ze-filter  (ze-filter-0.8.0-develop-180218)
ze-check-connection.c
Go to the documentation of this file.
1 
2 /*
3  *
4  * ze-filter - Mail Server Filter for sendmail
5  *
6  * Copyright (c) 2001-2018 - Jose-Marcio Martins da Cruz
7  *
8  * Auteur : Jose Marcio Martins da Cruz
9  * jose.marcio.mc@gmail.org
10  *
11  * Historique :
12  * Creation : Tue Jan 2 22:39:53 CET 2007
13  *
14  * This program is free software, but with restricted license :
15  *
16  *
17  * This program is distributed in the hope that it will be useful,
18  * but WITHOUT ANY WARRANTY; without even the implied warranty of
19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
20  *
21  * More details about ze-filter license can be found at ze-filter
22  * web site : http://foss.jose-marcio.org
23  */
24 
25 
26 #include <ze-sys.h>
27 #include <libze.h>
28 
29 #include <ze-filter.h>
30 #include <ze-filter-data.h>
31 #include <ze-check-connection.h>
32 
33 #define RATE_LOG_LEVEL 12
34 
35 /* ****************************************************************************
36  * *
37  * *
38  ******************************************************************************/
39 #define GET_RESOLVE_COEF(resolve, coef) \
40  do { \
41  /* Let's setup Throttle coefficient */ \
42  switch (resolve) \
43  { \
44  case RESOLVE_NULL: \
45  coef = 1; \
46  break; \
47  case RESOLVE_OK: \
48  coef = 1; \
49  break; \
50  case RESOLVE_FAIL: \
51  coef = 2; \
52  break; \
53  case RESOLVE_FORGED: \
54  coef = 2; \
55  break; \
56  case RESOLVE_TEMPFAIL: \
57  coef = 2; \
58  break; \
59  default: \
60  coef = 1; \
61  } \
62  } while (0)
63 
64 /* ****************************************************************************
65  * *
66  * *
67  ******************************************************************************/
68 sfsistat
69 check_dns_resolve(ctx)
70  SMFICTX *ctx;
71 {
72  CTXPRIV_T *priv = MLFIPRIV(ctx);
73  int result = SMFIS_CONTINUE;
74 
75  ASSERT(priv != NULL);
76 
77  if (IS_KNOWN(priv->netclass.class))
78  return result;
79 
80  if ((priv->resolve_res == RESOLVE_NULL) || (priv->resolve_res == RESOLVE_OK))
81  return result;
82 
83  {
84  int nb;
85  time_t now;
86  static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
87  char s[256];
88 
89  char *reply = NULL, *why = NULL;
90  int which = -1;
91 
92  switch (priv->resolve_res) {
93  /*
94  * DNS lookup FAIL
95  */
96  case RESOLVE_FAIL:
97  if (cf_get_int(CF_CHECK_RESOLVE_FAIL) == OPT_NO)
98  return result;
99  reply = MSG_RESOLVE_FAIL;
100  why = MSG_SHORT_RESOLVE_FAIL;
101  which = STAT_RESOLVE_FAIL;
102  break;
103 
104  /*
105  * forged hostname
106  */
107  case RESOLVE_FORGED:
108  if (cf_get_int(CF_CHECK_RESOLVE_FORGED) == OPT_NO)
109  return result;
110  reply = MSG_RESOLVE_FORGED;
111  why = MSG_SHORT_RESOLVE_FORGED;
112  which = STAT_RESOLVE_FORGED;
113  break;
114  default:
115  return result;
116  break;
117  }
118 
119  MUTEX_LOCK(&mutex);
120 
121  nb = livehistory_check_host(priv->peer_addr, 4 HOURS, LH_BAD_RESOLVE);
122  if (nb < cf_get_int(CF_MAX_BAD_RESOLVE)) {
123  now = time(NULL);
124  (void) livehistory_add_entry(priv->peer_addr, now, 1, LH_BAD_RESOLVE);
125 
126  } else
127  result = SMFIS_TEMPFAIL;
128 
129  MUTEX_UNLOCK(&mutex);
130 
131  if (result == SMFIS_CONTINUE)
132  goto fin;
133 
134  reply = STRNULL(reply, "DNS address resolution error");
135  why = STRNULL(why, "DNS IP address resolution error");
136  (void) jsmfi_setreply(ctx, "451", "4.1.8", reply);
137  snprintf(s, sizeof (s), "%s : %d", why, nb);
138  log_msg_context(ctx, s);
139 
140  if (which > 0)
141  stats_inc(which, 1);
142 
143  goto fin;
144  }
145 
146 
147 fin:
148  if (result != SMFIS_CONTINUE)
149  priv->rej_resolve = TRUE;
150 
151  return result;
152 }
153 
154 /* ****************************************************************************
155  * *
156  * *
157  ******************************************************************************/
158 sfsistat
159 check_connrate(ctx)
160  SMFICTX *ctx;
161 {
162  CTXPRIV_T *priv = MLFIPRIV(ctx);
163  int result = SMFIS_CONTINUE;
164 
165  priv->conn_rate = smtprate_check(RATE_CONN, priv->peer_addr, DEFAULT_WINDOW);
166 #if 0
167  if (priv->conn_rate <= 1)
168  return result;
169 #endif
170 
171  if (cf_get_int(CF_CHECK_CONN_RATE) == OPT_YES) {
172  int ip_class = priv->netclass.class;
173  int n;
174  char s[256];
175 
176  priv->conn_rate =
177  smtprate_check(RATE_CONN, priv->peer_addr, DEFAULT_WINDOW);
178  n = priv->conn_rate;
179 
180  ZE_MessageInfo(RATE_LOG_LEVEL,
181  "%-12s ConnRate : %-20s %4d ip_class=[%02X - %s]",
182  CONNID_STR(priv->id), priv->peer_addr, n, ip_class,
183  CTX_NETCLASS_LABEL(priv));
184 
185  {
186  char buf[256];
187  bool ok = FALSE;
188  int vmax = 0;
189 
190  vmax = cf_get_int(CF_MAX_CONN_RATE);
191 
192  if (check_host_policy("ConnRate", priv->peer_addr, priv->peer_name,
193  priv->netclass.label, buf, sizeof (buf), TRUE))
194  vmax = zeStr2long(buf, NULL, 0);
195 
196  if (vmax > 0 && n > vmax)
197  result = SMFIS_TEMPFAIL;
198  }
199 
200  if (result != SMFIS_CONTINUE) {
201  stats_inc(STAT_CONN_RATE, 1);
202  (void) jsmfi_setreply(ctx, "421", "4.5.1", MSG_CONN_RATE);
203  snprintf(s, sizeof (s), "%s : %d [%02X - %s]",
204  MSG_SHORT_CONN_RATE, n, ip_class, CTX_NETCLASS_LABEL(priv));
205 
206  log_msg_context(ctx, s);
207 
208  priv->result = result;
209  priv->rej_conn_rate = TRUE;
210  }
211  }
212 
213  return result;
214 }
215 
216 /* ****************************************************************************
217  * *
218  * *
219  ******************************************************************************/
220 sfsistat
221 check_msgrate(ctx)
222  SMFICTX *ctx;
223 {
224  CTXPRIV_T *priv = MLFIPRIV(ctx);
225  int result = SMFIS_CONTINUE;
226 
227  priv->msg_rate = smtprate_check(RATE_MSGS, priv->peer_addr, DEFAULT_WINDOW);
228 #if 0
229  if (priv->msg_rate <= 1)
230  return result;
231 #endif
232 
233  if (cf_get_int(CF_CHECK_MSG_RATE) == OPT_YES) {
234  int ip_class = priv->netclass.class;
235  int n;
236  char s[256];
237 
238  priv->msg_rate = smtprate_check(RATE_MSGS, priv->peer_addr, DEFAULT_WINDOW);
