dnsbl: added log messages, prefixes, additional args
instead of a positional arguments, used named arguments (backwards compatible) added a couple log message prefixes removed some trailing whitespace updated POD
This commit is contained in:
parent
5e7568fe71
commit
1c7d26ecca
@ -12,13 +12,17 @@ a configurable set of RBL services.
|
|||||||
=cut
|
=cut
|
||||||
|
|
||||||
sub register {
|
sub register {
|
||||||
my ($self, $qp, $denial ) = @_;
|
my ($self, $qp) = shift, shift;
|
||||||
if ( defined $denial && $denial =~ /^disconnect$/i ) {
|
|
||||||
$self->{_dnsbl}->{DENY} = DENY_DISCONNECT;
|
if ( @_ % 2 ) {
|
||||||
}
|
$self->{_args}{reject_type} = shift; # backwards compatibility
|
||||||
else {
|
}
|
||||||
$self->{_dnsbl}->{DENY} = DENY;
|
else {
|
||||||
}
|
$self->{_args} = { @_ };
|
||||||
|
};
|
||||||
|
|
||||||
|
my $rej = $self->{_args}{reject_type};
|
||||||
|
$self->{_dnsbl}{DENY} = (defined $rej && $rej =~ /^disconnect$/i) ? DENY_DISCONNECT : DENY;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub hook_connect {
|
sub hook_connect {
|
||||||
@ -197,17 +201,20 @@ sub hook_rcpt {
|
|||||||
my ($self, $transaction, $rcpt, %param) = @_;
|
my ($self, $transaction, $rcpt, %param) = @_;
|
||||||
|
|
||||||
# RBLSMTPD being non-empty means it contains the failure message to return
|
# RBLSMTPD being non-empty means it contains the failure message to return
|
||||||
if (defined ($ENV{'RBLSMTPD'}) && $ENV{'RBLSMTPD'} ne '') {
|
if (defined $ENV{'RBLSMTPD'} && $ENV{'RBLSMTPD'} ne '') {
|
||||||
my $result = $ENV{'RBLSMTPD'};
|
my $result = $ENV{'RBLSMTPD'};
|
||||||
my $remote_ip = $self->qp->connection->remote_ip;
|
my $remote_ip = $self->qp->connection->remote_ip;
|
||||||
$result =~ s/%IP%/$remote_ip/g;
|
$result =~ s/%IP%/$remote_ip/g;
|
||||||
my $msg = $self->qp->config('dnsbl_rejectmsg');
|
my $msg = $self->qp->config('dnsbl_rejectmsg');
|
||||||
$self->log(LOGINFO, $msg);
|
$self->log(LOGINFO, "fail: $msg");
|
||||||
return ($self->{_dnsbl}->{DENY}, join(' ', $msg, $result));
|
return ($self->{_dnsbl}->{DENY}, join(' ', $msg, $result));
|
||||||
}
|
}
|
||||||
|
|
||||||
my $note = $self->process_sockets or return DECLINED;
|
my $note = $self->process_sockets or return DECLINED;
|
||||||
return DECLINED if $self->ip_whitelisted();
|
if ( $self->ip_whitelisted() ) {
|
||||||
|
$self->log(LOGINFO, "skip: whitelisted");
|
||||||
|
return DECLINED;
|
||||||
|
};
|
||||||
|
|
||||||
if ( $rcpt->user =~ /^(?:postmaster|abuse|mailer-daemon|root)$/i ) {
|
if ( $rcpt->user =~ /^(?:postmaster|abuse|mailer-daemon|root)$/i ) {
|
||||||
$self->log(LOGWARN, "skip: don't blacklist special account: ".$rcpt->user);
|
$self->log(LOGWARN, "skip: don't blacklist special account: ".$rcpt->user);
|
||||||
@ -226,26 +233,32 @@ sub hook_disconnect {
|
|||||||
return DECLINED;
|
return DECLINED;
|
||||||
}
|
}
|
||||||
|
|
||||||
=head1 Usage
|
=head1 USAGE
|
||||||
|
|
||||||
Add the following line to the config/plugins file:
|
Add the following line to the config/plugins file:
|
||||||
|
|
||||||
dnsbl [disconnect]
|
dnsbl [ reject_type disconnect ] [loglevel -1]
|
||||||
|
|
||||||
If you want to immediately drop the connection (since some blacklisted
|
=head2 reject_type
|
||||||
servers attempt multiple sends per session), add the optional keyword
|
|
||||||
"disconnect" (case insensitive) to the config line. In most cases, an
|
To immediately drop the connection (since some blacklisted servers attempt
|
||||||
|
multiple sends per session), set the optional argument I<reject_type> to
|
||||||
|
"disconnect" on the config/plugin entry. In most cases, an
|
||||||
IP address that is listed should not be given the opportunity to begin
|
IP address that is listed should not be given the opportunity to begin
|
||||||
a new transaction, since even the most volatile blacklists will return
|
a new transaction, since even the most volatile blacklists will return
|
||||||
the same answer for a short period of time (the minimum DNS cache period).
|
the same answer for a short period of time (the minimum DNS cache period).
|
||||||
|
|
||||||
=head1 Configuration files
|
=head2 loglevel
|
||||||
|
|
||||||
This plugin uses the following configuration files. All of these are optional.
|
Adjust the quantity of logging for this plugin. See docs/logging.pl
|
||||||
However, not specifying dnsbl_zones is like not using the plugin at all.
|
|
||||||
|
=head1 CONFIG FILES
|
||||||
|
|
||||||
=over 4
|
=over 4
|
||||||
|
|
||||||
|
This plugin uses the following configuration files. All are optional. Not
|
||||||
|
specifying dnsbl_zones is like not using the plugin at all.
|
||||||
|
|
||||||
=item dnsbl_zones
|
=item dnsbl_zones
|
||||||
|
|
||||||
Normal ip based dns blocking lists ("RBLs") which contain TXT records are
|
Normal ip based dns blocking lists ("RBLs") which contain TXT records are
|
||||||
|
Loading…
Reference in New Issue
Block a user