# HG changeset patch
# User carl
# Date 1191693395 25200
# Node ID 8b86a894514d17648ef10dee895bbdb4b382b4a0
# Parent d6531c702be378b44558e758a8d222c1d245dfea
embedded dcc filtering
diff -r d6531c702be3 -r 8b86a894514d ChangeLog
--- a/ChangeLog Thu Oct 04 22:45:21 2007 -0700
+++ b/ChangeLog Sat Oct 06 10:56:35 2007 -0700
@@ -1,6 +1,6 @@
$Id$
-6.11 2007-10-04
+6.11 2007-10-06
Add DCC filtering via dccifd. Drop to 60 seconds the time we will
keep idle smtp verify sockets around. This needs to be about half
the value of confTO_COMMAND configured on the verify targets.
diff -r d6531c702be3 -r 8b86a894514d Makefile.am
--- a/Makefile.am Thu Oct 04 22:45:21 2007 -0700
+++ b/Makefile.am Sat Oct 06 10:56:35 2007 -0700
@@ -1,7 +1,7 @@
SUBDIRS = src man html info
hackdir = $(sysconfdir)/dnsbl
hack_SCRIPTS = dnsbl
-hack_DATA = dnsbl.conf hosts-ignore.conf html-tags.conf tld.conf cctld.conf
+hack_DATA = dnsbl.conf hosts-ignore.conf html-tags.conf tld.conf cctld.conf dnsblnogrey
CLEANFILES = dnsbl xml/dnsbl xml/Makefile
EXTRA_DIST = $(hack_DATA) dnsbl.spec $(wildcard xml/h*) $(wildcard xml/M*) $(wildcard xml/d*)
@@ -19,4 +19,5 @@
chown dnsbl:root $(sysconfdir)/dnsbl/.spamassassin
/sbin/chkconfig --del dnsbl
/sbin/chkconfig --add dnsbl
+ if [ -d /var/dcc/userdirs/local ]; then mv -f $(sysconfdir)/dnsbl/dnsblnogrey /var/dcc/userdirs/local ; fi
diff -r d6531c702be3 -r 8b86a894514d NEWS
--- a/NEWS Thu Oct 04 22:45:21 2007 -0700
+++ b/NEWS Sat Oct 06 10:56:35 2007 -0700
@@ -1,6 +1,6 @@
$Id$
-6.11 2007-10-04 Add DCC filtering via dccifd. Fix static buffer referenced by multiple threads.
+6.11 2007-10-06 Add DCC filtering via dccifd. Fix static buffer referenced by multiple threads.
6.10 2007-09-23 Don't whitelist addresses with embedded blanks, or the empty path.
6.09 2007-09-06 Fix memory leak. Update timestamps when receiving from auto-whitelisted sender.
6.08 2007-08-30 Don't do generic reverse dns filtering on authenticated connections.
diff -r d6531c702be3 -r 8b86a894514d dnsbl.conf
--- a/dnsbl.conf Thu Oct 04 22:45:21 2007 -0700
+++ b/dnsbl.conf Sat Oct 06 10:56:35 2007 -0700
@@ -64,6 +64,7 @@
env_to {
# !! replace this with your domain names
# child contexts are not allowed to specify recipient addresses outside these domains
+ # if this is a backup-mx, you need to include here domains for which you relay to the primary mx
include "/etc/mail/local-host-names";
};
diff -r d6531c702be3 -r 8b86a894514d sendmail.st
Binary file sendmail.st has changed
diff -r d6531c702be3 -r 8b86a894514d src/context.h
--- a/src/context.h Thu Oct 04 22:45:21 2007 -0700
+++ b/src/context.h Sat Oct 06 10:56:35 2007 -0700
@@ -218,11 +218,11 @@
void set_bulk(int b) {dcc_bulk_threshold = b; };
bool get_content_filtering() {return content_filtering; };
- bool get_require() {return require_match; };
- bool get_grey() {return dcc_greylist; };
- int get_bulk() {return dcc_bulk_threshold;};
- int get_host_limit() {return host_limit; };
- bool get_host_random() {return host_random; };
+ bool get_require() {return content_filtering && require_match; };
+ bool get_grey() {return content_filtering && dcc_greylist; };
+ int get_bulk() {return (content_filtering) ? dcc_bulk_threshold : 0;};
+ int get_host_limit() {return (content_filtering) ? host_limit : 0;};
+ bool get_host_random() {return (content_filtering) ? host_random : 0;};
int get_spamassassin_limit() {return (content_filtering) ? spamassassin_limit : 0;};
char* get_content_suffix();
char* get_content_message();
diff -r d6531c702be3 -r 8b86a894514d src/dnsbl.cpp
--- a/src/dnsbl.cpp Thu Oct 04 22:45:21 2007 -0700
+++ b/src/dnsbl.cpp Sat Oct 06 10:56:35 2007 -0700
@@ -782,6 +782,7 @@
if ((src[0] == 172) && (16 <= src[1]) && (src[1] <= 31)) return false;
char adr[sizeof "255.255.255.255 "];
snprintf(adr, sizeof(adr), "%u.%u.%u.%u", src[3], src[2], src[1], src[0]);
+ // cannot use inet_ntop here since we want the octets reversed.