239  n = priv->msg_rate;
240 
241  ZE_MessageInfo(RATE_LOG_LEVEL,
242  "%-12s MsgsRate : %-20s %4d ip_class=[%02X - %s]",
243  CONNID_STR(priv->id), priv->peer_addr, n, ip_class,
244  CTX_NETCLASS_LABEL(priv));
245 
246  {
247  char buf[256];
248  bool ok = FALSE;
249  int vmax = 0;
250 
251  vmax = cf_get_int(CF_MAX_MSG_RATE);
252 
253  if (check_host_policy("MsgRate", priv->peer_addr, priv->peer_name,
254  priv->netclass.label, buf, sizeof (buf), TRUE))
255  vmax = zeStr2long(buf, NULL, 0);
256 
257  if (vmax > 0 && n > vmax)
258  result = SMFIS_TEMPFAIL;
259 
260  if (result != SMFIS_CONTINUE) {
261  stats_inc(STAT_MSG_RATE, 1);
262  (void) jsmfi_setreply(ctx, "451", "4.3.2", MSG_MSG_RATE);
263  snprintf(s, sizeof (s), "%s : %d [%02X - %s]",
264  MSG_SHORT_MSG_RATE, n, ip_class, CTX_NETCLASS_LABEL(priv));
265 
266  log_msg_context(ctx, s);
267 
268  priv->result = result;
269  priv->rej_msg_rate = TRUE;
270  }
271  }
272 
273  {
274  int fromRate;
275 
276  bool addrPlusEmail = FALSE;
277  char *sEnv = NULL;
278 
279  if ((sEnv = getenv("FROMRATEFULL")) != NULL) {
280  if (zeStrRegex(sEnv, "yes|oui|true", NULL, NULL, TRUE))
281  addrPlusEmail = TRUE;
282  }
283 
284  if (addrPlusEmail) {
285  char cbuf[256];
286 
287  snprintf(cbuf, sizeof (cbuf), "%s-%s", priv->peer_addr, priv->env_from);
288  fromRate =
289  smtprate_check(RATE_FROM_MSGS, priv->env_from, DEFAULT_WINDOW);
290  } else {
291  fromRate =
292  smtprate_check(RATE_FROM_MSGS, priv->env_from, DEFAULT_WINDOW);
293  }
294 
295  ZE_MessageInfo(RATE_LOG_LEVEL,
296  "%-12s MsgsRateFrom : %-20s %4d %s ip_class=[%02X - %s]",
297  CONNID_STR(priv->id), priv->peer_addr, fromRate,
298  priv->env_from, ip_class, CTX_NETCLASS_LABEL(priv));
299  {
300  char buf[256];
301  bool ok = FALSE;
302  int vmax = 0;
303  char fBuf[256];
304 
305  memset(fBuf, 0, sizeof (fBuf));
306  extract_email_address(fBuf, priv->env_from, sizeof (fBuf));
307  if (strlen(fBuf) == 0)
308  strlcpy(fBuf, "nullsender", sizeof (fBuf));
309 
310  vmax = cf_get_int(CF_MAX_FROM_MSG_RATE);
311  if (PolicyLookupEmailAddr("MsgRateFrom", fBuf, buf, sizeof (buf)))
312  vmax = zeStr2long(buf, NULL, 0);
313 
314  if (vmax > 0 && fromRate > vmax)
315  result = SMFIS_TEMPFAIL;
316 
317  if (result != SMFIS_CONTINUE) {
318  stats_inc(STAT_MSG_RATE, 1);
319  (void) jsmfi_setreply(ctx, "451", "4.3.2", MSG_MSG_RATE);
320  snprintf(s, sizeof (s), "%s : %d [%02X - %s]",
321  MSG_SHORT_MSG_RATE, n, ip_class, CTX_NETCLASS_LABEL(priv));
322 
323  log_msg_context(ctx, s);
324 
325  priv->result = result;
326  priv->rej_msg_rate = TRUE;
327  }
328  }
329  }
330 
331  {
332  int authRate;
333 
334  authRate = smtprate_check(RATE_AUTH_MSGS, priv->env_from, DEFAULT_WINDOW);
335 
336  ZE_MessageInfo(RATE_LOG_LEVEL,
337  "%-12s MsgsRateAuth : %-20s %4d %s ip_class=[%02X - %s]",
338  CONNID_STR(priv->id), priv->peer_addr, authRate,
339  priv->env_from, ip_class, CTX_NETCLASS_LABEL(priv));
340  {
341  char buf[256];
342  bool ok = FALSE;
343  int vmax = 0;
344  char fBuf[256];
345 
346  memset(fBuf, 0, sizeof (fBuf));
347  extract_email_address(fBuf, priv->env_from, sizeof (fBuf));
348  if (strlen(fBuf) == 0)
349  strlcpy(fBuf, "nullsender", sizeof (fBuf));
350 
351  vmax = cf_get_int(CF_MAX_FROM_MSG_RATE);
352  if (PolicyLookupEmailAddr("MsgRateAuth", fBuf, buf, sizeof (buf)))
353  vmax = zeStr2long(buf, NULL, 0);
354 
355  if (vmax > 0 && authRate > vmax)
356  result = SMFIS_TEMPFAIL;
357 
358  if (result != SMFIS_CONTINUE) {
359  stats_inc(STAT_MSG_RATE, 1);
360  (void) jsmfi_setreply(ctx, "451", "4.3.2", MSG_MSG_RATE);
361  snprintf(s, sizeof (s), "%s : %d [%02X - %s]",
362  MSG_SHORT_MSG_RATE, n, ip_class, CTX_NETCLASS_LABEL(priv));
363 
364  log_msg_context(ctx, s);
365 
366  priv->result = result;
367  priv->rej_msg_rate = TRUE;
368  }
369  }
370  }
371 
372  }
373 
374  return result;
375 }
376 
377 /* ****************************************************************************
378  * *
379  * *
380  ******************************************************************************/
381 sfsistat
382 check_msgcount(ctx)
383  SMFICTX *ctx;
384 {
385  CTXPRIV_T *priv = MLFIPRIV(ctx);
386  int result = SMFIS_CONTINUE;
387  int nb_from = 0;
388 
389  if (cf_get_int(CF_CHECK_NB_MSGS) == OPT_YES) {
390  int ip_class = priv->netclass.class;
391  char s[256];
392 
393  nb_from = priv->nb_from;
394 
395  ZE_MessageInfo(RATE_LOG_LEVEL,
396  "%-12s MsgCount : %-20s %4d ip_class=[%02X - %s]",
397  CONNID_STR(priv->id), priv->peer_addr, nb_from, ip_class,
398  CTX_NETCLASS_LABEL(priv));
399 
400  {
401  char buf[256];
402  bool ok = FALSE;
403  int vmax = 0;
404 
405  vmax = cf_get_int(CF_MAX_MSGS);
406 
407  if (check_host_policy("MaxMsgs", priv->peer_addr, priv->peer_name,
408  priv->netclass.label, buf, sizeof (buf), TRUE))
409  vmax = zeStr2long(buf, NULL, 0);
410 
411  if (vmax > 0 && nb_from > vmax)
412  result = SMFIS_TEMPFAIL;
413  }
414 
415  if (result != SMFIS_CONTINUE) {
416  stats_inc(STAT_MAX_MSGS, 1);
417  (void) jsmfi_setreply(ctx, "451", "4.3.2", MSG_TOO_MUCH_MSGS);
418  snprintf(s, sizeof (s), "%s : %s : %d [%02X - %s]",
419  MSG_TOO_MUCH_MSGS, priv->peer_addr, nb_from, ip_class,
420  CTX_NETCLASS_LABEL(priv));
421 
422  log_msg_context(ctx, s);
423 
424  priv->rej_msgs++;
425  priv->result = result;
426  }
427 
428  }
429 
430  return result;
431 }
432 
433 
434 /* ****************************************************************************
435  * *
436  * *
437  ******************************************************************************/
438 sfsistat
439 check_rcptrate(ctx)
440  SMFICTX *ctx;
441 {
442  CTXPRIV_T *priv = MLFIPRIV(ctx);
443  int result = SMFIS_CONTINUE;
444  int rate = 0;
445 
446  rate = smtprate_check(RATE_RCPT, priv->peer_addr, DEFAULT_WINDOW);
447 #if 0
448  if (rate <= 1)
449  return result;
450 #endif
451 
452  if (cf_get_int(CF_CHECK_RCPT_RATE) != OPT_YES)
453  goto fin;
454 
455  {
456  int ip_class = priv->netclass.class;
457  char s[256];
458 
459  rate = smtprate_check(RATE_RCPT, priv->peer_addr, DEFAULT_WINDOW);
460  /*
461  * XXX\A0shall n be saved on some priv member ???
