Re: [AMaViS-user] MySQL client_addr using dual Exim MTA

Thu, 17 Jan 2008 12:22:59 -0800 

Richard,

> ...but I've modified the amavisd binary to find a
> client ip address in a header added by the MTA.  I'm sure I'm not the only
> person with a requirement for this feature so I'll document what I did:
> <       'UPDATE msgs SET content=?, quar_type=?, quar_loc=?, dsn_sent=?,'.
> >       'UPDATE msgs SET client_addr=?, content=?, quar_type=?, quar_loc=?,
...
> The code above looks for a header called 'X-My-ClientAddr' in the original
> message, which (if XFORWARD didn't get there first) is used as the original
> client's IP address.  As per Mark's earlier email on the topic, the message
> headers aren't available during the insert operation (ins_msg query) so
> I've had to modify the second 'upd_msg' query to insert the value into the
> database.  This does mean that we're updating that field twice per message
> but that's not exactly going to add a massive overhead to the server.

Does the message when it reaches amavisd already contain a Received
header field inserted by your Exim?  If so, it can be used in place
of your X-My-ClientAddr, and provides a standards-based solution.
The amavisd 2.6.0 brings a more realiable and flexible parser
of Received header fields, so the following patch to 2.6.0-pre3
puts it to good use when XFORWARD information is not available,
obtaining the IP address from the top (or the second) Received field.
(it also fixes a bug in sub get_header_field_body)

--- amavisd.orig        Sun Dec 30 02:20:52 2007
+++ amavisd     Thu Jan 17 21:12:30 2008
@@ -1049,5 +1049,5 @@
     'upd_msg' =>
       'UPDATE msgs SET content=?, quar_type=?, quar_loc=?, dsn_sent=?,'.
-      ' spam_level=?, message_id=?, from_addr=?, subject=?'.  # ,p0f=?
+      ' spam_level=?, message_id=?, from_addr=?, subject=?, client_addr=?'.
       ' WHERE mail_id=?',
     'ins_rcp' =>
@@ -5825,6 +5825,6 @@
 sub get_header_field_body {
   my($self,$field_name,$j) = @_;
-  my($j);  my($f_i,$f_n,$f) = $self->get_header_field($field_name,$j);
-  defined $f && ($j=index($f,':')) >= 0 ? substr($f,$j+1) : $f;
+  my($k);  my($f_i,$f_n,$f) = $self->get_header_field($field_name,$j);
+  defined $f && ($k=index($f,':')) >= 0 ? substr($f,$k+1) : $f;
 }
 
@@ -6207,6 +6207,7 @@
 #
 use vars qw(@publicnetworks_maps);
-sub best_try_originator_ip($) {
-  my($msginfo) = @_;
+sub best_try_originator_ip($;$) {
+  my($msginfo,$search_top_down) = @_;
+  $search_top_down = 0  if !defined $search_top_down;
   @publicnetworks_maps = (
     Amavis::Lookup::Label->new('publicnetworks'),
@@ -6216,17 +6217,19 @@
       ::FFFF:0:0/96 !:: !::1 !FF00::/8 !FE80::/10 !FEC0::/10
       ::/0)) )  if [EMAIL PROTECTED];  # rfc3330, rfc3513
-  my($first_received_from_ip);
-  for (my $j = -1;  $j >= -6;  $j--) {  # bottom-up, first six chronologically
+  my($received_from_ip);
+  my(@search_list) = $search_top_down ? (0,1)  # the topmost two Received flds
+               : (-1,-2,-3,-4,-5,-6);  # bottom-up, first six chronologically
+  for my $j (@search_list) {  # walk through a list of Received field indices
     my($r) = $msginfo->get_header_field_body('received',$j);
     last  if !defined $r;
-    $first_received_from_ip = fish_out_ip_from_received($r);
-    if ($first_received_from_ip ne '') {
+    $received_from_ip = fish_out_ip_from_received($r);
+    if ($received_from_ip ne '') {
       my($is_public,$fullkey,$err) =
-        lookup_ip_acl($first_received_from_ip,@publicnetworks_maps);
+        lookup_ip_acl($received_from_ip,@publicnetworks_maps);
       last  if (!defined($err) || $err eq '') && $is_public;
     }
   }
-  do_log(5, "best_try_originator_ip: %s", $first_received_from_ip);
-  $first_received_from_ip;
+  do_log(5, "best_try_originator_ip: %s", $received_from_ip);
+  $received_from_ip;
 }
 
@@ -9324,4 +9327,9 @@
     collect_some_info($msginfo);
     my($mail_size) = $msginfo->msg_size;  # use corrected ESMTP size
+    if (!defined($msginfo->client_addr)) {
+      my($ip) = best_try_originator_ip($msginfo,1);
+      do_log(3, "client IP address unknown, fetching from Received: %s", $ip);
+      $msginfo->client_addr($ip);
+    }
 
     my($file_generator_object) =   # maxfiles 0 disables the $MAXFILES limit
@@ -17356,5 +17364,7 @@
       $conn_h->execute($upd_msg,
                $content_type, $quar_type, $q_to, $dsn_sent,
-               0+untaint($spam_level), $m_id, $from, $subj,  # $os_fp,
+               0+untaint($spam_level), $m_id, $from, $subj,
+               untaint($msginfo->client_addr), #maybe we have a better info now
+               # $os_fp,
                $mail_id);            # $rfc2822_sender, $rfc2822_from,
       # SQL_CHAR, SQL_VARCHAR, SQL_VARBINARY, SQL_BLOB, SQL_INTEGER, SQL_FLOAT,



Mark

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Reply via email to