--- whitelister-0.8.orig/whitelister-example.conf +++ whitelister-0.8/whitelister-example.conf @@ -61,3 +61,8 @@ # spfrej # what to do with spf rejects, default is nothing. ignored if spf is off # spfrej: off + +# dns +# support dns verifications (default is 0) +# dns_client: 1 +# dns_rev_client: 1 --- whitelister-0.8.orig/rules.mli +++ whitelister-0.8/rules.mli @@ -48,3 +48,7 @@ val check_rhbl : rhbl_type -> string list -> Policy.t -> unit val check_spf : spf_mode -> bool -> Policy.t -> unit + +val check_dns_client : bool -> Policy.t -> unit + +val check_dns_rev_client : bool -> Policy.t -> unit --- whitelister-0.8.orig/rules.ml +++ whitelister-0.8/rules.ml @@ -104,3 +104,13 @@ | Spf.Error -> raise (Dirty "SPF Internal error") | Policy.DSN -> () +let check_dns_client dorej pcy = + if dorej then + if (client_name pcy) = "unknown" then raise (Dirty "no client_name (reject_unknown_client)") + else () + +let check_dns_rev_client dorej pcy = + if dorej then + if (reverse_client_name pcy) = "unknown" then raise (Dirty "no reverse_client_name (reject_unknown_reverse_client)") + else () + --- whitelister-0.8.orig/Makefile +++ whitelister-0.8/Makefile @@ -85,6 +85,7 @@ rm -rf *.{cm?,o} *~ clean: cleanbyte + rm -f .depend rm -f $(PROGRAM) .depend depend: *.ml *.mli @@ -92,4 +93,3 @@ $(OCAMLDEP) *.ml *.mli > .depend include .depend - --- whitelister-0.8.orig/whitelister.ml +++ whitelister-0.8/whitelister.ml @@ -41,6 +41,9 @@ mutable rhbl_rcpt: string list; mutable rhbl_sender: string list; mutable rhbl_helo: string list; + + mutable dns_client: bool; + mutable dns_rev_client: bool; } (* Checker *) @@ -65,7 +68,9 @@ Rules.check_rhbl Rules.Sender cfg.rhbl_sender pcy; Rules.check_rhbl Rules.Rcpt cfg.rhbl_rcpt pcy; Rules.check_rhbl Rules.Client cfg.rhbl_client pcy; - Rules.check_spf cfg.spf cfg.spfrej pcy; + Rules.check_spf cfg.spf cfg.spfrej pcy; + Rules.check_dns_client cfg.dns_client pcy; + Rules.check_dns_rev_client cfg.dns_rev_client pcy; if cfg.verb > 0 then log_event "Clean" "OK" pcy; "OK" with @@ -100,6 +105,9 @@ rhbl_rcpt = [] ; rhbl_sender = [] ; rhbl_helo = [] ; + + dns_client = false; + dns_rev_client = false; } let to_bool s = @@ -137,6 +145,9 @@ | ["rhbl_rcpt"; h] -> cfg.rhbl_rcpt <- h::cfg.rhbl_rcpt | ["rhbl_sender"; h] -> cfg.rhbl_sender <- h::cfg.rhbl_sender + | ["dns_client"; d] -> cfg.dns_client <- to_bool "dns_client" d + | ["dns_rev_client"; e] -> cfg.dns_rev_client <- to_bool "dns_rev_client" e + (* deprecated settings *) | ["rhbl"; h] -> prerr_endline "rhbl is deprecated, it defaults to rhbl_client which may not be what you want."; cfg.rhbl_client <- h::cfg.rhbl_client --- whitelister-0.8.orig/policy.ml +++ whitelister-0.8/policy.ml @@ -64,10 +64,11 @@ let log_start : t -> string = fun pcy -> Printf.sprintf - "%s from %s[%s]" - ( getu pcy "protocol_state" ) - ( getu pcy "client_name" ) - ( getu pcy "client_address" ) + "%s from %s[%s][%s]" + ( getu pcy "protocol_state" ) + ( getu pcy "client_name" ) + ( getu pcy "client_address" ) + ( getu pcy "reverse_client_name" ) (* public *) @@ -91,6 +92,7 @@ let client_address h = get h "client_address" let client_name h = get h "client_name" +let reverse_client_name h = get h "reverse_client_name" let helo_name h = get h "helo_name" let sender h = try --- whitelister-0.8.orig/policy.mli +++ whitelister-0.8/policy.mli @@ -35,6 +35,7 @@ val client_address : t -> string val client_name : t -> string +val reverse_client_name : t -> string val sender : t -> string val helo_name : t -> string val rcpt_domain: t -> string