462  */
463 
464  ZE_MessageInfo(RATE_LOG_LEVEL,
465  "%-12s RcptRate : %-20s %4d ip_class=[%02X - %s]",
466  CONNID_STR(priv->id), priv->peer_addr, rate, ip_class,
467  CTX_NETCLASS_LABEL(priv));
468 
469  {
470  char buf[256];
471  bool ok = FALSE;
472  int vmax = 0;
473 
474  vmax = cf_get_int(CF_MAX_RCPT_RATE);
475 
476  if (check_host_policy("RcptRate", priv->peer_addr, priv->peer_name,
477  priv->netclass.label, buf, sizeof (buf), TRUE))
478  vmax = zeStr2long(buf, NULL, 0);
479 
480  if (vmax > 0 && rate > vmax)
481  result = SMFIS_TEMPFAIL;
482  }
483 
484  if (result != SMFIS_CONTINUE) {
485  stats_inc(STAT_RCPT_RATE, 1);
486  (void) jsmfi_setreply(ctx, "451", "4.3.2", MSG_RCPT_RATE);
487  snprintf(s, sizeof (s), "%s : %s : %d [%02X - %s]",
488  MSG_SHORT_RCPT_RATE, priv->peer_addr, rate, ip_class,
489  CTX_NETCLASS_LABEL(priv));
490 
491  log_msg_context(ctx, s);
492 
493  priv->result = result;
494  priv->rej_conn_rate = TRUE;
495  }
496  }
497 
498  {
499  int ip_class = priv->netclass.class;
500  char s[256];
501  int COEF = 1;
502  char fBuf[256];
503 
504  bool addrPlusEmail = FALSE;
505  char *sEnv = NULL;
506 
507  if ((sEnv = getenv("FROMRATEFULL")) != NULL) {
508  if (zeStrRegex(sEnv, "yes|oui|true", NULL, NULL, TRUE))
509  addrPlusEmail = TRUE;
510  }
511 
512  if (addrPlusEmail) {
513  char cbuf[256];
514 
515  snprintf(cbuf, sizeof (cbuf), "%s-%s", priv->peer_addr, priv->env_from);
516  rate = smtprate_check(RATE_FROM_RCPT, cbuf, DEFAULT_WINDOW);
517  } else {
518  rate = smtprate_check(RATE_FROM_RCPT, priv->env_from, DEFAULT_WINDOW);
519  }
520  /*
521  * XXX\A0shall n be saved on some priv member ???
522  */
523 
524  ZE_MessageInfo(RATE_LOG_LEVEL,
525  "%-12s RcptRateFrom : %-20s %4d %s ip_class=[%02X - %s]",
526  CONNID_STR(priv->id), priv->peer_addr, rate, priv->env_from,
527  ip_class, CTX_NETCLASS_LABEL(priv));
528 
529  {
530  char buf[256];
531  bool ok = FALSE;
532  int vmax = 0;
533 
534  memset(fBuf, 0, sizeof (fBuf));
535  extract_email_address(fBuf, priv->env_from, sizeof (fBuf));
536  if (strlen(fBuf) == 0)
537  strlcpy(fBuf, "nullsender", sizeof (fBuf));
538 
539  vmax = cf_get_int(CF_MAX_FROM_RCPT_RATE);
540  if (PolicyLookupEmailAddr("RcptRateFrom", fBuf, buf, sizeof (buf)))
541  vmax = zeStr2long(buf, NULL, 0);
542 
543  if (vmax > 0 && rate > vmax)
544  result = SMFIS_TEMPFAIL;
545  }
546 
547  if (result != SMFIS_CONTINUE) {
548  stats_inc(STAT_RCPT_RATE, 1);
549  (void) jsmfi_setreply(ctx, "451", "4.3.2", MSG_RCPT_RATE);
550  snprintf(s, sizeof (s), "%s : %s : %d [%02X - %s]",
551  MSG_SHORT_RCPT_RATE, fBuf, rate, ip_class,
552  CTX_NETCLASS_LABEL(priv));
553 
554  log_msg_context(ctx, s);
555 
556  priv->result = result;
557  priv->rej_conn_rate = TRUE;
558  }
559  }
560 
561  {
562  int ip_class = priv->netclass.class;
563  char s[256];
564  int COEF = 1;
565  char fBuf[256];
566 
567  rate = smtprate_check(RATE_FROM_RCPT, priv->env_from, DEFAULT_WINDOW);
568  /*
569  * XXX shall n be saved on some priv member ???
