You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by so...@apache.org on 2005/09/19 19:28:05 UTC
svn commit: r290206 - in /httpd/mod_smtpd/trunk/modules/access/rbl: CREDITS
Makefile README mod_smtpd_rbl.c
Author: soc-rian
Date: Mon Sep 19 10:28:03 2005
New Revision: 290206
URL: http://svn.apache.org/viewcvs?rev=290206&view=rev
Log:
Re-check in
Added:
httpd/mod_smtpd/trunk/modules/access/rbl/CREDITS
httpd/mod_smtpd/trunk/modules/access/rbl/Makefile
httpd/mod_smtpd/trunk/modules/access/rbl/README
httpd/mod_smtpd/trunk/modules/access/rbl/mod_smtpd_rbl.c
Added: httpd/mod_smtpd/trunk/modules/access/rbl/CREDITS
URL: http://svn.apache.org/viewcvs/httpd/mod_smtpd/trunk/modules/access/rbl/CREDITS?rev=290206&view=auto
==============================================================================
--- httpd/mod_smtpd/trunk/modules/access/rbl/CREDITS (added)
+++ httpd/mod_smtpd/trunk/modules/access/rbl/CREDITS Mon Sep 19 10:28:03 2005
@@ -0,0 +1,4 @@
+The following people have contributed to mod_smtpd_rbl:
+
+Jem Berkes <jberkes at pc-tools dot net>
+
Added: httpd/mod_smtpd/trunk/modules/access/rbl/Makefile
URL: http://svn.apache.org/viewcvs/httpd/mod_smtpd/trunk/modules/access/rbl/Makefile?rev=290206&view=auto
==============================================================================
--- httpd/mod_smtpd/trunk/modules/access/rbl/Makefile (added)
+++ httpd/mod_smtpd/trunk/modules/access/rbl/Makefile Mon Sep 19 10:28:03 2005
@@ -0,0 +1,18 @@
+include ../../../include.mk
+
+CFLAGS=-Wall
+APXSFLAGS=
+RBL_SRC=mod_smtpd_rbl.c
+
+all: mod_smtpd_rbl.la
+
+mod_smtpd_rbl.la: $(RBL_SRC)
+ $(APXS) -Wc,"$(CFLAGS)" $(APXSFLAGS) -o mod_smtpd_rbl.la -c $(RBL_SRC)
+
+install: all
+ $(APXS) -i -a -n smtpd_rbl mod_smtpd_rbl.la
+
+clean-objs:
+ rm -rf *.lo *.o *.slo *~ *.la .libs
+
+clean: clean-objs
Added: httpd/mod_smtpd/trunk/modules/access/rbl/README
URL: http://svn.apache.org/viewcvs/httpd/mod_smtpd/trunk/modules/access/rbl/README?rev=290206&view=auto
==============================================================================
--- httpd/mod_smtpd/trunk/modules/access/rbl/README (added)
+++ httpd/mod_smtpd/trunk/modules/access/rbl/README Mon Sep 19 10:28:03 2005
@@ -0,0 +1,34 @@
+mod_smtpd_rbl brings "RBL" (DNSBL/RHSBL) support to mod_smtpd
+-> requires mod_smtpd
+-> requires mod_dnsbl_lookup
+
+The only directives introduced by mod_smtpd_rbl are
+SmtpWhitelist - Set SMTP whitelist chain name
+SmtpBlacklist - Set SMTP blacklist chain name
+
+The main configuration is handled by mod_dnsbl_lookup, see its README for
+a complete description of how to configure multiple chains for DNSBL and
+RHSBL lookups. Once mod_smtpd_rbl knows which chain to use as a whitelist
+and which to use as a blacklist, it will invoke mod_dnsbl_lookup's
+facilities and return information to mod_smtpd via hooks in order to allow
+or deny mail.
