnt = hosts.size(); // number of hosts we could look at |
382
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
1105 uint32_t_set ips; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1106 ns_map nameservers; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1107 for (string_set::iterator i=hosts.begin(); i!=hosts.end(); i++) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1108 host = *i; // a reference into hosts, which will live until this smtp transaction is closed |
94 | 1109 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1110 // don't bother looking up hosts on the ignore list |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1111 string_set::iterator j = ignore.find(host); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1112 if (j != ignore.end()) continue; |
94 | 1113 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1114 // try to only look at limit/cnt fraction of the available cnt host names in random mode |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1115 if ((cnt > limit) && (limit > 0) && random) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1116 int r = rand() % cnt; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1117 if (r >= limit) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1118 if (debug_syslog > 2) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1119 char buf[maxlen]; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1120 snprintf(buf, sizeof(buf), "host %s skipped", host); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1121 my_syslog(&priv, buf); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1122 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1123 continue; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1124 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1125 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1126 count++; |
381
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
1127 ip = dns_interface(priv, host, ns_t_a, true, &nameservers); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1128 if (debug_syslog > 2) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1129 char buf[maxlen]; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1130 if (ip) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1131 char adr[sizeof "255.255.255.255 "]; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1132 adr[0] = '\0'; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1133 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr)); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1134 snprintf(buf, sizeof(buf), "host %s found at %s", host, adr); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1135 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1136 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1137 snprintf(buf, sizeof(buf), "host %s not found", host); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1138 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1139 my_syslog(&priv, buf); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1140 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1141 if (ip) { |
382
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
1142 uint32_t_set::iterator i = ips.find(ip); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1143 if (i == ips.end()) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1144 // we haven't looked this up yet |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1145 ips.insert(ip); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1146 // check dnsbl style list |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1147 if (priv.content_suffix && check_single(priv, ip, priv.content_suffix)) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1148 msg = priv.content_message; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1149 return true; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1150 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1151 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1152 } |
467
f5b394bec28c
allow checking names without A records on uribl lists; improve extraction of fake TLDs from our RPZ zone
Carl Byington <carl@five-ten-sg.com>
parents:
465
diff
changeset
|
1153 // Check uribl & surbl style list |
f5b394bec28c
allow checking names without A records on uribl lists; improve extraction of fake TLDs from our RPZ zone
Carl Byington <carl@five-ten-sg.com>
parents:
465
diff
changeset
|
1154 if (priv.uribl_suffix && check_uribl(priv, hosts, host, found)) { |
f5b394bec28c
allow checking names without A records on uribl lists; improve extraction of fake TLDs from our RPZ zone
Carl Byington <carl@five-ten-sg.com>
parents:
465
diff
changeset
|
1155 msg = priv.uribl_message; |
f5b394bec28c
allow checking names without A records on uribl lists; improve extraction of fake TLDs from our RPZ zone
Carl Byington <carl@five-ten-sg.com>
parents:
465
diff
changeset
|
1156 return true; |
f5b394bec28c
allow checking names without A records on uribl lists; improve extraction of fake TLDs from our RPZ zone
Carl Byington <carl@five-ten-sg.com>
parents:
465
diff
changeset
|
1157 } |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1158 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1159 limit *= 4; // allow average of 3 ns per host name |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1160 for (ns_mapper::iterator i=nameservers.ns_ip.begin(); i!=nameservers.ns_ip.end(); i++) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1161 count++; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1162 if ((count > limit) && (limit > 0)) return false; // too many name servers to check them all |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1163 host = (*i).first; // a transient reference that needs to be replaced before we return it |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1164 ip = (*i).second; |
425
1b7a785610f5
hosts-ignore.conf can be used to ignore nameserver names
Carl Byington <carl@five-ten-sg.com>
parents:
419
diff
changeset
|
1165 |
1b7a785610f5
hosts-ignore.conf can be used to ignore nameserver names
Carl Byington <carl@five-ten-sg.com>
parents:
419
diff
changeset
|
1166 // don't bother looking up nameserver names on the ignore list |
1b7a785610f5
hosts-ignore.conf can be used to ignore nameserver names
Carl Byington <carl@five-ten-sg.com>
parents:
419
diff
changeset
|
1167 string_set::iterator j = ignore.find(host); |
1b7a785610f5
hosts-ignore.conf can be used to ignore nameserver names
Carl Byington <carl@five-ten-sg.com>
parents:
419
diff
changeset
|
1168 if (j != ignore.end()) continue; |
1b7a785610f5
hosts-ignore.conf can be used to ignore nameserver names
Carl Byington <carl@five-ten-sg.com>
parents:
419
diff
changeset
|
1169 |
381
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
379
diff
changeset
|
1170 if (!ip) ip = dns_interface(priv, host, ns_t_a); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1171 if (debug_syslog > 2) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1172 char buf[maxlen]; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1173 if (ip) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1174 char adr[sizeof "255.255.255.255 "]; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1175 adr[0] = '\0'; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1176 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr)); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1177 snprintf(buf, sizeof(buf), "ns %s found at %s", host, adr); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1178 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1179 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1180 snprintf(buf, sizeof(buf), "ns %s not found", host); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1181 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1182 my_syslog(&priv, buf); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1183 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1184 if (ip) { |
382
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
1185 uint32_t_set::iterator i = ips.find(ip); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1186 if (i == ips.end()) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1187 ips.insert(ip); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1188 if (check_single(priv, ip, priv.content_suffix)) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1189 msg = priv.content_message; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1190 string_map::iterator j = nameservers.ns_host.find(host); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1191 if (j != nameservers.ns_host.end()) { |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1192 const char *refer = (*j).second; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1193 char buf[maxlen]; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1194 snprintf(buf, sizeof(buf), "%s with nameserver %s", refer, host); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1195 host = register_string(hosts, buf); // put a copy into hosts, and return that reference |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1196 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1197 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1198 host = register_string(hosts, host); // put a copy into hosts, and return that reference |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1199 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1200 return true; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1201 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1202 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1203 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1204 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1205 return false; |
94 | 1206 } |
1207 | |
127 | 1208 |
94 | 1209 //////////////////////////////////////////////// |
127 | 1210 // |
1211 // this email address is passed in from sendmail, and will normally be | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1212 // enclosed in <>. I think older versions of sendmail supplied the <> |
127 | 1213 // wrapper if the mail client did not, but the current version does not do |
1214 // that. So the <> wrapper is now optional. It may have mixed case, just | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1215 // as the mail client sent it. We dup the string and convert the duplicate |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1216 // to lower case. Some clients enclose the entire address in single quotes, |
246
8b0f16abee53
Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
244
diff
changeset
|
1217 // so we strip those as well. We also remove the SRS and prvs coding. |
94 | 1218 // |
346
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1219 const char *to_lower_string(const char *email, bool srs = true); |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1220 const char *to_lower_string(const char *email, bool srs) { |
266
582cfb9c4031
fix unauthenticated rate limit bug for empty mail from
Carl Byington <carl@five-ten-sg.com>
parents:
263
diff
changeset
|
1221 if (!email) return strdup("<>"); |
328
b4f766947202
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
327
diff
changeset
|
1222 size_t n = strlen(email); |
b4f766947202
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
327
diff
changeset
|
1223 if ((n > 1) && (email[0] == '<') && (email[n-1] == '>')) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1224 n -= 2; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1225 email++; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1226 } |
328
b4f766947202
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
327
diff
changeset
|
1227 if ((n > 1) && (email[0] == '\'') && (email[n-1] == '\'')) { |
b4f766947202
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
327
diff
changeset
|
1228 n -= 2; |
b4f766947202
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
327
diff
changeset
|
1229 email++; |
b4f766947202
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
327
diff
changeset
|
1230 } |
352
f5a6740cabee
need to lowercase the domain extracted from the from header so it will match the keys in dkim_from
Carl Byington <carl@five-ten-sg.com>
parents:
350
diff
changeset
|
1231 if (n == 0) return strdup("<>"); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1232 char *key = strdup(email); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1233 key[n] = '\0'; |
331
9800776436b9
allow dkim whitelisting to override uribl hosts in the mail body
Carl Byington <carl@five-ten-sg.com>
parents:
330
diff
changeset
|
1234 for (size_t i=0; i<n; i++) key[i] = tolower(key[i]); |
346
