132
140
state->pipel_stamp = PSC_TIME_STAMP_NEW;
133
141
state->nsmtp_stamp = PSC_TIME_STAMP_NEW;
134
142
state->barlf_stamp = PSC_TIME_STAMP_NEW;
135
state->penal_stamp = PSC_TIME_STAMP_NEW;
138
145
* Don't flag disabled tests as "todo", because there would be no way to
156
163
const char *stamp_str,
157
164
time_t time_value)
159
unsigned long pregr_stamp;
160
unsigned long dnsbl_stamp;
161
unsigned long pipel_stamp;
162
unsigned long nsmtp_stamp;
163
unsigned long barlf_stamp;
164
unsigned long penal_stamp;
166
const char *start = stamp_str;
168
time_t *time_stamps = state->expire_time;
172
172
* We don't know what tests have expired or have never passed.
182
182
* enabled tests, but the remote SMTP client has not yet passed all those
185
switch (sscanf(stamp_str, "%lu;%lu;%lu;%lu;%lu;%lu",
186
&pregr_stamp, &dnsbl_stamp, &pipel_stamp, &nsmtp_stamp,
187
&barlf_stamp, &penal_stamp)) {
189
pregr_stamp = PSC_TIME_STAMP_DISABLED;
191
dnsbl_stamp = PSC_TIME_STAMP_DISABLED;
193
pipel_stamp = PSC_TIME_STAMP_DISABLED;
195
nsmtp_stamp = PSC_TIME_STAMP_DISABLED;
197
barlf_stamp = PSC_TIME_STAMP_DISABLED;
199
penal_stamp = PSC_TIME_STAMP_DISABLED;
185
for (sp = time_stamps; sp < time_stamps + PSC_TINDX_COUNT; sp++) {
186
*sp = strtoul(start, &cp, 10);
187
if (*start == 0 || (*cp != '\0' && *cp != ';') || errno == ERANGE)
188
*sp = PSC_TIME_STAMP_DISABLED;
189
if (*sp == PSC_TIME_STAMP_NEW)
190
state->flags |= PSC_STATE_FLAG_NEW;
192
msg_info("%s -> %lu", start, (unsigned long) *sp);
203
state->pregr_stamp = pregr_stamp;
204
state->dnsbl_stamp = dnsbl_stamp;
205
state->pipel_stamp = pipel_stamp;
206
state->nsmtp_stamp = nsmtp_stamp;
207
state->barlf_stamp = barlf_stamp;
208
state->penal_stamp = penal_stamp;
210
if (pregr_stamp == PSC_TIME_STAMP_NEW
211
|| dnsbl_stamp == PSC_TIME_STAMP_NEW
212
|| pipel_stamp == PSC_TIME_STAMP_NEW
213
|| nsmtp_stamp == PSC_TIME_STAMP_NEW
214
|| barlf_stamp == PSC_TIME_STAMP_NEW)
215
state->flags |= PSC_STATE_FLAG_NEW;
218
200
* Don't flag disabled tests as "todo", because there would be no way to
270
252
state->flags |= PSC_STATE_FLAG_DNSBL_TODO;
275
* Apply unexpired penalty for past behavior.
277
* XXX Before we can drop connections, change this function to return
278
* success/fail, to inform the caller that the state object no longer
282
if ((penalty_left = state->penal_stamp - event_time()) > 0) {
283
msg_info("PENALTY %ld for %s",
284
(long) penalty_left, state->smtp_client_addr);
285
PSC_FAIL_SESSION_STATE(state, PSC_STATE_FLAG_PENAL_FAIL);
287
switch (psc_penal_action) {
289
PSC_DROP_SESSION_STATE(state,
290
"421 4.3.2 Service currently unavailable\r\n");
292
case PSC_ACT_ENFORCE:
294
PSC_ENFORCE_SESSION_STATE(state,
295
"450 4.3.2 Service currently unavailable\r\n");
299
PSC_UNFAIL_SESSION_STATE(state, PSC_STATE_FLAG_PENAL_FAIL);
302
msg_panic("%s: unknown penalty action value %d",
303
myname, psc_penal_action);
310
257
/* psc_print_tests - print postscreen cache record */
320
267
msg_panic("%s: attempt to save a no-update record", myname);
323
* Don't record a client as "passed" while subject to penalty. Be sure to
324
* produce correct PASS OLD/NEW logging.
326
* XXX This needs to be refined - we should not reset the result of tests
327
* that were passed in previous sessions, otherwise a client may never
328
* pass a multi-stage test such as greylisting. One solution is to keep
329
* the original and updated time stamps around, and to save an updated
330
* time stamp only when the corresponding "pass" flag is raised.
333
if (state->flags & PSC_STATE_FLAG_PENAL_FAIL) {
334
state->pregr_stamp = state->dnsbl_stamp = state->pipel_stamp =
335
state->nsmtp_stamp = state->barlf_stamp =
336
((state->flags & PSC_STATE_FLAG_NEW) ?
337
PSC_TIME_STAMP_NEW : PSC_TIME_STAMP_DISABLED);
342
270
* Give disabled tests a dummy time stamp so that we don't log a client
343
271
* with "pass new" when some disabled test becomes enabled at some later
354
282
if (var_psc_barlf_enable == 0 && state->barlf_stamp == PSC_TIME_STAMP_NEW)
355
283
state->barlf_stamp = PSC_TIME_STAMP_DISABLED;
357
vstring_sprintf(buf, "%lu;%lu;%lu;%lu;%lu;%lu",
285
vstring_sprintf(buf, "%lu;%lu;%lu;%lu;%lu",
358
286
(unsigned long) state->pregr_stamp,
359
287
(unsigned long) state->dnsbl_stamp,
360
288
(unsigned long) state->pipel_stamp,
361
289
(unsigned long) state->nsmtp_stamp,
362
(unsigned long) state->barlf_stamp,
363
(unsigned long) state->penal_stamp);
290
(unsigned long) state->barlf_stamp);
364
291
return (STR(buf));
373
300
return (STR(vstring_sprintf(buf, "%s/%s/%s/%s",
374
301
client, helo, sender, rcpt)));
304
/* psc_test_name - map test index to symbolic name */
306
const char *psc_test_name(int tindx)
308
const char *myname = "psc_test_name";
309
const NAME_CODE test_name_map[] = {
310
PSC_TNAME_PREGR, PSC_TINDX_PREGR,
311
PSC_TNAME_DNSBL, PSC_TINDX_DNSBL,
312
PSC_TNAME_PIPEL, PSC_TINDX_PIPEL,
313
PSC_TNAME_NSMTP, PSC_TINDX_NSMTP,
314
PSC_TNAME_BARLF, PSC_TINDX_BARLF,
319
if ((result = str_name_code(test_name_map, tindx)) == 0)
320
msg_panic("%s: bad index %d", myname, tindx);
added
removed
src/postscreen/postscreen_tests.c
