Mercurial > notdcc
view dcclib/ask.c @ 0:c7f6b056b673
First import of vendor version
author | Peter Gervai <grin@grin.hu> |
---|---|
date | Tue, 10 Mar 2009 13:49:58 +0100 |
parents | |
children |
line wrap: on
line source
/* Distributed Checksum Clearinghouse * * ask about a batch of checksums * * Copyright (c) 2008 by Rhyolite Software, LLC * * This agreement is not applicable to any entity which sells anti-spam * solutions to others or provides an anti-spam solution as part of a * security solution sold to other entities, or to a private network * which employs the DCC or uses data provided by operation of the DCC * but does not provide corresponding data to other users. * * Permission to use, copy, modify, and distribute this software without * changes for any purpose with or without fee is hereby granted, provided * that the above copyright notice and this permission notice appear in all * copies and any distributed versions or copies are either unchanged * or not called anything similar to "DCC" or "Distributed Checksum * Clearinghouse". * * Parties not eligible to receive a license under this agreement can * obtain a commercial license to use DCC by contacting Rhyolite Software * at sales@rhyolite.com. * * A commercial license would be for Distributed Checksum and Reputation * Clearinghouse software. That software includes additional features. This * free license for Distributed ChecksumClearinghouse Software does not in any * way grant permision to use Distributed Checksum and Reputation Clearinghouse * software * * THE SOFTWARE IS PROVIDED "AS IS" AND RHYOLITE SOFTWARE, LLC DISCLAIMS ALL * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL RHYOLITE SOFTWARE, LLC * BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * * Rhyolite Software DCC 1.3.103-1.146 $Revision$ */ #include "dcc_ck.h" #include "dcc_heap_debug.h" #include "dcc_xhdr.h" static DCC_CKSUM_THOLDS dcc_tholds_log; DCC_CKSUM_THOLDS dcc_tholds_rej; static u_char dcc_honor_nospam[DCC_DIM_CKS]; static u_char trim_grey_ip_addr; /* remove IP address from grey triple */ static struct in6_addr grey_ip_mask; static void honor_cnt(const DCC_GOT_CKS *cks, u_int *, DCC_CK_TYPES, DCC_TGTS); #ifdef DCC_PKT_VERSION5 /* figure old server's target count before our latest report */ static DCC_TGTS /* return corrected current count */ save_p_tgts(DCC_GOT_SUM *g, /* put previous count in g->tgts */ DCC_OPS op, const DCC_TGTS local_tgts, /* real local target count */ const DCC_TGTS gross_tgts, /* local count adjusted by blacklist */ DCC_TGTS c_tgts) /* what the old DCC server said */ { DCC_CK_TYPES type = g->type; if (op == DCC_OP_QUERY) { /* if we switched servers and converted a report * to a query, then guess the total that the * server would have produced for a report * instead of the query we sent. * * Assume the server is not running with -K. * If the server's current value is 0 for a body checksum * then assume the report we sent to the other server has not * been flooded. * Assume other checksums will always be zero/unknown. */ if (DB_GLOBAL_NOKEEP(0, type)) return 0; /* Assume the current value is really the previous value * because flooding has not happened */ g->tgts = c_tgts; if (c_tgts < DCC_TGTS_TOO_MANY && DCC_CK_IS_BODY(type)) { c_tgts += local_tgts; if (c_tgts > DCC_TGTS_TOO_MANY) c_tgts = DCC_TGTS_TOO_MANY; } return c_tgts; } else if (c_tgts >= gross_tgts && gross_tgts < DCC_TGTS_TOO_MANY) { /* if possible infer server's value before our report */ if (c_tgts >= DCC_TGTS_TOO_MANY) g->tgts = c_tgts; else g->tgts = c_tgts - gross_tgts; } return c_tgts; } #endif /* DCC_PKT_VERSION5 */ int /* 1=ok, 0=no answer, -1=fatal */ ask_dcc(DCC_EMSG emsg, DCC_CLNT_CTXT *ctxt, DCC_CLNT_FGS clnt_fgs, /* DCC_CLNT_FG_* */ DCC_HEADER_BUF *hdr, /* put results here */ DCC_GOT_CKS *cks, /* and here */ ASK_ST *ask_stp, /* and here */ u_char spam, /* spam==0 && local_tgts==0 --> query */ DCC_TGTS local_tgts) /* report these targets to DCC server */ { union { DCC_HDR hdr; DCC_REPORT r; } rpt; DCC_OP_RESP resp; DCC_OPS op; DCC_CK *ck; DCC_GOT_SUM *g; DCC_TGTS gross_tgts; DCC_TGTS c_tgts; /* server's current, total count */ DCC_CKS_WTGTS hdr_tgts; /* values for X-DCC header */ DCC_CK_TYPES type; DCC_SRVR_ID srvr_id; int pkt_len, recv_len, exp_len; int num_cks, ck_num, result; memset(hdr_tgts, 0, sizeof(hdr_tgts)); /* prepare a report for the nearest DCC server */ if (local_tgts == 0 && !spam) { /* because of greylisting, we can have a target count of 0 * but need to report spam discovered by a DNSBL */ op = DCC_OP_QUERY; gross_tgts = 0; rpt.r.tgts = 0; } else { op = DCC_OP_REPORT; if (local_tgts == DCC_TGTS_TOO_MANY || local_tgts == 0) { spam = 1; local_tgts = 1; } if (spam) { *ask_stp |= (ASK_ST_CLNT_ISSPAM | ASK_ST_LOGIT); gross_tgts = DCC_TGTS_TOO_MANY; rpt.r.tgts = htonl(local_tgts | DCC_TGTS_SPAM); } else { gross_tgts = local_tgts; rpt.r.tgts = htonl(local_tgts); } } ck = rpt.r.cks; num_cks = 0; for (g = cks->sums; g <= &cks->sums[DCC_CK_TYPE_LAST]; ++g) { /* never tell the DCC server about some headers */ if (!g->rpt2srvr) continue; ck->len = sizeof(*ck); ck->type = g->type; memcpy(ck->sum, g->sum, sizeof(ck->sum)); ++ck; ++num_cks; } if (num_cks == 0) { /* pretend we always have at least a basic body checksum * guess the DCC would have answered 0 */ xhdr_init(hdr, 0); xhdr_add_ck(hdr, DCC_CK_BODY, gross_tgts); honor_cnt(cks, ask_stp, DCC_CK_BODY, local_tgts); return 1; } /* send the report and see what the DCC has to say */ pkt_len = (sizeof(rpt.r) - sizeof(rpt.r.cks) + num_cks * sizeof(rpt.r.cks[0])); result = dcc_clnt_op(emsg, ctxt, clnt_fgs, 0, &srvr_id, 0, &rpt.hdr, pkt_len, op, &resp, sizeof(resp)); /* try a query to different server if the first failed * but a second was found */ if (!result && srvr_id != DCC_ID_INVALID) { if (dcc_clnt_debug) { if (emsg && *emsg != '\0') { dcc_trace_msg("retry with different server" " after: %s", emsg); *emsg = '\0'; } else { dcc_trace_msg("retry with different server"); } } op = DCC_OP_QUERY; result = dcc_clnt_op(emsg, ctxt, clnt_fgs | DCC_CLNT_FG_RETRY, 0, &srvr_id, 0, &rpt.hdr, pkt_len, op, &resp, sizeof(resp)); } if (!result) { *ask_stp |= ASK_ST_LOGIT; } else { /* forget about it if the DCC server responded too strangely */ recv_len = ntohs(resp.hdr.len); #ifdef DCC_PKT_VERSION5 if (resp.hdr.pkt_vers <= DCC_PKT_VERSION5) exp_len = (sizeof(resp.ans5) - sizeof(resp.ans5.b) + num_cks*sizeof(DCC_TGTS)); else #endif exp_len = (sizeof(resp.ans) - sizeof(resp.ans.b) + num_cks*sizeof(resp.ans.b[0])); if (recv_len != exp_len) { dcc_pemsg(EX_UNAVAILABLE, emsg, "DCC %s: answered with %d instead of %d bytes", dcc_srvr_nm(0), recv_len, exp_len); *ask_stp |= ASK_ST_LOGIT; result = -1; } } /* check the server's response to see if we have spam */ ck_num = 0; for (g = cks->sums; g <= &cks->sums[DCC_CK_TYPE_LAST]; ++g) { if (!g->rpt2srvr) { /* pretend we always have a basic body checksum */ if (g == &cks->sums[DCC_CK_BODY]) honor_cnt(cks, ask_stp, DCC_CK_BODY, local_tgts); continue; } type = g->type; /* g->type is valid only if rpt2srvr */ if (result <= 0) { c_tgts = (DCC_CK_IS_BODY(type)) ? gross_tgts : 0; #ifdef DCC_PKT_VERSION5 } else if (resp.hdr.pkt_vers <= DCC_PKT_VERSION5) { c_tgts = save_p_tgts(g, op, local_tgts, gross_tgts, ntohl(resp.ans5.b[ck_num])); } else { #endif /* DCC_PKT_VERSION5 */ /* server's total before our report */ g->tgts = ntohl(resp.ans.b[ck_num].p); /* new total */ c_tgts = ntohl(resp.ans.b[ck_num].c); #ifdef DCC_PKT_VERSION5 } #endif ++ck_num; hdr_tgts[type] = c_tgts; /* notice DCC server's whitelist */ if (dcc_honor_nospam[type]) { if (c_tgts == DCC_TGTS_OK) { *ask_stp |= ASK_ST_SRVR_NOTSPAM; } else if (c_tgts == DCC_TGTS_OK2) { /* if server says it is half ok, * look for two halves */ if (*ask_stp & ASK_ST_SRVR_OK2) { *ask_stp |= ASK_ST_SRVR_NOTSPAM; } else { *ask_stp |= ASK_ST_SRVR_OK2; } } } honor_cnt(cks, ask_stp, type, c_tgts); } /* honor server whitelist */ if (*ask_stp & ASK_ST_SRVR_NOTSPAM) *ask_stp &= ~ASK_ST_SRVR_ISSPAM; /* generate the header line now that we have checked all of * the counts against their thresholds and so know if we * must add "bulk". Add the header even if checking is turned off * and we won't reject affected messages. Say "many" for DNSBL * or local blacklist spam even without an answer from the DCC server * so that SpamAssassin gets the message. */ xhdr_init(hdr, srvr_id); if (*ask_stp & ASK_ST_SRVR_ISSPAM) { xhdr_add_str(hdr, DCC_XHDR_BULK); } else if (*ask_stp & ASK_ST_CLNT_ISSPAM) { xhdr_add_str(hdr, DCC_XHDR_BULK); hdr_tgts[DCC_CK_BODY] = DCC_TGTS_TOO_MANY; } else if (*ask_stp & ASK_ST_REP_ISSPAM) { xhdr_add_str(hdr, DCC_XHDR_BULK_REP); hdr_tgts[DCC_CK_BODY] = DCC_TGTS_TOO_MANY; } for (g = cks->sums; g <= &cks->sums[DCC_CK_TYPE_LAST]; ++g) { if (!g->rpt2srvr) { /* pretend we always have a body checksum */ if (g == &cks->sums[DCC_CK_BODY]) xhdr_add_ck(hdr, DCC_CK_BODY, hdr_tgts[DCC_CK_BODY]); continue; } /* Add interesing counts to the header. * Body checksums are always interestig if we have them. * Pretend we always have a basic body checksum. */ type = g->type; if (DCC_CK_IS_BODY(type)) { xhdr_add_ck(hdr, type, hdr_tgts[type]); continue; } if (hdr_tgts[type] != 0) xhdr_add_ck(hdr, type, hdr_tgts[type]); } return result; } /* check message's checksums in whiteclnt for dccproc or dccsight */ u_char /* 1=ok 0=something to complain about */ unthr_ask_white(DCC_EMSG emsg, ASK_ST *ask_stp, FLTR_SWS *swsp, const char *white_nm, DCC_GOT_CKS *cks, DCC_CKS_WTGTS wtgts) { DCC_WHITE_LISTING listing; int retval; /* assume DNSBLs are on unless turned off, because there is no reason * to use `dccproc -B` if you don't want to use them */ *swsp |= FLTR_SW_DNSBL_M; /* fake whiteclnt if not specified */ if (!white_nm) { dcc_merge_tholds(cks->tholds_rej, dcc_tholds_rej, 0); return 1; } /* don't filter if something is wrong with the file */ if (!dcc_new_white_nm(emsg, &cmn_wf, white_nm)) { *ask_stp |= ASK_ST_WLIST_NOTSPAM | ASK_ST_LOGIT; return 0; } /* let whiteclnt file turn off the DCC and other filters */ *swsp = wf2sws(*swsp, &cmn_wf); /* combine the command-line thresholds with the thresholds from * from the common /var/dcc/whiteclnt file */ dcc_merge_tholds(cks->tholds_rej, dcc_tholds_rej, cmn_wf.wtbl); retval = 1; switch (dcc_white_cks(emsg, &cmn_wf, cks, wtgts, &listing)) { case DCC_WHITE_OK: case DCC_WHITE_NOFILE: break; case DCC_WHITE_SILENT: *ask_stp |= ASK_ST_LOGIT; break; case DCC_WHITE_COMPLAIN: case DCC_WHITE_CONTINUE: retval = 0; *ask_stp |= ASK_ST_LOGIT; break; } switch (listing) { case DCC_WHITE_LISTED: /* do not send whitelisted checksums to DCC server */ *ask_stp |= ASK_ST_WLIST_NOTSPAM; break; case DCC_WHITE_USE_DCC: case DCC_WHITE_UNLISTED: if (*swsp & FLTR_SW_TRAPS) *ask_stp |= (ASK_ST_CLNT_ISSPAM | ASK_ST_WLIST_ISSPAM | ASK_ST_LOGIT); break; case DCC_WHITE_BLACK: *ask_stp |= (ASK_ST_WLIST_ISSPAM | ASK_ST_CLNT_ISSPAM | ASK_ST_LOGIT); break; } if (*swsp & FLTR_SW_LOG_ALL) *ask_stp |= ASK_ST_LOGIT; return retval; } /* ask the DCC for dccproc or dccsight but not dccifd or dccm */ u_char /* 1=ok 0=something to complain about */ unthr_ask_dcc(DCC_EMSG emsg, DCC_CLNT_CTXT *ctxt, DCC_HEADER_BUF *hdr, /* put header here */ ASK_ST *ask_stp, /* put state bites here */ DCC_GOT_CKS *cks, /* these checksums */ u_char spam, /* spam==0 && local_tgts==0 --> query */ DCC_TGTS local_tgts) /* number of addressees */ { if (*ask_stp & ASK_ST_WLIST_NOTSPAM) { if (spam) { /* if dccproc says it is spam, then it is, even if * the whiteclnt file says we cannot report it */ *ask_stp |= (ASK_ST_CLNT_ISSPAM | ASK_ST_LOGIT); xhdr_init(hdr, 0); xhdr_add_ck(hdr, DCC_CK_BODY, DCC_TGTS_TOO_MANY); } else { xhdr_whitelist(hdr); } /* honor log threshold for whitelisted messages */ dcc_honor_log_cnts(ask_stp, cks, local_tgts); return 1; } else { /* if allowed by whitelisting, report our checksums to the DCC * and return with that result including setting logging */ return (0 < ask_dcc(emsg, ctxt, DCC_CLNT_FG_NONE, hdr, cks, ask_stp, spam, local_tgts)); } } /* parse -g for dccm and dccproc */ void dcc_parse_honor(const char *arg0) { const char *arg; DCC_CK_TYPES type, t2; int i; arg = arg0; if (!CLITCMP(arg, "not_") || !CLITCMP(arg, "not-")) { arg += LITZ("not_"); i = 0; } else if (!CLITCMP(arg, "no_") || !CLITCMP(arg, "no-")) { arg += LITZ("no_"); i = 0; } else { i = 1; } /* allow -g for ordinary checksums but not reputations or greylisting */ type = dcc_str2type_thold(arg, -1); if (type == DCC_CK_INVALID) { dcc_error_msg("unrecognized checksum type in \"-g %s\"", arg0); return; } for (t2 = DCC_CK_TYPE_FIRST; t2 <= DCC_CK_TYPE_LAST; ++t2) { if (t2 == type || (type == SET_ALL_THOLDS && IS_ALL_CKSUM(t2)) || (type == SET_CMN_THOLDS && IS_CMN_CKSUM(t2))) dcc_honor_nospam[t2] = i; } } void dcc_clear_tholds(void) { DCC_CK_TYPES type; memset(dcc_honor_nospam, 0, sizeof(dcc_honor_nospam)); dcc_honor_nospam[DCC_CK_IP] = 1; dcc_honor_nospam[DCC_CK_ENV_FROM] = 1; dcc_honor_nospam[DCC_CK_FROM] = 1; for (type = DCC_CK_TYPE_FIRST; type <= DCC_CK_TYPE_LAST; ++type) { dcc_tholds_log[type] = DCC_THOLD_UNSET; dcc_tholds_rej[type] = DCC_THOLD_UNSET; } } u_char /* 1=merged from whiteclnt wtbl */ dcc_merge_tholds(DCC_CKSUM_THOLDS out, const DCC_CKSUM_THOLDS in, const DCC_WHITE_TBL *wtbl) { DCC_CK_TYPES type; DCC_TGTS tgts; u_char result; if (in != out) memcpy(out, in, sizeof(DCC_CKSUM_THOLDS)); if (!wtbl) return 0; result = 0; for (type = DCC_CK_TYPE_FIRST; type <= DCC_CK_TYPE_LAST; ++type) { tgts = wtbl->hdr.tholds_rej[type]; if (tgts != DCC_THOLD_UNSET) { out[type] = tgts; result = 1; } } return result; } /* parse type,[log-thold,]rej-thold */ u_char /* 1=need a log directory */ dcc_parse_tholds(const