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1235 |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1236 if (srs) { |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1237 if ((n > 14) && (strncmp(key, "srs", 3) == 0)) { |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1238 // might have srs coding to be removed |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1239 const int nmatch = 7; |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1240 regmatch_t match[nmatch]; |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1241 if (0 == regexec(&srs_pattern, key, nmatch, match, 0)) { |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1242 int s4 = match[5].rm_so; // domain |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1243 int e4 = match[5].rm_eo; |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1244 int s5 = match[6].rm_so; // user |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1245 int e5 = match[6].rm_eo; |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1246 if ((s4 != -1) && (s5 != -1)) { |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1247 char *newkey = strdup(key); // large enough |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1248 key[e4] = '\0'; |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1249 key[e5] = '\0'; |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1250 strcpy(newkey, key+s5); // user |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1251 strcat(newkey, "@"); // @ |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1252 strcat(newkey, key+s4); // domain |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1253 free(key); |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1254 key = newkey; |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1255 } |
235
e6c66640f6f9
Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
233
diff
changeset
|
1256 } |
e6c66640f6f9
Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
233
diff
changeset
|
1257 } |
346
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1258 if ((n > 7) && (strncmp(key, "prvs", 4) == 0)) { |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1259 // might have prvs coding to be removed |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1260 const int nmatch = 3; |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1261 regmatch_t match[nmatch]; |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1262 if (0 == regexec(&prvs_pattern, key, nmatch, match, 0)) { |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1263 int s2 = match[2].rm_so; // user@domain |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1264 if (s2 != -1) { |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1265 char *newkey = strdup(key+s2); // user@domain |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1266 free(key); |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1267 key = newkey; |
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1268 } |
246
8b0f16abee53
Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
244
diff
changeset
|
1269 } |
8b0f16abee53
Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
244
diff
changeset
|
1270 } |
8b0f16abee53
Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
244
diff
changeset
|
1271 } |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1272 return key; |
94 | 1273 } |
1274 | |
1275 | |
1276 //////////////////////////////////////////////// | |
1277 // start of sendmail milter interfaces | |
1278 // | |
1279 sfsistat mlfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr) | |
1280 { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1281 // allocate some private memory |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1282 mlfiPriv *priv = new mlfiPriv; |
286
9bd5388bf469
Fix possible segfault in mlfi_connect, hostaddr might be null
Carl Byington <carl@five-ten-sg.com>
parents:
284
diff
changeset
|
1283 if (hostaddr && (hostaddr->sa_family == AF_INET)) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1284 priv->ip = ((struct sockaddr_in *)hostaddr)->sin_addr.s_addr; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1285 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1286 // save the private data |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1287 smfi_setpriv(ctx, (void*)priv); |
94 | 1288 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1289 // continue processing |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1290 return SMFIS_CONTINUE; |
94 | 1291 } |
1292 | |
163 | 1293 sfsistat mlfi_helo(SMFICTX * ctx, char *helohost) |
1294 { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1295 mlfiPriv &priv = *MLFIPRIV; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1296 priv.helo = strdup(helohost); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1297 return SMFIS_CONTINUE; |
163 | 1298 } |
1299 | |
94 | 1300 sfsistat mlfi_envfrom(SMFICTX *ctx, char **from) |
1301 { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1302 mlfiPriv &priv = *MLFIPRIV; |
278
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
1303 CONFIG &dc = *priv.pc; |
350
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1304 priv.origaddr = to_lower_string(from[0], false); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1305 priv.mailaddr = to_lower_string(from[0]); |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1306 priv.queueid = strdup(smfi_getsymval(ctx, (char*)"i")); |
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1307 priv.authenticated = smfi_getsymval(ctx, (char*)"{auth_authen}"); |
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1308 priv.client_name = smfi_getsymval(ctx, (char*)"_"); |
191
2a67d31099c3
fix null pointer dereference from missing HELO command
carl
parents:
190
diff
changeset
|
1309 if (!priv.helo) priv.helo = strdup("unknown"); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1310 if (priv.authenticated) priv.authenticated = strdup(priv.authenticated); |
257
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
1311 if (priv.client_name) { |
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
1312 priv.client_name = strdup(priv.client_name); |
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
1313 const char *p = strstr(priv.client_name, " ["); |
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
1314 if (p) { |
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
1315 uint pp = p - priv.client_name; |
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
1316 priv.client_dns_name = strdup(priv.client_name); |
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
1317 priv.client_dns_name[pp] = '\0'; |
259
be939802c64e
add recipient rate limits by email from address or domain
Carl Byington <carl@five-ten-sg.com>
parents:
257
diff
changeset
|
1318 //char text[500]; |
be939802c64e
add recipient rate limits by email from address or domain
Carl Byington <carl@five-ten-sg.com>
parents:
257
diff
changeset
|
1319 //snprintf(text, sizeof(text), "found simple dns client name %s", priv.client_dns_name); |
be939802c64e
add recipient rate limits by email from address or domain
Carl Byington <carl@five-ten-sg.com>
parents:
257
diff
changeset
|
1320 //my_syslog(text); |
257
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
1321 } |
268
f941563c2a95
Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents:
266
diff
changeset
|
1322 p = strstr(priv.client_name, "] (may be forged)"); |
f941563c2a95
Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents:
266
diff
changeset
|
1323 if (p) { |
f941563c2a95
Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents:
266
diff
changeset
|
1324 priv.client_dns_forged = true; |
f941563c2a95
Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents:
266
diff
changeset
|
1325 if (priv.client_dns_name) { |
f941563c2a95
Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents:
266
diff
changeset
|
1326 char text[500]; |
f941563c2a95
Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents:
266
diff
changeset
|
1327 snprintf(text, sizeof(text), "forged dns client name %s", priv.client_dns_name); |
438 | 1328 my_syslog(&priv, text); |
268
f941563c2a95
Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents:
266
diff
changeset
|
1329 } |
f941563c2a95
Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents:
266
diff
changeset
|
1330 } |
257
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
1331 } |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1332 if (spamc != spamc_empty) { |
465
79e944269c0b
SA needs original rfc5321 envelope from to do proper spf checking. Remove some debug code.
Carl Byington <carl@five-ten-sg.com>
parents:
458
diff
changeset
|
1333 // SA needs original address to do proper SPF checking |
79e944269c0b
SA needs original rfc5321 envelope from to do proper spf checking. Remove some debug code.
Carl Byington <carl@five-ten-sg.com>
parents:
458
diff
changeset
|
1334 priv.assassin = new SpamAssassin(&priv, priv.ip, priv.helo, priv.origaddr, priv.queueid); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1335 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1336 if (dccifd_port) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1337 priv.dccifd = new DccInterface(dccifd_port, &priv, priv.ip, priv.helo, priv.mailaddr); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1338 } |
290
bb69fdc3acaa
Unique ip connection limits only apply to authenticated connections
Carl Byington <carl@five-ten-sg.com>
parents:
286
diff
changeset
|
1339 if (priv.authenticated) { |
284
896b9393d3f0
Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents:
282
diff
changeset
|
1340 int hourly, daily; |
290
bb69fdc3acaa
Unique ip connection limits only apply to authenticated connections
Carl Byington <carl@five-ten-sg.com>
parents:
286
diff
changeset
|
1341 add_auth_address(priv.authenticated, hourly, daily, priv.ip); |
bb69fdc3acaa
Unique ip connection limits only apply to authenticated connections
Carl Byington <carl@five-ten-sg.com>
parents:
286
diff
changeset
|
1342 int h_limit = dc.default_context->find_address_limit(priv.authenticated); |
284
896b9393d3f0
Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents:
282
diff
changeset
|
1343 int d_limit = dc.default_context->get_daily_address_multiple() * h_limit; |
896b9393d3f0
Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents:
282
diff
changeset
|
1344 if (debug_syslog > 1) { |
896b9393d3f0
Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents:
282
diff
changeset
|
1345 char msg[maxlen]; |
290
bb69fdc3acaa
Unique ip connection limits only apply to authenticated connections
Carl Byington <carl@five-ten-sg.com>
parents:
286
diff
changeset
|
1346 snprintf(msg, sizeof(msg), "connect for %s (%d %d addresses, %d %d limits)", priv.authenticated, hourly, daily, h_limit, d_limit); |
284
896b9393d3f0
Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents:
282
diff
changeset
|
1347 my_syslog(&priv, msg); |
896b9393d3f0
Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents:
282
diff
changeset
|
1348 } |
896b9393d3f0
Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents:
282
diff
changeset
|
1349 if ((hourly > h_limit) || (daily > d_limit)){ |
896b9393d3f0
Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents:
282
diff
changeset
|
1350 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"unique connection ip address limit exceeded"); |
896b9393d3f0
Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents:
282
diff
changeset
|
1351 return SMFIS_REJECT; |
896b9393d3f0
Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents:
282
diff
changeset
|
1352 } |
896b9393d3f0
Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents:
282
diff
changeset
|
1353 } |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1354 return SMFIS_CONTINUE; |
94 | 1355 } |
1356 | |
1357 sfsistat mlfi_envrcpt(SMFICTX *ctx, char **rcpt) | |
1358 { | |
278
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
1359 DNSBLP rejectlist = NULL; // list that caused the reject |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
1360 mlfiPriv &priv = *MLFIPRIV; |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
1361 CONFIG &dc = *priv.pc; |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
1362 const char *rcptaddr = rcpt[0]; |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
1363 const char *loto = to_lower_string(rcptaddr); |
342
6d27b4f45799
allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents:
340
diff
changeset
|
1364 bool self = (strcmp(loto, priv.mailaddr) == 0); |
6d27b4f45799
allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents:
340
diff
changeset
|
1365 const u_char *src = (const u_char *)&priv.ip; |
6d27b4f45799
allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents:
340
diff
changeset
|
1366 bool local_source = (src[0] == 127); |
6d27b4f45799
allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents:
340
diff
changeset
|
1367 bool from_root = (strncasecmp(priv.mailaddr, "root@", 5) == 0); |
174 | 1368 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1369 // some version of sendmail allowed rcpt to:<> and passed it thru to the milters |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1370 if (strcmp(loto, "<>") == 0) { |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1371 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"bogus recipient"); |
286
9bd5388bf469
Fix possible segfault in mlfi_connect, hostaddr might be null
Carl Byington <carl@five-ten-sg.com>
parents:
284
diff
changeset
|
1372 free((void*)loto); // cppcheck static analysis found memory leak |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1373 return SMFIS_REJECT; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1374 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1375 // priv.mailaddr sending original message to loto |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1376 CONTEXT &con = *(dc.find_context(loto)->find_context(priv.mailaddr)); |
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1377 VERIFYP ver = con.find_verify(loto); |
233
5c3e9bf45bb5
Add whitelisting by regex expression filtering.
