#include <sys/types.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <sys/wait.h>
#include <net/if.h>
#include <netinet/in.h>
#include <net/pfvar.h>
#include <ctype.h>
#include <db.h>
#include <errno.h>
#include <fcntl.h>
#include <pwd.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <time.h>
#include <unistd.h>
#include <netdb.h>
#include "grey.h"
#include "sync.h"
extern time_t passtime, greyexp, whiteexp, trapexp;
extern struct syslog_data sdata;
extern struct passwd *pw;
extern u_short cfg_port;
extern pid_t jail_pid;
extern FILE *trapcfg;
extern FILE *grey;
extern int debug;
extern int syncsend;
extern int greyback[2];
#define satosin(sa) ((struct sockaddr_in *)(sa))
#define satosin6(sa) ((struct sockaddr_in6 *)(sa))
void configure_spamd(char **, u_int, FILE *);
int configure_pf(char **, int);
char *dequotetolower(const char *);
void readsuffixlists(void);
void freeaddrlists(void);
int addwhiteaddr(char *);
int addtrapaddr(char *);
int db_addrstate(DB *, char *);
int greyscan(char *);
int trapcheck(DB *, char *);
int twupdate(char *, char *, char *, char *, char *);
int twread(char *);
int greyreader(void);
void greyscanner(void);
u_int whitecount, whitealloc;
u_int trapcount, trapalloc;
char **whitelist;
char **traplist;
char *traplist_name = "spamd-greytrap";
char *traplist_msg = "\"Your address %A has mailed to spamtraps here\\n\"";
pid_t db_pid = -1;
int pfdev;
struct db_change {
SLIST_ENTRY(db_change) entry;
char * key;
void * data;
size_t dsiz;
int act;
};
#define DBC_ADD 1
#define DBC_DEL 2
SLIST_HEAD(, db_change) db_changes = SLIST_HEAD_INITIALIZER(db_changes);
struct mail_addr {
SLIST_ENTRY(mail_addr) entry;
char addr[MAX_MAIL];
};
SLIST_HEAD(, mail_addr) match_suffix = SLIST_HEAD_INITIALIZER(match_suffix);
char *alloweddomains_file = PATH_SPAMD_ALLOWEDDOMAINS;
char *low_prio_mx_ip;
time_t startup;
static char *pargv[11]= {
"pfctl", "-p", "/dev/pf", "-q", "-t",
"spamd-white", "-T", "replace", "-f", "-", NULL
};
static void
sig_term_chld(int sig)
{
if (db_pid != -1)
kill(db_pid, SIGTERM);
if (jail_pid != -1)
kill(jail_pid, SIGTERM);
_exit(1);
}
void
configure_spamd(char **addrs, u_int count, FILE *sdc)
{
u_int i;
fprintf(sdc, "%s;", traplist_name);
if (count != 0) {
fprintf(sdc, "%s;inet;%u", traplist_msg, count);
for (i = 0; i < count; i++)
fprintf(sdc, ";%s/32", addrs[i]);
}
fputc('\n', sdc);
if (fflush(sdc) == EOF)
syslog_r(LOG_DEBUG, &sdata, "configure_spamd: fflush failed (%m)");
}
int
configure_pf(char **addrs, int count)
{
FILE *pf = NULL;
int i, pdes[2], status;
pid_t pid;
char *fdpath;
struct sigaction sa;
sigfillset(&sa.sa_mask);
sa.sa_flags = SA_RESTART;
sa.sa_handler = sig_term_chld;
if (debug)
fprintf(stderr, "configure_pf - device on fd %d\n", pfdev);
if (pfdev < 1 || pfdev > 63)
