-----BEGIN PGP SIGNED MESSAGE-----
Hello,
I think I've come up with a per user solution, which basically
contacts some RBLHOST (to be added to ./configure, relays.ordb.org is
set as standard source right now) if a .rbl is existing in the users
Maildir:
int checkrbl(void) {
//check whether the user wants to have rbl checking
//and if so, whether remoteip is listed in the rblserver
//return values:
// 0 no rbl entry
// 1 rbl entry, block the mail
#ifndef RBLHOST
#define RBLHOST "relays.ordb.org"
#endif
char string[255];
extern int h_errno;
struct stat dummy_stat;
char *remoteip;
char *octet1;
char *octet2;
char *octet3;
char *octet4;
int stat_result;
snprintf(string, 255, "%s/.rbl", vpw->pw_dir); //if there's an
.rbl file in the users maildir, we'll do rbl checking
stat_result=stat(string, &dummy_stat);
if (stat_result==0) { //found .rbl file, so we go on and check;
remoteip=getenv("REMOTEIP");
if (remoteip!=NULL) {
octet1=strtok(remoteip, ".");
octet2=strtok(NULL, ".");
octet3=strtok(NULL, ".");
octet4=strtok(NULL, ".");
snprintf(string, 255, "%s.%s.%s.%s.%s", octet4, octet3,
octet2, octet1, RBLHOST);
gethostbyname(string);
if (h_errno==HOST_NOT_FOUND || h_errno==TRY_AGAIN ||
NO_RECOVERY) { // we don't block if an error occurs
return 0;
}
else {
return 1;
}
}
else { //there was no remoteip, so we can't check it and thus
will just pass the message on
return 0;
}
}//no .rbl file present, user don't want any rbl checking.
return 0;
}
However, I can't test the code cause I don't have any address of an
open relay I could use for testing of the query. So if anyone knows
some constantly open relay: I'm all ears. Also, i'm not sure whether
I interpreted the following right:
"The theory of operation is simple. Given a host address in its
dotted-quad form,
reverse the octets and check for the existence of an ``A RR'' at
that node under the relays.ordb.org node. So if you get an SMTP
session
from [192.89.123.5] you would check for the existence of:"
5.123.89.192.relays.ordb.org. IN A 127.0.0.2
We chose to use an ``A RR'' because that's what Sendmail makes easy
to do.
The choice of [127.0.0.2] as the target address was arbitary but will
not
change. As it happens, we supply a bogus ORDB entry for [127.0.0.2]
so
that mail transport developers have something to test against."
Which means to me: convert IP to in-addr.arpa format, append
relays.ordb.org to it and do a normal gethostbyname() query and check
whether that one yields any record."
Thoughts?
Best regards,
Gabriel
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5i
iQEVAwUBO7iWFMZa2WpymlDxAQFjdgf+LTHyqZt7Wyb8l2E7HngYJSMd5GCOjolO
SDQiS0TasPcE06wsLcaCrBnxgcMywYA3m6Q305ND9K3gOG8BIh98lvb1kNAOghx4
grbwVX/d2LYY4kpCiojt9YMXCM6IGibOMG/eNYMNRYm3qvbuPQ8qrrO90QlruHha
pXJCLRyHoHwFRyArxYO5D2tA5OMIq/sg7W5ODp0E/xJO/X1U1Z7Y3Uwtl1Orsf0z
7bhepTWBvEEWtdXVRlyyD4+YFBh7U/Oyyyg5dH/AdOkJQHrKliZOfP7Dxh2ch1XL
WoS/W0Z8V/WccPtGfZfxfgqwtkWuO+eIhe1UE4z071gLhU+N547k5g==
=mMqv
-----END PGP SIGNATURE-----
