diff options
| author | John Denker <jsd@av8n.com> | 2012-07-21 11:16:12 -0700 |
|---|---|---|
| committer | John Denker <jsd@av8n.com> | 2012-07-21 11:21:25 -0700 |
| commit | c47ab4973a9f6e9840b44cca3cae07a932ed61f6 (patch) | |
| tree | ba36cb706c5969b4769929c76ae950611a0d0825 | |
| parent | 83ce0551954e207c7dba125594b25d59ae29e3c1 (diff) | |
check DNS consistency
| -rw-r--r-- | tools/greylist.c | 51 | ||||
| -rw-r--r-- | tools/makefile | 8 |
2 files changed, 41 insertions, 18 deletions
diff --git a/tools/greylist.c b/tools/greylist.c index f9a4ebc..863a2fe 100644 --- a/tools/greylist.c +++ b/tools/greylist.c @@ -20,6 +20,8 @@ #include <sys/socket.h> /* for getaddrinfo() */ #include <netdb.h> /* for getaddrinfo() */ #include <string.h> /* for memset() */ +#include <arpa/inet.h> /* for inet_ntop() */ + using namespace std; @@ -294,7 +296,7 @@ int main(int _argc, char** _argv){ // (b) move all the DNS checking to a separate module int dns = foo.check_dns(); - if (dns == ex_syserr) return dns; + if (dns == ex_syserr || dns == ex_spam) return dns; exeunt(sts); } @@ -373,15 +375,26 @@ int whatsit::doit(const int penalty){ typedef vector<unsigned char> VU; -class VUx : public VU { +class VUx{ public: - sa_family_t fam; + VU addr; + sa_family_t fam; + string str(); }; +string VUx::str(){ + char msgbuf[INET6_ADDRSTRLEN]; + const char* rslt = inet_ntop(fam, &addr[0], + msgbuf, sizeof(msgbuf)); + if (!rslt) rslt = ""; + return rslt; +} + VUx parse_sockaddr(const sockaddr* ai_addr) { void* numericAddress; VUx rslt; int addrsize; + rslt.addr = VU(0); rslt.fam = ((sockaddr *)ai_addr)->sa_family; switch (rslt.fam) { case AF_INET: @@ -397,8 +410,7 @@ VUx parse_sockaddr(const sockaddr* ai_addr) { return rslt; } unsigned char* foo = (unsigned char*) numericAddress; - (VU)rslt = VU(foo, foo+addrsize); - cerr << "asdf " << rslt.size() << " ... " << VU(foo, foo+addrsize).size() << endl; + rslt.addr = VU(foo, foo+addrsize); return rslt; } @@ -443,7 +455,7 @@ int whatsit::check_dns(){ return ex_syserr; } - VU ipAddr = parse_sockaddr(ipresult->ai_addr); + VUx ipAddr = parse_sockaddr(ipresult->ai_addr); error = getaddrinfo(hostvar, NULL, &hints, &result); if (error) { cerr << "error in getaddrinfo for " << hostvar @@ -454,18 +466,27 @@ int whatsit::check_dns(){ // loop over all returned results and check for a match. vector<string> checked_hosts; for (res = result; res != NULL; res = res->ai_next){ - VU hostAddr = parse_sockaddr(res->ai_addr); -#if 0 - char msgbuf[INET6_ADDRSTRLEN]; - const char* rslt = inet_ntop(fam, numericAddress, - msgbuf, sizeof(msgbuf)); -#endif - if (!diff(hostAddr, ipAddr)) { - cerr << "match! " << ipAddr.size() << endl; + VUx hostAddr = parse_sockaddr(res->ai_addr); + + if (!diff(hostAddr.addr, ipAddr.addr)) { + ///// cerr << "match! " << ipAddr.addr.size() << endl; goto done; } } - cerr << "no match" << endl; + cerr << "(warning) DNS inconsistency: " + << ipAddr.str() << " does not match"; + for (res = result; res != NULL; res = res->ai_next){ + cerr << " " << parse_sockaddr(res->ai_addr).str(); + } + cerr << endl; +#if 1 + // temporary ... just a warning + return 0; +#else + return ex_spam; +#endif + + done: return 0; } diff --git a/tools/makefile b/tools/makefile index cf62473..1f878f0 100644 --- a/tools/makefile +++ b/tools/makefile @@ -44,9 +44,11 @@ logmark: logger -t jsd -p mail.info ========================= todo: - echo zap penalize greylist status of spam \ - extended error codes from skrewt, greylist \ - extended error codes [-x] from spamc + echo \ + pass message-ID to greylist program \ + ... also provide a way for certain recipients to bypass some checks \ + ... both will require major restructuring, "cat" process \ + ..... ALWAYS: @echo ... |