Merge pull request #145 from jaredj/greylist-exclude-files

Support postgrey-style greylist exclude files

plugins/greylisting

@@ -226,6 +226,52 @@ sub register {
     if ($self->{_args}{upgrade}) {
         $self->convert_db();
     }
+    $self->load_exclude_files();
+}
+
+sub load_exclude_files {
+    my ( $self ) = @_;
+    $self->load_exclude_file($_) for $self->qp->config('greylist_exclude_files');
+}
+
+sub load_exclude_file {
+    my ( $self, $filename ) = @_;
+    my $fh;
+    if ( ! open $fh, $filename ) {
+        warn "Couldn't open greylist exclude file $filename:$!\n";
+        next;
+    }
+    while ( my $line = <$fh> ) {
+        chomp $line;
+        $line =~ s/#.*//;
+        $line =~ s/\s//g;
+        next if ! $line;
+        $self->exclude_host($line);
+    }
+}
+
+sub exclude_host {
+    my ( $self, $pattern ) = @_;
+    if ( $pattern =~ /^\/(.*)\/$/ ) {
+        push @{ $self->{_exclude_re} }, qr/$1/;
+    }
+    elsif ( Qpsmtpd::Base->is_valid_ip($pattern) ) {
+        $self->{_exclude_ip}{$pattern} = 1;
+    }
+    else {
+        $self->{_exclude_hostname}{$pattern} = 1;
+    }
+}
+
+sub exclude_file_match {
+    my ( $self ) = @_;
+    return 1 if $self->{_exclude_ip}{   $self->connection->remote_ip   };
+    return 0 if ! $self->connection->remote_host;
+    return 1 if $self->{_exclude_hostname}{ $self->connection->remote_host };
+    for my $re ( @{ $self->{_exclude_re} || [] } ) {
+        return 1 if $self->connection->remote_host =~ $re;
+    }
+    return 0;
 }
 
 sub mail_handler {
@@ -512,6 +558,7 @@ sub exclude {
     return 1 if $self->is_immune();
     return 1 if !$self->p0f_match();
     return 1 if $self->geoip_match();
+    return 1 if $self->exclude_file_match();
     return;
 }
 

