view src/dnsbl.h @ 407:29d54e7028f6 stable-6-0-54

document dmarc vs dnsbl dkim/spf; switch to . rather than " " for dkim impossible signer
author Carl Byington <carl@five-ten-sg.com>
date Thu, 30 Mar 2017 10:26:30 -0700
parents c378e9d03f37
children f9165d9aa689
line wrap: on
line source

/*

Copyright (c) 2007 Carl Byington - 510 Software Group, released under
the GPL version 3 or any later version at your choice available at
http://www.gnu.org/licenses/gpl-3.0.txt

*/

#ifndef dnsbl_include
#define dnsbl_include

#include "context.h"
#include "spamass.h"
#include "dccifd.h"

extern int debug_syslog;
#define dccbulk 1000

class recorder;
class url_scanner;


////////////////////////////////////////////////
// mail filter private data, held for us by sendmail
//
struct mlfiPriv
{
    // callback specific data
    SMFICTX *ctx;                           // updated everytime we fetch this priv pointer from the ctx
    bool    eom;                            // are we in eom function, so progress function can be called?
    // connection specific data
    CONFIG  *pc;                            // global filtering configuration
    int     fd;                             // to talk to dns resolver process
    bool    err;                            // did we get any errors on the resolver socket?
    uint32_t ip;                            // ip4 address of the smtp client in network order
    const char      *helo;                  // helo from client
    map<DNSBLP, bool> checked_black;        // map of dnsblp to result of (ip listed on that dnsbl)
    map<DNSWLP, bool> checked_white;        // map of dnswlp to result of (ip listed on that dnswl)
    // message specific data
    const char      *origaddr;              // envelope from value, lowercase, no srs/pvrs unwrapping
    const char      *mailaddr;              // envelope from value, lowercase, srs/pvrs unwapped
    const char      *fromaddr;              // header from value, set by mlfi_header()
    int             header_count;           // count of headers already seen
    bool            dkim_ok;                // ok to proceed with dkim checking
    string_set      dkim_signers;           // non empty if message was validly signed, set of signers
    const char      *queueid;               // sendmail queue id
    const char      *authenticated;         // client authenticated? if so, suppress all dnsbl checks, but check rate limits
    const char      *client_name;           // fully qualified host name of the smtp client xxx [ip.ad.dr.es] (may be forged)
          char      *client_dns_name;       // fully qualified host name of the smtp client xxx
    bool            client_dns_forged;      // rdns mismatch
    const char      *host_uribl;            // pointer to helo/client/from/signer host name if found on uribl
    string_set      hosts_uribl;            // string set to hold the helo/client/from/signer host name if found on uribl
    bool            helo_uribl;             // helo value on uribl
    bool            client_uribl;           // client_name on uribl
    bool            from_uribl;             // envelope from value on uribl
    bool            have_whites;            // have at least one whitelisted recipient? need to accept content and remove all non-whitelisted recipients if it fails
    bool            only_whites;            // every recipient is whitelisted?
    bool            want_spamassassin;      // at least one non-whitelisted recipient has a non zero spamassassin limit
    bool            want_dccgrey;           // at least one non-whitelisted recipient wants dcc greylisting
    bool            want_dccbulk;           // at least one non-whitelisted recipient wants dcc bulk filtering
    bool            allow_autowhitelisting; // precedence:bulk or content-type:multipart/report headers prevent autowhitelisting
    delay_whitelist delayer;                // to remember autowhitelisting until we see headers
    CONTEXT         *content_context;       // first non-whitelisted recipient with a content filtering context
    context_map     env_to;                 // map each non-whitelisted recipient to their filtering context
    recorder        *memory;                // memory for the content scanner
    url_scanner     *scanner;               // object to handle body scanning
    const char      *content_suffix;        // for url body filtering based on ip addresses of hostnames in the body
    const char      *content_message;       // ""
    const char      *uribl_suffix;          // for uribl body filtering based on hostnames in the body
    const char      *uribl_message;         // ""
    string_set      *content_host_ignore;   // ""
    SpamAssassin    *assassin;
    DccInterface    *dccifd;


    mlfiPriv();
    ~mlfiPriv();
    void reset(bool final = false); // for a new message
    void get_fd();
    void return_fd();
    size_t my_read(char *buf, size_t len);
    size_t my_write(const char *buf, size_t len);
    const char *check_uribl_signers();
    void need_content_filter(CONTEXT &con);
};

struct ns_map {
    // all the strings are owned by the keys/values in the ns_host string map
    string_map  ns_host;    // nameserver name -> host name that uses this name server
    ns_mapper   ns_ip;      // nameserver name -> ipv4 address of the name server
    ~ns_map();
    void add(const char *name, const char *refer);
};

void     my_syslog(const char *queueid, const char *text);
void     my_syslog(mlfiPriv *priv, const char *text);
void     my_syslog(mlfiPriv *priv, const string text);
void     my_syslog(const char *text);
uint32_t dns_interface(mlfiPriv &priv, const char *question, int qtype, bool maybe_ip = false, ns_map *nameservers = NULL, char *txt_answer = NULL, size_t txt_size = 0);

#endif