return (uriblookup(priv, hosts, adr, NULL, found));
}
@@ -988,7 +989,7 @@
priv.assassin = new SpamAssassin(&priv, priv.ip, priv.helo, priv.mailaddr, priv.queueid);
}
if (dccifd_port) {
- priv.dccifd = new DccInterface(dccifd_port, &priv, priv.ip, priv.helo, priv.mailaddr, priv.queueid);
+ priv.dccifd = new DccInterface(dccifd_port, &priv, priv.ip, priv.helo, priv.mailaddr);
}
return SMFIS_CONTINUE;
}
@@ -1006,13 +1007,13 @@
smfi_setreply(ctx, "550", "5.7.1", "bogus recipient");
return SMFIS_REJECT;
}
-
- if (priv.assassin) priv.assassin->mlfi_envrcpt(ctx, loto);
- if (priv.dccifd) priv.dccifd->mlfi_envrcpt(loto);
// priv.mailaddr sending original message to loto
CONTEXT &con = *(dc.find_context(loto)->find_context(priv.mailaddr));
VERIFYP ver = con.find_verify(loto);
char *fromvalue = con.find_from(priv.mailaddr, true);
+ // tell spam assassin and dccifd about this recipient
+ if (priv.assassin) priv.assassin->mlfi_envrcpt(ctx, loto);
+ if (priv.dccifd) priv.dccifd->mlfi_envrcpt(loto, con.get_grey());
// loto sending a reply back to priv.mailaddr
CONTEXT &con2 = *(dc.find_context(priv.mailaddr)->find_context(loto));
char *replyvalue = con2.find_from(loto);
@@ -1104,6 +1105,11 @@
else {
free(loto);
}
+
+ // accept the recipient
+ if (!con.get_content_filtering()) st = white;
+
+ if (st == oksofar) {
// remember first content filtering context
if (con.get_content_filtering()) {
if (!priv.content_context) priv.content_context = &con;
@@ -1112,10 +1118,7 @@
return SMFIS_TEMPFAIL;
}
}
- // accept the recipient
- if (!con.get_content_filtering()) st = white;
- if (st == oksofar) {
- // but remember the non-whites
+ // remember the non-whites
priv.need_content_filter(rcptaddr, con);
priv.only_whites = false;
priv.want_spamassassin |= (priv.assassin) && // have spam assassin available and
diff -r d6531c702be3 -r 8b86a894514d xml/dnsbl.in
--- a/xml/dnsbl.in Thu Oct 04 22:45:21 2007 -0700
+++ b/xml/dnsbl.in Sat Oct 06 10:56:35 2007 -0700
@@ -34,6 +34,7 @@
+
@@ -72,7 +73,14 @@
- -r local-domain-socket
+ -b local-domain-socket-file-name
+
+ Set the local socket used for the connection to the dccifd daemon.
+ This is typically /var/dcc/dccifd.
+
+
+
+ -r local-domain-socket-file-name
Set the local socket used for the connection to our own dns resolver processes.
@@ -248,6 +256,18 @@
be appropriately tagged and used only for the domains controlled by each
of those clients.
+
+ You can now use (via dccifd) different dcc filtering parameters on a per
+ context basis. See the dcc_greylist and dcc_bulk_threshold statements
+ in the @PACKAGE@.conf
+ 5 configuration. Those
+ statements are only active if you supply the option
+ on the dnsbl command line. If you use the dcc via the standard dcc
+ milter (dccm), then connections from clients that use SMTP AUTH are
+ still subject to greylisting. If you use the dcc via dccifd and this
+ milter, then connections from clients that use SMTP AUTH are never
+ subject to greylisting.
+
@@ -704,6 +724,7 @@
env_to {
# !! replace this with your domain names
# child contexts are not allowed to specify recipient addresses outside these domains
+ # if this is a backup-mx, you need to include here domains for which you relay to the primary mx
include "/etc/mail/local-host-names";
};