# HG changeset patch # User Carl Byington # Date 1342899319 25200 # Node ID e118fd2c6af0892773211be8e0ee39c8caf28749 # Parent 4648c7a76105effe8a866fe46bad5bc0f5397a3a fix unauthenticated rate limit bug for empty mail from; move unauthenticate rate limit checks after spam filtering diff -r 4648c7a76105 -r e118fd2c6af0 dnsbl.conf --- a/dnsbl.conf Sat Jul 21 09:16:57 2012 -0700 +++ b/dnsbl.conf Sat Jul 21 12:35:19 2012 -0700 @@ -35,8 +35,8 @@ rate_limit 30 4 { // default #fred 100; // override default limits #joe 10; // "" - #sam@somedomain.tld 500; - #@otherdomain.tld 100; + #"sam@somedomain.tld" 500; + #"@otherdomain.tld" 100; }; }; diff -r 4648c7a76105 -r e118fd2c6af0 src/context.cpp --- a/src/context.cpp Sat Jul 21 09:16:57 2012 -0700 +++ b/src/context.cpp Sat Jul 21 12:35:19 2012 -0700 @@ -854,6 +854,7 @@ bool CONTEXT::is_unauthenticated_limited(const char *user) { + if (!user) return false; rcpt_rates::iterator i = rcpt_per_hour.find(user); // look for sender user@email limiting if (i != rcpt_per_hour.end()) return true; // found user@email limiting const char *f = strchr(user, '@'); diff -r 4648c7a76105 -r e118fd2c6af0 src/dnsbl.cpp --- a/src/dnsbl.cpp Sat Jul 21 09:16:57 2012 -0700 +++ b/src/dnsbl.cpp Sat Jul 21 12:35:19 2012 -0700 @@ -1194,21 +1194,6 @@ smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient can not reply due to blacklisting"); return SMFIS_REJECT; } - if (!priv.authenticated && dc.default_context->is_unauthenticated_limited(priv.mailaddr)) { - int hourly, daily; - incr_rcpt_count(priv.mailaddr, hourly, daily); - int h_limit = dc.default_context->find_rate(priv.mailaddr); - int d_limit = dc.default_context->get_daily_multiple() * h_limit; - if (debug_syslog > 1) { - char msg[maxlen]; - snprintf(msg, sizeof(msg), "unauthenticated address %s (%d %d recipients, %d %d limits)", priv.mailaddr, hourly, daily, h_limit, d_limit); - my_syslog(&priv, msg); - } - if ((hourly > h_limit) || (daily > d_limit)){ - smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient rate limit exceeded"); - return SMFIS_REJECT; - } - } if (priv.authenticated) { int hourly, daily; incr_rcpt_count(priv.authenticated, hourly, daily); @@ -1284,6 +1269,21 @@ return SMFIS_REJECT; } } + if (!priv.authenticated && dc.default_context->is_unauthenticated_limited(priv.mailaddr)) { + int hourly, daily; + incr_rcpt_count(priv.mailaddr, hourly, daily); + int h_limit = dc.default_context->find_rate(priv.mailaddr); + int d_limit = dc.default_context->get_daily_multiple() * h_limit; + if (debug_syslog > 1) { + char msg[maxlen]; + snprintf(msg, sizeof(msg), "unauthenticated address %s (%d %d recipients, %d %d limits)", priv.mailaddr, hourly, daily, h_limit, d_limit); + my_syslog(&priv, msg); + } + if ((hourly > h_limit) || (daily > d_limit)){ + smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient rate limit exceeded"); + return SMFIS_REJECT; + } + } // we will accept the recipient, but add an auto-whitelist entry // if needed to ensure we can accept replies loto = to_lower_string(rcptaddr); diff -r 4648c7a76105 -r e118fd2c6af0 xml/dnsbl.in --- a/xml/dnsbl.in Sat Jul 21 09:16:57 2012 -0700 +++ b/xml/dnsbl.in Sat Jul 21 12:35:19 2012 -0700 @@ -774,8 +774,8 @@ rate_limit 30 4 { // default #fred 100; // override default limits #joe 10; // "" - #sam@somedomain.tld 500; - #@otherdomain.tld 100; + #"sam@somedomain.tld" 500; + #"@otherdomain.tld" 100; }; };