Mercurial > dnsbl
changeset 13:2752e512fd32 stable-2-1
finish documentation
author | carl |
---|---|
date | Sun, 25 Apr 2004 11:36:08 -0700 |
parents | 6ac6d6b822ce |
children | 443aa0e8c6fa |
files | src/dnsbl.cpp src/package src/test.cpp test.bash xml/dnsbl.in |
diffstat | 5 files changed, 172 insertions(+), 15 deletions(-) [+] |
line wrap: on
line diff
--- a/src/dnsbl.cpp Fri Apr 23 22:45:10 2004 -0700 +++ b/src/dnsbl.cpp Sun Apr 25 11:36:08 2004 -0700 @@ -12,6 +12,15 @@ -c Check the config, and print a copy to stdout. Don't start the milter or do anything with the socket. +TODO: +1) Add config for max_recipients for each mail domain. Recipients in +excess of that limit will be rejected, and the entire data will be +rejected if it is sent. + +2) Add config for poison addresses. If any recipient is poison, all +recipients are rejected even if they would be whitelisted, and the +data is rejected if sent. + */
--- a/src/package Fri Apr 23 22:45:10 2004 -0700 +++ b/src/package Sun Apr 25 11:36:08 2004 -0700 @@ -6,7 +6,7 @@ mv -f dnsbl.conf dnsbl.conf.save mv sample.conf dnsbl.conf - tar cfvz $target1 dnsbl.cpp scanner.cpp dnsbl.conf dnsbl.rc install.bash LICENSE + tar cfvz $target1 dnsbl.cpp scanner.cpp test.cpp dnsbl.conf dnsbl.rc install.bash LICENSE mv dnsbl.conf sample.conf mv dnsbl.conf.save dnsbl.conf
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/test.cpp Sun Apr 25 11:36:08 2004 -0700 @@ -0,0 +1,124 @@ +/* + +Copyright (c) 2004 Carl Byington - 510 Software Group, released under +the GPL version 2 or any later version at your choice available at +http://www.fsf.org/licenses/gpl.txt + +*/ + +#include <stdio.h> +#include <unistd.h> +#include <pthread.h> +#include <set> + +static char* test_version="$Id$"; + +using namespace std; + +struct ltstr { + bool operator()(char* s1, char* s2) const { + return strcmp(s1, s2) < 0; + } +}; + +typedef set<char *, ltstr> string_set; + +static string_set all_strings; // owns all the strings, only modified by the config loader thread + +struct stats { + bool stop; + bool running; + int counter; + int errors; + stats(); +}; +stats::stats() { + stop = false; + running = false; + counter = 0; + errors = 0; +} + +//////////////////////////////////////////////// +// helper to discard the strings held by a string_set +// +static void discard(string_set &s); +static void discard(string_set &s) { + for (string_set::iterator i=s.begin(); i!=s.end(); i++) { + free(*i); + } + s.clear(); +} + +//////////////////////////////////////////////// +// helper to register a string in a string set +// +static char* register_string(string_set &s, char *name); +static char* register_string(string_set &s, char *name) { + string_set::iterator i = s.find(name); + if (i != s.end()) return *i; + char *x = strdup(name); + s.insert(x); + return x; +} + + +//////////////////////////////////////////////// +// thread tester +// +static void* tester(void *arg); +static void* tester(void *arg) { + stats &st = *((stats *)arg); + st.running = true; + while (!st.stop) { + const int LIMIT = 1000; + string_set *mine = new string_set; + string_set &me = *mine; + for (int i=0; i<LIMIT; i++) { + char buf[100]; + snprintf(buf, sizeof(buf), "this is string %d", i); + register_string(me, buf); + } + for (int i=0; i<LIMIT; i+=5) { + char buf[100]; + snprintf(buf, sizeof(buf), "this is string %d", i); + string_set::iterator j = me.find(buf); + if (j == me.end()) st.errors++; + } + discard(me); + delete mine; + st.counter++; + } + st.running = false; + return NULL; +} + +int main(int argc, char**argv) +{ + stats st1; + stats st2; + pthread_t tid; + if (pthread_create(&tid, 0, tester, &st1)) + fprintf(stdout, "failed to create test thread"); + if (pthread_detach(tid)) + fprintf(stdout, "failed to detach test thread"); + if (pthread_create(&tid, 0, tester, &st2)) + fprintf(stdout, "failed to create test thread"); + if (pthread_detach(tid)) + fprintf(stdout, "failed to detach test thread"); + + fprintf(stdout, "tests are running\n"); + sleep(60); + st1.stop = true; + st2.stop = true; + while (st1.running || st2.running) { + sleep(1); + } + + fprintf(stdout, "counter 1 = %d\n", st1.counter); + fprintf(stdout, "counter 2 = %d\n", st2.counter); + fprintf(stdout, "errors 1 = %d\n", st1.errors); + fprintf(stdout, "errors 2 = %d\n", st2.errors); + return 0; +} +
