Make spamd include the HELO/EHLO identification string sent by

the connecting hosts in the tuple key when greylisting. catches
a few more bogus hosts and will let us trap based on HELO later.

Changes spamdb(8) output to include the new field.

ok deraadt@, jmc@

2 files changed, 48 insertions, 15 deletions

diff --git a/libexec/spamd/grey.c b/libexec/spamd/grey.c
index 835e96b6a21..34e79671950 100644
--- a/libexec/spamd/grey.c
+++ b/libexec/spamd/grey.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: grey.c,v 1.28 2007/02/23 19:45:08 beck Exp $	*/
+/*	$OpenBSD: grey.c,v 1.29 2007/02/23 22:40:50 beck Exp $	*/
 
 /*
  * Copyright (c) 2004-2006 Bob Beck.  All rights reserved.
@@ -580,7 +580,7 @@ trapcheck(DB *db, char *to)
 }
 
 int
-greyupdate(char *dbname, char *ip, char *from, char *to)
+greyupdate(char *dbname, char *helo, char *ip, char *from, char *to)
 {
 	HASHINFO	hashinfo;
 	DBT		dbk, dbd;
@@ -598,7 +598,7 @@ greyupdate(char *dbname, char *ip, char *from, char *to)
 	db = dbopen(dbname, O_EXLOCK|O_RDWR, 0600, DB_HASH, &hashinfo);
 	if (db == NULL)
 		return(-1);
-	if (asprintf(&key, "%s\n%s\n%s", ip, from, to) == -1)
+	if (asprintf(&key, "%s\n%s\n%s\n%s", ip, helo, from, to) == -1)
 		goto bad;
 	r = trapcheck(db, to);
 	switch (r) {
@@ -688,7 +688,7 @@ greyupdate(char *dbname, char *ip, char *from, char *to)
 int
 greyreader(void)
 {
-	char ip[32], from[MAX_MAIL], to[MAX_MAIL], *buf;
+	char ip[32], helo[MAX_MAIL], from[MAX_MAIL], to[MAX_MAIL], *buf;
 	size_t len;
 	int state;
 	struct addrinfo hints, *res;
@@ -719,24 +719,32 @@ greyreader(void)
 
 		switch (state) {
 		case 0:
+			if (strncmp(buf, "HE:", 3) != 0) {
+				state = 0;
+				break;
+			}
+			strlcpy(helo, buf+3, sizeof(helo));
+			state = 1;
+			break;
+		case 1:
 			if (strncmp(buf, "IP:", 3) != 0)
 				break;
 			strlcpy(ip, buf+3, sizeof(ip));
 			if (getaddrinfo(ip, NULL, &hints, &res) == 0) {
 				freeaddrinfo(res);
-				state = 1;
+				state = 2;
 			} else
 				state = 0;
 			break;
-		case 1:
+		case 2:
 			if (strncmp(buf, "FR:", 3) != 0) {
 				state = 0;
 				break;
 			}
 			strlcpy(from, buf+3, sizeof(from));
-			state = 2;
+			state = 3;
 			break;
-		case 2:
+		case 3:
 			if (strncmp(buf, "TO:", 3) != 0) {
 				state = 0;
 				break;
@@ -744,9 +752,9 @@ greyreader(void)
 			strlcpy(to, buf+3, sizeof(to));
 			if (debug)
 				fprintf(stderr,
-				    "Got Grey IP %s from %s to %s\n",
-				    ip, from, to);
-			greyupdate(PATH_SPAMD_DB, ip, from, to);
+				    "Got Grey HELO %s, IP %s from %s to %s\n",
+				    helo, ip, from, to);
+			greyupdate(PATH_SPAMD_DB, helo, ip, from, to);
 			state = 0;
 			break;
 		}
diff --git a/libexec/spamd/spamd.c b/libexec/spamd/spamd.c
index 1a13ade1cd5..e1211e71618 100644
--- a/libexec/spamd/spamd.c
+++ b/libexec/spamd/spamd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: spamd.c,v 1.87 2007/02/23 19:36:23 deraadt Exp $	*/
+/*	$OpenBSD: spamd.c,v 1.88 2007/02/23 22:40:50 beck Exp $	*/
 
 /*
  * Copyright (c) 2002 Theo de Raadt.  All rights reserved.
@@ -56,7 +56,7 @@ struct con {
 	struct sockaddr_storage ss;
 	void *ia;
 	char addr[32];
-	char mail[MAX_MAIL], rcpt[MAX_MAIL];
+  	char helo[MAX_MAIL], mail[MAX_MAIL], rcpt[MAX_MAIL];
 	struct sdlist **blacklists;
 
 	/*
@@ -552,6 +552,28 @@ setlog(char *p, size_t len, char *f)
 }
 
 void
+gethelo(char *p, size_t len, char *f)
+{
+	char *s;
+
+	/* skip HELO/EHLO */
+	f+=4;
+	/* skip whitespace */
+	while (*f == ' ' || *f == '\t')
+		f++;
+	s = strsep(&f, " \t");
+	if (s == NULL)
+		return;
+	strlcpy(p, s, len);
+	s = strsep(&p, " \t\n\r");
+	if (s == NULL)
+		return;
+	s = strsep(&p, " \t\n\r");
+	if (s)
+		*s = '\0';
+}
+
+void
 initcon(struct con *cp, int fd, struct sockaddr *sa)
 {
 	time_t tt;
@@ -683,6 +705,7 @@ nextstate(struct con *cp)
 		/* received input: parse, and select next state */
 		if (match(cp->ibuf, "HELO") ||
 		    match(cp->ibuf, "EHLO")) {
+			gethelo(cp->helo, sizeof cp->helo, cp->ibuf);
 			snprintf(cp->obuf, cp->osize,
 			    "250 Hello, spam sender. "
 			    "Pleased to be wasting your time.\r\n");
@@ -750,8 +773,10 @@ nextstate(struct con *cp)
 					    cp->addr, cp->mail, cp->rcpt);
 				if (greylist && cp->blacklists == NULL) {
 					/* send this info to the greylister */
-					fprintf(grey, "IP:%s\nFR:%s\nTO:%s\n",
-					    cp->addr, cp->mail, cp->rcpt);
+					fprintf(grey,
+					    "HE:%s\nIP:%s\nFR:%s\nTO:%s\n",
+					    cp->helo, cp->addr, cp->mail,
+					    cp->rcpt);
 					fflush(grey);
 				}
 			}