570  */
571 
572  ZE_MessageInfo(RATE_LOG_LEVEL,
573  "%-12s RcptRateAuth : %-20s %4d %s ip_class=[%02X - %s]",
574  CONNID_STR(priv->id), priv->peer_addr, rate, priv->env_from,
575  ip_class, CTX_NETCLASS_LABEL(priv));
576 
577  {
578  char buf[256];
579  bool ok = FALSE;
580  int vmax = 0;
581 
582  memset(fBuf, 0, sizeof (fBuf));
583  extract_email_address(fBuf, priv->env_from, sizeof (fBuf));
584  if (strlen(fBuf) == 0)
585  strlcpy(fBuf, "nullsender", sizeof (fBuf));
586 
587  vmax = cf_get_int(CF_MAX_FROM_RCPT_RATE);
588  if (PolicyLookupEmailAddr("RcptRateAuth", fBuf, buf, sizeof (buf)))
589  vmax = zeStr2long(buf, NULL, 0);
590 
591  if (vmax > 0 && rate > vmax)
592  result = SMFIS_TEMPFAIL;
593  }
594 
595  if (result != SMFIS_CONTINUE) {
596  stats_inc(STAT_RCPT_RATE, 1);
597  (void) jsmfi_setreply(ctx, "451", "4.3.2", MSG_RCPT_RATE);
598  snprintf(s, sizeof (s), "%s : %s : %d [%02X - %s]",
599  MSG_SHORT_RCPT_RATE, fBuf, rate, ip_class,
600  CTX_NETCLASS_LABEL(priv));
601 
602  log_msg_context(ctx, s);
603 
604  priv->result = result;
605  priv->rej_conn_rate = TRUE;
606  }
607  }
608 
609 fin:
610  return result;
611 }
612 
613 /* ****************************************************************************
614  * *
615  * *
616  ******************************************************************************/
617 sfsistat
618 check_rcptcount(ctx)
619  SMFICTX *ctx;
620 {
621  CTXPRIV_T *priv = MLFIPRIV(ctx);
622  int result = SMFIS_CONTINUE;
623  int nb_rcpt = 0;
624 
625  if (cf_get_int(CF_CHECK_NB_RCPT) == OPT_YES) {
626  int ip_class = priv->netclass.class;
627  char s[256];
628  int COEF = 1;
629 
630  GET_RESOLVE_COEF(priv->resolve_res, COEF);
631 
632  if ((COEF == 1) && (priv->ehlo_flags != 0))
633  COEF = 2;
634 
635  nb_rcpt = priv->env_nb_rcpt;
636 
637  ZE_MessageInfo(RATE_LOG_LEVEL,
638  "%-12s RcptCount : %-20s %4d ip_class=[%02X - %s]",
639  CONNID_STR(priv->id), priv->peer_addr, nb_rcpt, ip_class,
640  CTX_NETCLASS_LABEL(priv));
641 
642  {
643  char buf[256];
644  bool ok = FALSE;
645  int vmax = 0;
646 
647  vmax = cf_get_int(CF_MAX_RCPT);
648 
649  if (check_host_policy("MaxRcpt", priv->peer_addr, priv->peer_name,
650  priv->netclass.label, buf, sizeof (buf), TRUE))
651  vmax = zeStr2long(buf, NULL, 0);
652 
653  if (vmax > 0 && (nb_rcpt * COEF) > vmax)
654  result = SMFIS_TEMPFAIL;
655 
656  if (result != SMFIS_CONTINUE) {
657  stats_inc(STAT_MAX_RCPT, 1);
658  (void) jsmfi_setreply(ctx, "451", "4.3.2", MSG_TOO_MUCH_RCPT);
659  snprintf(s, sizeof (s), "%s : %s : %d [%02X - %s]",
660  MSG_TOO_MUCH_RCPT, priv->peer_addr, nb_rcpt, ip_class,
661  CTX_NETCLASS_LABEL(priv));
662 
663  log_msg_context(ctx, s);
664 
665  priv->rej_rcpt++;
666  priv->result = result;
667  }
668  }
669 
670  {
671  char buf[256];
672  bool ok = FALSE;
673  int vmax = 0;
674 
675  char fBuf[256];
676 
677  memset(fBuf, 0, sizeof (fBuf));
678  extract_email_address(fBuf, priv->env_from, sizeof (fBuf));
679  if (strlen(fBuf) == 0)
680  strlcpy(fBuf, "nullsender", sizeof (fBuf));
681 
682  vmax = cf_get_int(CF_MAX_FROM_RCPT);
683  if (PolicyLookupEmailAddr("MaxRcptFrom", fBuf, buf, sizeof (buf)))
684  vmax = zeStr2long(buf, NULL, 0);
685 
686  if (vmax > 0 && nb_rcpt > vmax)
687  result = SMFIS_TEMPFAIL;
688 
689  if (result != SMFIS_CONTINUE) {
690  stats_inc(STAT_MAX_RCPT, 1);
691  (void) jsmfi_setreply(ctx, "451", "4.3.2", MSG_TOO_MUCH_RCPT);
692  snprintf(s, sizeof (s), "%s : %s : %d [%02X - %s]",
693  MSG_TOO_MUCH_RCPT, priv->peer_addr, nb_rcpt, ip_class,
694  CTX_NETCLASS_LABEL(priv));
695 
696  log_msg_context(ctx, s);
697 
698  priv->rej_rcpt++;
699  priv->result = result;
700  }
701  }
702  }
703 
704  return result;
705 }
706 
707 /* ****************************************************************************
708  * *
709  * *
710  ******************************************************************************/
711 sfsistat
712 check_open_connections(ctx)
713  SMFICTX *ctx;
714 {
715  CTXPRIV_T *priv = MLFIPRIV(ctx);
716  int result = SMFIS_CONTINUE;
717 
718  if (priv->peer_addr == NULL)
719  return SMFIS_CONTINUE;
720 
721  if (cf_get_int(CF_CHECK_OPEN_CONNECTIONS) == OPT_YES) {
722  int ip_class = priv->netclass.class;
723  int nb = priv->nb_open;
724  char s[256];
725  int COEF = 1;
726 
727  nb = priv->nb_open =
728  connopen_check_host(priv->peer_addr, priv->peer_name, 0);
729 
730  GET_RESOLVE_COEF(priv->resolve_res, COEF);
731 
732  nb *= COEF;
733 
734  if (nb > 5) {
735  ZE_MessageInfo(RATE_LOG_LEVEL,
736  "%-12s Open Connections : %-20s %4d ip_class=[%02X - %s]",
737  CONNID_STR(priv->id), priv->peer_addr, nb, ip_class,
738  CTX_NETCLASS_LABEL(priv));
739  } else {
740  ZE_MessageInfo(RATE_LOG_LEVEL,
741  "%-12s Open Connections : %-20s %4d ip_class=[%02X - %s]",
742  CONNID_STR(priv->id), priv->peer_addr, nb, ip_class,
743  CTX_NETCLASS_LABEL(priv));
744  }
745 
746  /*
747  * FALSE && _FFR_DBPOLICY
748  */
749  {
750  char buf[256];
751  bool ok = FALSE;
752  int vmax = 0;
753 
754  vmax = cf_get_int(CF_MAX_CONN_OPEN);
755 
756  if (check_host_policy("ConnOpen", priv->peer_addr, priv->peer_name,
757  priv->netclass.label, buf, sizeof (buf), TRUE))
758  vmax = zeStr2long(buf, NULL, 0);
759 
760  if (vmax > 0 && nb > vmax)
761  result = SMFIS_TEMPFAIL;
762  }
763 
764 
765  if (result != SMFIS_CONTINUE) {
766  stats_inc(STAT_OPEN_CONN, 1);
767 
768  (void) jsmfi_setreply(ctx, "421", "4.5.1", MSG_TOO_MUCH_OPEN);
769 
770  snprintf(s, sizeof (s), "%s : %s : %d [%02X - %s]",
771  MSG_SHORT_TOO_MUCH_OPEN, priv->peer_addr,
772  nb, ip_class, CTX_NETCLASS_LABEL(priv));
773 
774  log_msg_context(ctx, s);
775  }
776  }
777 
778  return result;
779 }
780 
781 /* ****************************************************************************
782  * *
783  * *
784  ******************************************************************************/
785 sfsistat
786 check_empty_connections(ctx)
787  SMFICTX *ctx;
788 {
789  CTXPRIV_T *priv = MLFIPRIV(ctx);
790  int result = SMFIS_CONTINUE;
791 
792  if (cf_get_int(CF_CHECK_EMPTY_CONNECTIONS) == OPT_YES) {
793  int ip_class = priv->netclass.class;
794  int nb = 0;
795  char s[256];
796  int COEF = 1;
797 
798  /*
799  * XXXXXXXXXXXX 3600 ?????
