Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] milter-greylist 2.1.11

2006-08-01 by Hajimu UMEMOTO

Hi,

>>> Wed, 02 Aug 2006 01:42:48 +0900,
>>> Hajimu UMEMOTO <ume@...> said:

>>>>> On Tue, 1 Aug 2006 15:07:14 +0000
>>>>> Emmanuel Dreyfus <manu@...> said:

manu> Here is milter-greylist 2.1.11
manu> http://ftp.espci.fr/pub/milter-greylist/milter-greylist-2.1.11.tgz
manu> MD5 (milter-greylist-2.1.11.tgz) = ba955569b9e1f30ccc16e94c11495940

manu> I added the flushaddr feature, which canbe used to remove any entry
manu> with the source IP of the message that matched an ACL. See the man
manu> page for the details.

manu> Now it would be nice if we could settle feature addition and make sure
manu> it builds correctly for everyone. Bugs and build fixes are welcome
manu> (so are success stories). First, who is still unable to build?

ume> There are three issues:

ume> - For disabling IPv6 DNSRBL query, when an address is an IPv6,
ume>   dnsrbl_check_source() should return 0, as if the address is not
ume>   match.

ume> - Since, the block which test an address family was moved before
ume>   initializing res, don't call res_ndestroy() when an address is an
ume>   IPv6.

ume> - Since dnsrbl_check_source() returns -1 when error occurs, the
ume>   return code should be tested if it is 1 or not.

Oops, I was confused.  You didn't disable IPv6 DNSRBL query,
correctly.  We need to test sa.  Please throw my previous patch away,
and use this patch instead.

Index: acl.c
diff -u -p acl.c.orig acl.c
--- acl.c.orig	Tue Aug  1 23:55:20 2006
+++ acl.c	Wed Aug  2 01:25:59 2006
@@ -622,7 +622,7 @@ acl_filter(sa, salen, hostname, from, rc
 
 		if (acl->a_dnsrbl != NULL) {
 			if (dnsrbl_check_source(sa, 
-			    salen, acl->a_dnsrbl) != 0) {
+			    salen, acl->a_dnsrbl) == 1) {
 				retval |= EXF_DNSRBL;
 				if (conf.c_debug) {
 					iptostring(sa, salen, 
Index: dnsrbl.c
diff -u -p dnsrbl.c.orig dnsrbl.c
--- dnsrbl.c.orig	Tue Aug  1 05:56:26 2006
+++ dnsrbl.c	Wed Aug  2 01:49:55 2006
@@ -114,6 +114,10 @@ dnsrbl_check_source(sa, salen, source)
 	char *addr;
 	size_t len;
 
+	/* No IPv6 DNSRBL exists right now */
+	if (sa->sa_family != AF_INET)
+		return 0;
+
 	blacklisted = SA(&source->d_blacklisted);
 
 	switch (blacklisted->sa_family) {
@@ -124,9 +128,9 @@ dnsrbl_check_source(sa, salen, source)
 		break;
 #ifdef AF_INET6
 	case AF_INET6:
-		/* No IPv6 DNSRBL exists right now */
-		retval = 1;
-		goto end;
+		qtype = T_AAAA;
+		addr = (char *)SADDR6(blacklisted);
+		len = sizeof(*SADDR6(blacklisted));
 		break;
 #endif
 	default:
Index: list.c
diff -u -p list.c.orig list.c
--- list.c.orig	Sat Jul 29 05:43:41 2006
+++ list.c	Wed Aug  2 01:25:32 2006
@@ -436,7 +436,7 @@ list_dnsrbl_filter(list,salen, sa)
 	struct list_entry *le;
 
 	LIST_FOREACH(le, &list->al_head, l_list) {
-		if (dnsrbl_check_source(sa, salen, le->l_data.dnsrbl) != 0)
+		if (dnsrbl_check_source(sa, salen, le->l_data.dnsrbl) == 1)
 			break;
 	}
 


Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@...  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.