return(-1);
if (asprintf(&fdpath, "/dev/fd/%d", pfdev) == -1)
return(-1);
pargv[2] = fdpath;
if (pipe(pdes) != 0) {
syslog_r(LOG_INFO, &sdata, "pipe failed (%m)");
free(fdpath);
fdpath = NULL;
return(-1);
}
signal(SIGCHLD, SIG_DFL);
switch (pid = fork()) {
case -1:
syslog_r(LOG_INFO, &sdata, "fork failed (%m)");
free(fdpath);
fdpath = NULL;
close(pdes[0]);
close(pdes[1]);
sigaction(SIGCHLD, &sa, NULL);
return(-1);
case 0:
close(pdes[1]);
if (pdes[0] != STDIN_FILENO) {
dup2(pdes[0], STDIN_FILENO);
close(pdes[0]);
}
execvp(PATH_PFCTL, pargv);
syslog_r(LOG_ERR, &sdata, "can't exec %s:%m", PATH_PFCTL);
_exit(1);
}
free(fdpath);
fdpath = NULL;
close(pdes[0]);
pf = fdopen(pdes[1], "w");
if (pf == NULL) {
syslog_r(LOG_INFO, &sdata, "fdopen failed (%m)");
close(pdes[1]);
sigaction(SIGCHLD, &sa, NULL);
return(-1);
}
for (i = 0; i < count; i++)
if (addrs[i] != NULL)
fprintf(pf, "%s/32\n", addrs[i]);
fclose(pf);
waitpid(pid, &status, 0);
if (WIFEXITED(status) && WEXITSTATUS(status) != 0)
syslog_r(LOG_ERR, &sdata, "%s returned status %d", PATH_PFCTL,
WEXITSTATUS(status));
else if (WIFSIGNALED(status))
syslog_r(LOG_ERR, &sdata, "%s died on signal %d", PATH_PFCTL,
WTERMSIG(status));
sigaction(SIGCHLD, &sa, NULL);
return(0);
}
char *
dequotetolower(const char *addr)
{
static char buf[MAX_MAIL];
char *cp;
if (*addr == '<')
addr++;
(void) strlcpy(buf, addr, sizeof(buf));
cp = strrchr(buf, '>');
if (cp != NULL && cp[1] == '\0')
*cp = '\0';
cp = buf;
while (*cp != '\0') {
*cp = tolower((unsigned char)*cp);
cp++;
}
return(buf);
}
void
readsuffixlists(void)
{
FILE *fp;
char *buf;
size_t len;
struct mail_addr *m;
while (!SLIST_EMPTY(&match_suffix)) {
m = SLIST_FIRST(&match_suffix);
SLIST_REMOVE_HEAD(&match_suffix, entry);
free(m);
}
if ((fp = fopen(alloweddomains_file, "r")) != NULL) {
while ((buf = fgetln(fp, &len))) {
while (len > 0 && isspace((unsigned char)buf[len-1]))
len--;
while (len > 0 && isspace((unsigned char)*buf)) {
buf++;
len--;
}
if (len == 0)
continue;
if (*buf == '#' || *buf == '\n')
continue;
if (buf[len-1] == '\n')
len--;
if ((len + 1) > sizeof(m->addr)) {
syslog_r(LOG_ERR, &sdata,
"line too long in %s - file ignored",
alloweddomains_file);
goto bad;
}
if ((m = malloc(sizeof(struct mail_addr))) == NULL)
goto bad;
memcpy(m->addr, buf, len);
m->addr[len]='\0';
syslog_r(LOG_ERR, &sdata, "got suffix %s", m->addr);
SLIST_INSERT_HEAD(&match_suffix, m, entry);
}
}
return;
bad:
while (!SLIST_EMPTY(&match_suffix)) {
m = SLIST_FIRST(&match_suffix);
SLIST_REMOVE_HEAD(&match_suffix, entry);
free(m);
}
}
void
freeaddrlists(void)
{
int i;
if (whitelist != NULL)
for (i = 0; i < whitecount; i++) {
free(whitelist[i]);
whitelist[i] = NULL;
}
whitecount = 0;
if (traplist != NULL) {
for (i = 0; i < trapcount; i++) {
free(traplist[i]);
traplist[i] = NULL;
