postscreen_dnsbl.c [plain text]
#include <sys_defs.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <limits.h>
#include <msg.h>
#include <mymalloc.h>
#include <argv.h>
#include <htable.h>
#include <events.h>
#include <vstream.h>
#include <connect.h>
#include <split_at.h>
#include <valid_hostname.h>
#include <ip_match.h>
#include <myaddrinfo.h>
#include <stringops.h>
#include <mail_params.h>
#include <mail_proto.h>
#include <postscreen.h>
static char *psc_dnsbl_service;
static HTABLE *dnsbl_site_cache;
static HTABLE_INFO **dnsbl_site_list;
typedef struct {
const char *safe_dnsbl;
struct PSC_DNSBL_SITE *first;
} PSC_DNSBL_HEAD;
typedef struct PSC_DNSBL_SITE {
char *filter;
char *byte_codes;
int weight;
struct PSC_DNSBL_SITE *next;
} PSC_DNSBL_SITE;
static HTABLE *dnsbl_score_cache;
typedef struct {
void (*callback) (int, void *);
void *context;
} PSC_CALL_BACK_ENTRY;
typedef struct {
const char *dnsbl_name;
int dnsbl_weight;
int total;
int fail_ttl;
int pass_ttl;
int refcount;
int pending_lookups;
int request_id;
int index;
int limit;
PSC_CALL_BACK_ENTRY table[1];
} PSC_DNSBL_SCORE;
#define PSC_CALL_BACK_INIT(sp) do { \
(sp)->limit = 0; \
(sp)->index = 0; \
} while (0)
#define PSC_CALL_BACK_INDEX_OF_LAST(sp) ((sp)->index - 1)
#define PSC_CALL_BACK_CANCEL(sp, idx) do { \
PSC_CALL_BACK_ENTRY *_cb_; \
if ((idx) < 0 || (idx) >= (sp)->index) \
msg_panic("%s: index %d must be >= 0 and < %d", \
myname, (idx), (sp)->index); \
_cb_ = (sp)->table + (idx); \
event_cancel_timer(_cb_->callback, _cb_->context); \
_cb_->callback = 0; \
_cb_->context = 0; \
} while (0)
#define PSC_CALL_BACK_EXTEND(hp, sp) do { \
if ((sp)->index >= (sp)->limit) { \
int _count_ = ((sp)->limit ? (sp)->limit * 2 : 5); \
(hp)->value = myrealloc((void *) (sp), sizeof(*(sp)) + \
_count_ * sizeof((sp)->table)); \
(sp) = (PSC_DNSBL_SCORE *) (hp)->value; \
(sp)->limit = _count_; \
} \
} while (0)
#define PSC_CALL_BACK_ENTER(sp, fn, ctx) do { \
PSC_CALL_BACK_ENTRY *_cb_ = (sp)->table + (sp)->index++; \
_cb_->callback = (fn); \
_cb_->context = (ctx); \
} while (0)
#define PSC_CALL_BACK_NOTIFY(sp, ev) do { \
PSC_CALL_BACK_ENTRY *_cb_; \
for (_cb_ = (sp)->table; _cb_ < (sp)->table + (sp)->index; _cb_++) \
if (_cb_->callback != 0) \
_cb_->callback((ev), _cb_->context); \
} while (0)
#define PSC_NULL_EVENT (0)
static VSTRING *reply_client;
static VSTRING *reply_dnsbl;
static VSTRING *reply_addr;
static void psc_dnsbl_add_site(const char *site)
{
const char *myname = "psc_dnsbl_add_site";
char *saved_site = mystrdup(site);
VSTRING *byte_codes = 0;
PSC_DNSBL_HEAD *head;
PSC_DNSBL_SITE *new_site;
char junk;
const char *weight_text;
char *pattern_text;
int weight;
HTABLE_INFO *ht;
char *parse_err;
#define DO_GRIPE 1
if ((weight_text = split_at(saved_site, '*')) != 0) {
if (sscanf(weight_text, "%d%c", &weight, &junk) != 1)
msg_fatal("bad DNSBL weight factor \"%s\" in \"%s\"",
weight_text, site);
} else {
weight = 1;
}
if ((pattern_text = split_at(saved_site, '=')) != 0) {
byte_codes = vstring_alloc(100);
if ((parse_err = ip_match_parse(byte_codes, pattern_text)) != 0)
msg_fatal("bad DNSBL filter syntax: %s", parse_err);
}
if (valid_hostname(saved_site, DO_GRIPE) == 0)
msg_fatal("bad DNSBL domain name \"%s\" in \"%s\"",
saved_site, site);
if (msg_verbose > 1)
msg_info("%s: \"%s\" -> domain=\"%s\" pattern=\"%s\" weight=%d",
myname, site, saved_site, pattern_text ? pattern_text :
"null", weight);
if ((head = (PSC_DNSBL_HEAD *)
htable_find(dnsbl_site_cache, saved_site)) == 0) {
head = (PSC_DNSBL_HEAD *) mymalloc(sizeof(*head));
ht = htable_enter(dnsbl_site_cache, saved_site, (void *) head);