char *f, /* "-c " or "-t " */ const char *arg) /* optarg */ { DCC_CK_TYPES type; DCC_TGTS log_tgts, rej_tgts; char *thold_rej, *thold_log; u_char log_tgts_set, rej_tgts_set; thold_log = strchr(arg, ','); if (!thold_log) { dcc_error_msg("missing comma in \"%s%s\"", f, arg); return 0; } type = dcc_str2type_thold(arg, thold_log-arg); if (type == DCC_CK_INVALID) { dcc_error_msg("unrecognized checksum type in \"%s%s\"", f, arg); return 0; } thold_log = dcc_strdup(++thold_log); /* if there is only one threshold, take it as the spam threshold */ thold_rej = strchr(thold_log, ','); if (!thold_rej) { thold_rej = thold_log; thold_log = 0; } else { *thold_rej++ = '\0'; } log_tgts_set = log_tgts = 0; if (thold_log && *thold_log != '\0') { log_tgts = dcc_str2thold(type, thold_log); if (log_tgts == DCC_TGTS_INVALID) dcc_error_msg("unrecognized logging threshold" " \"%s\" in \"%s%s\"", thold_log, f, arg); else log_tgts_set = 1; } rej_tgts_set = rej_tgts = 0; if (!thold_rej || *thold_rej == '\0') { if (!thold_log || *thold_log == '\0') dcc_error_msg("no thresholds in \"%s%s\"", f, arg); } else { rej_tgts = dcc_str2thold(type, thold_rej); if (rej_tgts == DCC_TGTS_INVALID) dcc_error_msg("unrecognized rejection threshold" " \"%s\" in \"%s%s\"", thold_rej, f, arg); else rej_tgts_set = 1; } if (log_tgts_set || rej_tgts_set) { DCC_CK_TYPES t2; for (t2 = DCC_CK_TYPE_FIRST; t2 <= DCC_CK_TYPE_LAST; ++t2) { if (t2 == type || (type == SET_ALL_THOLDS && IS_ALL_CKSUM(t2)) || (type == SET_CMN_THOLDS && IS_CMN_CKSUM(t2))) { if (log_tgts_set) dcc_tholds_log[t2] = log_tgts; if (rej_tgts_set) dcc_tholds_rej[t2] = rej_tgts; } } } dcc_free(thold_log); return log_tgts_set; } static void honor_cnt(const DCC_GOT_CKS *cks, ASK_ST *ask_stp, /* previous flag bits */ DCC_CK_TYPES type, /* which kind of checksum */ DCC_TGTS type_tgts) /* total count for the checksum */ { if (type >= DIM(dcc_honor_nospam)) return; /* reject and log spam */ if (cks->tholds_rej[type] <= DCC_TGTS_TOO_MANY && cks->tholds_rej[type] <= type_tgts && type_tgts <= DCC_TGTS_TOO_MANY) { *ask_stp |= (ASK_ST_SRVR_ISSPAM | ASK_ST_LOGIT); return; } /* log messages that are bulkier than the log threshold */ if (dcc_tholds_log[type] <= DCC_TGTS_TOO_MANY && dcc_tholds_log[type] <= type_tgts) *ask_stp |= ASK_ST_LOGIT; } /* honor log threshold for local counts and white-/blacklists */ void dcc_honor_log_cnts(ASK_ST *ask_stp, /* previous flag bits */ const DCC_GOT_CKS *cks, /* these server counts */ DCC_TGTS tgts) { const DCC_GOT_SUM *g; DCC_CK_TYPES type; if (*ask_stp & ASK_ST_LOGIT) return; if (tgts == DCC_TGTS_TOO_MANY) { *ask_stp |= ASK_ST_LOGIT; return; } /* pretend we always have a body checksum for the log threshold */ if (dcc_tholds_log[DCC_CK_BODY] <= DCC_TGTS_TOO_MANY && dcc_tholds_log[DCC_CK_BODY] <= tgts) { *ask_stp |= ASK_ST_LOGIT; return; } for (g = cks->sums; g <= LAST(cks->sums); ++g) { type = g->type; if (type == DCC_CK_INVALID || type == DCC_CK_ENV_TO) continue; if (dcc_tholds_log[type] > DCC_TGTS_TOO_MANY) continue; if (dcc_tholds_log[type] <= tgts) { *ask_stp |= ASK_ST_LOGIT; return; } } } /* compute switch settings from bits in a whiteclnt file */ FLTR_SWS wf2sws(FLTR_SWS sws, const DCC_WF *wf) { static time_t complained; time_t now; DCC_PATH abs_nm; int i; if (!grey_on && (wf->wtbl_flags & (DCC_WHITE_FG_GREY_ON | DCC_WHITE_FG_GREY_LOG_ON)) && (now = time(0)) > complained+24*60*60) { complained = now; dcc_error_msg("%s wants greylisting" " but it is turned off", fnm2abs_err(abs_nm, wf->ascii_nm)); } /* compute switch values from whiteclnt bits */ if (wf->wtbl_flags & DCC_WHITE_FG_NO_DISCARD) sws |= FLTR_SW_NO_DISCARD; else if (wf->wtbl_flags & DCC_WHITE_FG_DISCARD_OK) sws &= ~FLTR_SW_NO_DISCARD; if ((wf->wtbl_flags & DCC_WHITE_FG_DCC_OFF)) sws |= FLTR_SW_DCC_OFF; else if (wf->wtbl_flags & DCC_WHITE_FG_DCC_ON) sws &= ~FLTR_SW_DCC_OFF; if (grey_on && (wf->wtbl_flags & DCC_WHITE_FG_GREY_ON)) { sws &= ~FLTR_SW_GREY_OFF; } else if (!grey_on || (wf->wtbl_flags & DCC_WHITE_FG_GREY_OFF)) { sws |= FLTR_SW_GREY_OFF; } if (wf->wtbl_flags & DCC_WHITE_FG_LOG_ALL) { sws |= FLTR_SW_LOG_ALL; } else if (wf->wtbl_flags & DCC_WHITE_FG_LOG_NORMAL) { sws &= ~FLTR_SW_LOG_ALL; } if (wf->wtbl_flags & DCC_WHITE_FG_GREY_LOG_ON) { sws &= ~FLTR_SW_GREY_LOG_OFF; } else if (wf->wtbl_flags & DCC_WHITE_FG_GREY_LOG_OFF) { sws |= FLTR_SW_GREY_LOG_OFF; } if (wf->wtbl_flags & DCC_WHITE_FG_LOG_M) { sws |= FLTR_SW_LOG_M; } else if (wf->wtbl_flags & DCC_WHITE_FG_LOG_H) { sws |= FLTR_SW_LOG_H; } else if (wf->wtbl_flags & DCC_WHITE_FG_LOG_D) { sws |= FLTR_SW_LOG_D; } if (wf->wtbl_flags & DCC_WHITE_FG_MTA_FIRST) { sws |= FLTR_SW_MTA_FIRST; } else if (wf->wtbl_flags & DCC_WHITE_FG_MTA_LAST) { sws &= ~FLTR_SW_MTA_FIRST; } for (i = 0; i < MAX_DNSBL_GROUPS; ++i) { if ((wf->wtbl_flags & DCC_WHITE_FG_DNSBL_ON(i)) && dnsbls) { sws |= FLTR_SW_DNSBL(i); } else if (wf->wtbl_flags & DCC_WHITE_FG_DNSBL_OFF(i)) { sws &= ~FLTR_SW_DNSBL(i); } } if (wf->wtbl_flags & DCC_WHITE_FG_TRAP_ACC) { sws |= FLTR_SW_TRAP_ACC; } else if (wf->wtbl_flags & DCC_WHITE_FG_TRAP_REJ) { sws |= FLTR_SW_TRAP_REJ; } return sws | FLTR_SW_SET; } #define LOG_ASK_ST_BLEN 160 #define LOG_ASK_ST_OFF "(off)" #define LOG_ASK_ST_OVF " ...\n\n" static int log_ask_st_sub(char *buf, int blen, const char *s, int slen, u_char off) { int dlen, tlen; /* quit if no room at all in the log */ if (blen >= LOG_ASK_ST_BLEN) return LOG_ASK_ST_BLEN; /* quit if nothing to say */ if (!s || !slen) return blen; dlen = LOG_ASK_ST_BLEN - blen; tlen = LITZ(LOG_ASK_ST_OVF)+2+slen; if (off) /* notice if we need to say "(off)" */ tlen += LITZ(LOG_ASK_ST_OFF); if (dlen <= tlen) { /* show truncation of the message with "..." */ memcpy(&buf[blen], LOG_ASK_ST_OVF, LITZ(LOG_ASK_ST_OVF)); blen += LITZ(LOG_ASK_ST_OVF); if (blen < LOG_ASK_ST_BLEN) memset(&buf[blen], ' ', LOG_ASK_ST_BLEN-blen); return LOG_ASK_ST_BLEN; } if (blen > 0 && buf[blen-1] != '\n') { buf[blen++] = ' '; buf[blen++] = ' '; } memcpy(buf+blen, s, slen); blen += slen; if (off) { memcpy(buf+blen, LOG_ASK_ST_OFF, LITZ(LOG_ASK_ST_OFF)); blen += LITZ(LOG_ASK_ST_OFF); } return blen; } /* generate log file line of results */ void log_ask_st(LOG_WRITE_FNC fnc, void *cp, ASK_ST ask_st, FLTR_SWS sws, u_char log_type, /* 0="" 1="per-user" 2="global" */ const DCC_HEADER_BUF *hdr) { char buf[LOG_ASK_ST_BLEN+3]; char dnsbl_buf[24]; int blen, len, i; #define S(str,off) (blen = log_ask_st_sub(buf, blen, str, LITZ(str), off)) #define S0(bit,off,str) if (ask_st & bit) S(str,off) #define S1(bit,s1off,str) S0(bit,(log_type != 2 && (s1off)),str) #define S2(bit,str) S0(bit,0,str) blen = 0; S2(ASK_ST_QUERY, "query"); /* the CGI scripts want to know why */ if (sws & FLTR_SW_MTA_FIRST) { S2(ASK_ST_MTA_ISSPAM, "MTA"DCC_XHDR_ISSPAM); S2(ASK_ST_MTA_NOTSPAM, "MTA"DCC_XHDR_ISOK); } S2(ASK_ST_WLIST_NOTSPAM, "wlist"DCC_XHDR_ISOK); if (log_type != 2 && !