}
}
trapcount = 0;
}
int
addwhiteaddr(char *addr)
{
struct addrinfo hints, *res;
char ch;
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
hints.ai_flags = AI_NUMERICHOST;
if (getaddrinfo(addr, NULL, &hints, &res) != 0)
return(-1);
if (send(greyback[0], res->ai_addr, res->ai_addr->sa_len, 0) == -1) {
syslog_r(LOG_ERR, &sdata, "%s: send: %m", __func__);
} else {
if (recv(greyback[0], &ch, sizeof(ch), 0) == 1) {
if (ch == '1') {
syslog_r(LOG_DEBUG, &sdata,
"%s blacklisted, removing from whitelist",
addr);
freeaddrinfo(res);
return(-1);
}
}
}
if (whitecount == whitealloc) {
char **tmp;
tmp = reallocarray(whitelist,
whitealloc + 1024, sizeof(char *));
if (tmp == NULL) {
freeaddrinfo(res);
return(-1);
}
whitelist = tmp;
whitealloc += 1024;
}
whitelist[whitecount] = strdup(addr);
if (whitelist[whitecount] == NULL) {
freeaddrinfo(res);
return(-1);
}
whitecount++;
freeaddrinfo(res);
return(0);
}
int
addtrapaddr(char *addr)
{
struct addrinfo hints, *res;
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
hints.ai_flags = AI_NUMERICHOST;
if (getaddrinfo(addr, NULL, &hints, &res) == 0) {
if (trapcount == trapalloc) {
char **tmp;
tmp = reallocarray(traplist,
trapalloc + 1024, sizeof(char *));
if (tmp == NULL) {
freeaddrinfo(res);
return(-1);
}
traplist = tmp;
trapalloc += 1024;
}
traplist[trapcount] = strdup(addr);
if (traplist[trapcount] == NULL) {
freeaddrinfo(res);
return(-1);
}
trapcount++;
freeaddrinfo(res);
} else
return(-1);
return(0);
}
static int
queue_change(char *key, char *data, size_t dsiz, int act)
{
struct db_change *dbc;
if ((dbc = malloc(sizeof(*dbc))) == NULL) {
syslog_r(LOG_DEBUG, &sdata, "malloc failed (queue change)");
return(-1);
}
if ((dbc->key = strdup(key)) == NULL) {
syslog_r(LOG_DEBUG, &sdata, "malloc failed (queue change)");
free(dbc);
return(-1);
}
if ((dbc->data = malloc(dsiz)) == NULL) {
syslog_r(LOG_DEBUG, &sdata, "malloc failed (queue change)");
free(dbc->key);
free(dbc);
return(-1);
}
memcpy(dbc->data, data, dsiz);
dbc->dsiz = dsiz;
dbc->act = act;
syslog_r(LOG_DEBUG, &sdata,
"queueing %s of %s", ((act == DBC_ADD) ? "add" : "deletion"),
dbc->key);
SLIST_INSERT_HEAD(&db_changes, dbc, entry);
return(0);
}
static int
do_changes(DB *db)
{
DBT dbk, dbd;
struct db_change *dbc;
int ret = 0;
while (!SLIST_EMPTY(&db_changes)) {
dbc = SLIST_FIRST(&db_changes);
switch (dbc->act) {
case DBC_ADD:
memset(&dbk, 0, sizeof(dbk));
dbk.size = strlen(dbc->key);
dbk.data = dbc->key;
memset(&dbd, 0, sizeof(dbd));
dbd.size = dbc->dsiz;
dbd.data = dbc->data;
if (db->put(db, &dbk, &dbd, 0)) {
db->sync(db, 0);
syslog_r(LOG_ERR, &sdata,
"can't add %s to spamd db (%m)", dbc->key);
ret = -1;
}
db->sync(db, 0);
break;
case DBC_DEL:
memset(&dbk, 0, sizeof(dbk));
dbk.size = strlen(dbc->key);
dbk.data = dbc->key;