if (psc_dnsbl_reply == 0
|| (head->safe_dnsbl = dict_get(psc_dnsbl_reply, saved_site)) == 0)
head->safe_dnsbl = ht->key;
if (psc_dnsbl_reply && psc_dnsbl_reply->error)
msg_fatal("%s:%s lookup error", psc_dnsbl_reply->type,
psc_dnsbl_reply->name);
head->first = 0;
}
new_site = (PSC_DNSBL_SITE *) mymalloc(sizeof(*new_site));
new_site->filter = (pattern_text ? mystrdup(pattern_text) : 0);
new_site->byte_codes = (byte_codes ? ip_match_save(byte_codes) : 0);
new_site->weight = weight;
new_site->next = head->first;
head->first = new_site;
myfree(saved_site);
if (byte_codes)
vstring_free(byte_codes);
}
static int psc_dnsbl_match(const char *filter, ARGV *reply)
{
char addr_buf[MAI_HOSTADDR_STRSIZE];
char **cpp;
for (cpp = reply->argv; *cpp != 0; cpp++) {
if (inet_pton(AF_INET, *cpp, addr_buf) != 1)
msg_warn("address conversion error for %s -- ignoring this reply",
*cpp);
if (ip_match_execute(filter, addr_buf))
return (1);
}
return (0);
}
int psc_dnsbl_retrieve(const char *client_addr, const char **dnsbl_name,
int dnsbl_index, int *dnsbl_ttl)
{
const char *myname = "psc_dnsbl_retrieve";
PSC_DNSBL_SCORE *score;
int result_score;
int result_ttl;
if ((score = (PSC_DNSBL_SCORE *)
htable_find(dnsbl_score_cache, client_addr)) == 0)
msg_panic("%s: no blocklist score for %s", myname, client_addr);
PSC_CALL_BACK_CANCEL(score, dnsbl_index);
result_score = score->total;
*dnsbl_name = score->dnsbl_name;
result_ttl = (result_score > 0) ? score->fail_ttl : score->pass_ttl;
if (result_ttl < var_psc_dnsbl_min_ttl)
result_ttl = var_psc_dnsbl_min_ttl;
if (result_ttl > var_psc_dnsbl_max_ttl)
result_ttl = var_psc_dnsbl_max_ttl;
*dnsbl_ttl = result_ttl;
if (msg_verbose)
msg_info("%s: addr=%s score=%d ttl=%d",
myname, client_addr, result_score, result_ttl);
score->refcount -= 1;
if (score->refcount < 1) {
if (msg_verbose > 1)
msg_info("%s: delete blocklist score for %s", myname, client_addr);
htable_delete(dnsbl_score_cache, client_addr, myfree);
}
return (result_score);
}
static void psc_dnsbl_receive(int event, void *context)
{
const char *myname = "psc_dnsbl_receive";
VSTREAM *stream = (VSTREAM *) context;
PSC_DNSBL_SCORE *score;
PSC_DNSBL_HEAD *head;
PSC_DNSBL_SITE *site;
ARGV *reply_argv;
int request_id;
int dnsbl_ttl;
PSC_CLEAR_EVENT_REQUEST(vstream_fileno(stream), psc_dnsbl_receive, context);
if (event == EVENT_READ
&& attr_scan(stream,
ATTR_FLAG_STRICT,
RECV_ATTR_STR(MAIL_ATTR_RBL_DOMAIN, reply_dnsbl),
RECV_ATTR_STR(MAIL_ATTR_ACT_CLIENT_ADDR, reply_client),
RECV_ATTR_INT(MAIL_ATTR_LABEL, &request_id),
RECV_ATTR_STR(MAIL_ATTR_RBL_ADDR, reply_addr),
RECV_ATTR_INT(MAIL_ATTR_TTL, &dnsbl_ttl),
ATTR_TYPE_END) == 5
&& (score = (PSC_DNSBL_SCORE *)
htable_find(dnsbl_score_cache, STR(reply_client))) != 0
&& score->request_id == request_id) {
if (msg_verbose > 1)
msg_info("%s: client=\"%s\" score=%d domain=\"%s\" reply=\"%d %s\"",
myname, STR(reply_client), score->total,
STR(reply_dnsbl), dnsbl_ttl, STR(reply_addr));
head = (PSC_DNSBL_HEAD *)
htable_find(dnsbl_site_cache, STR(reply_dnsbl));
if (head == 0) {
} else if (*STR(reply_addr) != 0) {
reply_argv = 0;
for (site = head->first; site != 0; site = site->next) {
if (site->byte_codes == 0
|| psc_dnsbl_match(site->byte_codes, reply_argv ? reply_argv :
(reply_argv = argv_split(STR(reply_addr), " ")))) {
if (score->dnsbl_name == 0
|| score->dnsbl_weight < site->weight) {
score->dnsbl_name = head->safe_dnsbl;
score->dnsbl_weight = site->weight;
}
score->total += site->weight;
if (msg_verbose > 1)
msg_info("%s: filter=\"%s\" weight=%d score=%d",
myname, site->filter ? site->filter : "null",