Carl Byington <carl@five-ten-sg.com>
parents:
231
diff
changeset
|
1378 const char *fromvalue = con.find_from(priv.mailaddr, true, priv.queueid); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1379 // tell spam assassin and dccifd about this recipient |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1380 if (priv.assassin) priv.assassin->mlfi_envrcpt(ctx, loto); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1381 if (priv.dccifd) priv.dccifd->mlfi_envrcpt(ctx, loto, con.get_grey() && !priv.authenticated); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1382 // loto sending a reply back to priv.mailaddr |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1383 CONTEXT &con2 = *(dc.find_context(priv.mailaddr)->find_context(loto)); |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1384 const char *replyvalue = con2.find_from(loto); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1385 if (debug_syslog > 1) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1386 char buf[maxlen]; |
249 | 1387 char buf2[maxlen]; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1388 char msg[maxlen]; |
249 | 1389 snprintf(msg, sizeof(msg), "from <%s> to <%s> using context %s state %s reply context %s state %s", priv.mailaddr, loto, con.get_full_name(buf,maxlen), fromvalue, con2.get_full_name(buf2,maxlen), replyvalue); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1390 my_syslog(&priv, msg); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1391 } |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1392 free((void*)loto); |
340
be776a246f97
when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents:
338
diff
changeset
|
1393 status st = oksofar; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1394 if (replyvalue == token_black) { |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1395 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient can not reply due to blacklisting"); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1396 return SMFIS_REJECT; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1397 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1398 if (priv.authenticated) { |
255
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
1399 int hourly, daily; |
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
1400 incr_rcpt_count(priv.authenticated, hourly, daily); |
278
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
1401 int h_limit = dc.default_context->find_rate_limit(priv.authenticated); |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
1402 int d_limit = dc.default_context->get_daily_rate_multiple() * h_limit; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1403 if (debug_syslog > 1) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1404 char msg[maxlen]; |
255
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
1405 snprintf(msg, sizeof(msg), "authenticated id %s (%d %d recipients, %d %d limits)", priv.authenticated, hourly, daily, h_limit, d_limit); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1406 my_syslog(&priv, msg); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1407 } |
255
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
1408 if ((hourly > h_limit) || (daily > d_limit)){ |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1409 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient rate limit exceeded"); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1410 return SMFIS_REJECT; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1411 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1412 st = white; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1413 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1414 else if (fromvalue == token_black) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1415 st = black; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1416 } |
342
6d27b4f45799
allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents:
340
diff
changeset
|
1417 else if ((fromvalue == token_white) && (local_source || from_root)) { |
6d27b4f45799
allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents:
340
diff
changeset
|
1418 st = white; |
6d27b4f45799
allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents:
340
diff
changeset
|
1419 } |
216
784030ac71f1
Never whitelist self addressed mail. Changes for Fedora 10 and const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
214
diff
changeset
|
1420 else if ((fromvalue == token_white) && !self) { |
330
b5b93a7e1e6d
ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents:
329
diff
changeset
|
1421 // whitelisting based on envelope from value, but ignore it if |
350
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1422 // we have a dkim requirement for the original domain |
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1423 const char *domain = strchr(priv.origaddr, '@'); |
436
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
1424 if (domain && !local_source) { |
338
f375a67ee516
set st in all paths; missing +1 to avoid lookup starting with @
Carl Byington <carl@five-ten-sg.com>
parents:
337
diff
changeset
|
1425 DKIMP dk = con.find_dkim_from(domain+1); |
330
b5b93a7e1e6d
ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents:
329
diff
changeset
|
1426 if (dk && (dk->action == token_require_signed)) { |
b5b93a7e1e6d
ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents:
329
diff
changeset
|
1427 my_syslog(&priv, "dkim require_signed overrides envelope from whitelist"); |
451
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1428 st = whitesofar; |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1429 } |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1430 else if (dk && (dk->action == token_unsigned_black)) { |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1431 my_syslog(&priv, "dkim unsigned_black overrides envelope from whitelist"); |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1432 st = whitesofar; |
330
b5b93a7e1e6d
ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents:
329
diff
changeset
|
1433 } |
b5b93a7e1e6d
ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents:
329
diff
changeset
|
1434 else st = white; |
b5b93a7e1e6d
ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents:
329
diff
changeset
|
1435 } |
b5b93a7e1e6d
ignore envelope-from based whitelisting if we have a dkim requirement for that domain
Carl Byington <carl@five-ten-sg.com>
parents:
329
diff
changeset
|
1436 else st = white; // might be <>, envelope from has no @ |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1437 } |
340
be776a246f97
when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents:
338
diff
changeset
|
1438 |
458
6c1c2bd9fb54
ignore dnswl entries if the sender is <>
Carl Byington <carl@five-ten-sg.com>
parents:
456
diff
changeset
|
1439 if (((st == oksofar) || (st == whitesofar)) && (strcmp(priv.mailaddr, "<>") != 0)) { |
6c1c2bd9fb54
ignore dnswl entries if the sender is <>
Carl Byington <carl@five-ten-sg.com>
parents:
456
diff
changeset
|
1440 // check the dns based whitelists if the sender was not empty |
249 | 1441 DNSWLP acceptlist = NULL; // list that caused the whitelisting |
1442 if (check_dnswl(priv, con.get_dnswl_list(), acceptlist)) { | |
1443 st = white; | |
1444 if (debug_syslog > 1) { | |
1445 char msg[maxlen]; | |
1446 snprintf(msg, sizeof(msg), "whitelisted by %s", acceptlist->name); | |
1447 my_syslog(&priv, msg); | |
1448 } | |
1449 } | |
451
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1450 } |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1451 |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1452 if (st == oksofar) { |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1453 // check the dns based blacklists |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1454 if (check_dnsbl(priv, con.get_dnsbl_list(), rejectlist)) { |
340
be776a246f97
when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents:
338
diff
changeset
|
1455 // reject the recipient based on some dnsbl |
be776a246f97
when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents:
338
diff
changeset
|
1456 char adr[sizeof "255.255.255.255 "]; |
be776a246f97
when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents:
338
diff
changeset
|
1457 adr[0] = '\0'; |
be776a246f97
when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents:
338
diff
changeset
|
1458 inet_ntop(AF_INET, (const u_char *)&priv.ip, adr, sizeof(adr)); |
be776a246f97
when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents:
338
diff
changeset
|
1459 char buf[maxlen]; |
be776a246f97
when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents:
338
diff
changeset
|
1460 snprintf(buf, sizeof(buf), rejectlist->message, adr, adr); |
be776a246f97
when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents:
338
diff
changeset
|
1461 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf); |
be776a246f97
when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents:
338
diff
changeset
|
1462 return SMFIS_REJECT; |
249 | 1463 } |
268
f941563c2a95
Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents:
266
diff
changeset
|
1464 // check forged rdns |
f941563c2a95
Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents:
266
diff
changeset
|
1465 if (con.get_requirerdns() && (!priv.client_dns_name || priv.client_dns_forged)) { |
f941563c2a95
Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents:
266
diff
changeset
|
1466 // reject the recipient based on forged reverse dns |
f941563c2a95
Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents:
266
diff
changeset
|
1467 char buf[maxlen]; |
f941563c2a95
Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents:
266
diff
changeset
|
1468 snprintf(buf, sizeof(buf), "%s is not acceptable", priv.client_name); |
f941563c2a95
Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents:
266
diff
changeset
|
1469 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf); |
f941563c2a95
Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents:
266
diff
changeset
|
1470 return SMFIS_REJECT; |
f941563c2a95
Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents:
266
diff
changeset
|
1471 } |
f941563c2a95
Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents:
266
diff
changeset
|
1472 // check generic rdns |
301
13905d36ca82
Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents:
296
diff
changeset
|
1473 if (priv.client_dns_name) { |
13905d36ca82
Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents:
296
diff
changeset
|
1474 const char *msg = con.generic_match(priv.client_dns_name); |
13905d36ca82
Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents:
296
diff
changeset
|
1475 if (msg) { |
13905d36ca82
Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents:
296
diff
changeset
|
1476 // reject the recipient based on generic reverse dns |
13905d36ca82
Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents:
296
diff
changeset
|
1477 char buf[maxlen]; |
13905d36ca82
Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents:
296
diff
changeset
|
1478 snprintf(buf, sizeof(buf), msg, priv.client_name); |
13905d36ca82
Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents:
296
diff
changeset
|
1479 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf); |
13905d36ca82
Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents:
296
diff
changeset
|
1480 return SMFIS_REJECT; |
13905d36ca82
Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents:
296
diff
changeset
|
1481 } |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1482 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1483 } |
340
be776a246f97
when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents:
338
diff
changeset
|
1484 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1485 if (st == black) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1486 // reject the recipient based on blacklisting either from or to |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1487 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"no such user"); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1488 return SMFIS_REJECT; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1489 } |
340
be776a246f97
when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents:
338
diff
changeset
|
1490 |
203
92a5c866bdfa
Verify from/to pairs even if they might be explicitly whitelisted.
Carl Byington <carl@five-ten-sg.com>
parents:
194
diff
changeset
|
1491 if (ver) { |
350
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1492 // try to verify the original from/to pair of addresses even if it might be explicitly whitelisted |
346
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1493 const char *loto = to_lower_string(rcptaddr, false); |
350
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1494 bool rc = ver->ok(priv.queueid, priv.origaddr, loto); |
346
66969443a012
need to strip <> from recipient address before sending to verifier
Carl Byington <carl@five-ten-sg.com>
parents:
344
diff
changeset
|
1495 free((void*)loto); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1496 if (!rc) { |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1497 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"no such user"); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1498 return SMFIS_REJECT; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1499 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1500 } |
340
be776a246f97
when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents:
338
diff
changeset
|
1501 |
263
e118fd2c6af0
fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents:
259
diff
changeset
|
1502 if (!priv.authenticated && dc.default_context->is_unauthenticated_limited(priv.mailaddr)) { |
e118fd2c6af0
fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents:
259
diff
changeset
|
1503 int hourly, daily; |
e118fd2c6af0
fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents:
259
diff
changeset
|
1504 incr_rcpt_count(priv.mailaddr, hourly, daily); |
278
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
1505 int h_limit = dc.default_context->find_rate_limit(priv.mailaddr); |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
1506 int d_limit = dc.default_context->get_daily_rate_multiple() * h_limit; |
263
e118fd2c6af0
fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents:
259
diff
changeset
|
1507 if (debug_syslog > 1) { |
e118fd2c6af0
fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents:
259
diff
changeset
|
1508 char msg[maxlen]; |
e118fd2c6af0
fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents:
259
diff
changeset
|
1509 snprintf(msg, sizeof(msg), "unauthenticated address %s (%d %d recipients, %d %d limits)", priv.mailaddr, hourly, daily, h_limit, d_limit); |
e118fd2c6af0
fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents:
259
diff
changeset
|
1510 my_syslog(&priv, msg); |
e118fd2c6af0
fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents:
259
diff
changeset
|
1511 } |
e118fd2c6af0
fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents:
259
diff
changeset
|
1512 if ((hourly > h_limit) || (daily > d_limit)){ |
e118fd2c6af0
fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents:
259
diff
changeset
|
1513 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient rate limit exceeded"); |
e118fd2c6af0
fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents:
259
diff
changeset
|
1514 return SMFIS_REJECT; |
e118fd2c6af0
fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents:
259
diff
changeset
|
1515 } |
e118fd2c6af0
fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents:
259
diff
changeset
|
1516 } |
340
be776a246f97
when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering
Carl Byington <carl@five-ten-sg.com>
parents:
338
diff
changeset
|