if (db->del(db, &dbk, 0)) {
syslog_r(LOG_ERR, &sdata,
"can't delete %s from spamd db (%m)",
dbc->key);
ret = -1;
}
break;
default:
syslog_r(LOG_ERR, &sdata, "Unrecognized db change");
ret = -1;
}
free(dbc->key);
dbc->key = NULL;
free(dbc->data);
dbc->data = NULL;
dbc->act = 0;
dbc->dsiz = 0;
SLIST_REMOVE_HEAD(&db_changes, entry);
free(dbc);
}
return(ret);
}
int
db_addrstate(DB *db, char *key)
{
DBT dbk, dbd;
struct gdata gd;
memset(&dbk, 0, sizeof(dbk));
dbk.size = strlen(key);
dbk.data = key;
memset(&dbd, 0, sizeof(dbd));
switch (db->get(db, &dbk, &dbd, 0)) {
case 1:
return (0);
case 0:
if (gdcopyin(&dbd, &gd) != -1)
return (gd.pcount == -1 ? 1 : 2);
default:
return (-1);
}
}
int
greyscan(char *dbname)
{
HASHINFO hashinfo;
DBT dbk, dbd;
DB *db;
struct gdata gd;
int r;
char *a = NULL;
size_t asiz = 0;
time_t now = time(NULL);
memset(&hashinfo, 0, sizeof(hashinfo));
db = dbopen(dbname, O_EXLOCK|O_RDWR, 0600, DB_HASH, &hashinfo);
if (db == NULL) {
syslog_r(LOG_INFO, &sdata, "dbopen failed (%m)");
return(-1);
}
memset(&dbk, 0, sizeof(dbk));
memset(&dbd, 0, sizeof(dbd));
for (r = db->seq(db, &dbk, &dbd, R_FIRST); !r;
r = db->seq(db, &dbk, &dbd, R_NEXT)) {
if ((dbk.size < 1) || gdcopyin(&dbd, &gd) == -1) {
syslog_r(LOG_ERR, &sdata, "bogus entry in spamd database");
goto bad;
}
if (asiz < dbk.size + 1) {
char *tmp;
tmp = reallocarray(a, dbk.size, 2);
if (tmp == NULL)
goto bad;
a = tmp;
asiz = dbk.size * 2;
}
memset(a, 0, asiz);
memcpy(a, dbk.data, dbk.size);
if (gd.expire <= now && gd.pcount != -2) {
if (queue_change(a, NULL, 0, DBC_DEL) == -1)
goto bad;
} else if (gd.pcount == -1) {
if ((addtrapaddr(a) == -1) &&
(queue_change(a, NULL, 0, DBC_DEL) == -1))
goto bad;
} else if (gd.pcount >= 0 && gd.pass <= now) {
int tuple = 0;
char *cp;
int state;
cp = strchr(a, '\n');
if (cp != NULL) {
tuple = 1;
*cp = '\0';
}
state = db_addrstate(db, a);
if (state != 1 && addwhiteaddr(a) == -1) {
if (cp != NULL)
*cp = '\n';
if (queue_change(a, NULL, 0, DBC_DEL) == -1)
goto bad;
}
if (tuple && state <= 0) {
if (cp != NULL)
*cp = '\0';
gd.expire = now + whiteexp;
dbd.size = sizeof(gd);
dbd.data = &gd;
if (queue_change(a, (void *) &gd, sizeof(gd),
DBC_ADD) == -1)
goto bad;
syslog_r(LOG_DEBUG, &sdata,
"whitelisting %s in %s", a, dbname);
}
if (debug)
fprintf(stderr, "whitelisted %s\n", a);
}
}
(void) do_changes(db);
db->close(db);
db = NULL;
configure_pf(whitelist, whitecount);
configure_spamd(traplist, trapcount, trapcfg);
freeaddrlists();
free(a);
a = NULL;
return(0);
bad:
(void) do_changes(db);
db->close(db);
db = NULL;
freeaddrlists();
free(a);
a = NULL;
return(-1);
}
int
trapcheck(DB *db, char *to)
{
int i, j, smatch = 0;
DBT dbk, dbd;
struct mail_addr *m;
char * trap;
size_t s;
trap = dequotetolower(to);
if (!SLIST_EMPTY(&match_suffix)) {