+
+Sample configuration for mod_smtpd + mod_smtpd_rbl + mod_dnsbl_lookup
+
+# Enable mod_smtpd
+SmtpProtocol On
+
+# Define whitelist and blacklist chains for mod_smtpd_rbl
+SmtpWhitelist mywhitelist
+SmtpBlacklist myblacklist
+
+# Enable mod_dnsbl_lookup
+DnsblLookups On
+
+# The zones and chains for mod_dnsbl_lookup
+
+RhsblZone myblacklist rhsbl.ahbl.org. 127.0.0.2
+RhsblZone myblacklist abuse.rfc-ignorant.org. 127.0.0.4
+
+DnsblZone myblacklist sbl.spamhaus.org. any
+DnsblZone myblacklist cbl.abuseat.org. any
Added: httpd/mod_smtpd/trunk/modules/access/rbl/mod_smtpd_rbl.c
URL: http://svn.apache.org/viewcvs/httpd/mod_smtpd/trunk/modules/access/rbl/mod_smtpd_rbl.c?rev=290206&view=auto
==============================================================================
--- httpd/mod_smtpd/trunk/modules/access/rbl/mod_smtpd_rbl.c (added)
+++ httpd/mod_smtpd/trunk/modules/access/rbl/mod_smtpd_rbl.c Mon Sep 19 10:28:03 2005
@@ -0,0 +1,184 @@
+/* Copyright 2005 The Apache Software Foundation or its licensors, as
+ * applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "ap_config.h"
+#include "apr_optional.h"
+#include "apr_strings.h"
+#include "httpd.h"
+#include "http_config.h"
+#include "http_connection.h"
+#include "util_filter.h"
+#include <string.h>
+
+#include "mod_smtpd.h"
+#include "../mod_dnsbl_lookup/dnsbl_lookup.h"
+
+
+module AP_MODULE_DECLARE_DATA smtpd_rbl_module;
+
+typedef struct smtpd_rbl_config
+{
+ const char* whitelist_chain;
+ const char* blacklist_chain;
+} smtpd_rbl_config;
+
+
+static void *smtpd_rbl_create_server_config(apr_pool_t * p, server_rec * s)
+{
+ smtpd_rbl_config *cfg = apr_pcalloc(p, sizeof(smtpd_rbl_config));
+ /* the pointers to chain names will be null unless configured */
+ return cfg;
+}
+
+
+/*
+ When mod_smtpd gets MAIL FROM it will invoke this callback,
+ (smtpd_run_mail) and we will do a RHSBL check on the envelope
+ sender's domain portion to see whether mail should be denied.
+
+ If there is a whitelist match, it will override a blacklist.
+*/
+smtpd_retcode check_envelope(smtpd_conn_rec *scr, smtpd_return_data *in,
+ char *str)
+{
+ char *pos, *querystr;
+ smtpd_rbl_config* cfg = ap_get_module_config(scr->s->module_config,
+ &smtpd_rbl_module);
+ int (* dnsbl_domain)(const char*, int, const char*, apr_pool_t*,
+ server_rec*, apr_table_t**);
+
+ pos = strchr(str, '@'); /* find domain in MAIL FROM: <hi...@address> */
+ if (pos) {
+ querystr = apr_pstrdup(scr->p, pos+1);
+ for (pos=querystr; *pos && (*pos != '>') && (*pos != ' '); pos++)
+ ;
+ *pos = '\0'; /* querystr now has just domain */
+ }
+ else
+ return SMTPD_OK;
+
+ dnsbl_domain = APR_RETRIEVE_OPTIONAL_FN(dnsbl_lookup_domain);
+ if (dnsbl_domain && cfg) {
+ if (cfg->whitelist_chain) {
+ if (dnsbl_domain(cfg->whitelist_chain, DNSBL_ANYPOSTV_RETFIRST,
+ querystr, scr->p, scr->s, NULL) == DNSBL_POSITIVE) {
+ return SMTPD_OK; /* envelope domain was whitelisted */
+ }
+ }
+ if (cfg->blacklist_chain) {
+ if (dnsbl_domain(cfg->blacklist_chain, DNSBL_ANYPOSTV_RETFIRST,
+ querystr, scr->p, scr->s, NULL) == DNSBL_POSITIVE) {
+ /* prepare description of why access is denied */
+ char** newstr;
+ in->msgs = apr_array_make(scr->p, 1, sizeof(char*));
+ newstr = (char**)apr_array_push(in->msgs);
+ *newstr = apr_psprintf(scr->p, "Envelope domain %s not "
+ "permitted", querystr);
+ return SMTPD_DENY;
+ }
+ }
+ }
+ /* default action */
+ return SMTPD_OK;
+}
+
+
+/*
+ When mod_smtpd gets a connection it will invoke this callback,
+ (smtpd_run_connect) and we will do a DNSBL check on the peer IP
+ to see whether mail should be denied.
