Vixie style DNS RBL lookups for the the antispam jihad crowd.

3 files changed, 61 insertions, 4 deletions

diff --git a/libexec/smtpd/src/address_check.c b/libexec/smtpd/src/address_check.c
index e99d807808c..9a77a8820b5 100644
--- a/libexec/smtpd/src/address_check.c
+++ b/libexec/smtpd/src/address_check.c
@@ -1,5 +1,5 @@
 /*
- * $Id: address_check.c,v 1.1 1997/12/12 05:50:27 beck Exp $ 
+ * $Id: address_check.c,v 1.2 1997/12/14 01:42:27 beck Exp $ 
  * 
  * Copyright (c) 1996, 1997 Obtuse Systems Corporation. All rights
  * reserved.
@@ -588,6 +588,40 @@ int masked_ip_match(char *tok, char *string)
   return(madt == adt);
 }
 
+/* do a Vixie style rbl lookup for dotquad addr in rbl domain
+ * rbl_domain.
+ */
+int vixie_rbl_lookup(char * rbl_domain, char * addr) {
+  char *t, *d, *a;
+  t = strdup(addr);
+  if (t==NULL) {
+    syslog(LOG_ERR, "Malloc failed!"); 
+    Failure = 1;
+    return(0);
+  }
+  d = (char *) malloc(strlen(t)+strlen(rbl_domain)+1);
+  if (d==NULL) {
+    syslog(LOG_ERR, "Malloc failed!"); 
+    free(t);
+    Failure = 1;
+    return(0);
+  }
+  *d='\0';
+  while((a = strrchr(t, '.'))) {
+    strcat(d, a+1);
+    strcat(d, ".");
+    *a='\0';
+  }
+  strcat(d, t);
+  strcat(d, rbl_domain);
+  if (gethostbyname(d) != NULL) {
+    free(t); free(d);
+    return(1);
+  }
+  free(t); free(d);
+  return(0);
+}
+
 static int ip_match(char *tok, char *string)
 {
     /*
@@ -601,6 +635,12 @@ static int ip_match(char *tok, char *string)
     else if ((string == NULL)) {
       return(0);
     } 
+    else if (strncmp(tok, "RBL.", 4) == 0) {
+      /* do an rbl style lookup on the IP address in string usind
+       * rbl domain of whatever followed RBL in tok
+       */
+      return(vixie_rbl_lookup(tok+3, string));
+    }
     else {
       return(masked_ip_match(tok, string));
     }
@@ -608,7 +648,6 @@ static int ip_match(char *tok, char *string)
 }
 
 
-
 #if NS_MATCH  
 /* Routines for looking up and matching nameservers. 
  * These routines are based on the soa lookup program from 
diff --git a/libexec/smtpd/src/antispam_check_rules.example b/libexec/smtpd/src/antispam_check_rules.example
index 92cb527fa83..9a33347e6e4 100644
--- a/libexec/smtpd/src/antispam_check_rules.example
+++ b/libexec/smtpd/src/antispam_check_rules.example
@@ -42,6 +42,18 @@ noto:ALL:ALL:*@*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You c
 allow:ALL:ALL:ALL@hormel.mydomain.com spamboy@otherdomain.com
 
 
+# Block any connections from host in the MAPS rbl at rbl.maps.vix.com
+# Beware that this can throw the baby out with the bathwater.
+noto:RBL.rbl.maps.vix.com:ALL:ALL:550 Mail refused from host %I in MAPS RBL, see http%C//maps.vix.com/rbl/
+
+# Block any connections from a host or connecting address who uses a
+# nameserver for which the address is in the MAPS rbl at rbl.maps.vix.com.
+# Note that this can *really* throw the baby out with the bathwater, 
+# be sure you understand the implications before using the two below.
+noto:NS=RBL.rbl.maps.vix.com:ALL:ALL:550 Mail refused due to nameserver for %H(%I) in MAPS RBL, see http%C//maps.vix.com/rbl/
+noto:ALL:NS=RBL.rbl.maps.vix.com:ALL:550 Mail refused due to nameserver for %F in MAPS RBL, see http%C//maps.vix.com/rbl/
+
+
 # block anyone who uses a major SPAM provider as a nameserver or MX. either
 # on a connection from one of their hosts, a connection from a host they act
 # as a nameserver for, or a connection with a FROM: address that uses 
diff --git a/libexec/smtpd/src/smtpd.c b/libexec/smtpd/src/smtpd.c
index 7f3086ce977..0693d940f9d 100644
--- a/libexec/smtpd/src/smtpd.c
+++ b/libexec/smtpd/src/smtpd.c
@@ -2,7 +2,7 @@
  * smtpd, Obtuse SMTP daemon, storing agent. does simple collection of
  * mail messages, for later forwarding by smtpfwdd.
  *
- * $Id: smtpd.c,v 1.1 1997/12/12 05:50:27 beck Exp $
+ * $Id: smtpd.c,v 1.2 1997/12/14 01:42:28 beck Exp $
  * 
  * Copyright (c) 1996, 1997 Obtuse Systems Corporation. All rights
  * reserved.
@@ -40,7 +40,7 @@
 
 char *obtuse_copyright =
 "Copyright 1996 - Obtuse Systems Corporation - All rights reserved.";
-char *obtuse_rcsid = "$Id: smtpd.c,v 1.1 1997/12/12 05:50:27 beck Exp $";
+char *obtuse_rcsid = "$Id: smtpd.c,v 1.2 1997/12/14 01:42:28 beck Exp $";
 
 #include <stdarg.h>
 #include <stdlib.h>
@@ -209,6 +209,12 @@ char * make_check_fail_reply(char *user, char *host, char *hostIP,
       int len;
       c++;
       switch (*c) {
+      case '%':
+	add = "%";
+	break;
+      case 'C':
+	add = ":";
+	break;
       case 'F':
 	add = from;
 	break;