t/config/greylist_exclude_files

@@ -0,0 +1 @@
+./t/config/postgrey_whitelist_clients

t/config/postgrey_whitelist_clients

@@ -0,0 +1,229 @@
+# postgrey whitelist for mail client hostnames
+# --------------------------------------------
+# put this file in /etc/postfix or specify its path
+# with --whitelist-clients=xxx
+#
+# postgrey version: 1.35, build date: 2014-06-11
+
+# greylisting.org: Southwest Airlines (unique sender, no retry)
+southwest.com
+# greylisting.org: isp.belgacom.be (wierd retry pattern)
+isp.belgacom.be
+# greylisting.org: Ameritrade (no retry)
+ameritradeinfo.com
+# greylisting.org: Amazon.com (unique sender with letters)
+amazon.com
+# 2004-05-20: Linux kernel mailing-list (unique sender with letters)
+vger.kernel.org
+# 2004-06-02: karger.ch, no retry
+karger.ch
+# 2004-06-02: lilys.ch, (slow: 4 hours)
+server-x001.hostpoint.ch
+# 2004-06-09: roche.com (no retry)
+gw.bas.roche.com
+# 2004-06-09: newsletter (no retry)
+mail.hhlaw.com
+# 2004-06-09: no retry (reported by Ralph Hildebrandt)
+prd051.appliedbiosystems.com
+# 2004-06-17: swissre.com (no retry)
+swissre.com
+# 2004-06-17: dowjones.com newsletter (unique sender with letters)
+returns.dowjones.com
+# 2004-06-18: switch.ch (works but personnel is confused by the error)
+domin.switch.ch
+# 2004-06-23: accor-hotels.com (slow: 6 hours)
+accor-hotels.com
+# 2004-06-29: rr.com (no retry, reported by Duncan Hill)
+/^ms-smtp.*\.rr\.com$/
+# 2004-06-29: cox.net (no retry, reported by Duncan Hill)
+/^lake.*mta.*\.cox\.net$/
+# 2004-06-29: motorola.com (no retry)
+mot.com
+# 2004-07-01: nic.fr (address verification, reported by Arnaud Launay)
+nic.fr
+# 2004-07-01: verizon.net (address verification, reported by Bill Moran and Eric, adapted by Adam C. Mathews)
+/^s[cv]\d+pub\.verizon\.net$/
+# 2004-07-02: cs.columbia.edu (no retry)
+cs.columbia.edu
+# 2004-07-02: papersinvited.com (no retry)
+66.216.126.174
+# 2004-07-02: telekom.de (slow: 6 hours)
+/^mail\d+\.telekom\.de$/
+# 2004-07-04: tiscali.dk (slow: 12 hours, reported by Klaus Alexander Seistrup)
+/^smtp\d+\.tiscali\.dk$/
+# 2004-07-04: freshmeat.net (address verification)
+freshmeat.net
+# 2004-07-11: zd-swx.com (unique sender with letters, reported by Bill Landry)
+zd-swx.com
+# 2004-07-11: lockergnome.wc09.net (unique sender with letters, reported by Bill Landry)
+lockergnome.wc09.net
+# 2004-07-19: mxlogic.net (no retry, reported by Eric)
+p01m168.mxlogic.net
+p02m169.mxlogic.net
+# 2004-09-08: intel.com (pool on different subnets) 
+/^fmr\d+\.intel\.com$/
+# 2004-09-17: cox-internet.com (no retry, reported by Rod Roark)
+/^fe\d+\.cox-internet\.com$/
+# 2004-10-11: logismata.ch (no retry)
+logismata.ch
+# 2004-11-25: brief.cw.reum.de (no retry, reported by Manuel Oetiker)
+brief.cw.reum.de
+# 2004-12-03: ingeno.ch (no retry)
+qmail.ingeno.ch
+# 2004-12-06: rein.ch (no retry)
+mail1.thurweb.ch
+# 2005-01-26: tu-ilmenau.de (no retry)
+piggy.rz.tu-ilmenau.de
+# 2005-04-06: polymed.ch (no retry)
+mail.polymed.ch
+# 2005-06-08: hu-berlin.de (slow: 6 hours, reported by Joachim Schoenberg)
+rz.hu-berlin.de
+# 2005-06-17: gmail.com (big pool, reported by Beat Mueller)
+proxy.gmail.com
+# 2005-06-23: cacert.org (address verification, reported by Martin Lohmeier)
+cacert.org
+# 2005-07-27: polytech.univ-mrs.fr (no retry, reported by Giovanni Mandorino)
+polytech.univ-mrs.fr
+# 2005-08-05: gnu.org (address verification, reported by Martin Lohmeier)
+gnu.org
+# 2005-08-17: ciphirelabs.com (needs fast responses, reported by Sven Mueller)
+cs.ciphire.net
+# 2005-11-11: lufthansa (no retry, reported by Peter Bieringer)
+/^gateway\d+\.np4\.de$/
+# 2005-11-23: arcor-online.net (slow: 12 hours, reported by Bernd Zeimetz)
+/^mail-in-\d+\.arcor-online\.net$/
+# 2005-12-29: netsolmail.com (no retry, reported by Gareth Greenaway)
+netsolmail.com
+# mail.likopris.si (no retry, reported by Vito Robar)
+193.77.153.67
+# jcsw.nato.int (several servers, no retry, reported by Vito Robar)
+195.235.39
+# tesla.vtszg.hr (no retry, reported by Vito Robar)
+tesla.vtszg.hr
+# mailgw*.iai.co.il (pool of several servers, reported by Vito Robar)
+/^mailgw.*\.iai\.co\.il$/
+# gw.stud-serv-mb.si (no retry, reported by Vito Robar)
+gw.stud-serv-mb.si
+# mail.commandtech.com (no retry, reported by Vito Robar)
+216.238.112.99
+# duropack.co.at (no retry, reported by Vito Robar)
+193.81.20.195
+# mail.esimit-tech.si (no retry, reported by Vito Robar)
+193.77.126.208
+# mail.resotel.be (ocasionally no retry, reported by Vito Robar)
+80.200.249.216
