From 5e0ff5ef9ab478e1a187094d4f165402fe8d947f Mon Sep 17 00:00:00 2001 From: Art Cancro Date: Fri, 14 Feb 2003 16:12:05 +0000 Subject: [PATCH] * Added support for any standard RBL --- citadel/ChangeLog | 4 +++ citadel/docs/citadel.html | 35 +++++++++++++++++++-- citadel/domain.c | 15 +++------ citadel/locate_host.c | 65 ++++++++++++++++++++++++++++++++++++--- citadel/locate_host.h | 1 + citadel/routines2.c | 5 ++- citadel/serv_smtp.c | 16 +++++++++- 7 files changed, 123 insertions(+), 18 deletions(-) diff --git a/citadel/ChangeLog b/citadel/ChangeLog index eb725e540..208ebfcd2 100644 --- a/citadel/ChangeLog +++ b/citadel/ChangeLog @@ -1,4 +1,7 @@ $Log$ + Revision 601.133 2003/02/14 16:12:04 ajc + * Added support for any standard RBL + Revision 601.132 2003/02/13 22:33:41 ajc * Fixed algorithm for reporting "last login" @@ -4469,3 +4472,4 @@ Sat Jul 11 00:20:48 EDT 1998 Nathan Bryant Fri Jul 10 1998 Art Cancro * Initial CVS import + diff --git a/citadel/docs/citadel.html b/citadel/docs/citadel.html index 23c1c1b38..babd1dc8e 100644 --- a/citadel/docs/citadel.html +++ b/citadel/docs/citadel.html @@ -1776,8 +1776,11 @@ installed separately)
  • Global address book (Users with addresses in a domain may be spread out across many servers on a Citadel network)
  • Easy-to-configure integration with SpamAssassin can block spam before + href="http://www.spamassassin.org/">SpamAssassin can block +spam before it enters the mail system
    • +
  • Easy-to-configuration integration with most Realtime Blackhole +Lists (RBL) provide further defense against spammers
    • This section of the documentation will demonstrate how to configure @@ -1794,7 +1797,19 @@ the .Aide System configuration Internet command:This is a "clean" setup. For a simple, standalone e-mail system you simply have to enter the Add command:

    -
    <A>dd <D>elete <S>ave <Q>uit  -> Add

    Enter host name: schmeep.splorph.com
     (1) localhost       (Alias for this computer)
     (2) gateway domain  (Domain for all Citadel systems)
     (3) smart-host      (Forward all outbound mail to this host)
     (4) directory       (Consult the Global Address Book)
     (5) SpamAssassin    (Address of SpamAssassin server)

    Which one [1]:
    +
    +<A>dd <D>elete <S>ave <Q>uit  -> Add
+
+Enter host name: schmeep.splorph.com
+ (1) localhost       (Alias for this computer)
+ (2) gateway domain  (Domain for all Citadel systems)
+ (3) smart-host      (Forward all outbound mail to this host)
+ (4) directory       (Consult the Global Address Book)
+ (5) SpamAssassin    (Address of SpamAssassin server)
+ (6) RBL             (domain suffix of spam hunting RBL)
+
+Which one [1]:
+

    localhost: Basically what you're doing here is telling Citadel what any aliases for your machine are. If your machine were schmeep.splorph.com @@ -1859,6 +1874,22 @@ host. This is superior to software which files away spam in a separate folder, because delivery failures will cause some spammers to assume the address is invalid and remove it from their mailing lists.

    +

    RBL: Realtime Blackhole Lists (RBL's) provide defense against +spammers based on their source IP address. There are many such lists available +on the Internet, some of which may be utilized free of charge. Since they +are DNS based, the lists do not require storage on your server -- they are +queried during the SMTP conversation.

    + +

    Citadel can utilize any RBL that uses the +z.y.x.w.nameoflist.org syntax, where w.x.y.z is the +source IP address which is attempting to deliver mail to your server. For +example, SpamCop would use the query +2.0.0.127.bl.spamcop.net to determine whether the host at +127.0.0.2 is a known spammer or open relay. In this case, you +simply select option '6' to add an RBL entry, and provide it with the +domain suffix of bl.spamcop.net (the IP address and extra dot will +be automatically prepended for each query).

    +

    Now select Save and you are just about ready for Internet e-mail.

