Wietse Venema wrote in
<4bcgr00pr0zj...@spike.porcupine.org>:
|Steffen Nurpmeso:
|> It would be great if a hook could be called for such events. Even
|> a simple fork+detach+exec+forget approach would be really great,
|> with an event indicator and an IP address as an argument.
|
|We don't do ad-hoc special-case solutions.
Yes. That is good. But, on the other hand, trying to create
a very generic interface can become an endless undertaking.
First, have you ever seen the patch in question? And you know
that this blocklist exists in NetBSD for >5 years and in FreeBSD
not that much shorter?
Index: dist/src/smtpd/pfilter.c
===================================================================
RCS file: dist/src/smtpd/pfilter.c
diff -N dist/src/smtpd/pfilter.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ dist/src/smtpd/pfilter.c 1 Feb 2018 03:29:09 -0000
@@ -0,0 +1,19 @@
+#include "pfilter.h"
+#include <stdio.h> /* for NULL */
+#include <blocklist.h>
+
+static struct blocklist *blstate;
+
+void
+pfilter_notify(int a, int fd)
+{
+ if (blstate == NULL)
+ blstate = blocklist_open();
+ if (blstate == NULL)
+ return;
+ (void)blocklist_r(blstate, a, fd, "smtpd");
+ if (a == 0) {
+ blocklist_close(blstate);
+ blstate = NULL;
+ }
+}
Index: dist/src/smtpd/pfilter.h
===================================================================
RCS file: dist/src/smtpd/pfilter.h
diff -N dist/src/smtpd/pfilter.h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ dist/src/smtpd/pfilter.h 1 Feb 2018 03:29:09 -0000
@@ -0,0 +1,2 @@
+
+void pfilter_notify(int, int);
Index: dist/src/smtpd/smtpd.c
===================================================================
RCS file: /cvsroot/src/external/ibm-public/postfix/dist/src/smtpd/smtpd.c,v
retrieving revision 1.14
diff -u -r1.14 smtpd.c
--- dist/src/smtpd/smtpd.c 14 Feb 2017 01:16:48 -0000 1.14
+++ dist/src/smtpd/smtpd.c 1 Feb 2018 03:29:09 -0000
@@ -1197,6 +1197,8 @@
#include <smtpd_milter.h>
#include <smtpd_expand.h>
+#include "pfilter.h"
+
/*
* Tunable parameters. Make sure that there is some bound on the length of
* an SMTP command, so that the mail system stays in control even when a
@@ -5048,6 +5050,7 @@
if (state->error_count >= var_smtpd_hard_erlim) {
state->reason = REASON_ERROR_LIMIT;
state->error_mask |= MAIL_ERROR_PROTOCOL;
+ pfilter_notify(1, vstream_fileno(state->client));
smtpd_chat_reply(state, "421 4.7.0 %s Error: too many errors",
var_myhostname);
break;
Index: libexec/smtpd/Makefile
That one i skip (basically "+LDADD+=-lblocklist").
It cannot be any less intrusive and cheaper than that.
(This goes via IPC to the blocklistd, which uses getpeername(), as
you can imagine.)
I have read Dukhovni's milter response, and since a milter
invocation (the first i ever see) is only a few lines further to
the top, a different approach would be to create a new milter
event, if that is how things work. I never used a milter ;).
This milter would only act as a notifier, however, which is
possibly different to existing milter use cases? Though
"unknown_event" also exists.
Zoulas has diversified the notifications in the meantime, there is
AUTH_OK (0), AUTH_FAIL (1), as well as ABUSIVE_BEHAVIOR and
BAD_USER. The above could thus surely be improved. Anyhow, i do
not seem to be the one who implements such a thing, i have zero
overview over the codebase and its inter-dependencies. And also
i lag behind a mountain of work. I see that there is
a milter_other_event(). But how does this fit? I remember having
read about milters in FreeBSD /usr/share/?? many years ago. But
seems to be forgotten.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