s = strlen(trap);
SLIST_FOREACH(m, &match_suffix, entry) {
j = s - strlen(m->addr);
if ((j >= 0) && (strcasecmp(trap+j, m->addr) == 0))
smatch = 1;
}
if (!smatch)
return (0);
}
memset(&dbk, 0, sizeof(dbk));
dbk.size = strlen(trap);
dbk.data = trap;
memset(&dbd, 0, sizeof(dbd));
i = db->get(db, &dbk, &dbd, 0);
if (i == -1)
return (-1);
if (i)
return (1);
else
return (0);
}
int
twupdate(char *dbname, char *what, char *ip, char *source, char *expires)
{
HASHINFO hashinfo;
DBT dbk, dbd;
DB *db;
struct gdata gd;
time_t now, expire;
int r, spamtrap;
now = time(NULL);
expire = strtonum(expires, now,
sizeof(time_t) == sizeof(int) ? INT_MAX : LLONG_MAX, NULL);
if (expire == 0)
return(-1);
if (strcmp(what, "TRAP") == 0)
spamtrap = 1;
else if (strcmp(what, "WHITE") == 0)
spamtrap = 0;
else
return(-1);
memset(&hashinfo, 0, sizeof(hashinfo));
db = dbopen(dbname, O_EXLOCK|O_RDWR, 0600, DB_HASH, &hashinfo);
if (db == NULL)
return(-1);
memset(&dbk, 0, sizeof(dbk));
dbk.size = strlen(ip);
dbk.data = ip;
memset(&dbd, 0, sizeof(dbd));
r = db->get(db, &dbk, &dbd, 0);
if (r == -1)
goto bad;
if (r) {
memset(&gd, 0, sizeof(gd));
gd.first = now;
gd.pcount = spamtrap ? -1 : 0;
gd.expire = expire;
memset(&dbk, 0, sizeof(dbk));
dbk.size = strlen(ip);
dbk.data = ip;
memset(&dbd, 0, sizeof(dbd));
dbd.size = sizeof(gd);
dbd.data = &gd;
r = db->put(db, &dbk, &dbd, 0);
db->sync(db, 0);
if (r)
goto bad;
if (debug)
fprintf(stderr, "added %s %s\n",
spamtrap ? "trap entry for" : "", ip);
syslog_r(LOG_DEBUG, &sdata,
"new %s from %s for %s, expires %s", what, source, ip,
expires);
} else {
if (gdcopyin(&dbd, &gd) == -1) {
db->del(db, &dbk, 0);
db->sync(db, 0);
goto bad;
}
if (spamtrap) {
gd.pcount = -1;
gd.bcount++;
} else
gd.pcount++;
memset(&dbk, 0, sizeof(dbk));
dbk.size = strlen(ip);
dbk.data = ip;
memset(&dbd, 0, sizeof(dbd));
dbd.size = sizeof(gd);
dbd.data = &gd;
r = db->put(db, &dbk, &dbd, 0);
db->sync(db, 0);
if (r)
goto bad;
if (debug)
fprintf(stderr, "updated %s\n", ip);
}
db->close(db);
return(0);
bad:
db->close(db);
return(-1);
}
int
greyupdate(char *dbname, char *helo, char *ip, char *from, char *to, int sync,
char *cip)
{
HASHINFO hashinfo;
DBT dbk, dbd;
DB *db;
char *key = NULL;
char *lookup;
struct gdata gd;
time_t now, expire;
int r, spamtrap;
now = time(NULL);
memset(&hashinfo, 0, sizeof(hashinfo));
db = dbopen(dbname, O_EXLOCK|O_RDWR, 0600, DB_HASH, &hashinfo);
if (db == NULL)
return(-1);
if (asprintf(&key, "%s\n%s\n%s\n%s", ip, helo, from, to) == -1)
goto bad;
r = trapcheck(db, to);
switch (r) {
case 1:
spamtrap = 0;
lookup = key;
expire = greyexp;
break;
case 0:
spamtrap = 1;
lookup = ip;
expire = trapexp;
syslog_r(LOG_DEBUG, &sdata, "Trapping %s for tuple %s", ip,
key);
break;
default:
goto bad;
break;
}
memset(&dbk, 0, sizeof(dbk));
