From 9664eb94691ee5e3e4f2aac605254c4485d6a806 Mon Sep 17 00:00:00 2001 From: John Peacock Date: Wed, 22 Jun 2005 14:08:57 +0000 Subject: [PATCH] Change remaining plugins to use LOGXXXX constants instead of bare numbers. Change plugins/dnsbl to permit AUTH'd or other relay clients even if IP is on a blacklist. git-svn-id: https://svn.perl.org/qpsmtpd/trunk@442 958fd67b-6ff1-0310-b445-bb7760255be9 --- plugins/check_basicheaders | 2 +- plugins/dnsbl | 12 ++++++++---- plugins/greylisting | 28 ++++++++++++++-------------- plugins/queue/maildir | 2 +- plugins/spamassassin | 2 +- plugins/virus/aveclient | 14 +++++++------- plugins/virus/kavscanner | 12 ++++++------ 7 files changed, 38 insertions(+), 34 deletions(-) diff --git a/plugins/check_basicheaders b/plugins/check_basicheaders index fe12b92..8abdc69 100644 --- a/plugins/check_basicheaders +++ b/plugins/check_basicheaders @@ -37,7 +37,7 @@ sub register { if (@args > 0) { $self->{_days} = $args[0]; - $self->log(1, "WARNING: Ignoring additional arguments.") if (@args > 1); + $self->log(LOGWARN, "WARNING: Ignoring additional arguments.") if (@args > 1); } } diff --git a/plugins/dnsbl b/plugins/dnsbl index ceda919..666090d 100644 --- a/plugins/dnsbl +++ b/plugins/dnsbl @@ -153,24 +153,28 @@ sub process_sockets { sub rcpt_handler { my ($self, $transaction, $rcpt) = @_; + my $connection = $self->qp->connection; # RBLSMTPD being non-empty means it contains the failure message to return if (defined ($ENV{'RBLSMTPD'}) && $ENV{'RBLSMTPD'} ne '') { my $result = $ENV{'RBLSMTPD'}; - my $remote_ip = $self->qp->connection->remote_ip; + my $remote_ip = $connection->remote_ip; $result =~ s/%IP%/$remote_ip/g; return ($self->{_dnsbl}->{DENY}, join(" ", $self->qp->config('dnsbl_rejectmsg'), $result)); } my $note = $self->process_sockets; - my $whitelist = $self->qp->connection->notes('whitelisthost'); + my $whitelist = $connection->notes('whitelisthost'); if ( $note ) { if ( $rcpt->user =~ /^(?:postmaster|abuse|mailer-daemon|root)$/i ) { - $self->log(2, "Don't blacklist special account: ".$rcpt->user); + $self->log(LOGWARN, "Don't blacklist special account: ".$rcpt->user); } elsif ( $whitelist ) { - $self->log(2, "Whitelist overrode blacklist: $whitelist"); + $self->log(LOGWARN, "Whitelist overrode blacklist: $whitelist"); + } + elsif ( $connection->relay_client() ) { + $self->log(LOGWARN, "Don't blacklist relay/auth clients"); } else { return ($self->{_dnsbl}->{DENY}, $note); diff --git a/plugins/greylisting b/plugins/greylisting index aaad20f..b7ffc22 100644 --- a/plugins/greylisting +++ b/plugins/greylisting @@ -129,7 +129,7 @@ sub register { map { split /\s+/, $_, 2 } $self->qp->config('denysoft_greylist'), %arg }; if (my @bad = grep { ! exists $ARGS{$_} } sort keys %$config) { - $self->log(1, "invalid parameter(s): " . join(',',@bad)); + $self->log(LOGALERT, "invalid parameter(s): " . join(',',@bad)); } $self->{_greylist_config} = $config; unless ($config->{recipient} || $config->{per_recipient}) { @@ -173,7 +173,7 @@ sub data_handler { return DECLINED unless $note; # Decline if ALL recipients are whitelisted if (($transaction->notes('whitelistrcpt')||0) == scalar($transaction->recipients)) { - $self->log(4,"all recipients whitelisted - skipping"); + $self->log(LOGWARN,"all recipients whitelisted - skipping"); return DECLINED; } return DENYSOFT, $note; @@ -182,7 +182,7 @@ sub data_handler { sub denysoft_greylist { my ($self, $transaction, $sender, $rcpt, $config) = @_; $config ||= $self->{_greylist_config}; - $self->log(7, "config: " . join(',',map { $_ . '=' . $config->{$_} } sort keys %$config)); + $self->log(LOGDEBUG, "config: " . join(',',map { $_ . '=' . $config->{$_} } sort keys %$config)); # Always allow relayclients and whitelisted hosts/senders return DECLINED if exists $ENV{RELAYCLIENT}; @@ -194,24 +194,24 @@ sub denysoft_greylist { if $config->{per_recipient_db}; $dbdir ||= -d "$QPHOME/var/db" ? "$QPHOME/var/db" : "$QPHOME/config"; my $db = "$dbdir/$DB"; - $self->log(6,"using $db as greylisting database"); + $self->log(LOGINFO,"using $db as greylisting database"); my $remote_ip = $self->qp->connection->remote_ip; my $fmt = "%s:%d:%d:%d"; # Check denysoft db unless (open LOCK, ">$db.lock") { - $self->log(2, "opening lockfile failed: $!"); + $self->log(LOGCRIT, "opening lockfile failed: $!"); return DECLINED; } unless (flock LOCK, LOCK_EX) { - $self->log(2, "flock of lockfile failed: $!"); + $self->log(LOGCRIT, "flock of lockfile failed: $!"); close LOCK; return DECLINED; } my %db = (); unless (tie %db, 'AnyDBM_File', $db, O_CREAT|O_RDWR, 0600) { - $self->log(2, "tie to database $db failed: $!"); + $self->log(LOGCRIT, "tie to database $db failed: $!"); close LOCK; return DECLINED; } @@ -223,12 +223,12 @@ sub denysoft_greylist { my ($ts, $new, $black, $white) = (0,0,0,0); if ($db{$key}) { ($ts, $new, $black, $white) = split /:/, $db{$key}; - $self->log(3, "ts: " . localtime($ts) . ", now: " . localtime); + $self->log(LOGERROR, "ts: " . localtime($ts) . ", now: " . localtime); if (! $white) { # Black IP - deny, but don't update timestamp if (time - $ts < $config->{black_timeout}) { $db{$key} = sprintf $fmt, $ts, $new, ++$black, 0; - $self->log(2, "key $key black DENYSOFT - $black failed connections"); + $self->log(LOGCRIT, "key $key black DENYSOFT - $black failed connections"); untie %db; close LOCK; return $config->{mode} eq 'testonly' ? DECLINED : DENYSOFT, $DENYMSG; @@ -236,33 +236,33 @@ sub denysoft_greylist { # Grey IP - accept unless timed out elsif (time - $ts < $config->{grey_timeout}) { $db{$key} = sprintf $fmt, time, $new, $black, 1; - $self->log(2, "key $key updated grey->white"); + $self->log(LOGCRIT, "key $key updated grey->white"); untie %db; close LOCK; return DECLINED; } else { - $self->log(3, "key $key has timed out (grey)"); + $self->log(LOGERROR, "key $key has timed out (grey)"); } } # White IP - accept unless timed out else { if (time - $ts < $config->{white_timeout}) { $db{$key} = sprintf $fmt, time, $new, $black, ++$white; - $self->log(2, "key $key is white, $white deliveries"); + $self->log(LOGCRIT, "key $key is white, $white deliveries"); untie %db; close LOCK; return DECLINED; } else { - $self->log(3, "key $key has timed out (white)"); + $self->log(LOGERROR, "key $key has timed out (white)"); } } } # New ip or entry timed out - record new and return DENYSOFT $db{$key} = sprintf $fmt, time, ++$new, $black, 0; - $self->log(2, "key $key initial DENYSOFT, unknown"); + $self->log(LOGCRIT, "key $key initial DENYSOFT, unknown"); untie %db; close LOCK; return $config->{mode} eq 'testonly' ? DECLINED : DENYSOFT, $DENYMSG; diff --git a/plugins/queue/maildir b/plugins/queue/maildir index 1bdc871..b87886e 100644 --- a/plugins/queue/maildir +++ b/plugins/queue/maildir @@ -26,7 +26,7 @@ sub register { } unless ($self->{_maildir}) { - $self->log(1, "WARNING: maildir directory not specified"); + $self->log(LOGWARN, "WARNING: maildir directory not specified"); return 0; } diff --git a/plugins/spamassassin b/plugins/spamassassin index bcf2879..035cadd 100644 --- a/plugins/spamassassin +++ b/plugins/spamassassin @@ -213,7 +213,7 @@ sub check_spam { $transaction->header->add('X-Spam-Status', "$flag, hits=$hits required=$required\n" . "\ttests=$tests", 0); - $self->log(5, "check_spam: $flag, hits=$hits, required=$required, " . + $self->log(LOGNOTICE, "check_spam: $flag, hits=$hits, required=$required, " . "tests=$tests"); return (DECLINED); diff --git a/plugins/virus/aveclient b/plugins/virus/aveclient index cae686e..00609ed 100644 --- a/plugins/virus/aveclient +++ b/plugins/virus/aveclient @@ -117,7 +117,7 @@ sub register { if (exists $self->{_avclient_bin} && $self->{_avclient_bin} =~ /^(\/[\/\-\_\.a-z0-9A-Z]*)$/) { $self->{_avclient_bin} = $1; } else { - $self->log(1, "FATAL ERROR: No binary aveclient found: '".