# HG changeset patch # User carl # Date 1082918168 25200 # Node ID 2752e512fd32ffe5a3065549f4ee6a4f3eb53c51 # Parent 6ac6d6b822cef73542ca55aa8a704234e6999a6a finish documentation diff -r 6ac6d6b822ce -r 2752e512fd32 src/dnsbl.cpp --- a/src/dnsbl.cpp Fri Apr 23 22:45:10 2004 -0700 +++ b/src/dnsbl.cpp Sun Apr 25 11:36:08 2004 -0700 @@ -12,6 +12,15 @@ -c Check the config, and print a copy to stdout. Don't start the milter or do anything with the socket. +TODO: +1) Add config for max_recipients for each mail domain. Recipients in +excess of that limit will be rejected, and the entire data will be +rejected if it is sent. + +2) Add config for poison addresses. If any recipient is poison, all +recipients are rejected even if they would be whitelisted, and the +data is rejected if sent. + */ diff -r 6ac6d6b822ce -r 2752e512fd32 src/package --- a/src/package Fri Apr 23 22:45:10 2004 -0700 +++ b/src/package Sun Apr 25 11:36:08 2004 -0700 @@ -6,7 +6,7 @@ mv -f dnsbl.conf dnsbl.conf.save mv sample.conf dnsbl.conf - tar cfvz $target1 dnsbl.cpp scanner.cpp dnsbl.conf dnsbl.rc install.bash LICENSE + tar cfvz $target1 dnsbl.cpp scanner.cpp test.cpp dnsbl.conf dnsbl.rc install.bash LICENSE mv dnsbl.conf sample.conf mv dnsbl.conf.save dnsbl.conf diff -r 6ac6d6b822ce -r 2752e512fd32 src/test.cpp --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/test.cpp Sun Apr 25 11:36:08 2004 -0700 @@ -0,0 +1,124 @@ +/* + +Copyright (c) 2004 Carl Byington - 510 Software Group, released under +the GPL version 2 or any later version at your choice available at +http://www.fsf.org/licenses/gpl.txt + +*/ + +#include +#include +#include +#include + +static char* test_version="$Id$"; + +using namespace std; + +struct ltstr { + bool operator()(char* s1, char* s2) const { + return strcmp(s1, s2) < 0; + } +}; + +typedef set string_set; + +static string_set all_strings; // owns all the strings, only modified by the config loader thread + +struct stats { + bool stop; + bool running; + int counter; + int errors; + stats(); +}; +stats::stats() { + stop = false; + running = false; + counter = 0; + errors = 0; +} + +//////////////////////////////////////////////// +// helper to discard the strings held by a string_set +// +static void discard(string_set &s); +static void discard(string_set &s) { + for (string_set::iterator i=s.begin(); i!=s.end(); i++) { + free(*i); + } + s.clear(); +} + +//////////////////////////////////////////////// +// helper to register a string in a string set +// +static char* register_string(string_set &s, char *name); +static char* register_string(string_set &s, char *name) { + string_set::iterator i = s.find(name); + if (i != s.end()) return *i; + char *x = strdup(name); + s.insert(x); + return x; +} + + +//////////////////////////////////////////////// +// thread tester +// +static void* tester(void *arg); +static void* tester(void *arg) { + stats &st = *((stats *)arg); + st.running = true; + while (!st.stop) { + const int LIMIT = 1000; + string_set *mine = new string_set; + string_set &me = *mine; + for (int i=0; iYou may want to blacklist some specific senders or sending domains. This could be done thru either the DCC (on a global basis, or for a specific single recipient). We prefer to do such blacklisting via the -DNSBL milter config, since it can be done for an entire recipient mail -domain. The DCC approach has the feature that you can capture the +DNSBL milter config, since it can be done for a collection of recipient +mail domains. The DCC approach has the feature that you can capture the entire message in the DCC log files. The DNSBL milter approach has the feature that the mail is rejected earlier (at RCPT TO time), and the sending machine just gets a generic "550 5.7.1 no such user" message. @@ -51,7 +51,9 @@ include_dcc line) in the DNSBL milter config. This will import the (env_to, env_from, and substitute mail_host) entries from the DCC config into the DNSBL config. This allows using the DCC config as the single -point for white/blacklisting. +point for white/blacklisting. When used in this manner, the whitelist +env_to entries from the DCC config become global whitelist entries in +the DNSBL config.

Consider the case where you have multiple clients, each with their own mail servers, and each running their own DCC milters. Each client @@ -126,20 +128,22 @@

to allow those clients to smarthost thru your mail server. Now if -one of those clients happens get infected with a virus that turns into -an open proxy, and their 192.168.4.45 lands on the SBL-XBL, you will -still wind up allowing that infected machine to smarthost thru your mail -servers. +one of those clients happens get infected with a virus that turns a +machine into an open proxy, and their 192.168.4.45 lands on the SBL-XBL, +you will still wind up allowing that infected machine to smarthost thru +your mail servers.

With this DNSBL milter, the sendmail access database cannot override the dnsbl checks, so that machine won't be able to send mail to or thru -your smarthost machine. +your smarthost mail server. -


-
Installation and configuration
-

Usage: Note that this has ONLY been tested on Linux, specifically -RedHat Linux. Your mileage will vary. In particular, this milter makes no -attempt to understand IPv6. +


Installation and configuration

Usage: Note +that this has ONLY been tested on Linux, specifically RedHat Linux. In +particular, this milter makes no attempt to understand IPv6. Your +mileage will vary. You will need at a minimum a C++ compiler with a +minimally thread safe STL implementation. The distribution includes a +test.cpp program. If it fails this milter won't work. If it passes, +this milter might work. Fetch dnsbl.tar.gz and @@ -161,7 +165,7 @@ Read the sample var/dnsbl/dnsbl.conf file and modify it to fit your configuration. You can test your -configuration files, and see a readable internal dump of them on stderr +configuration files, and see a readable internal dump of them on stdout with