| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
in greylisting mode, it is not uncommon for an IP to get whitelisted
before it shows up on a spam blacklist. With this change, spamd
will check its blacklists before adding a WHITE entry to the
<spamd-white> pf table. If the IP matches a blacklist, the WHITE
entry will be removed. OK phessler@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
divert-to has many advantages over rdr-to for proxies. For example,
it is much easier to use, requires less code, does not depend on
/dev/pf, works in-band without the asynchronous lookup (DIOCNATLOOK
ioctl), saves us from additional port allocations by the rdr/NAT code,
and even avoids potential collisions and race conditions that could
theoretically happen with the lookup.
Heads up: users will have to update their spamd PF rules from rdr-to
to divert-to. spamd now also listens to 127.0.0.1 instead of "any"
(0.0.0.0) by default which should be fine with most setups but has to
be considered for some special configurations.
Based on a diff is almost two years old but got delayed several times
... beck@: "now is the time to get it in" :)
Tested by many
With help from okan@
OK okan@ beck@ millert@
|
| |
|
|
|
|
|
|
| |
a union that can store either ipv4 or ipv6. The old method used
4x as much memory as was really needed for ipv4. The spamd-setup
protocol has changed from: tag;message;a/m;a/m;a/m...\n
to :tag;message;af;count;a/m;a/m;a/m...[af;count;a/m;a/m;a/m]\n
OK phessler@ "nice" beck@
|
| |
|
|
|
|
| |
reading the config socket by clearing the entire blacklist struct
instead of just the tag string. Also avoid holes in the blacklist
array on error since the code can't cope with them. OK beck@
|
| |
|
|
|
|
|
| |
Avoid potential integer overflow in the size argument of malloc() and
realloc() by using reallocarray() to avoid unchecked multiplication.
ok deraadt@
|
| |
|
|
| |
noticed and patch from Piotr Sikora <piotr@sikora.nu>
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
always skipping the last address. ok beck@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
originates from a paper by Evan Harris which can be found at
http://projects.puremagic.com/greylisting/. This implementation makes
spamd allow for non-blacklisted addresses to be treated as "greylisted".
where they are tracked in a db file, and whitelisted by addition to a
pf table when the same envelope from and to are retried from the same
source IP address. Testing by many, ok deraadt@
|
| | |
|
| | |
|
| |
|
|
| |
ok dhartmei@ jmc@
|
| | |
|
| |
|
|
|
|
|
| |
failures. Add two functions, sdl_free() and
sdl_clear(), use them where needed. Misc. other
cleanup and optimization.
OK deraadt@
|
| | |
|
| | |
|
| | |
|
| | |
|
|
|
which configures individual blacklists sources and deals with whitelists.
Perl still needs some stylistic changes as suggested by bmc which will go
in shortly.
ok deraadt@
|
millert
reyk
doug
beck
deraadt
otto
david
cloder