#!perl -Tw

use Qpsmtpd::Plugin::Async::DNSBLBase;

sub init {
    my $self = shift;
    my $class = ref $self;

    no strict 'refs';
    push @{"${class}::ISA"}, 'Qpsmtpd::Plugin::Async::DNSBLBase';
}

sub hook_connect {
    my ($self, $transaction) = @_;
    my $class = ref $self;

    my %whitelist_zones =
      map { (split /\s+/, $_, 2)[0, 1] } $self->qp->config('whitelist_zones');

    return DECLINED unless %whitelist_zones;

    my $remote_ip = $self->connection->remote_ip;
    my $reversed_ip = join(".", reverse(split(/\./, $remote_ip)));

    # type TXT lookup only
    return DECLINED
      unless $class->lookup($self->qp, [],
                            [map { "$reversed_ip.$_" } keys %whitelist_zones],
                           );

    return YIELD;
}

sub process_txt_result {
    my ($class, $qp, $result, $query) = @_;

    my $connection = $qp->connection;
    $connection->notes('whitelisthost', $result)
      unless $connection->notes('whitelisthost');
}

sub hook_rcpt {
    my ($self, $transaction, $rcpt) = @_;
    my $connection = $self->qp->connection;

    if (my $note = $connection->notes('whitelisthost')) {
        my $ip = $connection->remote_ip;
        $self->log(LOGNOTICE, "Host $ip is whitelisted: $note");
    }
    return DECLINED;
}

=head1 NAME

dns_whitelist_soft - dns-based whitelist override for other qpsmtpd plugins

=head1 DESCRIPTION

The dns_whitelist_soft plugin allows selected host to be whitelisted as
exceptions to later plugin processing.  It is most suitable for multisite
installations, so that the whitelist is stored in one location and available
from all.

=head1 CONFIGURATION

To enable the plugin, add it to the ~qpsmtpd/config/plugins file as usual.
It should precede any plugins whose rejections you wish to override.  You may
have to alter those plugins to check the appropriate notes field.

Several configuration files are supported, corresponding to different
parts of the SMTP conversation:

=over 4

=item whitelist_zones

Any IP address listed in the whitelist_zones file is queried using
the connecting MTA's IP address.  Any A or TXT answer means that the
remote HOST address can be selectively exempted at other stages by plugins
testing for a 'whitelisthost' connection note.

=back

NOTE: in contrast to the non-async version, the other 'connect' hooks
fired after the 'connect' hook of this plugin will see the 'whitelisthost'
connection note, if set by this plugin.

=cut