1517 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1518 // we will accept the recipient, but add an auto-whitelist entry |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1519 // if needed to ensure we can accept replies |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1520 loto = to_lower_string(rcptaddr); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1521 WHITELISTERP w = con2.find_autowhite(loto, priv.mailaddr); |
291
9f0d9fcb58dd
Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
290
diff
changeset
|
1522 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1523 // check if local part is too big |
458
6c1c2bd9fb54
ignore dnswl entries if the sender is <>
Carl Byington <carl@five-ten-sg.com>
parents:
456
diff
changeset
|
1524 const int max_local_size = 35; |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1525 const char *p = strchr(loto, '@'); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1526 int len = (p) ? p-loto : max_local_size; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1527 if (len >= max_local_size) w = NULL; // too big, pretend we don't have a whitelister |
291
9f0d9fcb58dd
Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
290
diff
changeset
|
1528 |
9f0d9fcb58dd
Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
290
diff
changeset
|
1529 // ignore auto whitelisting from outgoing mail from localhost |
342
6d27b4f45799
allow envelope from whitelisting without dkim override for mail from localhost, or where the from address is root@*
Carl Byington <carl@five-ten-sg.com>
parents:
340
diff
changeset
|
1530 if (local_source) w = NULL; // outgoing mail from localhost, pretend we don't have a whitelister |
291
9f0d9fcb58dd
Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
290
diff
changeset
|
1531 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1532 // record it if we have a whitelister |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1533 if (w) { |
231
4d6bd04d93fa
Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents:
230
diff
changeset
|
1534 DELAYWHITEP dwp = new DELAYWHITE(loto, w, &con2); // dwp takes ownership of the string |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1535 priv.delayer.push_back(dwp); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1536 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1537 else { |
231
4d6bd04d93fa
Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents:
230
diff
changeset
|
1538 free((void*)loto); // or we free it here |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1539 } |
179 | 1540 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1541 // accept the recipient |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1542 if (!con.get_content_filtering()) st = white; |
179 | 1543 |
451
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1544 if ((st == oksofar) || (st == whitesofar)) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1545 // remember first content filtering context |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1546 if (con.get_content_filtering()) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1547 if (!priv.content_context) priv.content_context = &con; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1548 else if (con.get_require() && (priv.content_context != &con)) { |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1549 smfi_setreply(ctx, (char*)"452", (char*)"4.2.1", (char*)"incompatible filtering contexts"); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1550 return SMFIS_TEMPFAIL; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1551 } |
350
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1552 priv.need_content_filter(con); |
451
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1553 if (st == oksofar) { |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1554 char bu[maxlen]; |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1555 bool uri = false; |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1556 // content filtering implies also checking helo name on uribl (if enabled) |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1557 if (priv.helo_uribl) { |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1558 snprintf(bu, sizeof(bu), "(helo %s)", priv.host_uribl); |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1559 uri = true; |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1560 } |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1561 // content filtering implies also checking client reverse dns name on uribl (if enabled) |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1562 if (priv.client_uribl) { |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1563 snprintf(bu, sizeof(bu), "(rdns %s)", priv.host_uribl); |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1564 uri = true; |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1565 } |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1566 // content filtering implies also checking mail from domain name on uribl (if enabled) |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1567 if (priv.from_uribl) { |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1568 snprintf(bu, sizeof(bu), "(from %s)", priv.host_uribl); |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1569 uri = true; |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1570 } |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1571 if (uri) { |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1572 char buf[maxlen]; |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1573 snprintf(buf, sizeof(buf), priv.uribl_message, bu, priv.host_uribl); |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1574 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf); |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1575 return SMFIS_REJECT; |
f2bc221240e8
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
443
diff
changeset
|
1576 } |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
1577 } |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1578 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1579 // remember the non-whites |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
1580 register_string(priv.env_to, rcptaddr, &con); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1581 priv.only_whites = false; |
456
2cf7183a911c
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
451
diff
changeset
|
1582 if (st == oksofar) { |
2cf7183a911c
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
451
diff
changeset
|
1583 priv.want_spamassassin |= (priv.assassin) && // have spam assassin available and |
2cf7183a911c
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
451
diff
changeset
|
1584 (con.get_spamassassin_limit() != 0); // want to use it with a non-zero score |
2cf7183a911c
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
451
diff
changeset
|
1585 priv.want_dccgrey |= (priv.dccifd) && // have dcc interface and |
2cf7183a911c
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
451
diff
changeset
|
1586 (con.get_grey()); // want to use it for greylisting |
2cf7183a911c
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
451
diff
changeset
|
1587 priv.want_dccbulk |= (priv.dccifd) && // have dcc interface and |
2cf7183a911c
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
451
diff
changeset
|
1588 (con.get_bulk() != 0); // want to use it for bulk detection |
2cf7183a911c
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
451
diff
changeset
|
1589 } |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1590 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1591 if (st == white) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1592 priv.have_whites = true; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1593 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1594 return SMFIS_CONTINUE; |
94 | 1595 } |
1596 | |
163 | 1597 sfsistat mlfi_header(SMFICTX* ctx, char* headerf, char* headerv) |
1598 { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1599 mlfiPriv &priv = *MLFIPRIV; |
321
e172dc10fe24
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
311
diff
changeset
|
1600 priv.header_count++; |
337
d68fda9be1c1
need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents:
335
diff
changeset
|
1601 char *value = headerv; |
d68fda9be1c1
need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents:
335
diff
changeset
|
1602 if ((priv.header_count < 4) || (strcasecmp(headerf, "from") == 0)) { |
d68fda9be1c1
need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents:
335
diff
changeset
|
1603 for (size_t i=0; i<strlen(value); i++) { |
d68fda9be1c1
need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents:
335
diff
changeset
|
1604 if (value[i] < 0x20) value[i] = ' '; |
d68fda9be1c1
need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents:
335
diff
changeset
|
1605 } |
d68fda9be1c1
need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents:
335
diff
changeset
|
1606 } |
d68fda9be1c1
need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents:
335
diff
changeset
|
1607 |
322
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
1608 if (priv.dkim_ok) { |
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
1609 if ((priv.header_count == 1) && (strcasecmp(headerf, "DKIM-Filter") != 0)) priv.dkim_ok = false; |
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
1610 if (priv.header_count == 2) { |
350
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1611 if ((strcasecmp(headerf, "Authentication-Results") == 0) && |
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1612 (strncasecmp(headerv, token_myhostname, strlen(token_myhostname)) == 0)) { |
322
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
1613 const int nmatch = 2; |
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
1614 regmatch_t match[nmatch]; |
326
5e4b5540c8cc
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
325
diff
changeset
|
1615 while (true) { |
350
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1616 if (0 == regexec(&dkim_r_pattern, value, nmatch, match, 0)) { |
326
5e4b5540c8cc
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
325
diff
changeset
|
1617 int s1 = match[1].rm_so; // domain |
5e4b5540c8cc
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
325
diff
changeset
|
1618 int e1 = match[1].rm_eo; |
5e4b5540c8cc
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
325
diff
changeset
|
1619 if (s1 != -1) { |
337
d68fda9be1c1
need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents:
335
diff
changeset
|
1620 char save = value[e1]; |
d68fda9be1c1
need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents:
335
diff
changeset
|
1621 value[e1] = '\0'; |
d68fda9be1c1
need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents:
335
diff
changeset
|
1622 priv.dkim_signers.insert(strdup(value+s1)); |
d68fda9be1c1
need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents:
335
diff
changeset
|
1623 value[e1] = save; |
d68fda9be1c1
need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents:
335
diff
changeset
|
1624 value += e1 + 1; |
326
5e4b5540c8cc
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
325
diff
changeset
|
1625 } |
327
51846836ec92
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
326
diff
changeset
|
1626 else break; |
322
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
1627 } |
326
5e4b5540c8cc
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
325
diff
changeset
|
1628 else break; |
322
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
1629 } |
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
1630 } |
350
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1631 else if (strcasecmp(headerf, "DKIM-Signature") == 0) { |
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1632 const int nmatch = 2; |
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1633 regmatch_t match[nmatch]; |
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1634 if (0 == regexec(&dkim_s_pattern, value, nmatch, match, 0)) { |
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1635 int s1 = match[1].rm_so; // domain |
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1636 int e1 = match[1].rm_eo; |
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1637 if (s1 != -1) { |
356
90d433d1382e
when extracting header fields, need to preserve the header value since that will be used by subsequent (dcc,spamd,etc) milters
Carl Byington <carl@five-ten-sg.com>
parents:
354
diff
changeset
|
1638 char save = value[e1]; |
350
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1639 value[e1] = '\0'; |
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1640 priv.dkim_signers.insert(strdup(value+s1)); |
356
90d433d1382e
when extracting header fields, need to preserve the header value since that will be used by subsequent (dcc,spamd,etc) milters
Carl Byington <carl@five-ten-sg.com>
parents:
354
diff
changeset
|
1641 value[e1] = save; |
350
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1642 } |
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1643 } |
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1644 } |
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1645 else priv.dkim_ok = false; |
322
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
1646 } |
328
b4f766947202
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
327
diff
changeset
|
1647 } |
b4f766947202
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
327
diff
changeset
|
1648 |
334
a4f2fda72422
missing ==0 testing for from header, we were scanning all the non-from headers
Carl Byington <carl@five-ten-sg.com>
parents:
333
diff
changeset
|
1649 // only look at the first from header |
358
ef7479b2d64f
use the last @domain in the from: header
Carl Byington <carl@five-ten-sg.com>
parents:
356
diff
changeset
|
1650 // this does NOT fully parse rfc2822 from: headers. In particular, embedded |
ef7479b2d64f
use the last @domain in the from: header
Carl Byington <carl@five-ten-sg.com>
parents:
356
diff
changeset
|
1651 // comments and quoted @ are not handled. |
335
354b15b8b263
header from may appear very early in unsigned messages
Carl Byington <carl@five-ten-sg.com>
parents:
334
diff
changeset
|
1652 if ((!priv.fromaddr) && (strcasecmp(headerf, "from") == 0)) { |
328
b4f766947202
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
327
diff
changeset
|
1653 const int nmatch = 2; |
b4f766947202
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
327
diff
changeset
|
1654 regmatch_t match[nmatch]; |
350
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
1655 if (0 == regexec(&from_pattern, value, nmatch, match, 0)) { |
328
b4f766947202
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
327
diff
changeset
|
1656 int s1 = match[1].rm_so; // domain |
b4f766947202
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
327
diff
changeset
|
1657 int e1 = match[1].rm_eo; |
b4f766947202
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
327
diff
changeset
|
1658 if (s1 != -1) { |
356
90d433d1382e
when extracting header fields, need to preserve the header value since that will be used by subsequent (dcc,spamd,etc) milters
Carl Byington <carl@five-ten-sg.com>
parents:
354
diff
changeset
|
1659 char save = value[e1]; |
337
d68fda9be1c1
need to convert nl and tab to spaces in header values before regexec
Carl Byington <carl@five-ten-sg.com>
parents:
335
diff
changeset
|
1660 value[e1] = '\0'; |
352
f5a6740cabee
need to lowercase the domain extracted from the from header so it will match the keys in dkim_from
Carl Byington <carl@five-ten-sg.com>
parents:
350
diff
changeset
|
1661 priv.fromaddr = to_lower_string(value+s1, false); |
356
90d433d1382e
when extracting header fields, need to preserve the header value since that will be used by subsequent (dcc,spamd,etc) milters
