When greylisting we don't actually need to use the <spamd> pf table.

We just do no-rdr for things in <spamd-white> and rdr the rest to spamdb.
OK beck@

2 files changed, 64 insertions, 32 deletions

diff --git a/libexec/spamd-setup/spamd-setup.8 b/libexec/spamd-setup/spamd-setup.8
index f4949304618..1df1afe7ed2 100644
--- a/libexec/spamd-setup/spamd-setup.8
+++ b/libexec/spamd-setup/spamd-setup.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: spamd-setup.8,v 1.9 2004/01/29 17:41:00 jmc Exp $
+.\"	$OpenBSD: spamd-setup.8,v 1.10 2007/02/24 19:28:13 millert Exp $
 .\"
 .\" Copyright (c) 2003 Jason L. Wright (jason@thought.net)
 .\" All rights reserved.
@@ -31,7 +31,7 @@
 .Nd parse and load file of spammer addresses
 .Sh SYNOPSIS
 .Nm spamd-setup
-.Op Fl dn
+.Op Fl dgn
 .Sh DESCRIPTION
 The
 .Nm
@@ -55,6 +55,14 @@ The options are as follows:
 .Bl -tag -width Ds
 .It Fl d
 Debug mode reports a few pieces of information.
+.It Fl g
+Greylisting mode.
+Blacklist data is stored only in
+.Xr spamd 8 .
+In the absence of this flag, data is stored in both
+.Xr spamd 8
+and
+.Xr pf 4 .
 .It Fl n
 Dry-run mode.
 No data is shipped to
@@ -93,3 +101,14 @@ file.
 .Xr services 5 ,
 .Xr spamd.conf 5 ,
 .Xr spamd 8
+.Sh BUGS
+Blacklists removed from
+.Pa /etc/spamd.conf
+are not automatically removed from the running
+.Xr spamd 8 .
+If an entry is removed from
+.Pa /etc/spamd.conf
+that is currently in use, it is necessary to restart
+.Xr spamd 8 .
+This applies only to blacklists that are removed entirely, not those
+that are simply modified.
diff --git a/libexec/spamd-setup/spamd-setup.c b/libexec/spamd-setup/spamd-setup.c
index e54333cc132..2deb882635e 100644
--- a/libexec/spamd-setup/spamd-setup.c
+++ b/libexec/spamd-setup/spamd-setup.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: spamd-setup.c,v 1.29 2007/02/14 01:16:22 millert Exp $ */
+/*	$OpenBSD: spamd-setup.c,v 1.30 2007/02/24 19:28:13 millert Exp $ */
 
 /*
  * Copyright (c) 2003 Bob Beck.  All rights reserved.
@@ -85,6 +85,7 @@ int		  getlist(char **, char *, struct blacklist *, struct blacklist *);
 
 int		  debug;
 int		  dryrun;
+int		  greyonly;
 
 u_int32_t
 imask(u_int8_t b)
@@ -457,7 +458,7 @@ add_blacklist(struct bl *bl, size_t *blc, size_t *bls, gzFile gzf, int white)
 	for (;;) {
 		/* read in gzf, then parse */
 		if (bu == bs) {
-			tmp = realloc(buf, bs + 8192 + 1);
+			tmp = realloc(buf, bs + (1024 * 1024) + 1);
 			if (tmp == NULL) {
 				free(buf);
 				buf = NULL;
@@ -465,7 +466,7 @@ add_blacklist(struct bl *bl, size_t *blc, size_t *bls, gzFile gzf, int white)
 				serrno = errno;
 				goto bldone;
 			}
-			bs += 8192;
+			bs += 1024 * 1024;
 			buf = tmp;
 		}
 
@@ -721,6 +722,7 @@ getlist(char ** db_array, char *name, struct blacklist *blist,
 		if (gzf == NULL)
 			errx(1, "gzdopen");
 	}
+	free(buf);
 	bl = add_blacklist(bl, &blc, &bls, gzf, !black);
 	gzclose(gzf);
 	if (bl == NULL) {
@@ -747,6 +749,30 @@ getlist(char ** db_array, char *name, struct blacklist *blist,
 	return (black);
 }
 
+void
+send_blacklist(struct blacklist *blist, in_port_t port)
+{
+	struct cidr **cidrs, **tmp;
+
+	if (blist->blc > 0) {
+		cidrs = collapse_blacklist(blist->bl, blist->blc);
+		if (cidrs == NULL)
+			errx(1, "malloc failed");
+		if (!dryrun) {
+			if (configure_spamd(port, blist->name,
+			    blist->message, cidrs) == -1)
+				err(1, "Can't connect to spamd on port %d",
+				    port);
+			if (!greyonly && configure_pf(cidrs) == -1)
+				err(1, "pfctl failed");
+		}
+		for (tmp = cidrs; *tmp != NULL; tmp++)
+			free(*tmp);
+		free(cidrs);
+		free(blist->bl);
+	}
+}
+
 int
 main(int argc, char *argv[])
 {
@@ -756,7 +782,7 @@ main(int argc, char *argv[])
 	struct servent *ent;
 	int i, ch;
 
-	while ((ch = getopt(argc, argv, "nd")) != -1) {
+	while ((ch = getopt(argc, argv, "ndg")) != -1) {
 		switch (ch) {
 		case 'n':
 			dryrun = 1;
@@ -764,6 +790,9 @@ main(int argc, char *argv[])
 		case 'd':
 			debug = 1;
 			break;
+		case 'g':
+			greyonly = 1;
+			break;
 		default:
 			break;
 		}
@@ -796,7 +825,7 @@ main(int argc, char *argv[])
 			if (blc == bls) {
 				struct blacklist *tmp;
 
-				bls += 1024;
+				bls += 32;
 				tmp = realloc(blists,
 				    bls * sizeof(struct blacklist));
 				if (tmp == NULL)
@@ -810,33 +839,17 @@ main(int argc, char *argv[])
 				black = blc;
 			}
 			memset(&blists[black], 0, sizeof(struct blacklist));
-			blc += getlist(db_array, name, &blists[white],
+			black = getlist(db_array, name, &blists[white],
 			    &blists[black]);
+			if (black && blc > 0) {
+				/* collapse and free previous blacklist */
+				send_blacklist(&blists[blc - 1], ent->s_port);
+			}
+			blc += black;
 		}
 	}
-	for (i = 0; i < blc; i++) {
-		struct cidr **cidrs, **tmp;
-
-		if (blists[i].blc > 0) {
-			cidrs = collapse_blacklist(blists[i].bl,
-			   blists[i].blc);
-			if (cidrs == NULL)
-				errx(1, "malloc failed");
-			if (dryrun)
-				continue;
-
-			if (configure_spamd(ent->s_port, blists[i].name,
-			    blists[i].message, cidrs) == -1)
-				err(1, "Can't connect to spamd on port %d",
-				    ent->s_port);
-			if (configure_pf(cidrs) == -1)
-				err(1, "pfctl failed");
-			tmp = cidrs;
-			while (*tmp != NULL)
-				free(*tmp++);
-			free(cidrs);
-			free(blists[i].bl);
-		}
-	}
+	/* collapse and free last blacklist */
+	if (blc > 0)
+		send_blacklist(&blists[blc - 1], ent->s_port);
 	return (0);
 }