summaryrefslogtreecommitdiff
path: root/libexec/spamd
AgeCommit message (Collapse)Author
2004-12-04fix a signal race which could kill unrelated processes.Moritz Jodeit
signal handler could be interrupted by another instance of itself because it was used for multiple signals and only one signal was blocked. ok beck@ henning@
2004-11-17- \r\n fix for QUIT commandBob Beck
- Implement RSET in spamd - some virus scanning products (notably symantec's viruswall) spew a RSET into the smtp stream before every attempted delivery. (noticed by reitenba@fh-brandenburg.de and some others). This ensures such things can successfully talk to a spamd greylister. ok millert@ henning@
2004-10-05Change the default passtime to 25 minutes,Bob Beck
MTA's with a quadratic retry schedule have a retry after 26 minutes, and then again after an hour, so this probably makes a lot more sense than the old 30 minute default. ok henning@
2004-10-05change default to 451 for greylisting, thanks to a number ofBob Beck
people on misc, and some observations by Evan harris on the greylisting mailing list that a number of clustered mailers like aol behave better (and retry from the same IP) when they see a 451, but do not when they see a 450 (traditionally used for mailbox lock failure) 450 was the original for spamd, as the default for the tarpit is to encourage quick retries to punish blacklisted smtp servers more. This got carried over to the greylisting implementation, and isnt' really optimal for that case. ok millert@, henning@, todd@
2004-09-18This should be info, from mike@tric.ruBob Beck
ok henning@
2004-09-15ARGSUSED before signal handler with unused signoTheo de Raadt
2004-08-17impliment QUIT, beck okHenning Brauer
2004-08-15Expire entries that exactly match the time now in addition to onesTodd C. Miller
with an expire time in the past. From beck@, OK deraadt@
2004-08-08spacingTheo de Raadt
2004-07-04two missing freeaddrinfo() -- leak; andrushock@korovino.netTheo de Raadt
2004-07-04typo; andrushock@korovino.netTheo de Raadt
2004-06-29absolutely no need to include machine/endian.h after sys/types.h and ↵Michael Shalayeff
sys/types.h after sys/param.h
2004-06-21restrict address resolution to AF_INET for nowJun-ichiro itojun Hagino
2004-06-21use getaddr/nameinfo for address resolution. beck, henning okJun-ichiro itojun Hagino
2004-04-03fix logging. without -v, you get just the connection level, no mail data.Daniel Hartmeier
with -v, you get From/To/Subject at LOG_INFO, and the first ten body lines at LOG_DEBUG. ok beck@
2004-04-02nextstate() can get passed a read(2) chunk containing multiple lines,Daniel Hartmeier
so separate lines before logging headers/body. doesn't make logging more verbose, just fixes the case where chunks contain multiple lines. ok beck@
2004-03-17fix problem with counter and logging spotted by danh, where loggingBob Beck
would get messed up when the blacklist limit was hit. tested by danh@ and me ok cedric@
2004-03-16sort options and escape a minus sign;Jason McIntyre
2004-03-15Add -B option, with maxblack limit to limit the number of blacklistBob Beck
connections to something less than maxcon when greylisting. This ensures you don't completely run out of connections tarpitting spammers, and not allow real mail through. ok dhartmei@ millert@
2004-03-14make window size adjustement on sockets only after the DATABob Beck
connection. This ensures that greylisted connections are not delayed by a small windows size, but blacklisted connections still have to send the body through a tiny window, and presumably the body is the vast majority of what is being sent anyway. ok dhartmei@ millert@
2004-03-13Add signal handler to parent, so that when greylisting we don't need toBob Beck
kill all three processes to make it go away. Adjust daemon() call and logging appropriately. ok henning@, millert@
2004-03-12sort options;Jason McIntyre
2004-03-12paranoia and cleanup, ensure we use free then NULL everywhere.Bob Beck
ok millert@ dhartmei@
2004-03-12Fix typo, spotted by Eduardo Alvarenga <eduardo@eduardo.lan.cei>Bob Beck
ok xsa@ henning@
2004-03-11fix bug where custom 450 messages are not displayed,Bob Beck
found by yongari@kt-is.co.kr ok dhartmei@, millert@
2004-03-11Remove sync() calls that immediately precede databse close(). SinceTodd C. Miller
close() calls sync() itself the standalone sync() is a no-op. OK beck@
2004-03-11Call db-sync() after each db modification since they aren't all thatBob Beck
frequent in the scheme of things and this avoids the possibility of database corruption. Run here for a week. ok millert@ deraadt@
2004-03-10spacesTheo de Raadt
2004-03-10fix missing space, also fromBob Beck
yongari@kt-is.co.kr ok deraadt@
2004-03-10add -b option to specify local bind address, sent byBob Beck
yongari@kt-is.co.kr ok deraadt@
2004-03-05Fix really dumb memory leak that would have long runnign large whitelistBob Beck
servers having their pf update process growing massive as it leaked huge tracks of whitelist. ok millert@
2004-03-01typo; we do have spamlogd(8) not spamlog(8);Xavier Santolaria
ok beck@
2004-03-01uset inet_pton(3) instead of home grown address validator; some other cleanupOtto Moerbeek
ok beck@
2004-02-28- ensure greylist entry expiry is not updated until actually whitelistedBob Beck
to avoid keeping multiple grey entries around from a single host for extra time. - make -G work - paranoia and cleanup suggestions from deraadt@ ok millert@
2004-02-26don't leak one here either.Bob Beck
2004-02-26don't leak an fd here.Bob Beck
2004-02-26Add ommitted copyright.Bob Beck
2004-02-26paranoia; beck okTheo de Raadt
2004-02-26spacesTheo de Raadt
2004-02-26Add -g option for greylisting support for spamd. The greylisting techinqueBob Beck
originates from a paper by Evan Harris which can be found at http://projects.puremagic.com/greylisting/. This implementation makes spamd allow for non-blacklisted addresses to be treated as "greylisted". where they are tracked in a db file, and whitelisted by addition to a pf table when the same envelope from and to are retried from the same source IP address. Testing by many, ok deraadt@
2004-01-21the example should use 'rdr pass' so that you do not have to open 8025 toTheo de Raadt
the outside world -- in fact 'rdr pass' was designed for this, but once again someone forgot to updated the bloody man page; mcbride ok
2003-11-09add missing -v to getoptDaniel Hartmeier
2003-11-08add -v and -w window to usage();Jason McIntyre
2003-10-23- add -v to SYNOPSISJason McIntyre
- new sentence, new line - .Dv for variables - fix .Xr
2003-10-22make logging less verbose by default - default logs connect, disconnectBob Beck
and blacklist matches. Add -v (verbose) flag to allow other detailed logging (subject, body, smtp dialogue, etc.) when it's needed. ok dhartmei@ -> ok deraadt@
2003-10-031) Don't loop on invalid commandsBob Beck
2) Allow multiple RCPT's ok mpech@, helpful stress testing by Chris Nadovich <chris@jtan.com>
2003-09-26can free(NULL)Theo de Raadt
2003-09-26make accept failures not globally fatal.Bob Beck
ok deraadt@
2003-09-26free(NULL) allowedTheo de Raadt
2003-09-25- add .Bk/.Ek to SYNOPSISJason McIntyre
- use -offset rather than indenting the actual display - kill unnecessary .Pp