Carl Byington <carl@five-ten-sg.com>
parents:
354
diff
changeset
|
1662 value[e1] = save; |
322
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
1663 } |
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
1664 } |
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
1665 } |
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
1666 |
231
4d6bd04d93fa
Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents:
230
diff
changeset
|
1667 // headers that avoid autowhitelisting |
230
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
1668 if (((strcasecmp(headerf, "precedence") == 0) && (strcasecmp(headerv, "bulk") == 0)) || |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
1669 ((strcasecmp(headerf, "content-type") == 0) && (strncasecmp(headerv, "multipart/report", 16) == 0))) { |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
1670 priv.allow_autowhitelisting = false; |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
1671 } |
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
1672 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1673 // other headers are only needed for content filtering |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1674 if (priv.authenticated) return SMFIS_CONTINUE; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1675 if (priv.only_whites) return SMFIS_CONTINUE; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1676 if (priv.want_spamassassin) priv.assassin->mlfi_header(headerf, headerv); |
443
0df77bbb7fc2
always call dcc code so we get log entries
Carl Byington <carl@five-ten-sg.com>
parents:
438
diff
changeset
|
1677 if (priv.dccifd) priv.dccifd->mlfi_header(ctx, headerf, headerv); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1678 return SMFIS_CONTINUE; |
163 | 1679 } |
1680 | |
1681 sfsistat mlfi_eoh(SMFICTX* ctx) | |
1682 { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1683 mlfiPriv &priv = *MLFIPRIV; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1684 // delayed autowhitelisting |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1685 while (!priv.delayer.empty()) { |
231
4d6bd04d93fa
Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents:
230
diff
changeset
|
1686 DELAYWHITEP dwp = priv.delayer.front(); |
4d6bd04d93fa
Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents:
230
diff
changeset
|
1687 const char *loto = dwp->get_loto(); |
230
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
1688 if (priv.allow_autowhitelisting) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1689 WHITELISTERP w = dwp->get_w(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1690 CONTEXTP con2 = dwp->get_con(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1691 if (debug_syslog > 1) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1692 char buf[maxlen]; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1693 char msg[maxlen]; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1694 snprintf(msg, sizeof(msg), "whitelist reply from <%s> in context %s", loto, con2->get_full_name(buf,maxlen)); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1695 my_syslog(&priv, msg); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1696 } |
231
4d6bd04d93fa
Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents:
230
diff
changeset
|
1697 w->sent(loto); // don't free it, the whitelister takes ownership of the string |
4d6bd04d93fa
Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents:
230
diff
changeset
|
1698 } |
4d6bd04d93fa
Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents:
230
diff
changeset
|
1699 else { |
4d6bd04d93fa
Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents:
230
diff
changeset
|
1700 if (debug_syslog > 1) { |
4d6bd04d93fa
Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents:
230
diff
changeset
|
1701 char msg[maxlen]; |
4d6bd04d93fa
Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents:
230
diff
changeset
|
1702 snprintf(msg, sizeof(msg), "avoid whitelist reply from <%s> for outgoing auto-responder", loto); |
4d6bd04d93fa
Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents:
230
diff
changeset
|
1703 my_syslog(&priv, msg); |
4d6bd04d93fa
Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents:
230
diff
changeset
|
1704 } |
4d6bd04d93fa
Fix memory leak in suppressed auto whitelisting.
Carl Byington <carl@five-ten-sg.com>
parents:
230
diff
changeset
|
1705 if (loto) free((void*)loto);// or we free it here |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1706 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1707 delete dwp; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1708 priv.delayer.pop_front(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1709 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1710 // content filtering |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1711 if (priv.authenticated) return SMFIS_CONTINUE; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1712 if (priv.only_whites) return SMFIS_CONTINUE; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1713 if (priv.want_spamassassin) priv.assassin->mlfi_eoh(); |
443
0df77bbb7fc2
always call dcc code so we get log entries
Carl Byington <carl@five-ten-sg.com>
parents:
438
diff
changeset
|
1714 if (priv.dccifd) priv.dccifd->mlfi_eoh(); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1715 return SMFIS_CONTINUE; |
163 | 1716 } |
1717 | |
94 | 1718 sfsistat mlfi_body(SMFICTX *ctx, u_char *data, size_t len) |
1719 { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1720 mlfiPriv &priv = *MLFIPRIV; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1721 if (priv.authenticated) return SMFIS_CONTINUE; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1722 if (priv.only_whites) return SMFIS_CONTINUE; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1723 if (priv.want_spamassassin) priv.assassin->mlfi_body(data, len); |
443
0df77bbb7fc2
always call dcc code so we get log entries
Carl Byington <carl@five-ten-sg.com>
parents:
438
diff
changeset
|
1724 if (priv.dccifd) priv.dccifd->mlfi_body(data, len); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1725 priv.scanner->scan(data, len); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1726 return SMFIS_CONTINUE; |
94 | 1727 } |
1728 | |
1729 sfsistat mlfi_eom(SMFICTX *ctx) | |
1730 { | |
402
9096d2676c13
suppress duplicate calls to acceptable_content for messages with multiple recipients using the same filtering context
Carl Byington <carl@five-ten-sg.com>
parents:
393
diff
changeset
|
1731 sfsistat rc; |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1732 mlfiPriv &priv = *MLFIPRIV; |
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1733 const char *host = NULL; |
382
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
1734 uint32_t ip; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1735 // process end of message |
190
004b855c6c1f
fix null pointer dereference from missing HELO command
carl
parents:
188
diff
changeset
|
1736 priv.eom = true; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1737 if (priv.authenticated || priv.only_whites) rc = SMFIS_CONTINUE; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1738 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1739 // assert env_to not empty, it contains the |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1740 // non-whitelisted folks that want content filtering |
436
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
1741 const u_char *src = (const u_char *)&priv.ip; |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
1742 bool local_source = (src[0] == 127); |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
1743 int score = (priv.want_spamassassin) ? priv.assassin->mlfi_eom() : 0; |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
1744 bool grey = false; |
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
1745 int bulk = 0; |
443
0df77bbb7fc2
always call dcc code so we get log entries
Carl Byington <carl@five-ten-sg.com>
parents:
438
diff
changeset
|
1746 if (priv.dccifd) priv.dccifd->mlfi_eom(grey, bulk); |
0df77bbb7fc2
always call dcc code so we get log entries
Carl Byington <carl@five-ten-sg.com>
parents:
438
diff
changeset
|
1747 if (!priv.want_dccgrey) grey = false; |
0df77bbb7fc2
always call dcc code so we get log entries
Carl Byington <carl@five-ten-sg.com>
parents:
438
diff
changeset
|
1748 if (!priv.want_dccbulk) bulk = 0; |
178 | 1749 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1750 char buf[maxlen]; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1751 string msg; |
331
9800776436b9
allow dkim whitelisting to override uribl hosts in the mail body
Carl Byington <carl@five-ten-sg.com>
parents:
330
diff
changeset
|
1752 string_set unknowns; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1753 bool random = false; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1754 int limit = 0; |
377
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
1755 const char *signer = NULL; |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
1756 bool checked_signers = false; |
326
5e4b5540c8cc
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
325
diff
changeset
|
1757 if (priv.dkim_signers.empty()) { |
5e4b5540c8cc
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
325
diff
changeset
|
1758 snprintf(buf, sizeof(buf), "acceptable content from %s signer *", |
5e4b5540c8cc
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
325
diff
changeset
|
1759 (priv.fromaddr) ? priv.fromaddr : token_asterisk); |
5e4b5540c8cc
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
325
diff
changeset
|
1760 my_syslog(&priv, buf); |
5e4b5540c8cc
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
325
diff
changeset
|
1761 } |
5e4b5540c8cc
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
325
diff
changeset
|
1762 else { |
5e4b5540c8cc
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
325
diff
changeset
|
1763 for (string_set::iterator s=priv.dkim_signers.begin(); s!=priv.dkim_signers.end(); s++) { |
5e4b5540c8cc
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
325
diff
changeset
|
1764 snprintf(buf, sizeof(buf), "acceptable content from %s signer %s", |
5e4b5540c8cc
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
325
diff
changeset
|
1765 (priv.fromaddr) ? priv.fromaddr : token_asterisk, *s); |
5e4b5540c8cc
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
325
diff
changeset
|
1766 my_syslog(&priv, buf); |
5e4b5540c8cc
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
325
diff
changeset
|
1767 } |
5e4b5540c8cc
allow multiple dkim signers in authentication results
Carl Byington <carl@five-ten-sg.com>
parents:
325
diff
changeset
|
1768 } |
323
a6de27b0a1e9
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
322
diff
changeset
|
1769 |
402
9096d2676c13
suppress duplicate calls to acceptable_content for messages with multiple recipients using the same filtering context
Carl Byington <carl@five-ten-sg.com>
parents:
393
diff
changeset
|
1770 CONTEXT *con = NULL; |
415
16451edcb962
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
414
diff
changeset
|
1771 const char *st = token_black; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1772 for (context_map::iterator i=priv.env_to.begin(); i!=priv.env_to.end(); i++) { |
402
9096d2676c13
suppress duplicate calls to acceptable_content for messages with multiple recipients using the same filtering context
Carl Byington <carl@five-ten-sg.com>
parents:
393
diff
changeset
|
1773 const char *rcpt = (*i).first; |
9096d2676c13
suppress duplicate calls to acceptable_content for messages with multiple recipients using the same filtering context
Carl Byington <carl@five-ten-sg.com>
parents:
393
diff
changeset
|
1774 CONTEXT *next = (*i).second; |
9096d2676c13
suppress duplicate calls to acceptable_content for messages with multiple recipients using the same filtering context
Carl Byington <carl@five-ten-sg.com>
parents:
393
diff
changeset
|
1775 if (con != next) { |
9096d2676c13
suppress duplicate calls to acceptable_content for messages with multiple recipients using the same filtering context
Carl Byington <carl@five-ten-sg.com>
parents:
393
diff
changeset
|
1776 con = next; |
436
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
1777 st = con->acceptable_content(local_source, *priv.memory, score, bulk, priv.queueid, priv.dkim_signers, priv.fromaddr, &priv, msg); |
402
9096d2676c13
suppress duplicate calls to acceptable_content for messages with multiple recipients using the same filtering context
Carl Byington <carl@five-ten-sg.com>
parents:
393
diff
changeset
|
1778 } |
331
9800776436b9
allow dkim whitelisting to override uribl hosts in the mail body
Carl Byington <carl@five-ten-sg.com>
parents:
330
diff
changeset
|
1779 if (st == token_black) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1780 // bad html tags or excessive hosts or |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1781 // high spam assassin score or dcc bulk threshold exceedeed |
322
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
1782 // or signed by a dkim signer that we don't like |
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
1783 // or header from requires dkim signer that is missing |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1784 smfi_delrcpt(ctx, (char*)rcpt); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1785 } |
331
9800776436b9
allow dkim whitelisting to override uribl hosts in the mail body
Carl Byington <carl@five-ten-sg.com>
parents:
330
diff
changeset
|
1786 else if (st == token_unknown) { |
377
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
1787 if (!checked_signers) { |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
1788 signer = priv.check_uribl_signers(); |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
1789 checked_signers = true; |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
1790 if (signer) { |
379
e42923f8f3fd
better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
377
diff
changeset
|
1791 snprintf(buf, sizeof(buf), "dkim signer %s listed on %s", signer, priv.uribl_suffix); |
377
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
1792 my_syslog(&priv, buf); |
379
e42923f8f3fd
better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
377
diff
changeset
|
1793 snprintf(buf, sizeof(buf), "Mail rejected - dkim signed by %s listed on %s", signer, priv.uribl_suffix); |
377
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
1794 msg = string(buf); |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
1795 } |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
1796 } |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
1797 if (signer) { |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
1798 // dkim signer is on the uribl |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
1799 smfi_delrcpt(ctx, (char*)rcpt); |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
1800 } |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
1801 else { |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
1802 // still unknown |
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
1803 unknowns.insert(rcpt); |
402
9096d2676c13
suppress duplicate calls to acceptable_content for messages with multiple recipients using the same filtering context
Carl Byington <carl@five-ten-sg.com>
parents:
393
diff
changeset
|
1804 random |= con->get_host_random(); |
9096d2676c13
suppress duplicate calls to acceptable_content for messages with multiple recipients using the same filtering context
Carl Byington <carl@five-ten-sg.com>
parents:
393
diff
changeset
|
1805 limit = max(limit, con->get_host_limit()); |
377
7fd39f029936
reject if dkim signer is listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
