Re: NOT reject authenicated users?

Wed, 22 Jun 2005 07:20:52 -0700 

Hans (and all) -
I got distracted yesterday, but this morning I have checked in a new version of dnsbl which will not block an AUTH'd connection from a normally blocked IP address. 


I also wound up changing all of the other plugins which were using 
numeric log levels in favor of LOGXXXX constants.  As part of that, I 
tried to rationalize what level was chosen.  I won't be hurt if anyone 
objects to my choices.  A number of the plugins used much lower levels 
(more urgent) than I thought were justified.  If the text was something 
along the lines of "Warning: something isn't right here" and the plugin 
returned DECLINED, there is no reason to return LOGALERT unless it was 
something really bad (like the AV executable segfaulted or couldn't be 
located).



I'll probably revisit some of these changes, since some of the plugins 
are still using numeric return codes (or worse yet "exit 3")...


John


p.s. if you don't want to update to HEAD, here is the change to dnsbl 
(watch wrapping):


=== dnsbl
==================================================================
--- dnsbl  (revision 520)
+++ dnsbl  (revision 523)
@@ -153,25 +153,29 @@

 sub rcpt_handler {
   my ($self, $transaction, $rcpt) = @_;
+  my $connection = $self->qp->connection;


   # RBLSMTPD being non-empty means it contains the failure message to 
return

   if (defined ($ENV{'RBLSMTPD'}) && $ENV{'RBLSMTPD'} ne '') {
     my $result = $ENV{'RBLSMTPD'};
-    my $remote_ip = $self->qp->connection->remote_ip;
+    my $remote_ip = $connection->remote_ip;
     $result =~ s/%IP%/$remote_ip/g;
     return ($self->{_dnsbl}->{DENY},
        join(" ", $self->qp->config('dnsbl_rejectmsg'), $result));
   }

   my $note = $self->process_sockets;
-  my $whitelist = $self->qp->connection->notes('whitelisthost');
+  my $whitelist = $connection->notes('whitelisthost');
   if ( $note ) {
     if ( $rcpt->user =~ /^(?:postmaster|abuse|mailer-daemon|root)$/i ) {
-      $self->log(2, "Don't blacklist special account: ".$rcpt->user);
+      $self->log(LOGWARN, "Don't blacklist special account: ".$rcpt->user);
     }
     elsif ( $whitelist ) {
-      $self->log(2, "Whitelist overrode blacklist: $whitelist");
+      $self->log(LOGWARN, "Whitelist overrode blacklist: $whitelist");
     }
+    elsif ( $connection->relay_client() ) {
+      $self->log(LOGWARN, "Don't blacklist relay/auth clients");
+    }
     else {
       return ($self->{_dnsbl}->{DENY}, $note);
     }























					Reply via email to