EE,
What are the chances of including this patch in the basic simscan-toaster?
While I'm inclined to believe that greylisting is best implemented at the
firewall, what are the drawbacks to having it in the toaster?
Original Message
Subject: [simscan] [PATCH] Updated greylisting patch for simscan 1.2
Date: Mon, 13 Nov 2006 20:10:55 +0100
From: Florian G. Pflug [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Hi
I've updates the greylisting patch to simscan 1.2
It now uses log_message log initial blocking, and
the first successfull attempt by a sender.
greetings, Florian Pflug
!DSPAM:4558c2c627411592547952!
--
-Eric 'shubes'
diff -Naur simscan-1.2/configure.in simscan-1.2.greylist/configure.in
--- simscan-1.2/configure.in 2005-09-30 23:15:47.0 +0200
+++ simscan-1.2.greylist/configure.in 2006-11-12 13:12:45.0 +0100
@@ -282,6 +282,25 @@
#--
+AC_ARG_ENABLE(greylist, [ --enable-greylist=y|n Turn on greylisting. default no.],
+ENABLE_GREYLIST=$enableval,
+[
+ ENABLE_GREYLIST=no
+] )
+case $ENABLE_GREYLIST in
+1*|y*|Y*)
+ENABLE_GREYLIST=1
+AC_DEFINE_UNQUOTED([ENABLE_GREYLIST], $ENABLE_GREYLIST, [enable greylisting])
+;;
+*)
+ENABLE_GREYLIST=0
+;;
+esac
+
+AC_SUBST(ENABLE_GREYLIST)
+
+#--
+
AC_MSG_CHECKING(whether we can locate the qmail directory)
qmaildir=
for f in /var/qmail
@@ -796,4 +815,14 @@
;;
esac
+case $ENABLE_GREYLIST in
+ 1*|y*|Y*)
+echo greylisting = ON
+;;
+
+ *)
+echo greylisting = OFF
+;;
+esac
+
echo
diff -Naur simscan-1.2/Makefile.am simscan-1.2.greylist/Makefile.am
--- simscan-1.2/Makefile.am 2004-11-04 16:27:45.0 +0100
+++ simscan-1.2.greylist/Makefile.am 2006-11-12 13:12:45.0 +0100
@@ -17,9 +17,11 @@
$(INSTALL) simscan @qmaildir@/bin/simscan
$(INSTALL) simscanmk @qmaildir@/bin/simscanmk
$(INSTALL) -m 750 -d @workdir@
+ test @ENABLE_GREYLIST@ = 1 $(INSTALL) -m 2750 -d @workdir@/scanner
+ test @ENABLE_GREYLIST@ = 1 $(INSTALL) -m 2750 -d @workdir@/greylist
strip @qmaildir@/bin/simscan
strip @qmaildir@/bin/simscanmk
- chown @ENABLE_USER@ @workdir@ @qmaildir@/bin/simscan
+ chown -R @ENABLE_USER@ @workdir@ @qmaildir@/bin/simscan
chmod 4711 @qmaildir@/bin/simscan
AUTOMAKE_OPTIONS = foreign no-dependencies
diff -Naur simscan-1.2/simscan.c simscan-1.2.greylist/simscan.c
--- simscan-1.2/simscan.c 2005-10-05 23:12:42.0 +0200
+++ simscan-1.2.greylist/simscan.c 2006-11-12 13:26:32.0 +0100
@@ -19,6 +19,8 @@
#include stdio.h
#include stdlib.h
#include string.h
+#include time.h
+#include utime.h
#include sys/types.h
#include sys/wait.h
#include sys/stat.h
@@ -68,7 +70,6 @@
91 Envelope format error.
*/
-
#ifdef QUARANTINEDIR
void quarantine_msg(char *message_name);
#endif
@@ -85,6 +86,11 @@
char message_name[BUFFER_SIZE];
char workdir[BUFFER_SIZE];
char unique_ext[BUFFER_SIZE];
+#ifdef ENABLE_GREYLIST
+char greylist_initial[BUFFER_SIZE];
+char greylist_allowed[BUFFER_SIZE];
+char greylist_dir[BUFFER_SIZE];
+#endif
void format_dir(char *workdir);
void exit_clean(int error_code);
@@ -123,8 +129,9 @@
int PerDomainSpam;
int PerDomainTrophie;
int PerDomainSpamPassthru;
-int MaxDomains;
-char Domains[MAXDOMAINS][MAXDOMLEN];
+#ifdef ENABLE_GREYLIST
+int PerDomainGreylist;
+#endif
void set_per_domain();
void init_per_domain();
@@ -187,7 +194,7 @@
#endif
struct timeval start,stop;
-double utime;
+double delta;
#define SECS(tv) (tv.tv_sec + tv.tv_usec / 100.0)
/* write a received line */
@@ -208,6 +215,27 @@
void log_message( char *state, char *subject, int spam );
+#ifdef ENABLE_GREYLIST
+/*
+ * Timing for greylisting.
+ *
+ * Algorithm: When a sender with a source ip for which no record yet exists
+ *connects, his delivery will fail with a temporary error.
+ *All following delivery attempts by that sender will fail with
+ *a temporary error too, until GREYLIST_MIN_DELAY seconds after
+ *his _first_ attempt.
+ *Delivery attempts started between GREYLIST_MIN_DELAY and
+ *GREYLIST_MAX_DELAY seconds after the first delivery attempt
+ *will succeed, and cause all future mails from that sender to
+ *be accepted immediatly.
+ */
+#define GREYLIST_MIN_DELAY 60
+#define GREYLIST_MAX_DELAY 36*3600
+
+void format_greylist(char* greylist_dir, char* greylist_initial, char* greylist_allowed);
+int check_greylist();
+#endif
+
int main(int argc, char **argv)
{
#ifdef HAS_ULIMIT_NPROC
@@ -255,9 +283,23 @@
/* format the new directory name */
format_dir(workdir);
+
+ /* format greylist names */
+#ifdef ENABLE_GREYLIST
+ format_greylist(greylist_dir, greylist_initial, greylist_allowed);
+#endif
if (