132 lines
3.9 KiB
Diff
132 lines
3.9 KiB
Diff
--- whitelister-0.8.orig/whitelister-example.conf
|
|
+++ whitelister-0.8/whitelister-example.conf
|
|
@@ -61,3 +61,8 @@
|
|
# spfrej
|
|
# what to do with spf rejects, default is nothing. ignored if spf is off
|
|
# spfrej: off
|
|
+
|
|
+# dns
|
|
+# support dns verifications (default is 0)
|
|
+# dns_client: 1
|
|
+# dns_rev_client: 1
|
|
--- whitelister-0.8.orig/rules.mli
|
|
+++ whitelister-0.8/rules.mli
|
|
@@ -48,3 +48,7 @@
|
|
val check_rhbl : rhbl_type -> string list -> Policy.t -> unit
|
|
|
|
val check_spf : spf_mode -> bool -> Policy.t -> unit
|
|
+
|
|
+val check_dns_client : bool -> Policy.t -> unit
|
|
+
|
|
+val check_dns_rev_client : bool -> Policy.t -> unit
|
|
--- whitelister-0.8.orig/rules.ml
|
|
+++ whitelister-0.8/rules.ml
|
|
@@ -104,3 +104,13 @@
|
|
| Spf.Error -> raise (Dirty "SPF Internal error")
|
|
| Policy.DSN -> ()
|
|
|
|
+let check_dns_client dorej pcy =
|
|
+ if dorej then
|
|
+ if (client_name pcy) = "unknown" then raise (Dirty "no client_name (reject_unknown_client)")
|
|
+ else ()
|
|
+
|
|
+let check_dns_rev_client dorej pcy =
|
|
+ if dorej then
|
|
+ if (reverse_client_name pcy) = "unknown" then raise (Dirty "no reverse_client_name (reject_unknown_reverse_client)")
|
|
+ else ()
|
|
+
|
|
--- whitelister-0.8.orig/Makefile
|
|
+++ whitelister-0.8/Makefile
|
|
@@ -85,6 +85,7 @@
|
|
rm -rf *.{cm?,o} *~
|
|
|
|
clean: cleanbyte
|
|
+ rm -f .depend
|
|
rm -f $(PROGRAM)
|
|
|
|
.depend depend: *.ml *.mli
|
|
@@ -92,4 +93,3 @@
|
|
$(OCAMLDEP) *.ml *.mli > .depend
|
|
|
|
include .depend
|
|
-
|
|
--- whitelister-0.8.orig/whitelister.ml
|
|
+++ whitelister-0.8/whitelister.ml
|
|
@@ -41,6 +41,9 @@
|
|
mutable rhbl_rcpt: string list;
|
|
mutable rhbl_sender: string list;
|
|
mutable rhbl_helo: string list;
|
|
+
|
|
+ mutable dns_client: bool;
|
|
+ mutable dns_rev_client: bool;
|
|
}
|
|
|
|
(* Checker *)
|
|
@@ -65,7 +68,9 @@
|
|
Rules.check_rhbl Rules.Sender cfg.rhbl_sender pcy;
|
|
Rules.check_rhbl Rules.Rcpt cfg.rhbl_rcpt pcy;
|
|
Rules.check_rhbl Rules.Client cfg.rhbl_client pcy;
|
|
- Rules.check_spf cfg.spf cfg.spfrej pcy;
|
|
+ Rules.check_spf cfg.spf cfg.spfrej pcy;
|
|
+ Rules.check_dns_client cfg.dns_client pcy;
|
|
+ Rules.check_dns_rev_client cfg.dns_rev_client pcy;
|
|
if cfg.verb > 0 then log_event "Clean" "OK" pcy;
|
|
"OK"
|
|
with
|
|
@@ -100,6 +105,9 @@
|
|
rhbl_rcpt = [] ;
|
|
rhbl_sender = [] ;
|
|
rhbl_helo = [] ;
|
|
+
|
|
+ dns_client = false;
|
|
+ dns_rev_client = false;
|
|
}
|
|
|
|
let to_bool s =
|
|
@@ -137,6 +145,9 @@
|
|
| ["rhbl_rcpt"; h] -> cfg.rhbl_rcpt <- h::cfg.rhbl_rcpt
|
|
| ["rhbl_sender"; h] -> cfg.rhbl_sender <- h::cfg.rhbl_sender
|
|
|
|
+ | ["dns_client"; d] -> cfg.dns_client <- to_bool "dns_client" d
|
|
+ | ["dns_rev_client"; e] -> cfg.dns_rev_client <- to_bool "dns_rev_client" e
|
|
+
|
|
(* deprecated settings *)
|
|
| ["rhbl"; h] -> prerr_endline "rhbl is deprecated, it defaults to rhbl_client which may not be what you want.";
|
|
cfg.rhbl_client <- h::cfg.rhbl_client
|
|
--- whitelister-0.8.orig/policy.ml
|
|
+++ whitelister-0.8/policy.ml
|
|
@@ -64,10 +64,11 @@
|
|
|
|
let log_start : t -> string = fun pcy ->
|
|
Printf.sprintf
|
|
- "%s from %s[%s]"
|
|
- ( getu pcy "protocol_state" )
|
|
- ( getu pcy "client_name" )
|
|
- ( getu pcy "client_address" )
|
|
+ "%s from %s[%s][%s]"
|
|
+ ( getu pcy "protocol_state" )
|
|
+ ( getu pcy "client_name" )
|
|
+ ( getu pcy "client_address" )
|
|
+ ( getu pcy "reverse_client_name" )
|
|
|
|
|
|
(* public *)
|
|
@@ -91,6 +92,7 @@
|
|
|
|
let client_address h = get h "client_address"
|
|
let client_name h = get h "client_name"
|
|
+let reverse_client_name h = get h "reverse_client_name"
|
|
let helo_name h = get h "helo_name"
|
|
let sender h =
|
|
try
|
|
--- whitelister-0.8.orig/policy.mli
|
|
+++ whitelister-0.8/policy.mli
|
|
@@ -35,6 +35,7 @@
|
|
|
|
val client_address : t -> string
|
|
val client_name : t -> string
|
|
+val reverse_client_name : t -> string
|
|
val sender : t -> string
|
|
val helo_name : t -> string
|
|
val rcpt_domain: t -> string
|