dbk.size = strlen(lookup);
dbk.data = lookup;
memset(&dbd, 0, sizeof(dbd));
r = db->get(db, &dbk, &dbd, 0);
if (r == -1)
goto bad;
if (r) {
if (sync && low_prio_mx_ip &&
(strcmp(cip, low_prio_mx_ip) == 0) &&
((startup + 60) < now)) {
spamtrap = 1;
lookup = ip;
expire = trapexp;
syslog_r(LOG_DEBUG, &sdata,
"Trapping %s for trying %s first for tuple %s",
ip, low_prio_mx_ip, key);
}
memset(&gd, 0, sizeof(gd));
gd.first = now;
gd.bcount = 1;
gd.pcount = spamtrap ? -1 : 0;
gd.pass = now + expire;
gd.expire = now + expire;
memset(&dbk, 0, sizeof(dbk));
dbk.size = strlen(lookup);
dbk.data = lookup;
memset(&dbd, 0, sizeof(dbd));
dbd.size = sizeof(gd);
dbd.data = &gd;
r = db->put(db, &dbk, &dbd, 0);
db->sync(db, 0);
if (r)
goto bad;
if (debug)
fprintf(stderr, "added %s %s\n",
spamtrap ? "greytrap entry for" : "", lookup);
syslog_r(LOG_DEBUG, &sdata,
"new %sentry %s from %s to %s, helo %s",
spamtrap ? "greytrap " : "", ip, from, to, helo);
} else {
if (gdcopyin(&dbd, &gd) == -1) {
db->del(db, &dbk, 0);
db->sync(db, 0);
goto bad;
}
gd.bcount++;
gd.pcount = spamtrap ? -1 : 0;
if (gd.first + passtime < now)
gd.pass = now;
memset(&dbk, 0, sizeof(dbk));
dbk.size = strlen(lookup);
dbk.data = lookup;
memset(&dbd, 0, sizeof(dbd));
dbd.size = sizeof(gd);
dbd.data = &gd;
r = db->put(db, &dbk, &dbd, 0);
db->sync(db, 0);
if (r)
goto bad;
if (debug)
fprintf(stderr, "updated %s\n", lookup);
}
free(key);
key = NULL;
db->close(db);
db = NULL;
if (syncsend && sync) {
if (spamtrap) {
syslog_r(LOG_DEBUG, &sdata,
"sync_trap %s", ip);
sync_trapped(now, now + expire, ip);
}
else
sync_update(now, helo, ip, from, to);
}
return(0);
bad:
free(key);
key = NULL;
db->close(db);
db = NULL;
return(-1);
}
int
twread(char *buf)
{
if ((strncmp(buf, "WHITE:", 6) == 0) ||
(strncmp(buf, "TRAP:", 5) == 0)) {
char **ap, *argv[5];
int argc = 0;
for (ap = argv;
ap < &argv[4] && (*ap = strsep(&buf, ":")) != NULL;) {
if (**ap != '\0')
ap++;
argc++;
}
*ap = NULL;
if (argc != 4)
return (-1);
twupdate(PATH_SPAMD_DB, argv[0], argv[1], argv[2], argv[3]);
return (0);
} else
return (-1);
}
int
greyreader(void)
{
char cip[32], ip[32], helo[MAX_MAIL], from[MAX_MAIL], to[MAX_MAIL];
char *buf;
size_t len;
int state, sync;
struct addrinfo hints, *res;
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
hints.ai_flags = AI_NUMERICHOST;
state = 0;
sync = 1;
if (grey == NULL) {
syslog_r(LOG_ERR, &sdata, "No greylist pipe stream!\n");
return (-1);
}
readsuffixlists();
while ((buf = fgetln(grey, &len))) {
if (buf[len - 1] == '\n')
buf[len - 1] = '\0';
else
continue;
if (strlen(buf) < 4)
continue;
if (strcmp(buf, "SYNC") == 0) {
sync = 0;
continue;
}
switch (state) {
case 0:
if (twread(buf) == 0) {
state = 0;
break;
}
if (strncmp(buf, "HE:", 3) != 0) {
if (strncmp(buf, "CO:", 3) == 0)