--- a/test.bash Fri Apr 23 22:45:10 2004 -0700 +++ b/test.bash Sun Apr 25 11:36:08 2004 -0700 @@ -1,5 +1,25 @@ #!/bin/bash +########################### +# compile and run the test program +# +g++ -c test.cpp +if [ $? -ne 0 ]; then + echo "compiler errors" + exit +fi +g++ -o test test.o -pthread +if [ $? -ne 0 ]; then + echo "linker errors" + exit +fi + +./test +exit + +########################### +# compile the milter +# g++ -c dnsbl.cpp if [ $? -ne 0 ]; then echo "compiler errors"
--- a/xml/dnsbl.in Fri Apr 23 22:45:10 2004 -0700 +++ b/xml/dnsbl.in Sun Apr 25 11:36:08 2004 -0700 @@ -41,8 +41,8 @@ <p>You may want to blacklist some specific senders or sending domains. This could be done thru either the DCC (on a global basis, or for a specific single recipient). We prefer to do such blacklisting via the -DNSBL milter config, since it can be done for an entire recipient mail -domain. The DCC approach has the feature that you can capture the +DNSBL milter config, since it can be done for a collection of recipient +mail domains. The DCC approach has the feature that you can capture the entire message in the DCC log files. The DNSBL milter approach has the feature that the mail is rejected earlier (at RCPT TO time), and the sending machine just gets a generic "550 5.7.1 no such user" message. @@ -51,7 +51,9 @@ include_dcc line) in the DNSBL milter config. This will import the (env_to, env_from, and substitute mail_host) entries from the DCC config into the DNSBL config. This allows using the DCC config as the single -point for white/blacklisting. +point for white/blacklisting. When used in this manner, the whitelist +env_to entries from the DCC config become global whitelist entries in +the DNSBL config. <p>Consider the case where you have multiple clients, each with their own mail servers, and each running their own DCC milters. Each client @@ -126,20 +128,22 @@ </pre> <p>to allow those clients to smarthost thru your mail server. Now if -one of those clients happens get infected with a virus that turns into -an open proxy, and their 192.168.4.45 lands on the SBL-XBL, you will -still wind up allowing that infected machine to smarthost thru your mail -servers. +one of those clients happens get infected with a virus that turns a +machine into an open proxy, and their 192.168.4.45 lands on the SBL-XBL, +you will still wind up allowing that infected machine to smarthost thru +your mail servers. <p>With this DNSBL milter, the sendmail access database cannot override the dnsbl checks, so that machine won't be able to send mail to or thru -your smarthost machine. +your smarthost mail server. -<hr> -<center>Installation and configuration</center> -<p>Usage: Note that this has ONLY been tested on Linux, specifically -RedHat Linux. Your mileage will vary. In particular, this milter makes no -attempt to understand IPv6. +<hr> <center>Installation and configuration</center> <p>Usage: Note +that this has ONLY been tested on Linux, specifically RedHat Linux. In +particular, this milter makes no attempt to understand IPv6. Your +mileage will vary. You will need at a minimum a C++ compiler with a +minimally thread safe STL implementation. The distribution includes a +test.cpp program. If it fails this milter won't work. If it passes, +this milter might work. Fetch <a href="http://www.five-ten-sg.com/util/dnsbl.tar.gz">dnsbl.tar.gz</a> and @@ -161,7 +165,7 @@ Read the sample <a href="http://www.five-ten-sg.com/dnsbl.conf">var/dnsbl/dnsbl.conf</a> file and modify it to fit your configuration. You can test your -configuration files, and see a readable internal dump of them on stderr +configuration files, and see a readable internal dump of them on stdout with <pre>