[Mimedefang] contrib: relay_is_blacklisted_with_timeout
Anthony.Caetano at t-systems.co.za
Anthony.Caetano at t-systems.co.za
Wed Jan 21 08:14:56 EST 2004
Hi
I am new to this list, but couldn't find something like this in the
archives. Here is a contribution of a perl function which is rather
clearly named. Firstly, I Am Not A Perl Hacker, and this was
painstakingly pieced together from tutorials and snippets and man pages.
So this may suck and there may be better ways of doing this. If so please
let me know.
It is working on RedHat 9, 2.4.23-pre7 #4 SMP, perl-5.8.0-88.3, mimedefang 2.35.
It has been running in production for upwards of 3 weeks doing about 50k
checks per week day on average (via a local caching dns) and after
filtering out the local networks.
Regards
Anthony
#***********************************************************************
# %PROCEDURE: relay_is_blacklisted_with_timeout
# %ARGUMENTS:
# ip -- the ip address to check
# domain -- the open relay domain to use eg. relays.ordb.org
# timeout -- the timeout in seconds to wait for a response
# ontimeout -- the error code to return on timeout
# onerror -- the error code to return on other error conditions
#
# %RETURNS:
# 1 if the host is an open relay
# 0 if the host is not an open relay
# ontimeout parameter value if a we timed out waiting for the dns
# onerror parameter value if some other error occured
# %DESCRIPTION:
# This function does the ordb check and allows for a timeout
# you can customize the ontimeout parameter and onerror
# parameters to turn this into a default accept or deny function
# on timeout or network error.
#
# eg: default deny with 5 second timeout:
# if (relay_is_blacklisted_with_timeout($ip, 'relays.ordb.org', 5, 1,
1)) {
# eg: default accept with 2 second timeout:
# if (relay_is_blacklisted_with_timeout($ip, 'relays.ordb.org', 2, 0,
0)) {
#***********************************************************************
sub relay_is_blacklisted_with_timeout($$$$$)
{
my ($ip,$domain,$timeout,$ontimeout,$onerror) = @_;
my ($a, $b, $c, $d) = split(/\./, $ip);
my $host = undef;
$addr = "$d.$c.$b.$a.$domain";
eval {
sigaction SIGALRM, new POSIX::SigAction( sub { die "alarm
timeout" } ) or die "Error setting SIGALRM handler: $!\n";
alarm $timeout;
($host) = gethostbyname($addr);
alarm 0;
};
alarm 0;
if ($@) {
return $ontimeout if $@ =~ "alarm timeout";
return $onerror;
}
return 1 if (defined($host) && $host);
return 0;
}
---------------------------
Here is a always accept filter_relay implementation to test with...
notably to find out what is a good timeout value to set to catch the
95%...
sub filter_relay {
my($ip, $name, $helo) = @_;
my($rc) = 0;
if ($ip =~ /(^10\.|^127\.|^172\.16\.)/) {
md_syslog("info", "local relay: $ip $name $helo");
} else {
$rc = relay_is_blacklisted_with_timeout($ip,
'relays.ordb.org', 2, 2, 3);
if ($rc == 1) {
md_syslog("info", "open relay: $ip $name $helo");
} elsif ($rc == 2) {
md_syslog("info", "closed relay: $ip $name $helo -
timeout");
} elsif ($rc == 3) {
md_syslog("info", "closed relay: $ip $name $helo -
error");
} else {
md_syslog("info", "closed relay: $ip $name
$helo");
}
}
return ('CONTINUE', "ok");
}
************
Any views expressed in this message are those of the individual sender and
not necessarily that of T-Systems South Africa (Pty) Ltd, its directors or
employees, and accordingly no liability can be accepted therefore.
Although this message has been scanned for the possible presence of
computer viruses prior to dispatch, T-Systems South Africa (Pty) Ltd
cannot be held responsible for the transmission of any virus or other
material transmitted with, or part of, this message.
More information about the MIMEDefang
mailing list