800  */
801  nb = livehistory_check_host(priv->peer_addr, 3600, LH_EMPTYCONN);
802 
803  GET_RESOLVE_COEF(priv->resolve_res, COEF);
804 
805 #if 1
806  nb *= COEF;
807 #endif
808 
809  if (nb > 15) {
810  ZE_MessageInfo(RATE_LOG_LEVEL,
811  "%-12s Empty Connections : %-20s %4d ip_class=[%02X - %s]",
812  CONNID_STR(priv->id), priv->peer_addr, nb, ip_class,
813  CTX_NETCLASS_LABEL(priv));
814  } else {
815  ZE_MessageInfo(RATE_LOG_LEVEL,
816  "%-12s Empty Connections : %-20s %4d ip_class=[%02X - %s]",
817  CONNID_STR(priv->id), priv->peer_addr, nb, ip_class,
818  CTX_NETCLASS_LABEL(priv));
819  }
820 
821  if (IS_UNKNOWN(ip_class) && (nb > cf_get_int(CF_MAX_EMPTY_CONN)))
822  result = SMFIS_TEMPFAIL;
823 
824  if (result != SMFIS_CONTINUE) {
825  stats_inc(STAT_EMPTY_CONN, 1);
826  (void) jsmfi_setreply(ctx, "451", "4.3.2", MSG_TOO_MUCH_EMPTY);
827  snprintf(s, sizeof (s), MSG_SHORT_TOO_MUCH_EMPTY, priv->peer_addr, nb,
828  ip_class);
829 
830  log_msg_context(ctx, s);
831  }
832  }
833 
834  return result;
835 }
836 
837 /* ****************************************************************************
838  * *
839  * *
840  ******************************************************************************/
841 sfsistat
842 check_spamtrap(ctx)
843  SMFICTX *ctx;
844 {
845  CTXPRIV_T *priv = MLFIPRIV(ctx);
846  int result = SMFIS_CONTINUE;
847 
848  if (cf_get_int(CF_CHECK_SPAMTRAP_HISTORY) == OPT_YES) {
849  int nb = 0;
850  int COEF = 1;
851 
852  /*
853  * XXXXXXXXXX 3600 ????
854  */
855  nb = livehistory_check_host(priv->peer_addr, 3600, LH_SPAMTRAP);
856 
857  if (nb == 0)
858  return SMFIS_CONTINUE;
859 
860  GET_RESOLVE_COEF(priv->resolve_res, COEF);
861 
862 #if 0
863 #if 1
864  nb *= COEF;
865 #endif
866 
867  if (nb > 5) {
868  ZE_MessageInfo(RATE_LOG_LEVEL,
869  "%-12s Bad Recipients : %-20s %4d ip_class=[%02X - %s]",
870  CONNID_STR(priv->id), priv->peer_addr, nb, ip_class,
871  CTX_NETCLASS_LABEL(priv));
872  } else {
873  ZE_MessageInfo(RATE_LOG_LEVEL,
874  "%-12s Bad Recipients : %-20s %4d ip_class=[%02X - %s]",
875  CONNID_STR(priv->id), priv->peer_addr, nb, ip_class,
876  CTX_NETCLASS_LABEL(priv));
877  }
878 
879  if (IS_UNKNOWN(ip_class) && (nb > cf_get_int(CF_MAX_BADRCPTS))) {
880  result = SMFIS_TEMPFAIL;
881 
882  stats_inc(STAT_BAD_RCPT, 1);
883  switch (result) {
884  case SMFIS_REJECT:
885  (void) jsmfi_setreply(ctx, "550", "5.7.1", MSG_TOO_MUCH_BADRCPT);
886  break;
887  case SMFIS_TEMPFAIL:
888  (void) jsmfi_setreply(ctx, "421", "4.5.1", MSG_TOO_MUCH_BADRCPT);
889  break;
890  }
891  snprintf(s, sizeof (s), MSG_SHORT_TOO_MUCH_BADRCPT,
892  priv->peer_addr, nb, ip_class);
893 
894  log_msg_context(ctx, s);
895  }
896 #endif
897  }
898 
899  return result;
900 }
901 
902 /* ****************************************************************************
903  * *
904  * *
905  ******************************************************************************/
906 sfsistat
907 check_nb_badrcpts(ctx)
908  SMFICTX *ctx;
909 {
910  CTXPRIV_T *priv = MLFIPRIV(ctx);
911  int result = SMFIS_CONTINUE;
912 
913  if (cf_get_int(CF_CHECK_BADRCPTS) == OPT_YES) {
914  int ip_class = priv->netclass.class;
915  int nb = 0;
916  char s[256];
917  int COEF = 1;
918 
919  /*
920  * XXXXXXXXXX 3600 ????