+# mail2.alliancefr.be (ocasionally no retry, reported by Vito Robar)
+mail2.alliancefr.be
+# webserver.turboinstitut.si (no retry, reported by Vito Robar)
+webserver.turboinstitut.si
+# mil.be (pool of different servers, reported by Vito Robar)
+193.191.218.141
+193.191.218.142
+193.191.218.143
+194.7.234.141
+194.7.234.142
+194.7.234.143
+# mail*.usafisnews.org (no retry, reported by Vito Robar)
+/^mail\d+\.usafisnews\.org$/
+# odk.fdv.uni-lj.si (no retry, reported by Vito Robar)
+/^odk.fdv.uni-lj.si$/
+# rak-gentoo-1.nameserver.de (no retry, reported by Vito Robar)
+rak-gentoo-1.nameserver.de
+# dars.si (ocasionally no retry, reported by Vito Robar)
+mx.dars.si
+# cosis.si (no retry, reported by Vito Robar)
+213.143.66.210
+# mta?.siol.net (sometimes no or slow retry; they use intermail, reported by Vito Robar)
+/^mta[12].siol.net$/
+# pim-N-N.quickinspirationsmail.com (unique sender, reported by Vito Robar)
+/^pim-\d+-\d+\.quickinspirationsmail\.com$/
+# flymonarch (no retry, reported by Marko Djukic)
+flymonarch.com
+# wxs.nl (no retry, reported by Johannes Fehr)
+/^p?smtp.*\.wxs\.nl$/
+# ibm.com (big pool, reported by Casey Peel)
+ibm.com
+# messagelabs.com (big pool, reported by John Tobin)
+/^mail\d+\.messagelabs\.com$/
+# ptb.de (slow, reported by Joachim Schoenberg)
+berlin.ptb.de
+# registrarmail.net (unique sender names, reported by Simon Waters)
+registrarmail.net
+# google.com (big pool, reported by Matthias Dyer, Martin Toft)
+google.com
+# orange.fr (big pool, reported by Loïc Le Loarer)
+/^smtp\d+\.orange\.fr$/
+# citigroup.com (slow retry, reported by Michael Monnerie)
+/^smtp\d+.citigroup.com$/
+# cruisingclub.ch (no retry)
+mail.ccs-cruising.ch
+# digg.com (no retry, Debian #406774)
+diggstage01.digg.com
+# liberal.ca (retries only during 270 seconds, Debian #406774)
+smtp.liberal.ca
+# pi.ws (pool + long retry, Debian #409851)
+/^mail[12]\.pi\.ws$/
+# rambler.ru (big pool, reported by Michael Monnerie)
+rambler.ru
+# free.fr (big pool, reported by Denis Sacchet)
+/^smtp[0-9]+-g[0-9]+\.free\.fr$/
+/^postfix[0-9]+-g[0-9]+\.free\.fr$/
+# thehartford.com (pool + long retry, reported by Jacob Leifman)
+/^netmail\d+\.thehartford\.com$/
+# abb.com (only one retry, reported by Roman Plessl)
+/^nse\d+\.abb\.com$/
+# 2007-07-27: sourceforge.net (sender verification)
+lists.sourceforge.net
+# 2007-08-06: polytec.de (no retry, reported by Patrick McLean)
+polytec.de
+# 2007-09-06: qualiflow.com (no retry, reported by Alex Beckert)
+/^mail\d+\.msg\.oleane\.net$/
+# 2007-09-07: nrl.navy.mil (no retry, reported by Axel Beckert)
+nrl.navy.mil
+# 2007-10-18: aliplast.com (long retry, reported by Johannes Feigl)
+mail.aliplast.com
+# 2007-10-18: inode.at (long retry, reported by Johannes Feigl)
+/^mx\d+\..*\.inode\.at$/
+# 2008-02-01: bol.com (no retry, reported by Frank Breedijk)
+/^.*?.server.arvato-systems.de$/
+# 2008-06-05: registeredsite.com (no retry, reported by Fred Kilbourn)
+/^(?:mail|fallback-mx)\d+.atl.registeredsite.com$/
+# 2008-07-17: mahidol.ac.th (no retry, reported by Alex Beckert)
+saturn.mahidol.ac.th
+# 2008-07-18: ebay.com (big pool, reported by Peter Samuelson)
+ebay.com
+# 2008-07-22: yahoo.com (big pool, reported by Juan Alonso)
+yahoo.com
+# 2008-11-07: facebook (no retry, reported by Tim Freeman)
+/^outmail\d+\.sctm\.tfbnw\.net$/
+# 2009-02-10: server14.cyon.ch (long retry, reported by Alex Beckert)
+server14.cyon.ch
+# 2009-08-19: 126.com (big pool)
+/^m\d+-\d+\.126\.com$/
+# 2010-01-08: tifr.res.in (no retry, reported by Alex Beckert)
+home.theory.tifr.res.in
+# 2010-01-08: 1blu.de (long retry, reported by Alex Beckert)
+ms4-1.1blu.de
+# 2010-03-17: chello.at (big pool, reported by Jan-willem van Eys)
+/^viefep\d+-int\.chello\.at$/
+# 2010-05-31: nic.nu (long retry, reported by Ivan Sie)
+mx.nic.nu
+# 2010-06-10: Microsoft servers (long/no retry, reported by Roy McMorran)
+bigfish.com
+frontbridge.com
+microsoft.com
+# 2010-06-18: Google/Postini (big pool, reported by Warren Trakman)
+postini.com
+# 2011-02-04: evanzo-server.de (no retry, reported by Andre Hoepner)
+/^mx.*\.evanzo-server\.de$/
+# 2011-05-02: upcmail.net (big pool, reported by Michael Monnerie)
+upcmail.net
+# 2013-12-18: orange.fr (big pool, reported by fulax)
+/^smtp\d+\.smtpout\.orange\.fr$/
+# 2014-01-29: gmx/web.de/1&1 (long retry, reported by Axel Beckert)
+mout-xforward.gmx.net
+mout-xforward.web.de
+mout-xforward.kundenserver.de
+mout-xforward.perfora.net
+# 2014-02-01: startcom.org (long retry, reported by jweiher)
+gateway.startcom.org

