1 /******************************************************************************/
2 /* pfixtools: a collection of postfix related tools */
4 /* ________________________________________________________________________ */
6 /* Redistribution and use in source and binary forms, with or without */
7 /* modification, are permitted provided that the following conditions */
10 /* 1. Redistributions of source code must retain the above copyright */
11 /* notice, this list of conditions and the following disclaimer. */
12 /* 2. Redistributions in binary form must reproduce the above copyright */
13 /* notice, this list of conditions and the following disclaimer in the */
14 /* documentation and/or other materials provided with the distribution. */
15 /* 3. The names of its contributors may not be used to endorse or promote */
16 /* products derived from this software without specific prior written */
19 /* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND */
20 /* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE */
21 /* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR */
22 /* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS */
23 /* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR */
24 /* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF */
25 /* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS */
26 /* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN */
27 /* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) */
28 /* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF */
29 /* THE POSSIBILITY OF SUCH DAMAGE. */
30 /******************************************************************************/
33 * Copyright © 2007 Pierre Habouzit
42 struct greylist_cfg greylist_cfg = {
43 .lookup_by_host = false,
45 .retry_window = 2 * 24 * 2600,
48 static TCBDB *awl_db, *obj_db;
60 int greylist_initialize(const char *directory, const char *prefix)
64 if (greylist_cfg.client_awl) {
65 snprintf(path, sizeof(path), "%s/%swhitelist.db", directory, prefix);
67 if (!tcbdbopen(awl_db, path, BDBOWRITER | BDBOCREAT)) {
74 snprintf(path, sizeof(path), "%s/%sgreylist.db", directory, prefix);
76 if (!tcbdbopen(obj_db, path, BDBOWRITER | BDBOCREAT)) {
89 static void greylist_shutdown(void)
102 module_exit(greylist_shutdown);
104 const char *sender_normalize(const char *sender, char *buf, int len)
106 const char *at = strchr(sender, '@');
107 int rpos = 0, wpos = 0, userlen;
112 /* strip extension used for VERP or alike */
113 userlen = ((char *)memchr(sender, '+', at - sender) ?: at) - sender;
115 while (rpos < userlen) {
118 while (isdigit(sender[rpos + count]) && rpos + count < userlen)
120 if (count && !isalnum(sender[rpos + count])) {
121 /* replace \<\d+\> with '#' */
122 wpos += m_strputc(buf + wpos, len - wpos, '#');
126 while (isalnum(sender[rpos + count]) && rpos + count < userlen)
128 while (!isalnum(sender[rpos + count]) && rpos + count < userlen)
130 wpos += m_strncpy(buf + wpos, len - wpos, sender + rpos, count);
134 wpos += m_strputc(buf + wpos, len - wpos, '#');
135 wpos += m_strcpy(buf + wpos, len - wpos, at + 1);
140 c_net(const char *c_addr, const char *c_name, char *cnet, int cnetlen)
145 if (greylist_cfg.lookup_by_host)
148 if (!(dot = strchr(c_addr, '.')))
150 if (!(dot = strchr(dot + 1, '.')))
154 if (!(dot = strchr(dot, '.')) || dot - p > 3)
156 m_strncpy(ip2, sizeof(ip2), p, dot - p);
159 if (!(dot = strchr(dot, '.')) || dot - p > 3)
161 m_strncpy(ip3, sizeof(ip3), p, dot - p);
163 /* skip if contains the last two ip numbers in the hostname,
164 we assume it's a pool of dialup of a provider */
165 if (strstr(c_name, ip2) && strstr(c_name, ip3))
168 m_strncpy(cnet, cnetlen, c_addr, dot - c_addr);
172 bool try_greylist(const char *sender, const char *c_addr,
173 const char *c_name, const char *rcpt)
178 tcbdbput(awl_db, c_addr, c_addrlen, &aent, sizeof(aent));
180 char sbuf[BUFSIZ], cnet[64], key[BUFSIZ];
183 time_t now = time(NULL);
184 struct obj_entry oent = { now, now };
185 struct awl_entry aent = { 0, 0 };
187 int len, klen, c_addrlen = strlen(c_addr);
189 /* Auto whitelist clients.
191 if (greylist_cfg.client_awl) {
192 res = tcbdbget3(awl_db, c_addr, c_addrlen, &len);
193 if (res && len == sizeof(aent)) {
194 memcpy(&aent, res, len);
197 /* Whitelist if count is enough.
199 if (aent.count > greylist_cfg.client_awl) {
200 if (now < aent.last + 3600) {
212 klen = snprintf(key, sizeof(key), "%s/%s/%s",
213 c_net(c_addr, c_name, cnet, sizeof(cnet)),
214 sender_normalize(sender, sbuf, sizeof(sbuf)), rcpt);
215 klen = MIN(klen, ssizeof(key) - 1);
217 res = tcbdbget3(obj_db, key, klen, &len);
218 if (res && len == sizeof(oent)) {
219 memcpy(&oent, res, len);
222 /* Discard stored first-seen if it is the first retrial and
223 * it is beyong the retry window.
225 if (oent.last - oent.first < greylist_cfg.delay
226 && now - oent.first > greylist_cfg.retry_window) {
233 tcbdbput(obj_db, key, klen, &oent, sizeof(oent));
235 /* Auto whitelist clients:
237 * - on successful entry in the greylist db of a triplet:
238 * - client not whitelisted yet ? -> increase count
239 * -> withelist if count > limit
240 * - client whitelisted already ? -> update last-seen timestamp.
242 if (oent.first + greylist_cfg.delay < now) {
243 if (greylist_cfg.client_awl) {
projects / apps / pfixtools.git / blob