921  */
922  nb = livehistory_check_host(priv->peer_addr, 3600, LH_BADRCPT) +
923  priv->nb_cbadrcpt + priv->nb_mbadrcpt;
924 
925  if (nb == 0)
926  return SMFIS_CONTINUE;
927 
928  GET_RESOLVE_COEF(priv->resolve_res, COEF);
929 
930  nb *= COEF;
931 
932  if (nb > 5) {
933  ZE_MessageInfo(RATE_LOG_LEVEL,
934  "%-12s Bad Recipients : %-20s %4d ip_class=[%02X - %s]",
935  CONNID_STR(priv->id), priv->peer_addr, nb, ip_class,
936  CTX_NETCLASS_LABEL(priv));
937  } else {
938  ZE_MessageInfo(RATE_LOG_LEVEL,
939  "%-12s Bad Recipients : %-20s %4d ip_class=[%02X - %s]",
940  CONNID_STR(priv->id), priv->peer_addr, nb, ip_class,
941  CTX_NETCLASS_LABEL(priv));
942  }
943 
944  if (IS_UNKNOWN(ip_class) && (nb > cf_get_int(CF_MAX_BADRCPTS))) {
945  result = SMFIS_TEMPFAIL;
946  stats_inc(STAT_BAD_RCPT, 1);
947 #if 1
948  (void) jsmfi_setreply(ctx, "451", "4.3.2", MSG_TOO_MUCH_BADRCPT);
949 #else
950  (void) jsmfi_setreply(ctx, "451", "4.7.1", MSG_TOO_MUCH_BADRCPT);
951 #endif
952  snprintf(s, sizeof (s), "%s : %s : %d [%02X - %s]",
953  MSG_SHORT_TOO_MUCH_BADRCPT,
954  priv->peer_addr, nb, ip_class, CTX_NETCLASS_LABEL(priv));
955 
956  log_msg_context(ctx, s);
957  }
958  }
959 
960  return result;
961 }
962 
963 /* ****************************************************************************
964  * *
965  * *
966  ******************************************************************************/
967 sfsistat
968 check_single_message(ctx)
969  SMFICTX *ctx;
970 {
971  CTXPRIV_T *priv = MLFIPRIV(ctx);
972  int result = SMFIS_CONTINUE;
973 
974  int ip_class;
975  char s[256];
976  int COEF = 1;
977  char *why = "bad behaviour in previous MAIL command";
978 
979  ASSERT(priv != NULL);
980 
981  if (priv->nb_from <= 1)
982  goto fin;
983 
984  ip_class = priv->netclass.class;
985  if (IS_KNOWN(ip_class))
986  goto fin;
987 
988  if (priv->dbrcpt_conn_spamtrap > 0) {
989  why = "spamtraps";
990  result = SMFIS_TEMPFAIL;
991  goto fin;
992  }
993 
994  /*
995  * bad MX
996  */
997  if (priv->rej_badmx > 0) {
998  why = "bad MX";
999  result = SMFIS_TEMPFAIL;
1000  goto fin;
1001  }
1002 
1003 
1004  /*
1005  * XFiles
1006  */
1007  if (priv->nb_xfiles > 0) {
1008  why = "XFiles";
1009  result = SMFIS_TEMPFAIL;
1010  goto fin;
1011  }
1012 
1013  /*
1014  * Virus
1015  */
1016  if (priv->nb_virus > 0) {
1017  why = "Virus";
1018  result = SMFIS_TEMPFAIL;
1019  goto fin;
1020  }
1021 #if 0
1022  ZE_MessageInfo(RATE_LOG_LEVEL,
1023  "%-12s Bad Recipients : %-20s %4d ip_class=[%02X - %s]",
1024  CONNID_STR(priv->id), priv->peer_addr, nb, ip_class,
1025  CTX_NETCLASS_LABEL(priv));
1026 #endif
1027 
1028 fin:
1029  if (result != SMFIS_CONTINUE) {
1030  stats_inc(STAT_SINGLE_MESSAGE, 1);
1031 
1032  result = SMFIS_TEMPFAIL;
1033  (void) jsmfi_setreply(ctx, "451", "4.3.2", MSG_SINGLE_MESSAGE);
1034 
1035  snprintf(s, sizeof (s), "%s : %s [%s]",
1036  MSG_SHORT_SINGLE_MESSAGE, why, CTX_NETCLASS_LABEL(priv));
1037 
1038  log_msg_context(ctx, s);
1039  }
1040 
1041  return result;
1042 }
1043 
1044 /* ****************************************************************************
1045  * *
1046  * *
1047  ******************************************************************************/
1048 
1049 sfsistat
1050 validate_connection(ctx)
1051  SMFICTX *ctx;
1052 {
1053  CTXPRIV_T *priv = MLFIPRIV(ctx);
1054  int result = SMFIS_CONTINUE;
1055 
1056  if (ctx == NULL || priv == NULL)
1057  return result;
1058 
1059  result = check_open_connections(ctx);
1060  if (result != SMFIS_CONTINUE) {
1061  priv->rej_open = TRUE;
1062  goto fin;
1063  }
1064 
1065  if (priv->callback_id < CALLBACK_MAIL &&
1066  cf_get_int(CF_DELAY_CHECKS) == OPT_YES)
1067  goto fin;
1068 
1069  result = check_connrate(ctx);
1070  if (result != SMFIS_CONTINUE) {
1071  priv->rej_conn_rate = TRUE;
1072  goto fin;
1073  }
1074 
1075  if (priv->callback_id == CALLBACK_CONNECT)
1076  goto fin;
1077 
1078  /*
1079  ** if client resolv limit is set on :
1080  ** connections -> CALLBACK_EHLO
1081  ** messages -> CALLBACK_MAIL
1082  */
1083  if (priv->callback_id == CALLBACK_MAIL) {
1084  result = check_dns_resolve(ctx);
1085 
1086  if (result != SMFIS_CONTINUE) {
1087  priv->rej_resolve = TRUE;
1088  goto fin;
1089  }
1090 
1091  result = check_single_message(ctx);
1092  if (result != SMFIS_CONTINUE) {
1093  /*
1094  * priv->rej_resolve = TRUE;
1095  */
1096  goto fin;
1097  }
1098  }
1099 #if 0
1100  result = check_spamtrap(ctx);
1101  if (result != SMFIS_CONTINUE) {
1102  priv->rej_badrcpt = TRUE;
1103  goto fin;
1104  }
1105 #endif
1106 
1107  (void) update_nb_badrcpts(ctx);
1108  result = check_nb_badrcpts(ctx);
1109  if (result != SMFIS_CONTINUE) {
1110  priv->rej_badrcpt = TRUE;
1111  goto fin;
1112  }
1113 
1114  result = check_empty_connections(ctx);
1115  if (result != SMFIS_CONTINUE) {
1116  priv->rej_empty = TRUE;
1117  goto fin;
1118  }
1119 
1120 fin:
1121  priv->reject_connect = (result != SMFIS_CONTINUE);
1122  if (result != SMFIS_CONTINUE)
1123  priv->result = result;
1124 
1125  return result;
1126 }
MSG_RCPT_RATE
#define MSG_RCPT_RATE
Definition: ze-reply.h:129
MSG_SHORT_SINGLE_MESSAGE
#define MSG_SHORT_SINGLE_MESSAGE
Definition: ze-reply.h:235
CTXPRIV_T::conn_rate
int conn_rate
Definition: ze-filter-data.h:112
MSG_TOO_MUCH_OPEN
#define MSG_TOO_MUCH_OPEN
Definition: ze-reply.h:121
CF_CHECK_RESOLVE_FAIL
#define CF_CHECK_RESOLVE_FAIL
Definition: cfh-defs.h:185
GET_RESOLVE_COEF
#define GET_RESOLVE_COEF(resolve, coef)
Definition: ze-check-connection.c:39
CF_CHECK_EMPTY_CONNECTIONS
#define CF_CHECK_EMPTY_CONNECTIONS
Definition: cfh-defs.h:146
check_nb_badrcpts
sfsistat check_nb_badrcpts(SMFICTX *ctx)
Definition: ze-check-connection.c:907
CTXPRIV_T::rej_conn_rate
bool rej_conn_rate
Definition: ze-filter-data.h:240
CF_CHECK_SPAMTRAP_HISTORY
