summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>2007-02-24 19:28:14 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>2007-02-24 19:28:14 +0000
commit79a1cd1fceb98e8cdb836c1d78c385b669a7fe60 (patch)
treeccbd9e3b259c2f86c9268dc0c971a32bbad35495
parentf253be8e096d25b45b7215abb2fe352085c439d1 (diff)
When greylisting we don't actually need to use the <spamd> pf table.
We just do no-rdr for things in <spamd-white> and rdr the rest to spamdb. OK beck@
-rw-r--r--libexec/spamd-setup/spamd-setup.823
-rw-r--r--libexec/spamd-setup/spamd-setup.c73
-rw-r--r--libexec/spamd/spamd.829
3 files changed, 87 insertions, 38 deletions
diff --git a/libexec/spamd-setup/spamd-setup.8 b/libexec/spamd-setup/spamd-setup.8
index f4949304618..1df1afe7ed2 100644
--- a/libexec/spamd-setup/spamd-setup.8
+++ b/libexec/spamd-setup/spamd-setup.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: spamd-setup.8,v 1.9 2004/01/29 17:41:00 jmc Exp $
+.\" $OpenBSD: spamd-setup.8,v 1.10 2007/02/24 19:28:13 millert Exp $
.\"
.\" Copyright (c) 2003 Jason L. Wright (jason@thought.net)
.\" All rights reserved.
@@ -31,7 +31,7 @@
.Nd parse and load file of spammer addresses
.Sh SYNOPSIS
.Nm spamd-setup
-.Op Fl dn
+.Op Fl dgn
.Sh DESCRIPTION
The
.Nm
@@ -55,6 +55,14 @@ The options are as follows:
.Bl -tag -width Ds
.It Fl d
Debug mode reports a few pieces of information.
+.It Fl g
+Greylisting mode.
+Blacklist data is stored only in
+.Xr spamd 8 .
+In the absence of this flag, data is stored in both
+.Xr spamd 8
+and
+.Xr pf 4 .
.It Fl n
Dry-run mode.
No data is shipped to
@@ -93,3 +101,14 @@ file.
.Xr services 5 ,
.Xr spamd.conf 5 ,
.Xr spamd 8
+.Sh BUGS
+Blacklists removed from
+.Pa /etc/spamd.conf
+are not automatically removed from the running
+.Xr spamd 8 .
+If an entry is removed from
+.Pa /etc/spamd.conf
+that is currently in use, it is necessary to restart
+.Xr spamd 8 .
+This applies only to blacklists that are removed entirely, not those
+that are simply modified.
diff --git a/libexec/spamd-setup/spamd-setup.c b/libexec/spamd-setup/spamd-setup.c
index e54333cc132..2deb882635e 100644
--- a/libexec/spamd-setup/spamd-setup.c
+++ b/libexec/spamd-setup/spamd-setup.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: spamd-setup.c,v 1.29 2007/02/14 01:16:22 millert Exp $ */
+/* $OpenBSD: spamd-setup.c,v 1.30 2007/02/24 19:28:13 millert Exp $ */
/*
* Copyright (c) 2003 Bob Beck. All rights reserved.
@@ -85,6 +85,7 @@ int getlist(char **, char *, struct blacklist *, struct blacklist *);
int debug;
int dryrun;
+int greyonly;
u_int32_t
imask(u_int8_t b)
@@ -457,7 +458,7 @@ add_blacklist(struct bl *bl, size_t *blc, size_t *bls, gzFile gzf, int white)
for (;;) {
/* read in gzf, then parse */
if (bu == bs) {
- tmp = realloc(buf, bs + 8192 + 1);
+ tmp = realloc(buf, bs + (1024 * 1024) + 1);
if (tmp == NULL) {
free(buf);
buf = NULL;
@@ -465,7 +466,7 @@ add_blacklist(struct bl *bl, size_t *blc, size_t *bls, gzFile gzf, int white)
serrno = errno;
goto bldone;
}
- bs += 8192;
+ bs += 1024 * 1024;
buf = tmp;
}
@@ -721,6 +722,7 @@ getlist(char ** db_array, char *name, struct blacklist *blist,
if (gzf == NULL)
errx(1, "gzdopen");
}
+ free(buf);
bl = add_blacklist(bl, &blc, &bls, gzf, !black);
gzclose(gzf);
if (bl == NULL) {
@@ -747,6 +749,30 @@ getlist(char ** db_array, char *name, struct blacklist *blist,
return (black);
}
+void
+send_blacklist(struct blacklist *blist, in_port_t port)
+{
+ struct cidr **cidrs, **tmp;
+
+ if (blist->blc > 0) {
+ cidrs = collapse_blacklist(blist->bl, blist->blc);
+ if (cidrs == NULL)
+ errx(1, "malloc failed");
+ if (!dryrun) {
+ if (configure_spamd(port, blist->name,
+ blist->message, cidrs) == -1)
