summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Denker <jsd@av8n.com>2012-07-21 11:16:12 -0700
committerJohn Denker <jsd@av8n.com>2012-07-21 11:21:25 -0700
commitc47ab4973a9f6e9840b44cca3cae07a932ed61f6 (patch)
treeba36cb706c5969b4769929c76ae950611a0d0825
parent83ce0551954e207c7dba125594b25d59ae29e3c1 (diff)
check DNS consistency
-rw-r--r--tools/greylist.c51
-rw-r--r--tools/makefile8
2 files changed, 41 insertions, 18 deletions
diff --git a/tools/greylist.c b/tools/greylist.c
index f9a4ebc..863a2fe 100644
--- a/tools/greylist.c
+++ b/tools/greylist.c
@@ -20,6 +20,8 @@
#include <sys/socket.h> /* for getaddrinfo() */
#include <netdb.h> /* for getaddrinfo() */
#include <string.h> /* for memset() */
+#include <arpa/inet.h> /* for inet_ntop() */
+
using namespace std;
@@ -294,7 +296,7 @@ int main(int _argc, char** _argv){
// (b) move all the DNS checking to a separate module
int dns = foo.check_dns();
- if (dns == ex_syserr) return dns;
+ if (dns == ex_syserr || dns == ex_spam) return dns;
exeunt(sts);
}
@@ -373,15 +375,26 @@ int whatsit::doit(const int penalty){
typedef vector<unsigned char> VU;
-class VUx : public VU {
+class VUx{
public:
- sa_family_t fam;
+ VU addr;
+ sa_family_t fam;
+ string str();
};
+string VUx::str(){
+ char msgbuf[INET6_ADDRSTRLEN];
+ const char* rslt = inet_ntop(fam, &addr[0],
+ msgbuf, sizeof(msgbuf));
+ if (!rslt) rslt = "";
+ return rslt;
+}
+
VUx parse_sockaddr(const sockaddr* ai_addr) {
void* numericAddress;
VUx rslt;
int addrsize;
+ rslt.addr = VU(0);
rslt.fam = ((sockaddr *)ai_addr)->sa_family;
switch (rslt.fam) {
case AF_INET:
@@ -397,8 +410,7 @@ VUx parse_sockaddr(const sockaddr* ai_addr) {
return rslt;
}
unsigned char* foo = (unsigned char*) numericAddress;
- (VU)rslt = VU(foo, foo+addrsize);
- cerr << "asdf " << rslt.size() << " ... " << VU(foo, foo+addrsize).size() << endl;
+ rslt.addr = VU(foo, foo+addrsize);
return rslt;
}
@@ -443,7 +455,7 @@ int whatsit::check_dns(){
return ex_syserr;
}
- VU ipAddr = parse_sockaddr(ipresult->ai_addr);
+ VUx ipAddr = parse_sockaddr(ipresult->ai_addr);
error = getaddrinfo(hostvar, NULL, &hints, &result);
if (error) {
cerr << "error in getaddrinfo for " << hostvar
@@ -454,18 +466,27 @@ int whatsit::check_dns(){
// loop over all returned results and check for a match.
vector<string> checked_hosts;
for (res = result; res != NULL; res = res->ai_next){
- VU hostAddr = parse_sockaddr(res->ai_addr);
-#if 0
- char msgbuf[INET6_ADDRSTRLEN];
- const char* rslt = inet_ntop(fam, numericAddress,
- msgbuf, sizeof(msgbuf));
-#endif
- if (!diff(hostAddr, ipAddr)) {
- cerr << "match! " << ipAddr.size() << endl;
+ VUx hostAddr = parse_sockaddr(res->ai_addr);
+
+ if (!diff(hostAddr.addr, ipAddr.addr)) {
+ ///// cerr << "match! " << ipAddr.addr.size() << endl;
goto done;
}
}
- cerr << "no match" << endl;
+ cerr << "(warning) DNS inconsistency: "
+ << ipAddr.str() << " does not match";
+ for (res = result; res != NULL; res = res->ai_next){
+ cerr << " " << parse_sockaddr(res->ai_addr).str();
+ }
+ cerr << endl;
+#if 1
+ // temporary ... just a warning
+ return 0;
+#else
+ return ex_spam;
+#endif
+
+
done:
return 0;
}
diff --git a/tools/makefile b/tools/makefile
index cf62473..1f878f0 100644
--- a/tools/makefile
+++ b/tools/makefile
@@ -44,9 +44,11 @@ logmark:
logger -t jsd -p mail.info =========================
todo:
- echo zap penalize greylist status of spam \
- extended error codes from skrewt, greylist \
- extended error codes [-x] from spamc
+ echo \
+ pass message-ID to greylist program \
+ ... also provide a way for certain recipients to bypass some checks \
+ ... both will require major restructuring, "cat" process \
+ .....
ALWAYS:
@echo ...