diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 2007-02-24 19:28:14 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 2007-02-24 19:28:14 +0000 |
commit | 79a1cd1fceb98e8cdb836c1d78c385b669a7fe60 (patch) | |
tree | ccbd9e3b259c2f86c9268dc0c971a32bbad35495 | |
parent | f253be8e096d25b45b7215abb2fe352085c439d1 (diff) |
When greylisting we don't actually need to use the <spamd> pf table.
We just do no-rdr for things in <spamd-white> and rdr the rest to spamdb.
OK beck@
-rw-r--r-- | libexec/spamd-setup/spamd-setup.8 | 23 | ||||
-rw-r--r-- | libexec/spamd-setup/spamd-setup.c | 73 | ||||
-rw-r--r-- | libexec/spamd/spamd.8 | 29 |
3 files changed, 87 insertions, 38 deletions
diff --git a/libexec/spamd-setup/spamd-setup.8 b/libexec/spamd-setup/spamd-setup.8 index f4949304618..1df1afe7ed2 100644 --- a/libexec/spamd-setup/spamd-setup.8 +++ b/libexec/spamd-setup/spamd-setup.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: spamd-setup.8,v 1.9 2004/01/29 17:41:00 jmc Exp $ +.\" $OpenBSD: spamd-setup.8,v 1.10 2007/02/24 19:28:13 millert Exp $ .\" .\" Copyright (c) 2003 Jason L. Wright (jason@thought.net) .\" All rights reserved. @@ -31,7 +31,7 @@ .Nd parse and load file of spammer addresses .Sh SYNOPSIS .Nm spamd-setup -.Op Fl dn +.Op Fl dgn .Sh DESCRIPTION The .Nm @@ -55,6 +55,14 @@ The options are as follows: .Bl -tag -width Ds .It Fl d Debug mode reports a few pieces of information. +.It Fl g +Greylisting mode. +Blacklist data is stored only in +.Xr spamd 8 . +In the absence of this flag, data is stored in both +.Xr spamd 8 +and +.Xr pf 4 . .It Fl n Dry-run mode. No data is shipped to @@ -93,3 +101,14 @@ file. .Xr services 5 , .Xr spamd.conf 5 , .Xr spamd 8 +.Sh BUGS +Blacklists removed from +.Pa /etc/spamd.conf +are not automatically removed from the running +.Xr spamd 8 . +If an entry is removed from +.Pa /etc/spamd.conf +that is currently in use, it is necessary to restart +.Xr spamd 8 . +This applies only to blacklists that are removed entirely, not those +that are simply modified. diff --git a/libexec/spamd-setup/spamd-setup.c b/libexec/spamd-setup/spamd-setup.c index e54333cc132..2deb882635e 100644 --- a/libexec/spamd-setup/spamd-setup.c +++ b/libexec/spamd-setup/spamd-setup.c @@ -1,4 +1,4 @@ -/* $OpenBSD: spamd-setup.c,v 1.29 2007/02/14 01:16:22 millert Exp $ */ +/* $OpenBSD: spamd-setup.c,v 1.30 2007/02/24 19:28:13 millert Exp $ */ /* * Copyright (c) 2003 Bob Beck. All rights reserved. @@ -85,6 +85,7 @@ int getlist(char **, char *, struct blacklist *, struct blacklist *); int debug; int dryrun; +int greyonly; u_int32_t imask(u_int8_t b) @@ -457,7 +458,7 @@ add_blacklist(struct bl *bl, size_t *blc, size_t *bls, gzFile gzf, int white) for (;;) { /* read in gzf, then parse */ if (bu == bs) { - tmp = realloc(buf, bs + 8192 + 1); + tmp = realloc(buf, bs + (1024 * 1024) + 1); if (tmp == NULL) { free(buf); buf = NULL; @@ -465,7 +466,7 @@ add_blacklist(struct bl *bl, size_t *blc, size_t *bls, gzFile gzf, int white) serrno = errno; goto bldone; } - bs += 8192; + bs += 1024 * 1024; buf = tmp; } @@ -721,6 +722,7 @@ getlist(char ** db_array, char *name, struct blacklist *blist, if (gzf == NULL) errx(1, "gzdopen"); } + free(buf); bl = add_blacklist(bl, &blc, &bls, gzf, !black); gzclose(gzf); if (bl == NULL) { @@ -747,6 +749,30 @@ getlist(char ** db_array, char *name, struct blacklist *blist, return (black); } +void +send_blacklist(struct blacklist *blist, in_port_t port) +{ + struct cidr **cidrs, **tmp; + + if (blist->blc > 0) { + cidrs = collapse_blacklist(blist->bl, blist->blc); + if (cidrs == NULL) + errx(1, "malloc failed"); + if (!dryrun) { + if (configure_spamd(port, blist->name, + blist->message, cidrs) == -1) + err(1, "Can't