#define CF_CHECK_SPAMTRAP_HISTORY
Definition: cfh-defs.h:154
netclass_T::class
int class
Definition: ze-netclass.h:71
stats_inc
void stats_inc(int, long)
Definition: ze-stats.c:401
CF_CHECK_NB_RCPT
#define CF_CHECK_NB_RCPT
Definition: cfh-defs.h:157
MSG_TOO_MUCH_EMPTY
#define MSG_TOO_MUCH_EMPTY
Definition: ze-reply.h:113
PolicyLookupEmailAddr
bool PolicyLookupEmailAddr(char *prefix, char *key, char *buf, size_t size)
Definition: zePolicy.c:230
STAT_SINGLE_MESSAGE
#define STAT_SINGLE_MESSAGE
Definition: ze-stats.h:68
CTXPRIV_T::rej_badmx
int rej_badmx
Definition: ze-filter-data.h:236
CALLBACK_CONNECT
#define CALLBACK_CONNECT
Definition: ze-callback.h:28
CF_MAX_CONN_OPEN
#define CF_MAX_CONN_OPEN
Definition: cfh-defs.h:145
ASSERT
#define ASSERT(a)
Definition: macros.h:27
SMFIS_TEMPFAIL
#define SMFIS_TEMPFAIL
Definition: ze-smtp-divers.c:232
MSG_MSG_RATE
#define MSG_MSG_RATE
Definition: ze-reply.h:133
jsmfi_setreply
int jsmfi_setreply(SMFICTX *, char *, char *, char *)
Definition: ze-libmilter.c:99
check_host_policy
bool check_host_policy(char *prefix, char *addr, char *name, char *class, char *buf, size_t size, bool cdef)
Definition: ze-policy.c:205
CTXPRIV_T::nb_virus
int nb_virus
Definition: ze-filter-data.h:207
CF_MAX_EMPTY_CONN
#define CF_MAX_EMPTY_CONN
Definition: cfh-defs.h:147
CF_MAX_FROM_RCPT
#define CF_MAX_FROM_RCPT
Definition: cfh-defs.h:166
MUTEX_UNLOCK
#define MUTEX_UNLOCK(mutex)
Definition: macros.h:101
CF_CHECK_RCPT_RATE
#define CF_CHECK_RCPT_RATE
Definition: cfh-defs.h:155
CTXPRIV_T::peer_addr
char * peer_addr
Definition: ze-filter-data.h:145
STRNULL
#define STRNULL(x, r)
Definition: macros.h:81
CTXPRIV_T::msg_rate
int msg_rate
Definition: ze-filter-data.h:114
MSG_SINGLE_MESSAGE
#define MSG_SINGLE_MESSAGE
Definition: ze-reply.h:145
ok
bool ok
Definition: ze-connopen.c:59
CTXPRIV_T::rej_msgs
bool rej_msgs
Definition: ze-filter-data.h:244
MUTEX_LOCK
#define MUTEX_LOCK(mutex)
Definition: macros.h:93
mutex
pthread_mutex_t mutex
Definition: ze-connopen.c:63
CF_MAX_RCPT_RATE
#define CF_MAX_RCPT_RATE
Definition: cfh-defs.h:156
CF_CHECK_CONN_RATE
#define CF_CHECK_CONN_RATE
Definition: cfh-defs.h:142
MSG_SHORT_TOO_MUCH_BADRCPT
#define MSG_SHORT_TOO_MUCH_BADRCPT
Definition: ze-reply.h:251
CTXPRIV_T::rej_msg_rate
bool rej_msg_rate
Definition: ze-filter-data.h:245
FALSE
#define FALSE
Definition: macros.h:160
SMFIS_CONTINUE
#define SMFIS_CONTINUE
Definition: ze-smtp-divers.c:228
STAT_EMPTY_CONN
#define STAT_EMPTY_CONN
Definition: ze-stats.h:72
SMFIS_REJECT
#define SMFIS_REJECT
Definition: ze-smtp-divers.c:229
strlcpy
#define strlcpy
Definition: zeString.h:32
zeStrRegex
bool zeStrRegex(char *, char *, long *, long *, bool)
Definition: zeStrings.c:544
CTXPRIV_T::rej_open
bool rej_open
Definition: ze-filter-data.h:241
extract_email_address
char * extract_email_address(char *, char *, size_t)
Definition: ze-smtp-divers.c:128
LH_SPAMTRAP
#define LH_SPAMTRAP
Definition: ze-livehistory.h:28
OPT_YES
#define OPT_YES
Definition: ze-cf.h:45
MSG_TOO_MUCH_RCPT
#define MSG_TOO_MUCH_RCPT
Definition: ze-reply.h:97
check_empty_connections
sfsistat check_empty_connections(SMFICTX *ctx)
Definition: ze-check-connection.c:786
RESOLVE_FORGED
#define RESOLVE_FORGED
Definition: ze-filter.h:173
CTXPRIV_T::nb_from
int nb_from
Definition: ze-filter-data.h:202
CTXPRIV_T::reject_connect
bool reject_connect
Definition: ze-filter-data.h:123
CTXPRIV_T::resolve_res
int resolve_res
Definition: ze-filter-data.h:119
check_spamtrap
sfsistat check_spamtrap(SMFICTX *ctx)
Definition: ze-check-connection.c:842
CF_MAX_BAD_RESOLVE
#define CF_MAX_BAD_RESOLVE
Definition: cfh-defs.h:187
CF_MAX_RCPT
#define CF_MAX_RCPT
Definition: cfh-defs.h:158
cf_get_int
int cf_get_int(int id)
Definition: ze-cf.c:803
MLFIPRIV
#define MLFIPRIV(ctx)
Definition: ze-filter-data.h:256
CTXPRIV_T::env_nb_rcpt
int env_nb_rcpt
Definition: ze-filter-data.h:163
CF_MAX_FROM_RCPT_RATE
#define CF_MAX_FROM_RCPT_RATE
Definition: cfh-defs.h:164
RATE_AUTH_MSGS
#define RATE_AUTH_MSGS
Definition: ze-smtprate.h:67
CF_MAX_MSGS
#define CF_MAX_MSGS
Definition: cfh-defs.h:162
CTXPRIV_T::rej_rcpt
int rej_rcpt
Definition: ze-filter-data.h:232
check_connrate
sfsistat check_connrate(SMFICTX *ctx)
Definition: ze-check-connection.c:159
MSG_SHORT_RESOLVE_FORGED
#define MSG_SHORT_RESOLVE_FORGED
Definition: ze-reply.h:215
CTXPRIV_T::rej_resolve
bool rej_resolve
Definition: ze-filter-data.h:239
MSG_SHORT_MSG_RATE
#define MSG_SHORT_MSG_RATE
Definition: ze-reply.h:231
LH_EMPTYCONN
#define LH_EMPTYCONN
Definition: ze-livehistory.h:29
MSG_TOO_MUCH_MSGS
#define MSG_TOO_MUCH_MSGS
Definition: ze-reply.h:137
STAT_RCPT_RATE
#define STAT_RCPT_RATE
Definition: ze-stats.h:45
CF_MAX_MSG_RATE
#define CF_MAX_MSG_RATE
Definition: cfh-defs.h:160
CTXPRIV_T::id
CONNID_T id
Definition: ze-filter-data.h:79
check_msgrate
sfsistat check_msgrate(SMFICTX *ctx)
Definition: ze-check-connection.c:221
LH_BADRCPT
#define LH_BADRCPT
Definition: ze-livehistory.h:27
zeStr2long
long zeStr2long(char *s, int *error, long dval)
Definition: zeStrConvert.c:35
MSG_TOO_MUCH_BADRCPT
#define MSG_TOO_MUCH_BADRCPT
Definition: ze-reply.h:117
CF_MAX_FROM_MSG_RATE
#define CF_MAX_FROM_MSG_RATE
Definition: cfh-defs.h:168
IS_KNOWN
#define IS_KNOWN(class)
Definition: ze-netclass.h:50
MSG_SHORT_RESOLVE_FAIL
#define MSG_SHORT_RESOLVE_FAIL
Definition: ze-reply.h:219
MSG_RESOLVE_FAIL
#define MSG_RESOLVE_FAIL
Definition: ze-reply.h:101
RESOLVE_OK
#define RESOLVE_OK
Definition: ze-filter.h:171
IS_UNKNOWN
#define IS_UNKNOWN(class)
Definition: ze-netclass.h:51
CALLBACK_MAIL
#define CALLBACK_MAIL
Definition: ze-callback.h:30
CTXPRIV_T::nb_cbadrcpt
int nb_cbadrcpt
Definition: ze-filter-data.h:224
MSG_SHORT_RCPT_RATE
#define MSG_SHORT_RCPT_RATE
Definition: ze-reply.h:227
ZE_MessageInfo
#define ZE_MessageInfo(level,...)