+
+ If there is a whitelist match, it will override a blacklist.
+*/
+smtpd_retcode check_address(smtpd_conn_rec *scr, smtpd_return_data *in)
+{
+ smtpd_rbl_config* cfg = ap_get_module_config(scr->s->module_config,
+ &smtpd_rbl_module);
+ int (*dnsbl_ip)(const char*, int, apr_sockaddr_t*, apr_pool_t*,
+ server_rec*, apr_table_t**);
+
+ dnsbl_ip = APR_RETRIEVE_OPTIONAL_FN(dnsbl_lookup_ip);
+ if (dnsbl_ip && cfg) {
+ if (cfg->whitelist_chain) {
+ if (dnsbl_ip(cfg->whitelist_chain, DNSBL_ANYPOSTV_RETFIRST,
+ scr->c->remote_addr, scr->p, scr->s, NULL) == DNSBL_POSITIVE) {
+ return SMTPD_OK; /* connecting IP was whitelisted */
+ }
+ }
+ if (cfg->blacklist_chain) {
+ if (dnsbl_ip(cfg->blacklist_chain, DNSBL_ANYPOSTV_RETFIRST,
+ scr->c->remote_addr, scr->p, scr->s, NULL) == DNSBL_POSITIVE) {
+ /* prepare description of why access is denied */
+ char** newstr;
+ in->msgs = apr_array_make(scr->p, 1, sizeof(char*));
+ newstr = (char**)apr_array_push(in->msgs);
+ *newstr = apr_psprintf(scr->p, "Client IP %s not permitted",
+ scr->c->remote_ip);
+ return SMTPD_DENY;
+ }
+ }
+ }
+ /* default action */
+ return SMTPD_OK;
+}
+
+
+/*
+ Use hooks from mod_smtpd
+*/
+static void smtpd_rbl_register_hooks(apr_pool_t * p)
+{
+ APR_OPTIONAL_HOOK(smtpd, mail, check_envelope, NULL, NULL, APR_HOOK_FIRST);
+ APR_OPTIONAL_HOOK(smtpd, connect, check_address, NULL, NULL,
+ APR_HOOK_FIRST);
+}
+
+
+static const char* set_whitelist(cmd_parms* cmd, void* dummy, const char* arg)
+{
+ smtpd_rbl_config* cfg = ap_get_module_config(cmd->server->module_config,
+ &smtpd_rbl_module);
+ cfg->whitelist_chain = arg;
+ return NULL;
+}
+
+static const char* set_blacklist(cmd_parms* cmd, void* dummy, const char* arg)
+{
+ smtpd_rbl_config* cfg = ap_get_module_config(cmd->server->module_config,
+ &smtpd_rbl_module);
+ cfg->blacklist_chain = arg;
+ return NULL;
+}
+
+
+static const command_rec smtpd_rbl_cmds[] = {
+ AP_INIT_TAKE1("SmtpWhitelist", set_whitelist, NULL, RSRC_CONF,
+ "Set SMTP whitelist chain name"),
+ AP_INIT_TAKE1("SmtpBlacklist", set_blacklist, NULL, RSRC_CONF,
+ "Set SMTP blacklist chain name"),
+ {NULL}
+};
+
+
+module AP_MODULE_DECLARE_DATA smtpd_rbl_module = {
+ STANDARD20_MODULE_STUFF,
+ NULL,
+ NULL,
+ smtpd_rbl_create_server_config,
+ NULL,
+ smtpd_rbl_cmds,
+ smtpd_rbl_register_hooks
+};