366
diff
changeset
|
1806 } |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1807 } |
331
9800776436b9
allow dkim whitelisting to override uribl hosts in the mail body
Carl Byington <carl@five-ten-sg.com>
parents:
330
diff
changeset
|
1808 else if (st == token_white) { |
379
e42923f8f3fd
better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
377
diff
changeset
|
1809 priv.have_whites = true; |
331
9800776436b9
allow dkim whitelisting to override uribl hosts in the mail body
Carl Byington <carl@five-ten-sg.com>
parents:
330
diff
changeset
|
1810 } |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1811 } |
379
e42923f8f3fd
better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
377
diff
changeset
|
1812 bool rejecting_unknowns = unknowns.empty(); |
e42923f8f3fd
better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
377
diff
changeset
|
1813 if (!rejecting_unknowns) { |
331
9800776436b9
allow dkim whitelisting to override uribl hosts in the mail body
Carl Byington <carl@five-ten-sg.com>
parents:
330
diff
changeset
|
1814 // check hosts for those recipients |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1815 const char *fmt; |
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1816 const char *found; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1817 if (check_hosts(priv, random, limit, fmt, host, ip, found)) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1818 if (found) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1819 // uribl style |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1820 snprintf(buf, sizeof(buf), fmt, host, found); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1821 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1822 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1823 // dnsbl style |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1824 char adr[sizeof "255.255.255.255 "]; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1825 adr[0] = '\0'; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1826 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr)); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1827 snprintf(buf, sizeof(buf), fmt, host, adr); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1828 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1829 msg = string(buf); |
379
e42923f8f3fd
better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
377
diff
changeset
|
1830 rejecting_unknowns = true; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1831 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1832 } |
379
e42923f8f3fd
better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
377
diff
changeset
|
1833 if (!rejecting_unknowns) { |
e42923f8f3fd
better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
377
diff
changeset
|
1834 // greylist the unknowns if we don't have any whitelisted recipients |
e42923f8f3fd
better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
377
diff
changeset
|
1835 if (priv.want_dccgrey && grey && !priv.have_whites) { |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1836 smfi_setreply(ctx, (char*)"452", (char*)"4.2.1", (char*)"temporary greylist embargoed"); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1837 rc = SMFIS_TEMPFAIL; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1838 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1839 else rc = SMFIS_CONTINUE; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1840 } |
379
e42923f8f3fd
better message for dkim signers listed on surbl
Carl Byington <carl@five-ten-sg.com>
parents:
377
diff
changeset
|
1841 else if (!priv.have_whites) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1842 // can reject the entire message |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1843 snprintf(buf, sizeof(buf), "%s", msg.c_str()); |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1844 smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1845 rc = SMFIS_REJECT; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1846 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1847 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1848 // need to accept it but remove the recipients that don't want it |
331
9800776436b9
allow dkim whitelisting to override uribl hosts in the mail body
Carl Byington <carl@five-ten-sg.com>
parents:
330
diff
changeset
|
1849 for (string_set::iterator i=unknowns.begin(); i!=unknowns.end(); i++) { |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1850 const char *rcpt = *i; |
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1851 smfi_delrcpt(ctx, (char*)rcpt); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1852 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1853 rc = SMFIS_CONTINUE; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1854 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1855 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1856 // reset for a new message on the same connection |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1857 mlfi_abort(ctx); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1858 return rc; |
94 | 1859 } |
1860 | |
1861 sfsistat mlfi_abort(SMFICTX *ctx) | |
1862 { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1863 mlfiPriv &priv = *MLFIPRIV; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1864 priv.reset(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1865 return SMFIS_CONTINUE; |
94 | 1866 } |
1867 | |
1868 sfsistat mlfi_close(SMFICTX *ctx) | |
1869 { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1870 mlfiPriv *priv = MLFIPRIV; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1871 if (!priv) return SMFIS_CONTINUE; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1872 delete priv; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1873 smfi_setpriv(ctx, NULL); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1874 return SMFIS_CONTINUE; |
94 | 1875 } |
1876 | |
1877 struct smfiDesc smfilter = | |
1878 { | |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1879 (char*)"DNSBL", // filter name |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1880 SMFI_VERSION, // version code -- do not change |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1881 SMFIF_DELRCPT, // flags |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1882 mlfi_connect, // connection info filter |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1883 mlfi_helo, // SMTP HELO command filter |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1884 mlfi_envfrom, // envelope sender filter |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1885 mlfi_envrcpt, // envelope recipient filter |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1886 mlfi_header, // header filter |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1887 mlfi_eoh, // end of header |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1888 mlfi_body, // body block filter |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1889 mlfi_eom, // end of message |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1890 mlfi_abort, // message aborted |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1891 mlfi_close, // connection cleanup |
94 | 1892 }; |
1893 | |
1894 | |
1895 //////////////////////////////////////////////// | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1896 // reload the config |
94 | 1897 // |
1898 CONFIG* new_conf(); | |
1899 CONFIG* new_conf() { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1900 CONFIG *newc = new CONFIG; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1901 pthread_mutex_lock(&config_mutex); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1902 newc->generation = generation++; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1903 pthread_mutex_unlock(&config_mutex); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1904 if (debug_syslog) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1905 char buf[maxlen]; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1906 snprintf(buf, sizeof(buf), "loading configuration generation %d", newc->generation); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1907 my_syslog(buf); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1908 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1909 if (load_conf(*newc, "dnsbl.conf")) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1910 newc->load_time = time(NULL); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1911 return newc; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1912 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1913 delete newc; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1914 return NULL; |
94 | 1915 } |
1916 | |
1917 | |
1918 //////////////////////////////////////////////// | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1919 // thread to watch the old config files for changes |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1920 // and reload when needed. |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1921 // we also clear the SMTP AUTH recipient counts hourly |
94 | 1922 // |
163 | 1923 extern "C" {void* config_loader(void *arg);} |
94 | 1924 void* config_loader(void *arg) { |
255
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
1925 int loop1 = 0; |
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
1926 int loop2 = 0; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1927 while (loader_run) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1928 sleep(180); // look for modifications every 3 minutes |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1929 if (!loader_run) break; |
255
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
1930 loop1++; |
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
1931 loop2++; |
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
1932 if (loop1 == 20) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1933 // three minutes thru each loop, 20 loops per hour |
280
2b77295fb9a7
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
278
diff
changeset
|
1934 // clear the recipient hourly counts and hourly sets of ip connection addresses |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1935 pthread_mutex_lock(&rate_mutex); |
278
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
1936 for (rates::iterator i=rcpt_hourly_counts.begin(); i!=rcpt_hourly_counts.end(); i++) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1937 (*i).second = 0; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1938 } |
278
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
1939 for (auth_addresses::iterator j=auth_hourly_addresses.begin(); j!=auth_hourly_addresses.end(); j++) { |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
1940 delete (*j).second; |
382
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
1941 (*j).second = new uint32_t_set; |
278
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
1942 } |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1943 pthread_mutex_unlock(&rate_mutex); |
255
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
1944 loop1 = 0; |
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
1945 } |
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
1946 if (loop2 == 480) { |
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
1947 // three minutes thru each loop, 480 loops per day |
280
2b77295fb9a7
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
278
diff
changeset
|
1948 // clear the recipient daily counts and daily sets of connection ip addresses |
255
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
1949 pthread_mutex_lock(&rate_mutex); |
278
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
1950 for (rates::iterator i=rcpt_daily_counts.begin(); i!=rcpt_daily_counts.end(); i++) { |
255
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
1951 (*i).second = 0; |
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
1952 } |
278
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
1953 for (auth_addresses::iterator j=auth_daily_addresses.begin(); j!=auth_daily_addresses.end(); j++) { |
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
1954 delete (*j).second; |
382
c378e9d03f37
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
1955 (*j).second = new uint32_t_set; |
278
368572c57013
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
272
diff
changeset
|
1956 } |
255
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
1957 pthread_mutex_unlock(&rate_mutex); |
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
252
diff
changeset
|
1958 loop2 = 0; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1959 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1960 CONFIG &dc = *config; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1961 time_t then = dc.load_time; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1962 struct stat st; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1963 bool reload = false; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1964 for (string_set::iterator i=dc.config_files.begin(); i!=dc.config_files.end(); i++) { |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1965 const char *fn = *i; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1966 if (stat(fn, &st)) reload = true; // file disappeared |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1967 else if (st.st_mtime > then) reload = true; // file modified |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1968 if (reload) break; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1969 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1970 if (reload) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1971 CONFIG *newc = new_conf(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1972 if (newc) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1973 // replace the global config pointer |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1974 pthread_mutex_lock(&config_mutex); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1975 CONFIG *pc = config; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1976 bool last = pc && (!pc->reference_count); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1977 config = newc; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1978 pthread_mutex_unlock(&config_mutex); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1979 if (last) delete pc; // there were no references to this config |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1980 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1981 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1982 // failed to load new config |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1983 my_syslog("failed to load new configuration"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1984 system("echo 'failed to load new dnsbl configuration from /etc/dnsbl' | mail -s 'error in /etc/dnsbl configuration' root"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1985 // update the load time on the current config to prevent complaining every 3 minutes |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1986 dc.load_time = time(NULL); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1987 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1988 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1989 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1990 return NULL; |
94 | 1991 } |
1992 | |
1993 | |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1994 void usage(const char *prog); |
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
1995 void usage(const char *prog) |
94 | 1996 { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1997 fprintf(stderr, "Usage: %s [-d [level]] [-c] [-s] [-e from|to] [-b dccifd-addr] -r port -p sm-sock-addr [-t timeout]\n", prog); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1998 fprintf(stderr, "where dccifd_addr is for the connection to dccifd\n"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