connect to spamd on port %d", + port); + if (!greyonly && configure_pf(cidrs) == -1) + err(1, "pfctl failed"); + } + for (tmp = cidrs; *tmp != NULL; tmp++) + free(*tmp); + free(cidrs); + free(blist->bl); + } +} + int main(int argc, char *argv[]) { @@ -756,7 +782,7 @@ main(int argc, char *argv[]) struct servent *ent; int i, ch; - while ((ch = getopt(argc, argv, "nd")) != -1) { + while ((ch = getopt(argc, argv, "ndg")) != -1) { switch (ch) { case 'n': dryrun = 1; @@ -764,6 +790,9 @@ main(int argc, char *argv[]) case 'd': debug = 1; break; + case 'g': + greyonly = 1; + break; default: break; } @@ -796,7 +825,7 @@ main(int argc, char *argv[]) if (blc == bls) { struct blacklist *tmp; - bls += 1024; + bls += 32; tmp = realloc(blists, bls * sizeof(struct blacklist)); if (tmp == NULL) @@ -810,33 +839,17 @@ main(int argc, char *argv[]) black = blc; } memset(&blists[black], 0, sizeof(struct blacklist)); - blc += getlist(db_array, name, &blists[white], + black = getlist(db_array, name, &blists[white], &blists[black]); + if (black && blc > 0) { + /* collapse and free previous blacklist */ + send_blacklist(&blists[blc - 1], ent->s_port); + } + blc += black; } } - for (i = 0; i < blc; i++) { - struct cidr **cidrs, **tmp; - - if (blists[i].blc > 0) { - cidrs = collapse_blacklist(blists[i].bl, - blists[i].blc); - if (cidrs == NULL) - errx(1, "malloc failed"); - if (dryrun) - continue; - - if (configure_spamd(ent->s_port, blists[i].name, - blists[i].message, cidrs) == -1) - err(1, "Can't connect to spamd on port %d", - ent->s_port); - if (configure_pf(cidrs) == -1) - err(1, "pfctl failed"); - tmp = cidrs; - while (*tmp != NULL) - free(*tmp++); - free(cidrs); - free(blists[i].bl); - } - } + /* collapse and free last blacklist */ + if (blc > 0) + send_blacklist(&blists[blc - 1], ent->s_port); return (0); } diff --git a/libexec/spamd/spamd.8 b/libexec/spamd/spamd.8 index 77fe1a56b46..27b53f73f3e 100644 --- a/libexec/spamd/spamd.8 +++ b/libexec/spamd/spamd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: spamd.8,v 1.69 2007/02/24 08:48:49 jmc Exp $ +.\" $OpenBSD: spamd.8,v 1.70 2007/02/24 19:28:13 millert Exp $ .\" .\" Copyright (c) 2002 Theo de Raadt. All rights reserved. .\" @@ -298,16 +298,17 @@ database and configures all whitelist addresses as the table. The .Em spamd-white -table must be used to allow connections to pass to the +table +.Em must +be used to allow connections to pass to the real MTA as in the following .Xr pf.conf 5 example: .Bd -literal -offset 4n -table <spamd> persist table <spamd-white> persist -rdr pass inet proto tcp from <spamd> to any \e - port smtp -> 127.0.0.1 port spamd -rdr pass inet proto tcp from !<spamd-white> to any \e +no rdr inet proto tcp from <spamd-white> to any \e + port smtp +rdr pass inet proto tcp from any to any \e port smtp -> 127.0.0.1 port spamd .Ed .Pp @@ -331,6 +332,13 @@ considered for greylisting and eventual whitelisting (by addition to the .Em spamd-white table so they are not redirected) if they retry mail delivery. +Note that when greylisting we do not need the +.Em spamd +table since connections are passed to +.Nm +unless the address is listed in the +.Em spamd-white +table. .Pp .Nm removes tuple entries from the @@ -354,6 +362,15 @@ is whitelisted. The default is 36 days to allow for the delivery of monthly mailing list digests without greylist delays every time. .Pp +.Xr spamd-setup 8 +should be run with the +.Fl g +flag when operating in greylisting mode. +Otherwise, it will attempt to populate the +.Em spamd +.Xr pf 4 +table (which is not needed when greylisting). +.Pp .Xr spamlogd 8 should be used to update the whitelist entries in .Pa /var/db/spamd |