(ask_st & ASK_ST_WLIST_NOTSPAM)) S2(ASK_ST_WLIST_ISSPAM, "wlist"DCC_XHDR_ISSPAM); S1(ASK_ST_SRVR_ISSPAM, (sws & FLTR_SW_DCC_OFF), "DCC"DCC_XHDR_ISSPAM); S1(ASK_ST_SRVR_NOTSPAM, (sws & FLTR_SW_DCC_OFF), "DCC"DCC_XHDR_ISOK); S1(ASK_ST_REP_ISSPAM, !(sws & FLTR_SW_REP_ON), "Rep"DCC_XHDR_ISSPAM); for (i = 0; i < MAX_DNSBL_GROUPS; ++i) { if (ask_st & ASK_ST_DNSBL_HIT(i)) { if (have_dnsbl_groups) len = snprintf(dnsbl_buf, sizeof(dnsbl_buf), "DNSBL%d"DCC_XHDR_ISSPAM, i+1); else len = snprintf(dnsbl_buf, sizeof(dnsbl_buf), "DNSBL"DCC_XHDR_ISSPAM); /* log "DNSBLx-->spam" or "DNSBLx-->spam(off)" */ blen = log_ask_st_sub(buf, blen, dnsbl_buf, len, log_type != 2 && !(sws & FLTR_SW_DNSBL(i))); } else if (ask_st & ASK_ST_DNSBL_TIMEO(i)) { if (have_dnsbl_groups) len = snprintf(dnsbl_buf, sizeof(dnsbl_buf), "DNSBL%d(timeout)", i+1); else len = snprintf(dnsbl_buf, sizeof(dnsbl_buf), "DNSBL(timeout)"); blen = log_ask_st_sub(buf, blen, dnsbl_buf, len, 0); } } if (!(sws & FLTR_SW_MTA_FIRST)) { S2(ASK_ST_MTA_ISSPAM, "MTA"DCC_XHDR_ISSPAM); S2(ASK_ST_MTA_NOTSPAM, "MTA"DCC_XHDR_ISOK); } blen = log_ask_st_sub(buf, blen, dcc_progname, dcc_progname_len, 0); if (log_type == 1) { blen = log_ask_st_sub(buf, blen, "per-user", LITZ("per-user"), 0); } else if (log_type == 2) { blen = log_ask_st_sub(buf, blen, "global", LITZ("global"), 0); } blen = log_ask_st_sub(buf, blen, "\n\n", 2, 0); fnc(cp, buf, blen); if (hdr->used != 0) xhdr_write(fnc, cp, hdr->buf, hdr->used, 0); #undef S #undef S0 #undef S1 #undef S2 } /* parse -G options for DCC clients */ u_char /* 0=bad */ dcc_parse_client_grey(const char *arg) { int bits; const char *p; while (*arg != '\0') { if (dcc_ck_word_comma(&arg, "on")) { grey_on = 1; continue; } if (dcc_ck_word_comma(&arg, "off")) { grey_on = 0; continue; } if (dcc_ck_word_comma(&arg, "query")) { grey_query_only = 1; continue; } if (dcc_ck_word_comma(&arg, "noIP")) { grey_on = 1; trim_grey_ip_addr = 1; memset(&grey_ip_mask, 0, sizeof(grey_ip_mask)); continue; } if (!CLITCMP(arg, "IPmask/")) { bits = 0; for (p = arg+LITZ("IPmask/"); *p >= '0' && *p <= '9'; ++p) bits = bits*10 + *p - '0'; if (bits > 0 && bits < 128 && (*p == '\0' || *p == ',')) { arg = p; if (*p == ',') ++arg; grey_on = 1; trim_grey_ip_addr = 1; /* assume giant blocks are really IPv4 */ if (bits <= 32) bits += 128-32; dcc_bits2mask(&grey_ip_mask, bits); continue; } } return 0; } return 1; } /* sanity check the DCC server's answer */ u_char dcc_ck_grey_answer(DCC_EMSG emsg, const DCC_OP_RESP *resp) { int recv_len; recv_len = ntohs(resp->hdr.len); if (resp->hdr.op != DCC_OP_ANSWER) { dcc_pemsg(EX_UNAVAILABLE, emsg, "DCC %s: %s %*s", dcc_srvr_nm(1), dcc_hdr_op2str(0, 0, &resp->hdr), (resp->hdr.op == DCC_OP_ERROR ? (recv_len - (ISZ(resp->error) - ISZ(resp->error.msg))) : 0), resp->error.msg); return 0; } if (recv_len != sizeof(DCC_GREY_ANSWER)) { dcc_pemsg(EX_UNAVAILABLE, emsg, "greylist server %s answered with %d instead of" " %d bytes", dcc_srvr_nm(1), recv_len, ISZ(DCC_GREY_ANSWER)); return 0; } return 1; } ASK_GREY_RESULT ask_grey(DCC_EMSG emsg, DCC_CLNT_CTXT *ctxt, DCC_OPS op, /* DCC_OP_GREY_{REPORT,QUERY,WHITE} */ DCC_SUM msg_sum, /* put msg+sender+target cksum here */ DCC_SUM triple_sum, /* put greylist triple checksum here */ const DCC_GOT_CKS *cks, const DCC_SUM env_to_sum, DCC_TGTS *pembargo_num, DCC_TGTS *pearly_tgts, /* ++ report to DCC even if embargoed */ DCC_TGTS *plate_tgts) /* ++ don't report to DCC */ { MD5_CTX ctx; DCC_REPORT rpt; DCC_OP_RESP resp; DCC_CK *ck; DCC_CK_TYPES type; const DCC_GOT_SUM *g; DCC_TGTS result_tgts; int num_cks; if (cks->sums[DCC_CK_IP].type != DCC_CK_IP) { dcc_pemsg(EX_UNAVAILABLE, emsg, "IP address not available for greylisting"); memset(triple_sum, 0, sizeof(*triple_sum)); memset(msg_sum, 0, sizeof(*msg_sum)); return ASK_GREY_FAIL; } if (cks->sums[DCC_CK_ENV_FROM].type != DCC_CK_ENV_FROM) { dcc_pemsg(EX_UNAVAILABLE, emsg, "env_From not available for greylisting"); memset(triple_sum, 0, sizeof(*triple_sum)); memset(msg_sum, 0, sizeof(*msg_sum)); return ASK_GREY_FAIL; } /* Check the common checksums for whitelisting at the greylist server. * This assumes DCC_CK_GREY_TRIPLE > DCC_CK_GREY_MSG > other types */ ck = rpt.cks; num_cks = 0; for (type = 0, g = cks->sums; type <= DCC_CK_TYPE_LAST; ++type, ++g) { /* greylisting needs a body checksum, even if * it is the fake checksum for a missing body */ if (!g->rpt2srvr && type != DCC_CK_BODY) continue; ck->type = type; ck->len = sizeof(*ck); memcpy(ck->sum, g->sum, sizeof(ck->sum)); ++ck; ++num_cks; } /* include in the request the grey message checksum as the checksum * of the body, the env_From sender, and env_To target checksums */ MD5Init(&ctx); MD5Update(&ctx, cks->sums[DCC_CK_BODY].sum, sizeof(DCC_SUM)); MD5Update(&ctx, cks->sums[DCC_CK_ENV_FROM].sum, sizeof(DCC_SUM)); MD5Update(&ctx, env_to_sum, sizeof(DCC_SUM)); MD5Final(msg_sum, &ctx); ck->type = DCC_CK_GREY_MSG; ck->len = sizeof(*ck); memcpy(ck->sum, msg_sum, sizeof(ck->sum)); ++ck; ++num_cks; /* include the triple checksum of the sender, the sender's IP * address, and the target */ MD5Init(&ctx); if (trim_grey_ip_addr) { struct in6_addr addr; DCC_SUM sum; int wno; for (wno = 0; wno < 4; ++wno) { addr.s6_addr32[wno] = (cks->ip_addr.s6_addr32[wno] & grey_ip_mask.s6_addr32[wno]); } dcc_ck_ipv6(sum, &addr); MD5Update(&ctx, sum, sizeof(DCC_SUM)); } else { MD5Update(&ctx, cks->sums[DCC_CK_IP].sum, sizeof(DCC_SUM)); } MD5Update(&ctx, cks->sums[DCC_CK_ENV_FROM].sum, sizeof(DCC_SUM)); MD5Update(&ctx, env_to_sum, sizeof(DCC_SUM)); MD5Final(triple_sum, &ctx); ck->type = DCC_CK_GREY3; ck->len = sizeof(*ck); memcpy(ck->sum, triple_sum, sizeof(ck->sum)); ++num_cks; if (!dcc_clnt_op(emsg, ctxt, DCC_CLNT_FG_GREY, 0, 0, 0, &rpt.hdr, (sizeof(rpt) - sizeof(rpt.cks) + num_cks*sizeof(rpt.cks[0])), op, &resp, sizeof(resp))) { return ASK_GREY_FAIL; } if (!dcc_ck_grey_answer(emsg, &resp)) return ASK_GREY_FAIL; /* see what the greylist server had to say */ result_tgts = ntohl(resp.gans.triple); switch (result_tgts) { case DCC_TGTS_OK: /* embargo ended just now */ /* if we have previously included this target in a count of * targets sent to the DCC, then do not include it now */ if (resp.gans.msg != 0 && plate_tgts) ++*plate_tgts; if (pembargo_num) *pembargo_num = 0; return ASK_GREY_EMBARGO_END; case DCC_TGTS_TOO_MANY: /* no current embargo */ if (pembargo_num) *pembargo_num = 0; return ((resp.gans.msg != 0) ? ASK_GREY_EMBARGO_END : ASK_GREY_PASS); case DCC_TGTS_GREY_WHITE: /* whitelisted for greylisting */ if (pembargo_num) *pembargo_num = 0; return ASK_GREY_WHITE; default: /* embargoed */ /* if this is a brand new embargo, * then count this target in the DCC report */ if (resp.gans.msg == 0 && pearly_tgts) ++*pearly_tgts; if (pembargo_num) *pembargo_num = result_tgts+1; return ASK_GREY_EMBARGO; } }