site->weight, score->total);
}
if (site->weight > 0) {
if (score->fail_ttl < 0 || score->fail_ttl > dnsbl_ttl)
score->fail_ttl = dnsbl_ttl;
} else {
if (score->pass_ttl < 0 || score->pass_ttl > dnsbl_ttl)
score->pass_ttl = dnsbl_ttl;
}
}
if (reply_argv != 0)
argv_free(reply_argv);
} else {
for (site = head->first; site != 0; site = site->next) {
if (site->weight > 0) {
if (score->pass_ttl < 0 || score->pass_ttl > dnsbl_ttl)
score->pass_ttl = dnsbl_ttl;
} else {
if (score->fail_ttl < 0 || score->fail_ttl > dnsbl_ttl)
score->fail_ttl = dnsbl_ttl;
}
}
}
score->pending_lookups -= 1;
if (score->pending_lookups == 0)
PSC_CALL_BACK_NOTIFY(score, PSC_NULL_EVENT);
} else if (event == EVENT_TIME) {
msg_warn("dnsblog reply timeout %ds for %s",
var_psc_dnsbl_tmout, (char *) vstream_context(stream));
}
vstream_fclose(stream);
}
int psc_dnsbl_request(const char *client_addr,
void (*callback) (int, void *),
void *context)
{
const char *myname = "psc_dnsbl_request";
int fd;
VSTREAM *stream;
HTABLE_INFO **ht;
PSC_DNSBL_SCORE *score;
HTABLE_INFO *hash_node;
static int request_count;
if ((hash_node = htable_locate(dnsbl_score_cache, client_addr)) != 0) {
score = (PSC_DNSBL_SCORE *) hash_node->value;
score->refcount += 1;
PSC_CALL_BACK_EXTEND(hash_node, score);
PSC_CALL_BACK_ENTER(score, callback, context);
if (msg_verbose > 1)
msg_info("%s: reuse blocklist score for %s refcount=%d pending=%d",
myname, client_addr, score->refcount,
score->pending_lookups);
if (score->pending_lookups == 0)
event_request_timer(callback, context, EVENT_NULL_DELAY);
return (PSC_CALL_BACK_INDEX_OF_LAST(score));
}
if (msg_verbose > 1)
msg_info("%s: create blocklist score for %s", myname, client_addr);
score = (PSC_DNSBL_SCORE *) mymalloc(sizeof(*score));
score->request_id = request_count++;
score->dnsbl_name = 0;
score->dnsbl_weight = 0;
score->pass_ttl = -1;
score->fail_ttl = -1;
score->total = 0;
score->refcount = 1;
score->pending_lookups = 0;
PSC_CALL_BACK_INIT(score);
PSC_CALL_BACK_ENTER(score, callback, context);
(void) htable_enter(dnsbl_score_cache, client_addr, (void *) score);
for (ht = dnsbl_site_list; *ht; ht++) {
if ((fd = LOCAL_CONNECT(psc_dnsbl_service, NON_BLOCKING, 1)) < 0) {
msg_warn("%s: connect to %s service: %m",
myname, psc_dnsbl_service);
continue;
}
stream = vstream_fdopen(fd, O_RDWR);
vstream_control(stream,
CA_VSTREAM_CTL_CONTEXT(ht[0]->key),
CA_VSTREAM_CTL_END);
attr_print(stream, ATTR_FLAG_NONE,
SEND_ATTR_STR(MAIL_ATTR_RBL_DOMAIN, ht[0]->key),
SEND_ATTR_STR(MAIL_ATTR_ACT_CLIENT_ADDR, client_addr),
SEND_ATTR_INT(MAIL_ATTR_LABEL, score->request_id),
ATTR_TYPE_END);
if (vstream_fflush(stream) != 0) {
msg_warn("%s: error sending to %s service: %m",
myname, psc_dnsbl_service);
vstream_fclose(stream);
continue;
}
PSC_READ_EVENT_REQUEST(vstream_fileno(stream), psc_dnsbl_receive,
(void *) stream, var_psc_dnsbl_tmout);
score->pending_lookups += 1;
}
return (PSC_CALL_BACK_INDEX_OF_LAST(score));
}
void psc_dnsbl_init(void)
{
const char *myname = "psc_dnsbl_init";
ARGV *dnsbl_site = argv_split(var_psc_dnsbl_sites, CHARS_COMMA_SP);
char **cpp;
if (dnsbl_site_cache != 0)
msg_panic("%s: called more than once", myname);
psc_dnsbl_service = concatenate(MAIL_CLASS_PRIVATE, "/",
var_dnsblog_service, (char *) 0);
dnsbl_site_cache = htable_create(13);
for (cpp = dnsbl_site->argv; *cpp; cpp++)
psc_dnsbl_add_site(*cpp);
argv_free(dnsbl_site);
dnsbl_site_list = htable_list(dnsbl_site_cache);
dnsbl_score_cache = htable_create(13);
reply_client = vstring_alloc(100);
reply_dnsbl = vstring_alloc(100);
reply_addr = vstring_alloc(100);
}