1999 fprintf(stderr, " and should be local-domain-socket-file-name\n"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2000 fprintf(stderr, "where port is for the connection to our own dns resolver processes\n"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2001 fprintf(stderr, " and should be local-domain-socket-file-name\n"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2002 fprintf(stderr, "where sm-sock-addr is for the connection to sendmail\n"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2003 fprintf(stderr, " and should be one of\n"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2004 fprintf(stderr, " inet:port@ip-address\n"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2005 fprintf(stderr, " local:local-domain-socket-file-name\n"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2006 fprintf(stderr, "-c will load and dump the config to stdout\n"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2007 fprintf(stderr, "-s will stress test the config loading code by repeating the load/free cycle\n"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2008 fprintf(stderr, " in an infinte loop.\n"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2009 fprintf(stderr, "-d will set the syslog message level, currently 0 to 3\n"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2010 fprintf(stderr, "-e will print the results of looking up the from and to addresses in the\n"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2011 fprintf(stderr, " current config. The | character is used to separate the from and to\n"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2012 fprintf(stderr, " addresses in the argument to the -e switch\n"); |
94 | 2013 } |
2014 | |
2015 | |
2016 | |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
2017 void setup_socket(const char *sock); |
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
2018 void setup_socket(const char *sock) { |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2019 unlink(sock); |
94 | 2020 } |
2021 | |
2022 | |
2023 /* | |
2024 * The signal handler function -- only gets called when a SIGCHLD | |
2025 * is received, ie when a child terminates | |
2026 */ | |
2027 void sig_chld(int signo) | |
2028 { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2029 int status; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2030 /* Wait for any child without blocking */ |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2031 while (waitpid(-1, &status, WNOHANG) > 0) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2032 // ignore child exit status, we only do this to cleanup zombies |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2033 } |
94 | 2034 } |
2035 | |
2036 | |
2037 int main(int argc, char**argv) | |
2038 { | |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2039 token_init(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2040 bool check = false; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2041 bool stress = false; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2042 bool setconn = false; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2043 bool setreso = false; |
244
ef97c7cd4a6e
const correctness fixes from new gcc, libresolv.a moved to glibc-static on newer distributions
Carl Byington <carl@five-ten-sg.com>
parents:
242
diff
changeset
|
2044 char *email = NULL; |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2045 int c; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2046 const char *args = "b:r:p:t:e:d:chs"; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2047 extern char *optarg; |
94 | 2048 |
235
e6c66640f6f9
Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
233
diff
changeset
|
2049 // setup srs coding detection |
296
05b604c99e06
allow broken SRS0+ rather than the correct SRS0= tag
Carl Byington <carl@five-ten-sg.com>
parents:
293
diff
changeset
|
2050 if (regcomp(&srs_pattern, "^srs(0|1)(=|\\+)([^=]+)=([^=]+)=([^=]+)=([^@]+)@", REG_ICASE | REG_EXTENDED)) { |
235
e6c66640f6f9
Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
233
diff
changeset
|
2051 printf("cannot compile regex pattern to find srs coding in mail addresses\n"); |
e6c66640f6f9
Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
233
diff
changeset
|
2052 exit(3); |
e6c66640f6f9
Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
233
diff
changeset
|
2053 } |
e6c66640f6f9
Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
233
diff
changeset
|
2054 |
246
8b0f16abee53
Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
244
diff
changeset
|
2055 // setup prvs coding detection |
8b0f16abee53
Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
244
diff
changeset
|
2056 if (regcomp(&prvs_pattern, "^prvs=([^=]+)=(.+)$", REG_ICASE | REG_EXTENDED)) { |
8b0f16abee53
Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
244
diff
changeset
|
2057 printf("cannot compile regex pattern to find prvs coding in mail addresses\n"); |
8b0f16abee53
Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
244
diff
changeset
|
2058 exit(3); |
8b0f16abee53
Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
244
diff
changeset
|
2059 } |
8b0f16abee53
Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
244
diff
changeset
|
2060 |
350
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
2061 // setup dkim results signature detection |
366
9fc05f3a824f
allow upstream opendkim header to be wrapped
Carl Byington <carl@five-ten-sg.com>
parents:
364
diff
changeset
|
2062 if (regcomp(&dkim_r_pattern, "\\sdkim=pass\\s*.[0-9]*-bit key.\\s*header.d=([^ ]+)\\s", REG_ICASE | REG_EXTENDED)) { |
364
df45a2377632
allow upstream opendkim header to be wrapped
Carl Byington <carl@five-ten-sg.com>
parents:
358
diff
changeset
|
2063 printf("cannot compile regex pattern to find dkim results signatures\n"); |
350
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
2064 exit(3); |
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
2065 } |
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
2066 |
f4ca91f49cb6
send the original mail from address to the verify server, not the srs/pvrs unwrapped version; recognize our own dkim signatures
Carl Byington <carl@five-ten-sg.com>
parents:
348
diff
changeset
|
2067 // setup dkim results signature detection |
364
df45a2377632
allow upstream opendkim header to be wrapped
Carl Byington <carl@five-ten-sg.com>
parents:
358
diff
changeset
|
2068 if (regcomp(&dkim_s_pattern, "\\sd=([^;]+);", REG_ICASE | REG_EXTENDED)) { |
322
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
2069 printf("cannot compile regex pattern to find dkim signatures\n"); |
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
2070 exit(3); |
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
2071 } |
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
2072 |
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
2073 // setup from domain extraction |
358
ef7479b2d64f
use the last @domain in the from: header
Carl Byington <carl@five-ten-sg.com>
parents:
356
diff
changeset
|
2074 if (regcomp(&from_pattern, ".*@([a-zA-Z0-9.-]+)", REG_ICASE | REG_EXTENDED)) { |
322
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
2075 printf("cannot compile regex pattern to find dkim signatures\n"); |
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
2076 exit(3); |
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
2077 } |
9f8411f3919c
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
321
diff
changeset
|
2078 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2079 // Process command line options |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2080 while ((c = getopt(argc, argv, args)) != -1) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2081 switch (c) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2082 case 'b': |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2083 if (optarg == NULL || *optarg == '\0') { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2084 fprintf(stderr, "Illegal dccifd socket: %s\n", optarg); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2085 exit(EX_USAGE); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2086 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2087 dccifd_port = strdup(optarg); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2088 break; |
177 | 2089 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2090 case 'r': |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2091 if (optarg == NULL || *optarg == '\0') { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2092 fprintf(stderr, "Illegal resolver socket: %s\n", optarg); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2093 exit(EX_USAGE); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2094 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2095 resolver_port = strdup(optarg); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2096 setup_socket(resolver_port); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2097 setreso = true; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2098 break; |
94 | 2099 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2100 case 'p': |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2101 if (optarg == NULL || *optarg == '\0') { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2102 fprintf(stderr, "Illegal sendmail socket: %s\n", optarg); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2103 exit(EX_USAGE); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2104 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2105 if (smfi_setconn(optarg) == MI_FAILURE) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2106 fprintf(stderr, "smfi_setconn failed\n"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2107 exit(EX_SOFTWARE); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2108 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2109 if (strncasecmp(optarg, "unix:", 5) == 0) setup_socket(optarg + 5); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2110 else if (strncasecmp(optarg, "local:", 6) == 0) setup_socket(optarg + 6); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2111 setconn = true; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2112 break; |
94 | 2113 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2114 case 't': |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2115 if (optarg == NULL || *optarg == '\0') { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2116 fprintf(stderr, "Illegal timeout: %s\n", optarg); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2117 exit(EX_USAGE); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2118 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2119 if (smfi_settimeout(atoi(optarg)) == MI_FAILURE) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2120 fprintf(stderr, "smfi_settimeout failed\n"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2121 exit(EX_SOFTWARE); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2122 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2123 break; |
94 | 2124 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2125 case 'e': |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
2126 if (email) free((void*)email); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2127 email = strdup(optarg); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2128 break; |
94 | 2129 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2130 case 'c': |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2131 check = true; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2132 break; |
94 | 2133 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2134 case 's': |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2135 stress = true; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2136 break; |
94 | 2137 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2138 case 'd': |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2139 if (optarg == NULL || *optarg == '\0') debug_syslog = 1; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2140 else debug_syslog = atoi(optarg); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2141 break; |
94 | 2142 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2143 case 'h': |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2144 default: |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2145 usage(argv[0]); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2146 exit(EX_USAGE); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2147 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2148 } |
94 | 2149 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2150 if (check) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2151 use_syslog = false; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2152 debug_syslog = 10; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2153 CONFIG *conf = new_conf(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2154 if (conf) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2155 conf->dump(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2156 delete conf; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2157 clear_strings(); // for valgrind checking |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2158 return 0; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2159 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2160 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2161 return 1; // config failed to load |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2162 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2163 } |
94 | 2164 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2165 if (stress) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2166 fprintf(stdout, "stress testing\n"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2167 while (1) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2168 for (int i=0; i<10; i++) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2169 CONFIG *conf = new_conf(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2170 if (conf) delete conf; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2171 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2172 fprintf(stdout, "."); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2173 fflush(stdout); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2174 sleep(1); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2175 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2176 } |
94 | 2177 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2178 if (email) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2179 char *x = strchr(email, '|'); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2180 if (x) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2181 *x = '\0'; |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
2182 const char *from = to_lower_string(email); |
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
2183 const char *to = to_lower_string(x+1); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2184 use_syslog = false; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2185 CONFIG *conf = new_conf(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2186 if (conf) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2187 CONTEXTP con = conf->find_context(to); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2188 char buf[maxlen]; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2189 fprintf(stdout, "envelope to <%s> finds context %s\n", to, con->get_full_name(buf,maxlen)); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2190 CONTEXTP fc = con->find_context(from); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2191 fprintf(stdout, "envelope from <%s> finds context %s\n", from, fc->get_full_name(buf,maxlen)); |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
