From 1c7d26ecca32d86b7cd6e29d15fbacae0c7016cd Mon Sep 17 00:00:00 2001 From: Matt Simerson Date: Tue, 15 May 2012 00:48:57 -0400 Subject: [PATCH] dnsbl: added log messages, prefixes, additional args instead of a positional arguments, used named arguments (backwards compatible) added a couple log message prefixes removed some trailing whitespace updated POD --- plugins/dnsbl | 53 ++++++++++++++++++++++++++++++++------------------- 1 file changed, 33 insertions(+), 20 deletions(-) diff --git a/plugins/dnsbl b/plugins/dnsbl index 62fd862..7c2ff71 100644 --- a/plugins/dnsbl +++ b/plugins/dnsbl @@ -12,13 +12,17 @@ a configurable set of RBL services. =cut sub register { - my ($self, $qp, $denial ) = @_; - if ( defined $denial && $denial =~ /^disconnect$/i ) { - $self->{_dnsbl}->{DENY} = DENY_DISCONNECT; - } - else { - $self->{_dnsbl}->{DENY} = DENY; - } + my ($self, $qp) = shift, shift; + + if ( @_ % 2 ) { + $self->{_args}{reject_type} = shift; # backwards compatibility + } + else { + $self->{_args} = { @_ }; + }; + + my $rej = $self->{_args}{reject_type}; + $self->{_dnsbl}{DENY} = (defined $rej && $rej =~ /^disconnect$/i) ? DENY_DISCONNECT : DENY; } sub hook_connect { @@ -197,17 +201,20 @@ sub hook_rcpt { my ($self, $transaction, $rcpt, %param) = @_; # RBLSMTPD being non-empty means it contains the failure message to return - if (defined ($ENV{'RBLSMTPD'}) && $ENV{'RBLSMTPD'} ne '') { + if (defined $ENV{'RBLSMTPD'} && $ENV{'RBLSMTPD'} ne '') { my $result = $ENV{'RBLSMTPD'}; my $remote_ip = $self->qp->connection->remote_ip; $result =~ s/%IP%/$remote_ip/g; my $msg = $self->qp->config('dnsbl_rejectmsg'); - $self->log(LOGINFO, $msg); + $self->log(LOGINFO, "fail: $msg"); return ($self->{_dnsbl}->{DENY}, join(' ', $msg, $result)); } my $note = $self->process_sockets or return DECLINED; - return DECLINED if $self->ip_whitelisted(); + if ( $self->ip_whitelisted() ) { + $self->log(LOGINFO, "skip: whitelisted"); + return DECLINED; + }; if ( $rcpt->user =~ /^(?:postmaster|abuse|mailer-daemon|root)$/i ) { $self->log(LOGWARN, "skip: don't blacklist special account: ".$rcpt->user); @@ -226,26 +233,32 @@ sub hook_disconnect { return DECLINED; } -=head1 Usage +=head1 USAGE Add the following line to the config/plugins file: - dnsbl [disconnect] + dnsbl [ reject_type disconnect ] [loglevel -1] -If you want to immediately drop the connection (since some blacklisted -servers attempt multiple sends per session), add the optional keyword -"disconnect" (case insensitive) to the config line. In most cases, an +=head2 reject_type + +To immediately drop the connection (since some blacklisted servers attempt +multiple sends per session), set the optional argument I to +"disconnect" on the config/plugin entry. In most cases, an IP address that is listed should not be given the opportunity to begin a new transaction, since even the most volatile blacklists will return the same answer for a short period of time (the minimum DNS cache period). -=head1 Configuration files +=head2 loglevel -This plugin uses the following configuration files. All of these are optional. -However, not specifying dnsbl_zones is like not using the plugin at all. +Adjust the quantity of logging for this plugin. See docs/logging.pl + +=head1 CONFIG FILES =over 4 +This plugin uses the following configuration files. All are optional. Not +specifying dnsbl_zones is like not using the plugin at all. + =item dnsbl_zones Normal ip based dns blocking lists ("RBLs") which contain TXT records are @@ -277,7 +290,7 @@ For example: 192.168.1.1 172.16.33. -NB the environment variable RBLSMTPD is considered before this file is +NB the environment variable RBLSMTPD is considered before this file is referenced. See below. =item dnsbl_rejectmsg @@ -299,7 +312,7 @@ For example: =head2 RBLSMTPD The environment variable RBLSMTPD is supported and mimics the behaviour of -Dan Bernstein's rblsmtpd. The exception to this is the '-' char at the +Dan Bernstein's rblsmtpd. The exception to this is the '-' char at the start of RBLSMTPD which is used to force a hard error in Dan's rblsmtpd. NB I don't really see the benefit of using a soft error for a site in an RBL list. This just complicates