gurubert at gurubert
Aug 13, 2011, 5:06 AM
Post #1 of 1
(608 views)
Permalink
|
|
PATCH: rblsmtpd to combine multiple DNSBLs
|
|
Hi,
this is a patch that "activates" rblsmtpd only if a configurable number
of DNSBLs return a positive result, i.e. if you do not want to rely
on a single DNSBL.
It adds a new option "-n" to configure the number of DNSBLs that have to
return a match (set to 1 by default).
The patch is tested but your mileage may vary. No warranty et al, feel
free to use it at your own risk.
--- rblsmtpd.c.orig 2000-03-18 16:18:42.000000000 +0100
+++ rblsmtpd.c 2011-08-13 14:00:19.000000000 +0200
@@ -22,7 +22,7 @@
}
void usage(void)
{
- strerr_die1x(100,"rblsmtpd: usage: rblsmtpd [ -b ] [ -R ] [ -t timeout ] [ -r base ] [ -a base ] smtpd [ arg ... ]");
+ strerr_die1x(100,"rblsmtpd: usage: rblsmtpd [ -b ] [ -R ] [ -t timeout ] [ -n numberofdecisions ] [ -r base ] [ -a base ] smtpd [ arg ... ]");
}
char *ip_env;
@@ -53,11 +53,27 @@
int flagfailclosed = 0;
int flagmustnotbounce = 0;
+unsigned long numdecisions = 1;
int decision = 0; /* 0 undecided, 1 accept, 2 reject, 3 bounce */
static stralloc text; /* defined if decision is 2 or 3 */
+char strnum[FMT_ULONG];
+static stralloc message;
+
static stralloc tmp;
+void logrbl(void)
+{
+ buffer_puts(buffer_2,"rblsmtpd: ");
+ buffer_puts(buffer_2,ip_env);
+ buffer_puts(buffer_2," pid ");
+ buffer_put(buffer_2,strnum,fmt_ulong(strnum,getpid()));
+ buffer_puts(buffer_2,": ");
+ buffer_put(buffer_2,text.s,text.len);
+ buffer_puts(buffer_2,"\n");
+ buffer_flush(buffer_2);
+}
+
void rbl(char *base)
{
if (decision) return;
@@ -71,11 +87,15 @@
}
return;
}
- if (text.len)
- if (flagrblbounce)
- decision = 3;
- else
- decision = 2;
+ if (text.len) {
+ logrbl();
+ if (! --numdecisions) {
+ if (flagrblbounce)
+ decision = 3;
+ else
+ decision = 2;
+ }
+ }
}
void antirbl(char *base)
@@ -83,19 +103,31 @@
if (decision) return;
if (!stralloc_copy(&tmp,&ip_reverse)) nomem();
if (!stralloc_cats(&tmp,base)) nomem();
- if (dns_ip4(&text,&tmp) == -1) {
+ if (dns_txt(&text,&tmp) == -1) {
flagmustnotbounce = 1;
if (!flagfailclosed)
decision = 1;
return;
}
- if (text.len)
+ if (text.len) {
decision = 1;
+ logrbl();
+ } else {
+ if (dns_ip4(&text,&tmp) == -1) {
+ flagmustnotbounce = 1;
+ if (!flagfailclosed)
+ decision = 1;
+ return;
+ }
+ if (text.len) {
+ decision = 1;
+ stralloc_copys(&text, "whitelisted on ");
+ stralloc_cats(&text, base);
+ logrbl();
+ }
+ }
}
-char strnum[FMT_ULONG];
-static stralloc message;
-
char inspace[64]; buffer in = BUFFER_INIT(read,0,inspace,sizeof inspace);
char outspace[1]; buffer out = BUFFER_INIT(write,1,outspace,sizeof outspace);
@@ -131,15 +163,6 @@
if ((message.s[i] < 32) || (message.s[i] > 126))
message.s[i] = '?';
- buffer_puts(buffer_2,"rblsmtpd: ");
- buffer_puts(buffer_2,ip_env);
- buffer_puts(buffer_2," pid ");
- buffer_put(buffer_2,strnum,fmt_ulong(strnum,getpid()));
- buffer_puts(buffer_2,": ");
- buffer_put(buffer_2,message.s,message.len);
- buffer_puts(buffer_2,"\n");
- buffer_flush(buffer_2);
-
if (!stralloc_cats(&message,"\r\n")) nomem();
if (!timeout)
@@ -175,13 +198,14 @@
}
}
- while ((opt = getopt(argc,argv,"bBcCt:r:a:")) != opteof)
+ while ((opt = getopt(argc,argv,"bBcCn:t:r:a:")) != opteof)
switch(opt) {
case 'b': flagrblbounce = 1; break;
case 'B': flagrblbounce = 0; break;
case 'c': flagfailclosed = 1; break;
case 'C': flagfailclosed = 0; break;
case 't': scan_ulong(optarg,&timeout); break;
+ case 'n': scan_ulong(optarg,&numdecisions); break;
case 'r': rbl(optarg); flagwantdefaultrbl = 0; break;
case 'a': antirbl(optarg); break;
default: usage();
Regards
--
Robert Sander "Is it Friday yet?"
|
