You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by no...@apache.org on 2005/06/04 19:05:41 UTC
svn commit: r180004 - in /james/server/trunk/src: conf/james-config.xml
java/org/apache/james/smtpserver/SMTPHandler.java
java/org/apache/james/smtpserver/SMTPHandlerConfigurationData.java
java/org/apache/james/smtpserver/SMTPServer.java
Author: noel
Date: Sat Jun 4 10:05:40 2005
New Revision: 180004
URL: http://svn.apache.org/viewcvs?rev=180004&view=rev
Log:
add support for fast-fail whitelisting to the new block list support
Modified:
james/server/trunk/src/conf/james-config.xml
james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandler.java
james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandlerConfigurationData.java
james/server/trunk/src/java/org/apache/james/smtpserver/SMTPServer.java
Modified: james/server/trunk/src/conf/james-config.xml
URL: http://svn.apache.org/viewcvs/james/server/trunk/src/conf/james-config.xml?rev=180004&r1=180003&r2=180004&view=diff
==============================================================================
--- james/server/trunk/src/conf/james-config.xml (original)
+++ james/server/trunk/src/conf/james-config.xml Sat Jun 4 10:05:40 2005
@@ -617,10 +617,12 @@
<!-- Uncomment this if you want to enable antispam dns based RBL services -->
<!--
<rblservers>
- <rblserver> sbl-xbl.spamhaus.org </rblserver>
- <rblserver> list.dsbl.org </rblserver>
- <rblserver> dul.dnsbl.sorbs.net </rblserver>
- <rblserver> relays.ordb.org </rblserver>
+ <whitelist> query.bondedsender.org </whitelist>
+
+ <blacklist> sbl-xbl.spamhaus.org </blacklist>
+ <blacklist> list.dsbl.org </blacklist>
+ <blacklist> dul.dnsbl.sorbs.net </blacklist>
+ <blacklist> relays.ordb.org </blacklist>
</rblservers>
-->
</handler>
Modified: james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandler.java
URL: http://svn.apache.org/viewcvs/james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandler.java?rev=180004&r1=180003&r2=180004&view=diff
==============================================================================
--- james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandler.java (original)
+++ james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandler.java Sat Jun 4 10:05:40 2005
@@ -320,41 +320,6 @@
}
}
- /*
- * TEMPORARY!!! This is a temporary hack until we add flexible fast-fail support.
- * This checks a DNSRBL. If the remote IP is listed, the sender will only be
- * permitted to send e-mail to postmaster (RFC 2821) or abuse (RFC 2142), unless
- * authenticated.
- */
-
- private boolean checkDNSRBL(Socket conn, String[] rblList) {
- if (rblList != null) {
- String ip = conn.getInetAddress().getHostAddress();
- StringBuffer sb = new StringBuffer();
- StringTokenizer st = new StringTokenizer(ip, " .", false);
- while (st.hasMoreTokens()) {
- sb.insert(0, st.nextToken() + ".");
- }
- String reversedOctets = sb.toString();
-
- for (int i = 0 ; i < rblList.length ; i++) try {
- // hardcode which DNS RBL for the moment
- org.apache.james.dnsserver.DNSServer.getByName(reversedOctets + rblList[i]);
- if (getLogger().isInfoEnabled()) {
- getLogger().info("Connection from " + ip + " restricted by " + rblList[i] + " to SMTP AUTH/postmaster/abuse.");
- }
- return true;
- } catch (java.net.UnknownHostException uhe) {
- // if it is unknown, it isn't blocked
- }
-
- if (getLogger().isInfoEnabled()) {
- getLogger().info("Connection from " + ip + " not restricted by blocklist.");
- }
- }
- return false;
- }
-
/**
* @see org.apache.avalon.cornerstone.services.connection.ConnectionHandler#handleConnection(Socket)
*/
@@ -376,7 +341,7 @@
smtpID = random.nextInt(1024) + "";
relayingAllowed = theConfigData.isRelayingAllowed(remoteIP);
authRequired = theConfigData.isAuthRequired(remoteIP);
- blocklisted = checkDNSRBL(connection, theConfigData.getRBLServers());
+ blocklisted = theConfigData.checkDNSRBL(connection);
resetState();
} catch (Exception e) {
StringBuffer exceptionBuffer =
Modified: james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandlerConfigurationData.java
URL: http://svn.apache.org/viewcvs/james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandlerConfigurationData.java?rev=180004&r1=180003&r2=180004&view=diff
==============================================================================
--- james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandlerConfigurationData.java (original)
+++ james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandlerConfigurationData.java Sat Jun 4 10:05:40 2005
@@ -98,8 +98,14 @@
/**
* Returns the RBL server list.
+ * TEMPORARY!!! This is a temporary hack until we add flexible fast-fail support.
+ * This checks DNSRBL whitelists and blacklists. If the remote IP is whitelisted
+ * it will be permitted to send e-mail, otherwise if the remote IP is blacklisted,
+ * the sender will only be permitted to send e-mail to postmaster (RFC 2821) or
+ * abuse (RFC 2142), unless authenticated.
