# declare a file to load. If lock is given, the blacklist is locked into the
# RAM. The weight is a number giving the weight of this blaclist file in the
# score of the IP
-# - soft_threshold: score (default: 0)
+# - soft_threshold: score (default: 1)
# minimum score to match the soft_match return value
-# - hard_threshold: score (default: 0)
+# - hard_threshold: score (default: 1)
# minimum score to match the hard_match return value
# Return value:
# The score of a query is the sum of the weight of the blacklist it matched.
# - If the IP can not be parsed, returns error
-# - If the score is strictly greater than hard_threshold, returns hard_match
-# - If the score is strictly greater than soft_threshold, returns soft_match
+# - If the score is strictly greater >= than hard_threshold, returns hard_match
+# - If the score is strictly greater >= than soft_threshold, returns soft_match
# - Else, returns fail
#
# - greylist: greylister
# configuration
file = lock:10:/var/spool/postlicyd/rbl.spamhaus.org;
file = lock:1:/var/spool/postlicyd/cbl.abuseat.org;
- soft_threshold = 0;
- hard_threshold = 10;
+ soft_threshold = 1;
+ hard_threshold = 9;
# hooks
on_soft_match = greylist;
const filter_hook_t *filter_run(const filter_t *filter, const query_t *query);
+/* Helpers
+ */
+
+#define FILTER_PARAM_PARSE_STRING(Param, Dest) \
+ case ATK_ ## Param: { \
+ (Dest) = param->value; \
+ } break
+
+#define FILTER_PARAM_PARSE_INT(Param, Dest) \
+ case ATK_ ## Param: { \
+ char *next; \
+ (Dest) = strtol(param->value, &next, 10); \
+ PARSE_CHECK(!*next, "invalid %s value %s", atokens[ATK_ ## Param], \
+ param->value); \
+ } break
+
+#define FILTER_PARAM_PARSE_BOOLEAN(Param, Dest) \
+ case ATK_ ## Param: { \
+ if (param->value[0] == '1' && param->value[1] == '\0') { \
+ (Dest) = true; \
+ } else if (param->value[0] == '0' && param->value[1] == '\0') { \
+ (Dest) = false; \
+ } else if (ascii_tolower(param->value[0]) == 't') { \
+ (Dest) = ascii_tolower(param->value[1]) == 'r' \
+ && ascii_tolower(param->value[2]) == 'u' \
+ && ascii_tolower(param->value[3]) == 'e' \
+ && !param->value[4]; \
+ } else if (ascii_tolower(param->value[0]) == 'f') { \
+ (Dest) = ascii_tolower(param->value[1]) == 'a' \
+ && ascii_tolower(param->value[2]) == 'l' \
+ && ascii_tolower(param->value[3]) == 's' \
+ && ascii_tolower(param->value[4]) == 'e' \
+ && !param->value[5]; \
+ } else { \
+ PARSE_CHECK(false, "invalid %s value %s", atokens[ATK_ ## Param], \
+ param->value); \
+ } \
+ } break
+
#endif
foreach (filter_param_t *param, filter->params) {
switch (param->type) {
- case ATK_PATH:
- path = param->value;
- break;
-
- case ATK_PREFIX:
- prefix = param->value;
- break;
-
- case ATK_LOOKUP_BY_HOST:
- config->lookup_by_host = (atoi(param->value) != 0);
- break;
-
- case ATK_RETRY_WINDOW:
- config->retry_window = atoi(param->value);
- break;
-
- case ATK_CLIENT_AWL:
- config->client_awl = atoi(param->value);
- break;
+ FILTER_PARAM_PARSE_STRING(PATH, path);
+ FILTER_PARAM_PARSE_STRING(PREFIX, prefix);
+ FILTER_PARAM_PARSE_BOOLEAN(LOOKUP_BY_HOST, config->lookup_by_host);
+ FILTER_PARAM_PARSE_INT(RETRY_WINDOW, config->retry_window);
+ FILTER_PARAM_PARSE_INT(CLIENT_AWL, config->client_awl);
default: break;
}
return false; \
}
+ data->hard_threshold = 1;
+ data->soft_threshold = 1;
foreach (filter_param_t *param, filter->params) {
switch (param->type) {
/* file parameter is:
} break;
/* hard_threshold parameter is an integer.
- * If the matching score is greater than this threshold,
+ * If the matching score is greater or equal than this threshold,
* the hook "hard_match" is called.
- * hard_threshold = 0 means, that all matches are hard matches.
- * default is 0;
+ * hard_threshold = 1 means, that all matches are hard matches.
+ * default is 1;
*/
- case ATK_HARD_THRESHOLD: {
- char *next;
- data->hard_threshold = strtol(param->value, &next, 10);
- PARSE_CHECK(!*next, "invalid threshold value %s", param->value);
- } break;
+ FILTER_PARAM_PARSE_INT(HARD_THRESHOLD, data->hard_threshold);
/* soft_threshold parameter is an integer.
- * if the matching score is greater than this threshold
+ * if the matching score is greater or equal than this threshold
* and smaller or equal than the hard_threshold, the hook "soft_match"
* is called.
- * default is 0;
+ * default is 1;
*/
- case ATK_SOFT_THRESHOLD: {
- char *next;
- data->soft_threshold = strtol(param->value, &next, 10);
- PARSE_CHECK(!*next, "invalid threshold value %s", param->value);
- } break;
+ FILTER_PARAM_PARSE_INT(SOFT_THRESHOLD, data->soft_threshold);
default: break;
}
sum += weight;
}
}
- if (sum > data->hard_threshold) {
+ if (sum >= data->hard_threshold) {
return HTK_HARD_MATCH;
- } else if (sum > data->soft_threshold) {
+ } else if (sum >= data->soft_threshold) {
return HTK_SOFT_MATCH;
} else {
return HTK_FAIL;