strlcpy(cip, buf+3, sizeof(cip));
state = 0;
break;
}
strlcpy(helo, buf+3, sizeof(helo));
state = 1;
break;
case 1:
if (strncmp(buf, "IP:", 3) != 0)
break;
strlcpy(ip, buf+3, sizeof(ip));
if (getaddrinfo(ip, NULL, &hints, &res) == 0) {
freeaddrinfo(res);
state = 2;
} else
state = 0;
break;
case 2:
if (strncmp(buf, "FR:", 3) != 0) {
state = 0;
break;
}
strlcpy(from, buf+3, sizeof(from));
state = 3;
break;
case 3:
if (strncmp(buf, "TO:", 3) != 0) {
state = 0;
break;
}
strlcpy(to, buf+3, sizeof(to));
if (debug)
fprintf(stderr,
"Got Grey HELO %s, IP %s from %s to %s\n",
helo, ip, from, to);
greyupdate(PATH_SPAMD_DB, helo, ip, from, to, sync, cip);
sync = 1;
state = 0;
break;
}
}
return (0);
}
void
greyscanner(void)
{
for (;;) {
if (greyscan(PATH_SPAMD_DB) == -1)
syslog_r(LOG_NOTICE, &sdata, "scan of %s failed",
PATH_SPAMD_DB);
sleep(DB_SCAN_INTERVAL);
}
}
static void
drop_privs(void)
{
if (setgroups(1, &pw->pw_gid) ||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) {
syslog_r(LOG_ERR, &sdata, "failed to drop privs (%m)");
exit(1);
}
}
void
check_spamd_db(void)
{
HASHINFO hashinfo;
int i = -1;
DB *db;
memset(&hashinfo, 0, sizeof(hashinfo));
db = dbopen(PATH_SPAMD_DB, O_EXLOCK|O_RDWR, 0600, DB_HASH, &hashinfo);
if (db == NULL) {
switch (errno) {
case ENOENT:
i = open(PATH_SPAMD_DB, O_RDWR|O_CREAT, 0644);
if (i == -1) {
syslog_r(LOG_ERR, &sdata,
"create %s failed (%m)", PATH_SPAMD_DB);
exit(1);
}
if (pw && (fchown(i, pw->pw_uid, pw->pw_gid) == -1)) {
syslog_r(LOG_ERR, &sdata,
"chown %s failed (%m)", PATH_SPAMD_DB);
exit(1);
}
close(i);
return;
break;
default:
syslog_r(LOG_ERR, &sdata, "open of %s failed (%m)",
PATH_SPAMD_DB);
exit(1);
}
}
db->sync(db, 0);
db->close(db);
}
int
greywatcher(void)
{
struct sigaction sa;
drop_privs();
if (unveil(PATH_SPAMD_DB, "rw") == -1) {
syslog_r(LOG_ERR, &sdata, "unveil failed (%m)");
exit(1);
}
if (unveil(alloweddomains_file, "r") == -1) {
syslog_r(LOG_ERR, &sdata, "unveil failed (%m)");
exit(1);
}
if (unveil(PATH_PFCTL, "x") == -1) {
syslog_r(LOG_ERR, &sdata, "unveil failed (%m)");
exit(1);
}
if (pledge("stdio rpath wpath inet flock proc exec", NULL) == -1) {
syslog_r(LOG_ERR, &sdata, "pledge failed (%m)");
exit(1);
}
startup = time(NULL);
db_pid = fork();
switch (db_pid) {
case -1:
syslog_r(LOG_ERR, &sdata, "fork failed (%m)");
exit(1);
case 0:
close(pfdev);
setproctitle("(%s update)", PATH_SPAMD_DB);
if (greyreader() == -1) {
syslog_r(LOG_ERR, &sdata, "greyreader failed (%m)");
_exit(1);
}
_exit(0);
}
fclose(grey);
sigfillset(&sa.sa_mask);
sa.sa_flags = SA_RESTART;
sa.sa_handler = sig_term_chld;
sigaction(SIGTERM, &sa, NULL);
sigaction(SIGHUP, &sa, NULL);
sigaction(SIGCHLD, &sa, NULL);
sigaction(SIGINT, &sa, NULL);
setproctitle("(pf <spamd-white> update)");
greyscanner();
exit(1);
}