*
- * @return the local users repository
+ * @return whether the sending IP is restricted
*/
- String[] getRBLServers();
+
+ boolean checkDNSRBL(java.net.Socket conn);
}
Modified: james/server/trunk/src/java/org/apache/james/smtpserver/SMTPServer.java
URL: http://svn.apache.org/viewcvs/james/server/trunk/src/java/org/apache/james/smtpserver/SMTPServer.java?rev=180004&r1=180003&r2=180004&view=diff
==============================================================================
--- james/server/trunk/src/java/org/apache/james/smtpserver/SMTPServer.java (original)
+++ james/server/trunk/src/java/org/apache/james/smtpserver/SMTPServer.java Sat Jun 4 10:05:40 2005
@@ -41,6 +41,7 @@
import java.util.ArrayList;
import java.util.List;
+import java.util.StringTokenizer;
/**
* <p>Accepts SMTP connections on a server socket and dispatches them to SMTPHandlers.</p>
@@ -123,9 +124,10 @@
private WatchdogFactory theWatchdogFactory;
/**
- * The sorted list of rbl servers to be checked to limit spam
+ * The lists of rbl servers to be checked to limit spam
*/
- private String[] rblServers;
+ private String[] whitelist;
+ private String[] blacklist;
/**
* The configuration data to be passed to the handler
@@ -224,18 +226,33 @@
Configuration rblserverConfiguration = handlerConfiguration.getChild("rblservers");
if ( rblserverConfiguration != null ) {
ArrayList rblserverCollection = new ArrayList();
- Configuration[] children = rblserverConfiguration.getChildren("rblserver");
+ Configuration[] children = rblserverConfiguration.getChildren("whitelist");
if ( children != null ) {
for ( int i = 0 ; i < children.length ; i++ ) {
String rblServerName = children[i].getValue();
rblserverCollection.add(rblServerName);
if (getLogger().isInfoEnabled()) {
- getLogger().info("Adding RBL server: " + rblServerName);
+ getLogger().info("Adding RBL server to whitelist: " + rblServerName);
}
}
- if (rblserverCollection != null && rblserverCollection.size() > 0) {
- rblServers = (String[]) rblserverCollection.toArray(new String[rblserverCollection.size()]);
- }
+ if (rblserverCollection != null && rblserverCollection.size() > 0) {
+ whitelist = (String[]) rblserverCollection.toArray(new String[rblserverCollection.size()]);
+ rblserverCollection.clear();
+ }
+ }
+ children = rblserverConfiguration.getChildren("blacklist");
+ if ( children != null ) {
+ for ( int i = 0 ; i < children.length ; i++ ) {
+ String rblServerName = children[i].getValue();
+ rblserverCollection.add(rblServerName);
+ if (getLogger().isInfoEnabled()) {
+ getLogger().info("Adding RBL server to blacklist: " + rblServerName);
+ }
+ }
+ if (rblserverCollection != null && rblserverCollection.size() > 0) {
+ blacklist = (String[]) rblserverCollection.toArray(new String[rblserverCollection.size()]);
+ rblserverCollection.clear();
+ }
}
}
} else {
@@ -425,10 +442,52 @@
}
/**
- * @see org.apache.james.smtpserver.SMTPHandlerConfigurationData#getRBLServers()
+ * @see org.apache.james.smtpserver.SMTPHandlerConfigurationData#checkDNSRBL(Socket)
+ */
+ /*
+ * TEMPORARY!!! This is a temporary hack until we add flexible fast-fail support.
+ * This checks DNSRBL whitelists and blacklists. If the remote IP is whitelisted
+ * it will be permitted to send e-mail, otherwise if the remote IP is blacklisted,
+ * the sender will only be permitted to send e-mail to postmaster (RFC 2821) or
+ * abuse (RFC 2142), unless authenticated.
*/
- public String[] getRBLServers() {
- return SMTPServer.this.rblServers;
+
+ public boolean checkDNSRBL(java.net.Socket conn) {
+ if (whitelist != null || blacklist != null) {
+ String ip = conn.getInetAddress().getHostAddress();
+ StringBuffer sb = new StringBuffer();
+ StringTokenizer st = new StringTokenizer(ip, " .", false);
+ while (st.hasMoreTokens()) {
+ sb.insert(0, st.nextToken() + ".");
+ }
+ String reversedOctets = sb.toString();
+
+ if (whitelist != null) {
+ String[] rblList = SMTPServer.this.whitelist;
+ for (int i = 0 ; i < rblList.length ; i++) try {
+ org.apache.james.dnsserver.DNSServer.getByName(reversedOctets + rblList[i]);
+ if (getLogger().isInfoEnabled()) {
+ getLogger().info("Connection from " + ip + " whitelisted by " + rblList[i]);
+ }
+ return false;
+ } catch (java.net.UnknownHostException uhe) {
+ }
+ }
+
+ if (blacklist != null) {
+ String[] rblList = SMTPServer.this.blacklist;
+ for (int i = 0 ; i < rblList.length ; i++) try {
+ org.apache.james.dnsserver.DNSServer.getByName(reversedOctets + rblList[i]);
+ if (getLogger().isInfoEnabled()) {
+ getLogger().info("Connection from " + ip + " restricted by " + rblList[i] + " to SMTP AUTH/postmaster/abuse.");
+ }
+ return true;
+ } catch (java.net.UnknownHostException uhe) {
+ // if it is unknown, it isn't blocked
+ }
+ }
+ }
+ return false;
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org