$self->{_avclient_bin}."'"); + $self->log(LOGALERT, "FATAL ERROR: No binary aveclient found: '".$self->{_avclient_bin}."'"); exit 3; } } @@ -153,7 +153,7 @@ sub avscan { # check if something went wrong if ($signal) { - $self->log(1, "kavscanner exited with signal: $signal"); + $self->log(LOGERROR, "kavscanner exited with signal: $signal"); return (DECLINED); } @@ -164,20 +164,20 @@ sub avscan { # ok a somewhat virus was found shift @output; $description = "REPORT: ".join(", ",@output); - $self->log(1, "Virus found! ($description)"); + $self->log(LOGWARN, "Virus found! ($description)"); # we don't want to be disturbed be these, so block mail and DENY connection return(DENY, "Virus found: $description"); } else { - $self->log(0, "aveserver: no viruses have been detected.") if($result =~ /^0$/); - $self->log(0, "aveserver: system error launching the application (file not found, unable to read the file).") if($result =~ /^0$/); - $self->log(0, "aveserver: some of the required parameters are missing from the command line.") if($result =~ /^9$/); + $self->log(LOGCRIT, "aveserver: no viruses have been detected.") if($result =~ /^0$/); + $self->log(LOGCRIT, "aveserver: system error launching the application (file not found, unable to read the file).") if($result =~ /^0$/); + $self->log(LOGCRIT, "aveserver: some of the required parameters are missing from the command line.") if($result =~ /^9$/); return(DENY, "Unable to scan for virus, please contact admin of ".$self->qp->config("me").", if you feel this is an error!") if $self->{_blockonerror}; } } - $self->log(1, "kavscanner results: $description"); + $self->log(LOGINFO, "kavscanner results: $description"); $transaction->header->add('X-Virus-Checked', 'Checked by Kaspersky on '.$self->qp->config("me")); return (DECLINED); } diff --git a/plugins/virus/kavscanner b/plugins/virus/kavscanner index a13b917..d6210a3 100644 --- a/plugins/virus/kavscanner +++ b/plugins/virus/kavscanner @@ -74,7 +74,7 @@ sub register { $self->{_kavscanner_bin} =~ /^(\/[\/\-\_\.a-z0-9A-Z]*)$/) { $self->{_kavscanner_bin} = $1; } else { - $self->log(1, "FATAL ERROR: Unexpected characters in kavscanner argument"); + $self->log(LOGALERT, "FATAL ERROR: Unexpected characters in kavscanner argument"); exit 3; } } @@ -94,7 +94,7 @@ sub kav_scan { # Now do the actual scanning! my $cmd = $self->{_kavscanner_bin}." -Y -P -B -MP -MD -* $filename 2>&1"; - $self->log(1, "Running: $cmd"); + $self->log(LOGNOTICE, "Running: $cmd"); my @output = `$cmd`; chomp(@output); @@ -105,7 +105,7 @@ sub kav_scan { close $temp_fh; if ($signal) { - $self->log(1, "kavscanner exited with signal: $signal"); + $self->log(LOGWARN, "kavscanner exited with signal: $signal"); return (DECLINED); } @@ -127,7 +127,7 @@ sub kav_scan { ."suspicions: ".join(", ", @suspicious); # else we may get a veeeery long X-Virus-Details: line or log entry $description = substr($description,0,60); - $self->log(1, "There be a virus! ($description)"); + $self->log(LOGWARN, "There be a virus! ($description)"); ### Untested by now, need volunteers ;-) #if ($self->qp->config("kav_deny")) { # foreach my $d (keys %{$self->qp->config("kav_deny", "map")}) { @@ -165,11 +165,11 @@ sub kav_scan { } } } else { - $self->log(0, "corrupt or unknown Kaspersky scanner/resource problems - exit status $result"); + $self->log(LOGEMERG, "corrupt or unknown Kaspersky scanner/resource problems - exit status $result"); } } - $self->log(1, "kavscanner results: $description"); + $self->log(LOGINFO, "kavscanner results: $description"); $transaction->header->add('X-Virus-Checked', 'Checked by '.$self->qp->config("me")); return (DECLINED);