    diff --git a/citadel/domain.c b/citadel/domain.c index ac47dcb7e..1c43ef513 100644 --- a/citadel/domain.c +++ b/citadel/domain.c @@ -142,7 +142,6 @@ int getmx(char *mxbuf, char *dest) { n = get_hosts(mxbuf, "smarthost"); if (n > 0) return(n); - /* * No smart-host? Look up the best MX for a site. */ @@ -152,16 +151,12 @@ int getmx(char *mxbuf, char *dest) { /* * On systems with b0rken or non-standard resolver libraries, learn * the MX records by calling "nslookup" from the command line. + * + * Someday. + * */ - sprintf(buf, "nslookup -query=mx %s", dest); - fp = popen(buf, "r"); - if (fp == NULL) return(0); - while (fgets(buf, sizeof buf, fp) != NULL) { - buf[strlen(buf) - 1] = 0; - lprintf(9, "RESOLV: %s\n", buf); - } - pclose(fp); - return(0); /* FIXME */ + + return(0); #else /* HAVE_RESOLV_H */ diff --git a/citadel/locate_host.c b/citadel/locate_host.c index 3f50fe60a..de88d33f7 100644 --- a/citadel/locate_host.c +++ b/citadel/locate_host.c @@ -5,10 +5,6 @@ * */ -#ifdef DLL_EXPORT -#define IN_LIBCIT -#endif - #include "sysdep.h" #include #include @@ -27,6 +23,7 @@ #include "sysdep_decls.h" #include "config.h" #include "tools.h" +#include "domain.h" void locate_host(char *tbuf, size_t n, const struct in_addr *addr) { @@ -79,3 +76,63 @@ void locate_host(char *tbuf, size_t n, const struct in_addr *addr) tbuf[63] = 0; lprintf(9, "locate_host() exiting\n"); } + + +/* + * Check to see if a host is on some sort of spam list (RBL) + * If spammer, returns nonzero and places reason in 'message_to_spammer' + */ +int rbl_check_addr(struct in_addr *addr, char *message_to_spammer) +{ + const char *i; + int a1, a2, a3, a4; + char tbuf[SIZ]; + int rbl; + int num_rbl; + char rbl_domains[SIZ]; + + strcpy(message_to_spammer, "ok"); + + i = (const char *) addr; + a1 = ((*i++) & 0xff); + a2 = ((*i++) & 0xff); + a3 = ((*i++) & 0xff); + a4 = ((*i++) & 0xff); + + /* See if we have any RBL domains configured */ + num_rbl = get_hosts(rbl_domains, "rbl"); + if (num_rbl < 1) return(0); + + /* Try all configured RBL */ + for (rbl=0; rblclient_socket, (struct sockaddr *) &sin, &len)) { + return(rbl_check_addr(&sin.sin_addr, message_to_spammer)); + } + return(0); +} diff --git a/citadel/locate_host.h b/citadel/locate_host.h index 229805363..3c271102e 100644 --- a/citadel/locate_host.h +++ b/citadel/locate_host.h @@ -1,2 +1,3 @@ /* $Id$ */ void locate_host(char *tbuf, size_t n, const struct in_addr *addr); +int rbl_check(char *message_to_spammer); diff --git a/citadel/routines2.c b/citadel/routines2.c index 10f852340..fbfeb4e6a 100644 --- a/citadel/routines2.c +++ b/citadel/routines2.c @@ -775,7 +775,8 @@ void get_inet_rec_type(CtdlIPC *ipc, char *buf) { keyopt(" <3> smart-host (Forward all outbound mail to this host)\n"); keyopt(" <4> directory (Consult the Global Address Book)\n"); keyopt(" <5> SpamAssassin (Address of SpamAssassin server)\n"); - sel = intprompt("Which one", 1, 1, 5); + keyopt(" <6> RBL (domain suffix of spam hunting RBL)\n"); + sel = intprompt("Which one", 1, 1, 6); switch(sel) { case 1: strcpy(buf, "localhost"); return; @@ -787,6 +788,8 @@ void get_inet_rec_type(CtdlIPC *ipc, char *buf) { return; case 5: strcpy(buf, "spamassassin"); return; + case 6: strcpy(buf, "rbl"); + return; } } diff --git a/citadel/serv_smtp.c b/citadel/serv_smtp.c index c0147df11..2cb0ed4aa 100644 --- a/citadel/serv_smtp.c +++ b/citadel/serv_smtp.c @@ -31,6 +31,9 @@ #include #include #include +#include +#include +#include #include "citadel.h" #include "server.h" #include "sysdep_decls.h" @@ -49,6 +52,7 @@ #include "genstamp.h" #include "domain.h" #include "clientsocket.h" +#include "locate_host.h" #ifndef HAVE_SNPRINTF @@ -401,7 +405,8 @@ void smtp_mail(char *argbuf) { */ void smtp_rcpt(char *argbuf) { char recp[SIZ]; - struct recptypes *valid; + char message_to_spammer[SIZ]; + struct recptypes *valid = NULL; if (strlen(SMTP->from) == 0) { cprintf("503 Need MAIL before RCPT\r\n"); @@ -422,6 +427,15 @@ void smtp_rcpt(char *argbuf) { return; } + /* RBL check */ + if ( (!CC->logged_in) && (!CC->is_local_socket) ) { + if (rbl_check(message_to_spammer)) { + cprintf("552 %s\r\n", message_to_spammer); + /* no need to phree(valid), it's not allocated yet */ + return; + } + } + valid = validate_recipients(recp); if (valid->num_error > 0) { cprintf("599 Error: %s\r\n", valid->errormsg); -- 2.39.2