Definition: zeSyslog.h:90
nb
int nb
Definition: ze-connopen.c:61
OPT_NO
#define OPT_NO
Definition: ze-cf.h:44
check_rcptrate
sfsistat check_rcptrate(SMFICTX *ctx)
Definition: ze-check-connection.c:439
CTXPRIV_T::dbrcpt_conn_spamtrap
int dbrcpt_conn_spamtrap
Definition: ze-filter-data.h:219
RATE_MSGS
#define RATE_MSGS
Definition: ze-smtprate.h:54
STAT_CONN_RATE
#define STAT_CONN_RATE
Definition: ze-stats.h:44
CTXPRIV_T::callback_id
int callback_id
Definition: ze-filter-data.h:83
TRUE
#define TRUE
Definition: macros.h:157
STAT_RESOLVE_FAIL
#define STAT_RESOLVE_FAIL
Definition: ze-stats.h:41
STAT_MAX_RCPT
#define STAT_MAX_RCPT
Definition: ze-stats.h:43
check_msgcount
sfsistat check_msgcount(SMFICTX *ctx)
Definition: ze-check-connection.c:382
CTXPRIV_T::nb_xfiles
int nb_xfiles
Definition: ze-filter-data.h:206
CTXPRIV_T::result
int result
Definition: ze-filter-data.h:253
MSG_SHORT_TOO_MUCH_EMPTY
#define MSG_SHORT_TOO_MUCH_EMPTY
Definition: ze-reply.h:247
RATE_RCPT
#define RATE_RCPT
Definition: ze-smtprate.h:52
validate_connection
sfsistat validate_connection(SMFICTX *ctx)
Definition: ze-check-connection.c:1050
MSG_SHORT_CONN_RATE
#define MSG_SHORT_CONN_RATE
Definition: ze-reply.h:223
CF_CHECK_OPEN_CONNECTIONS
#define CF_CHECK_OPEN_CONNECTIONS
Definition: cfh-defs.h:144
CTXPRIV_T::peer_name
char * peer_name
Definition: ze-filter-data.h:146
CTX_NETCLASS_LABEL
#define CTX_NETCLASS_LABEL(priv)
Definition: ze-filter-data.h:259
smtprate_check
int smtprate_check(int, char *, time_t)
Definition: ze-smtprate.c:479
CTXPRIV_T::env_from
char * env_from
Definition: ze-filter-data.h:160
connopen_check_host
int connopen_check_host(char *, char *, int)
Definition: ze-connopen.c:151
STAT_BAD_RCPT
#define STAT_BAD_RCPT
Definition: ze-stats.h:74
CF_CHECK_BADRCPTS
#define CF_CHECK_BADRCPTS
Definition: cfh-defs.h:149
CF_MAX_CONN_RATE
#define CF_MAX_CONN_RATE
Definition: cfh-defs.h:143
CTXPRIV_T::ehlo_flags
uint32_t ehlo_flags
Definition: ze-filter-data.h:121
CF_MAX_BADRCPTS
#define CF_MAX_BADRCPTS
Definition: cfh-defs.h:150
CONNID_STR
#define CONNID_STR(connid)
Definition: ze-filter.h:113
check_dns_resolve
sfsistat check_dns_resolve(SMFICTX *ctx)
Definition: ze-check-connection.c:69
HOURS
#define HOURS
Definition: macros.h:144
CF_CHECK_NB_MSGS
#define CF_CHECK_NB_MSGS
Definition: cfh-defs.h:161
MSG_RESOLVE_FORGED
#define MSG_RESOLVE_FORGED
Definition: ze-reply.h:105
check_single_message
sfsistat check_single_message(SMFICTX *ctx)
Definition: ze-check-connection.c:968
update_nb_badrcpts
int update_nb_badrcpts(SMFICTX *)
Definition: ze-callbackchecks.c:41
CTXPRIV_T::nb_open
int nb_open
Definition: ze-filter-data.h:113
STAT_MSG_RATE
#define STAT_MSG_RATE
Definition: ze-stats.h:69
CTXPRIV_T::rej_badrcpt
bool rej_badrcpt
Definition: ze-filter-data.h:243
CTXPRIV_T::netclass
netclass_T netclass
Definition: ze-filter-data.h:117
MSG_CONN_RATE
#define MSG_CONN_RATE
Definition: ze-reply.h:125
livehistory_check_host
int livehistory_check_host(char *, time_t, int)
Definition: ze-livehistory.c:338
livehistory_add_entry
int livehistory_add_entry(char *, time_t, int, int)
Definition: ze-livehistory.c:253
MSG_SHORT_TOO_MUCH_OPEN
#define MSG_SHORT_TOO_MUCH_OPEN
Definition: ze-reply.h:243
RATE_FROM_MSGS
#define RATE_FROM_MSGS
Definition: ze-smtprate.h:63
CF_DELAY_CHECKS
#define CF_DELAY_CHECKS
Definition: cfh-defs.h:148
netclass_T::label
char label[32]
Definition: ze-netclass.h:72
CTXPRIV_T::rej_empty
bool rej_empty
Definition: ze-filter-data.h:242
log_msg_context
void log_msg_context(SMFICTX *ctx, char *why)
Definition: ze-callbacklogs.c:410
RATE_LOG_LEVEL
#define RATE_LOG_LEVEL
Definition: ze-check-connection.c:33
RATE_FROM_RCPT
#define RATE_FROM_RCPT
Definition: ze-smtprate.h:64
CF_CHECK_MSG_RATE
#define CF_CHECK_MSG_RATE
Definition: cfh-defs.h:159
check_open_connections
sfsistat check_open_connections(SMFICTX *ctx)
Definition: ze-check-connection.c:712
STAT_OPEN_CONN
#define STAT_OPEN_CONN
Definition: ze-stats.h:71
CF_CHECK_RESOLVE_FORGED
#define CF_CHECK_RESOLVE_FORGED
Definition: cfh-defs.h:186
LH_BAD_RESOLVE
#define LH_BAD_RESOLVE
Definition: ze-livehistory.h:34
CTXPRIV_T::nb_mbadrcpt
int nb_mbadrcpt
Definition: ze-filter-data.h:223
RESOLVE_NULL
#define RESOLVE_NULL
Definition: ze-filter.h:170
STAT_RESOLVE_FORGED
#define STAT_RESOLVE_FORGED
Definition: ze-stats.h:42
STAT_MAX_MSGS
#define STAT_MAX_MSGS
Definition: ze-stats.h:46
RATE_CONN
#define RATE_CONN
Definition: ze-smtprate.h:51
check_rcptcount
sfsistat check_rcptcount(SMFICTX *ctx)
Definition: ze-check-connection.c:618
CTXPRIV_T
Definition: ze-filter-data.h:76
RESOLVE_FAIL
#define RESOLVE_FAIL
Definition: ze-filter.h:172
DEFAULT_WINDOW
#define DEFAULT_WINDOW
Definition: ze-smtprate.h:72