Hontvari Jozsef wrote:
Hey! It is great to hear from you. Haven't seen much of you lately.
> Maybe it helps, I have attached the source which we use for about a
> year.
Please review my version (ATTACHED FOR FEEDBACK FROM ALL). Quite similar to
yours, borrowing from the DNS RBL matcher.
Why did you check the block list on each RCPT TO rather than once when the
connection was initiated?
Also, I coded it so that a local IP could send without being blocked.
> I cannot create a standard patch because my last workspace is
> based on the now non-existent cvs repository.
You should be able to get everything from SVN, including the branch you are
using.
--- Noel
Index: src/java/org/apache/james/smtpserver/SMTPHandler.java
===================================================================
--- src/java/org/apache/james/smtpserver/SMTPHandler.java (revision
179265)
+++ src/java/org/apache/james/smtpserver/SMTPHandler.java (working copy)
@@ -209,6 +209,11 @@
private boolean relayingAllowed;
/**
+ * TEMPORARY: is the sending address blocklisted
+ */
+ private boolean blocklisted;
+
+ /**
* The id associated with this particular SMTP interaction.
*/
private String smtpID;
@@ -293,6 +298,31 @@
}
}
+ /*
+ * TEMPORARY!!! This is a tempoary hack until we add flexible fast-fail
support.
+ * This checks a DNSRBL. If the remote IP is listed, the sender will only
be
+ * permitted to send e-mail to postmaster (RFC 2821) or abuse (RFC 2142),
unless
+ * authenticated.
+ */
+
+ private boolean checkDNSRBL(Socket conn) {
+ String ip = conn.getInetAddress().getHostAddress();
+ StringBuffer sb = new StringBuffer();
+ StringTokenizer st = new StringTokenizer(ip, " .", false);
+ while (st.hasMoreTokens()) {
+ sb.insert(0, st.nextToken() + ".");
+ }
+ String reversedOctets = sb.toString();
+ try {
+ // hardcode which DNS RBL for the moment
+ org.apache.james.dnsserver.DNSServer.getByName(reversedOctets +
"sbl-xbl.spamhaus.org");
+ return true;
+ } catch (java.net.UnknownHostException uhe) {
+ // if it is unknown, it isn't blocked
+ }
+ return false;
+ }
+
/**
* @see
org.apache.avalon.cornerstone.services.connection.ConnectionHandler#handleConnection(Socket)
*/
@@ -314,6 +344,7 @@
smtpID = random.nextInt(1024) + "";
relayingAllowed = theConfigData.isRelayingAllowed(remoteIP);
authRequired = theConfigData.isAuthRequired(remoteIP);
+ blocklisted = checkDNSRBL(connection);
resetState();
} catch (Exception e) {
StringBuffer exceptionBuffer =
@@ -1157,6 +1188,16 @@
}
return;
}
+
+ if (blocklisted && // was found in the RBL
+ (authRequired && getUser() == null) && // not authenticated -- don't
care if it is local or not
+ !(recipientAddress.getUser().equalsIgnoreCase("postmaster") ||
recipientAddress.getUser().equalsIgnoreCase("abuse"))) {
+ // trying to send e-mail to other than postmaster or abuse
+ responseString = "550 Rejected: unauthenticated e-mail from " +
remoteIP + " is restricted. Contact the postmaster for details.";
+ writeLoggedFlushedResponse(responseString);
+ return;
+ }
+
if (authRequired) {
// Make sure the mail is being sent locally if not
// authenticated else reject.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