t/plugin_tests/greylisting

@@ -16,6 +16,7 @@ foreach ( @greydbs ) {
 sub register_tests {
     my $self = shift;
 
+    $self->register_test("test_load_exclude_files");
     $self->register_test('test_hook_data');
     $self->register_test('test_get_db_key');
     $self->register_test('test_get_db_location');
@@ -25,6 +26,54 @@ sub register_tests {
     $self->register_test("test_greylist_p0f_distance");
     $self->register_test("test_greylist_p0f_link");
     $self->register_test("test_greylist_p0f_uptime");
+    $self->register_test('test_exclude_file_match');
+}
+
+sub test_load_exclude_files {
+    my ( $self ) = @_;
+    delete $self->{$_} for qw( _exclude_ip _exclude_hostname exclude_re );
+    $self->load_exclude_files();
+    ok( $self->{_exclude_ip}{'194.7.234.142'},
+        'Excluded IPs populated by load_exclude_files()' );
+    ok( $self->{_exclude_hostname}{'yahoo.com'},
+        'Excluded hostnames populated by load_exclude_files()' );
+    ok( ( grep { $_ eq qr/^mta[12].siol.net$/ } @{ $self->{_exclude_re} || [] } ),
+        'Excluded REs populated by load_exlude_files()' );
+}
+
+sub test_exclude_file_match {
+    my ( $self ) = @_;
+    my @test_data = (
+        {
+            ip       => 192.168.1.1,
+            hostname => 'mta1234.siol.net',
+            expected => 0,
+            descr    => 'miss',
+        },
+        {
+            ip       => '194.7.234.142',
+            hostname => 'mta1234.siol.net',
+            expected => 1,
+            descr    => 'IP match',
+        },
+        {
+            ip       => 192.168.1.1,
+            hostname => 'postini.com',
+            expected => 1,
+            descr    => 'Hostname match',
+        },
+        {
+            ip       => 192.168.1.1,
+            hostname => 'mta2.siol.net',
+            expected => 1,
+            descr    => 'Regex match',
+        },
+    );
+    for my $t ( @test_data ) {
+        $self->connection->remote_ip( $t->{ip} );
+        $self->connection->remote_host( $t->{hostname} );
+        is( $self->exclude_file_match(), $t->{expected}, "exclude_file_match(): $t->{descr}" );
+    }
 }
 
 sub test_hook_data {