+ err(1, "Can't connect to spamd on port %d",
+ port);
+ if (!greyonly && configure_pf(cidrs) == -1)
+ err(1, "pfctl failed");
+ }
+ for (tmp = cidrs; *tmp != NULL; tmp++)
+ free(*tmp);
+ free(cidrs);
+ free(blist->bl);
+ }
+}
+
int
main(int argc, char *argv[])
{
@@ -756,7 +782,7 @@ main(int argc, char *argv[])
struct servent *ent;
int i, ch;
- while ((ch = getopt(argc, argv, "nd")) != -1) {
+ while ((ch = getopt(argc, argv, "ndg")) != -1) {
switch (ch) {
case 'n':
dryrun = 1;
@@ -764,6 +790,9 @@ main(int argc, char *argv[])
case 'd':
debug = 1;
break;
+ case 'g':
+ greyonly = 1;
+ break;
default:
break;
}
@@ -796,7 +825,7 @@ main(int argc, char *argv[])
if (blc == bls) {
struct blacklist *tmp;
- bls += 1024;
+ bls += 32;
tmp = realloc(blists,
bls * sizeof(struct blacklist));
if (tmp == NULL)
@@ -810,33 +839,17 @@ main(int argc, char *argv[])
black = blc;
}
memset(&blists[black], 0, sizeof(struct blacklist));
- blc += getlist(db_array, name, &blists[white],
+ black = getlist(db_array, name, &blists[white],
&blists[black]);
+ if (black && blc > 0) {
+ /* collapse and free previous blacklist */
+ send_blacklist(&blists[blc - 1], ent->s_port);
+ }
+ blc += black;
}
}
- for (i = 0; i < blc; i++) {
- struct cidr **cidrs, **tmp;
-
- if (blists[i].blc > 0) {
- cidrs = collapse_blacklist(blists[i].bl,
- blists[i].blc);
- if (cidrs == NULL)
- errx(1, "malloc failed");
- if (dryrun)
- continue;
-
- if (configure_spamd(ent->s_port, blists[i].name,
- blists[i].message, cidrs) == -1)
- err(1, "Can't connect to spamd on port %d",
- ent->s_port);
- if (configure_pf(cidrs) == -1)
- err(1, "pfctl failed");
- tmp = cidrs;
- while (*tmp != NULL)
- free(*tmp++);
- free(cidrs);
- free(blists[i].bl);
- }
- }
+ /* collapse and free last blacklist */
+ if (blc > 0)
+ send_blacklist(&blists[blc - 1], ent->s_port);
return (0);
}
diff --git a/libexec/spamd/spamd.8 b/libexec/spamd/spamd.8
index 77fe1a56b46..27b53f73f3e 100644
--- a/libexec/spamd/spamd.8
+++ b/libexec/spamd/spamd.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: spamd.8,v 1.69 2007/02/24 08:48:49 jmc Exp $
+.\" $OpenBSD: spamd.8,v 1.70 2007/02/24 19:28:13 millert Exp $
.\"
.\" Copyright (c) 2002 Theo de Raadt. All rights reserved.
.\"
@@ -298,16 +298,17 @@ database and configures all whitelist addresses as the
table.
The
.Em spamd-white
-table must be used to allow connections to pass to the
+table
+.Em must
+be used to allow connections to pass to the
real MTA as in the following
.Xr pf.conf 5
example:
.Bd -literal -offset 4n
-table <spamd> persist
table <spamd-white> persist
-rdr pass inet proto tcp from <spamd> to any \e
- port smtp -> 127.0.0.1 port spamd
-rdr pass inet proto tcp from !<spamd-white> to any \e
+no rdr inet proto tcp from <spamd-white> to any \e
+ port smtp
+rdr pass inet proto tcp from any to any \e
port smtp -> 127.0.0.1 port spamd
.Ed
.Pp
@@ -331,6 +332,13 @@ considered for greylisting and eventual whitelisting (by addition
to the
.Em spamd-white
table so they are not redirected) if they retry mail delivery.
+Note that when greylisting we do not need the
+.Em spamd
+table since connections are passed to
+.Nm
+unless the address is listed in the
+.Em spamd-white
+table.
.Pp
.Nm
removes tuple entries from the
@@ -354,6 +362,15 @@ is whitelisted.
The default is 36 days to allow for the delivery of
monthly mailing list digests without greylist delays every time.
.Pp
+.Xr spamd-setup 8
+should be run with the
+.Fl g
+flag when operating in greylisting mode.
+Otherwise, it will attempt to populate the
+.Em spamd
+.Xr pf 4
+table (which is not needed when greylisting).
+.Pp
.Xr spamlogd 8
should be used to update the whitelist entries in
.Pa /var/db/spamd