1 #include "policyd.h"
2
3
4 /*
5 *
6 *
7 * Policy Daemon
8 *
9 * policy daemon is used in conjuction with postfix to combat spam.
10 *
11 * Copyright (C) 2004 Cami Sardinha (cami@mweb.co.za)
12 *
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 *
24 * You should have received a copy of the GNU General Public License along
25 * with this program; if not, write to the Free Software Foundation Inc.,
26 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
27 *
28 *
29 *
30 */
31
32
33 /*
34 * function: helo_check
35 * purpose: module to check if connecting host is randomizing their HELO
36 * return: 1=yes, 0=no
37 */
38 int
helo_check(unsigned int fd)39 helo_check(unsigned int fd)
40 {
41
42 if(DEBUG > 0)
43 logmessage("DEBUG: fd: %d checking helo\n", fd);
44
45 /* reset value */
46 mysql_optarray[fd][0] = 0;
47
48 /* save an sql lookup if there is no helo information */
49 if(triplet_array[fd][5][0] == 0x00)
50 goto notfound;
51
52 /* build up query & execute */
53 snprintf(mysqlquery_array[fd], 512,
54 "SELECT COUNT(_host) FROM helo WHERE _host='%s'", host_array[fd][2]);
55 if(db_optquery(fd) == -1) return(db_failure(fd, "helo"));
56
57 /* we have helo abuse */
58 if(mysql_optarray[fd][0] >= HELO_MAX_COUNT)
59 {
60 int expire=0;
61
62 if(DEBUG > 0)
63 logmessage("DEBUG: fd: %d helo abuse: %s from: %s (%d unique helo's)\n", fd,
64 host_array[fd][2], /* host */
65 triplet_array[fd][5], /* helo */
66 HELO_MAX_COUNT); /* helo count */
67
68 /* never auto expire helo blacklist? */
69 if (HELO_BLACKLIST_AUTO_EXPIRE > 0)
70 expire=timenow+HELO_BLACKLIST_AUTO_EXPIRE;
71
72 /* build up query */
73 snprintf(mysqlquery_array[fd], 512,
74 "INSERT DELAYED INTO blacklist (_blacklist,_description,_expire) VALUES ('%s','# helo abuse',%d)",
75 host_array[fd][2], expire);
76 if(db_doquery(fd) == -1) return(db_failure(fd, "helo"));
77
78 logmessage("rcpt=%lu, helo=abuse, host=%s (%s), from=%s, to=%s, size=%s, helo=%s\n",
79 rcpt_count, /* recipient count */
80 host_array[fd][2], /* host address */
81 host_array[fd][0], /* hostname */
82 triplet_array[fd][1], /* sender */
83 triplet_array[fd][2], /* recipient */
84 triplet_array[fd][3], /* size */
85 triplet_array[fd][5] /* helo */
86 );
87
88 /* clean up helo table entries */
89 /* build up query */
90 snprintf(mysqlquery_array[fd], 512,
91 "DELETE QUICK FROM helo WHERE _host='%s'", host_array[fd][2]);
92 if(db_doquery(fd) == -1) return(db_failure(fd, "helo"));
93
94 return (1);
95 }
96
97 notfound:
98
99 if(DEBUG > 0)
100 logmessage("DEBUG: fd: %d helo abuse not found: %s from: %s\n", fd, triplet_array[fd][5], host_array[fd][2]);
101
102 /* reset value */
103 mysql_optarray[fd][0] = 0;
104
105 /* build up query & execute */
106 snprintf(mysqlquery_array[fd], 512,
107 "SELECT COUNT(_host) FROM helo WHERE _host='%s' AND _helo='%s'", host_array[fd][2], triplet_array[fd][5]);
108 if(db_optquery(fd) == -1) return(db_failure(fd, "helo"));
109
110 /* helo has not been previously stored there */
111 if(mysql_optarray[fd][0] == 0)
112 {
113 int expire=0;
114
115 /* never auto expire helo blacklist? */
116 if (HELO_AUTO_EXPIRE > 0)
117 expire=timenow+HELO_AUTO_EXPIRE;
118
119 /* build up query & execute */
120 snprintf(mysqlquery_array[fd], 512,
121 "INSERT DELAYED INTO helo (_host,_helo,_expire) VALUES ('%s','%s',%d)",
122 host_array[fd][2], triplet_array[fd][5], expire);
123 if(db_doquery(fd) == -1) return(db_failure(fd, "helo"));
124 }
125
126 /* no forged HELO attempt */
127 return (0);
128 }
129
130 /* EOF */
131