#include "policyd.h"
/*
*
*
* Policy Daemon
*
* policy daemon is used in conjuction with postfix to combat spam.
*
* Copyright (C) 2004 Cami Sardinha (cami@mweb.co.za)
*
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*
*
*/
/*
* function: helo_check
* purpose: module to check if connecting host is randomizing their HELO
* return: 1=yes, 0=no
*/
int
helo_check(unsigned int fd)
{
if(DEBUG > 0)
logmessage("DEBUG: fd: %d checking helo\n", fd);
/* reset value */
mysql_optarray[fd][0] = 0;
/* save an sql lookup if there is no helo information */
if(triplet_array[fd][5][0] == 0x00)
goto notfound;
/* build up query & execute */
snprintf(mysqlquery_array[fd], 512,
"SELECT COUNT(_host) FROM helo WHERE _host='%s'", host_array[fd][2]);
if(db_optquery(fd) == -1) return(db_failure(fd, "helo"));
/* we have helo abuse */
if(mysql_optarray[fd][0] >= HELO_MAX_COUNT)
{
int expire=0;
if(DEBUG > 0)
logmessage("DEBUG: fd: %d helo abuse: %s from: %s (%d unique helo's)\n", fd,
host_array[fd][2], /* host */
triplet_array[fd][5], /* helo */
HELO_MAX_COUNT); /* helo count */
/* never auto expire helo blacklist? */
if (HELO_BLACKLIST_AUTO_EXPIRE > 0)
expire=timenow+HELO_BLACKLIST_AUTO_EXPIRE;
/* build up query */
snprintf(mysqlquery_array[fd], 512,
"INSERT DELAYED INTO blacklist (_blacklist,_description,_expire) VALUES ('%s','# helo abuse',%d)",
host_array[fd][2], expire);
if(db_doquery(fd) == -1) return(db_failure(fd, "helo"));
logmessage("rcpt=%lu, helo=abuse, host=%s (%s), from=%s, to=%s, size=%s, helo=%s\n",
rcpt_count, /* recipient count */
host_array[fd][2], /* host address */
host_array[fd][0], /* hostname */
triplet_array[fd][1], /* sender */
triplet_array[fd][2], /* recipient */
triplet_array[fd][3], /* size */
triplet_array[fd][5] /* helo */
);
/* clean up helo table entries */
/* build up query */
snprintf(mysqlquery_array[fd], 512,
"DELETE QUICK FROM helo WHERE _host='%s'", host_array[fd][2]);
if(db_doquery(fd) == -1) return(db_failure(fd, "helo"));
return (1);
}
notfound:
if(DEBUG > 0)
logmessage("DEBUG: fd: %d helo abuse not found: %s from: %s\n", fd, triplet_array[fd][5], host_array[fd][2]);
/* reset value */
mysql_optarray[fd][0] = 0;
/* build up query & execute */
snprintf(mysqlquery_array[fd], 512,
"SELECT COUNT(_host) FROM helo WHERE _host='%s' AND _helo='%s'", host_array[fd][2], triplet_array[fd][5]);
if(db_optquery(fd) == -1) return(db_failure(fd, "helo"));
/* helo has not been previously stored there */
if(mysql_optarray[fd][0] == 0)
{
int expire=0;
/* never auto expire helo blacklist? */
if (HELO_AUTO_EXPIRE > 0)
expire=timenow+HELO_AUTO_EXPIRE;
/* build up query & execute */
snprintf(mysqlquery_array[fd], 512,
"INSERT DELAYED INTO helo (_host,_helo,_expire) VALUES ('%s','%s',%d)",
host_array[fd][2], triplet_array[fd][5], expire);
if(db_doquery(fd) == -1) return(db_failure(fd, "helo"));
}
/* no forged HELO attempt */
return (0);
}
/* EOF */
syntax highlighted by Code2HTML, v. 0.9.1