2192 const char *st = fc->find_from(from); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2193 fprintf(stdout, "envelope from <%s> finds status %s\n", from, st); |
216
784030ac71f1
Never whitelist self addressed mail. Changes for Fedora 10 and const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
214
diff
changeset
|
2194 bool self = (strcmp(from, to) == 0); |
784030ac71f1
Never whitelist self addressed mail. Changes for Fedora 10 and const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
214
diff
changeset
|
2195 if ((st == token_white) && self) fprintf(stdout, "ignore self whitelisting\n"); |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2196 delete conf; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2197 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2198 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2199 return 0; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2200 } |
94 | 2201 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2202 if (!setconn) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2203 fprintf(stderr, "%s: Missing required -p argument\n", argv[0]); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2204 usage(argv[0]); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2205 exit(EX_USAGE); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2206 } |
94 | 2207 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2208 if (!setreso) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2209 fprintf(stderr, "%s: Missing required -r argument\n", argv[0]); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2210 usage(argv[0]); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2211 exit(EX_USAGE); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2212 } |
94 | 2213 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2214 if (smfi_register(smfilter) == MI_FAILURE) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2215 fprintf(stderr, "smfi_register failed\n"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2216 exit(EX_UNAVAILABLE); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2217 } |
94 | 2218 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2219 // switch to background mode |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2220 if (daemon(1,0) < 0) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2221 fprintf(stderr, "daemon() call failed\n"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2222 exit(EX_UNAVAILABLE); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2223 } |
94 | 2224 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2225 // write the pid |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2226 const char *pidpath = "/var/run/dnsbl.pid"; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2227 unlink(pidpath); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2228 FILE *f = fopen(pidpath, "w"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2229 if (f) { |
94 | 2230 #ifdef linux |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2231 // from a comment in the DCC source code: |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2232 // Linux threads are broken. Signals given the |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2233 // original process are delivered to only the |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2234 // thread that happens to have that PID. The |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2235 // sendmail libmilter thread that needs to hear |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2236 // SIGINT and other signals does not, and that breaks |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2237 // scripts that need to stop milters. |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2238 // However, signaling the process group works. |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2239 fprintf(f, "-%d\n", (u_int)getpgrp()); |
94 | 2240 #else |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2241 fprintf(f, "%d\n", (u_int)getpid()); |
94 | 2242 #endif |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2243 fclose(f); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2244 } |
94 | 2245 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2246 // initialize the thread sync objects |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2247 pthread_mutex_init(&config_mutex, 0); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2248 pthread_mutex_init(&syslog_mutex, 0); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2249 pthread_mutex_init(&resolve_mutex, 0); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2250 pthread_mutex_init(&fd_pool_mutex, 0); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2251 pthread_mutex_init(&verifier_mutex, 0); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2252 pthread_mutex_init(&whitelister_mutex, 0); |
94 | 2253 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2254 // drop root privs |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2255 struct passwd *pw = getpwnam("dnsbl"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2256 if (pw) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2257 if (setgid(pw->pw_gid) == -1) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2258 my_syslog("failed to switch to group dnsbl"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2259 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2260 if (setuid(pw->pw_uid) == -1) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2261 my_syslog("failed to switch to user dnsbl"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2262 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2263 } |
94 | 2264 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2265 // load the initial config |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2266 config = new_conf(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2267 if (!config) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2268 my_syslog("failed to load initial configuration, quitting"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2269 exit(1); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2270 } |
94 | 2271 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2272 // fork off the resolver listener process |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2273 pid_t child = fork(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2274 if (child < 0) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2275 my_syslog("failed to create resolver listener process"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2276 exit(0); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2277 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2278 if (child == 0) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2279 // we are the child - dns resolver listener process |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2280 resolver_socket = socket(AF_UNIX, SOCK_STREAM, 0); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2281 if (resolver_socket < 0) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2282 my_syslog("child failed to create resolver socket"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2283 exit(0); // failed |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2284 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2285 sockaddr_un server; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2286 memset(&server, '\0', sizeof(server)); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2287 server.sun_family = AF_UNIX; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2288 strncpy(server.sun_path, resolver_port, sizeof(server.sun_path)-1); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2289 //try to bind the address to the socket. |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2290 if (bind(resolver_socket, (sockaddr *)&server, sizeof(server)) < 0) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2291 // bind failed |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2292 shutdown(resolver_socket, SHUT_RDWR); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2293 close(resolver_socket); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2294 my_syslog("child failed to bind resolver socket"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2295 exit(0); // failed |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2296 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2297 //listen on the socket. |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2298 if (listen(resolver_socket, 10) < 0) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2299 // listen failed |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2300 shutdown(resolver_socket, SHUT_RDWR); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2301 close(resolver_socket); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2302 my_syslog("child failed to listen to resolver socket"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2303 exit(0); // failed |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2304 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2305 // setup sigchld handler to prevent zombies |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2306 struct sigaction act; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2307 act.sa_handler = sig_chld; // Assign sig_chld as our SIGCHLD handler |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2308 sigemptyset(&act.sa_mask); // We don't want to block any other signals in this example |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2309 act.sa_flags = SA_NOCLDSTOP; // only want children that have terminated |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2310 if (sigaction(SIGCHLD, &act, NULL) < 0) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2311 my_syslog("child failed to setup SIGCHLD handler"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2312 exit(0); // failed |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2313 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2314 while (true) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2315 sockaddr_un client; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2316 socklen_t clientlen = sizeof(client); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2317 int s = accept(resolver_socket, (sockaddr *)&client, &clientlen); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2318 if (s > 0) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2319 // accept worked, it did not get cancelled before we could accept it |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2320 // fork off a process to handle this connection |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2321 int newchild = fork(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2322 if (newchild == 0) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2323 // this is the worker process |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2324 // child does not need the listening socket |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2325 close(resolver_socket); |
220
495cfe5caead
try to allow mixed -lresolv and libresolv.a for ns_parserr
Carl Byington <carl@five-ten-sg.com>
parents:
216
diff
changeset
|
2326 #ifdef NS_PACKETSZ |
495cfe5caead
try to allow mixed -lresolv and libresolv.a for ns_parserr
Carl Byington <carl@five-ten-sg.com>
parents:
216
diff
changeset
|
2327 res_init(); |
495cfe5caead
try to allow mixed -lresolv and libresolv.a for ns_parserr
Carl Byington <carl@five-ten-sg.com>
parents:
216
diff
changeset
|
2328 _res.retry = 2; |
495cfe5caead
try to allow mixed -lresolv and libresolv.a for ns_parserr
Carl Byington <carl@five-ten-sg.com>
parents:
216
diff
changeset
|
2329 _res.retrans = RES_TIMEOUT; |
393
dffedbdc8566
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
390
diff
changeset
|
2330 #ifdef RES_USE_EDNS0 |
389
aa9795b407e8
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
388
diff
changeset
|
2331 _res.options |= RES_USE_EDNS0; |
220
495cfe5caead
try to allow mixed -lresolv and libresolv.a for ns_parserr
Carl Byington <carl@five-ten-sg.com>
parents:
216
diff
changeset
|
2332 #endif |
393
dffedbdc8566
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
390
diff
changeset
|
2333 #endif |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2334 process_resolver_requests(s); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2335 exit(0); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2336 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2337 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2338 // this is the parent |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2339 // parent does not need the accepted socket |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2340 close(s); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2341 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2342 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2343 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2344 exit(0); // make sure we don't fall thru. |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2345 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2346 else { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2347 sleep(2); // allow child to get started |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2348 } |
94 | 2349 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2350 // only create threads after the fork() in daemon |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2351 pthread_t tid; |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2352 if (pthread_create(&tid, 0, config_loader, 0)) |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2353 my_syslog("failed to create config loader thread"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2354 if (pthread_detach(tid)) |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2355 my_syslog("failed to detach config loader thread"); |
153 | 2356 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2357 if (pthread_create(&tid, 0, verify_closer, 0)) |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2358 my_syslog("failed to create verify closer thread"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2359 if (pthread_detach(tid)) |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2360 my_syslog("failed to detach verify closer thread"); |
94 | 2361 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2362 if (pthread_create(&tid, 0, whitelister_writer, 0)) |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2363 my_syslog("failed to create autowhite writer thread"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2364 if (pthread_detach(tid)) |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2365 my_syslog("failed to detach autowhite writer thread"); |
153 | 2366 |
192
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2367 time_t starting = time(NULL); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2368 int rc = smfi_main(); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2369 if ((rc != MI_SUCCESS) && (time(NULL) > starting+5*60)) { |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2370 my_syslog("trying to restart after smfi_main()"); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2371 loader_run = false; // eventually the config loader thread will terminate |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2372 execvp(argv[0], argv); |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2373 } |
8f4a9a37d4d9
delay autowhitelisting to avoid out of office reply bots
carl
parents:
191
diff
changeset
|
2374 exit((rc == MI_SUCCESS) ? 0 : EX_UNAVAILABLE); |
94 | 2375 } |