| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
error out.
Add a new user _rwalld for rpc.rwalld, and use that instead
of nobody, also unconditionally drop to _rwalld not only
if rpc.rwalld was started with euid 0 (as root).
ok deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A number of small improvements:
- patch for empty lines and comments in alloweddomains_file
- remove some whitespaces at end of line.
- document comment and empty line handling
- Remove unused parameter 'r' from getopt in spamd.c, it is removed in the 'switch statement'
but not in getopt.
http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/spamd/spamd.c.diff?r1=1.94;r2=1.95;f=h
- replace atoi with strtonum
- make debug output more usefull, display only what will be synced and not a second
message which prints always "sync trapped %s"
- some cosemtic and whitespace fixes.
|
| |
|
|
| |
ok beck@
|
| |
|
|
| |
noticed and patch from Piotr Sikora <piotr@sikora.nu>
|
| |
|
|
| |
ok millert@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Implement the NOOP command, which now seems necessary for certain
windows mail wrappers and sender verification schemes. Tested by me
and sidcarter@symonds.net, who noticed the problem on his site.
ok millert@
2) Change the behaviour of the maxblack parameter, instead of hanging
up immediately on new blacklisted connections when the maxblack parameter
is reached, we instead make spamd not stutter at them, so the connection
is instead completed quickly. This seems to handle peaks and spikes
much better than the old way of doing this.
ok deraadt@, with some man page changes by jmc@
|
| | |
|
| |
|
|
|
|
| |
address than the primary one. spamd will trap hosts that contact this
address first without first contacting the primary.
- get it in, deraadt@
|
| |
|
|
|
| |
than a hardcoded value.
ok reyk@, deraadt@ with knfisms and saner variable names
|
| |
|
|
| |
ok jmc@, reyk@
|
| |
|
|
|
| |
commit with the U of A value, which may not be safe on all GENERICs with
an unmodified kern.maxfiles
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds an HMAC protected synchronization protocol for use by spamd and
spamlogd.
- spamd can receive updates from other hosts for GREY, WHITE, and TRAPPED db
entries, and will update the local /var/db/spamd accordingly.
- spamd can send updates when it makes changes to the GREY or TRAPPED
entries in the db to other hosts running spamd. (Note it does not send
WHITE entries because the other spamd will see the GREY changes and have
complete information to make appropritate decisions)
- spamlogd can send updates for WHITE db entries that it performs on the local
db to other hosts running spamd, which will then apply them on remote hosts.
note that while this diff provides synchronization for changes made to the
spamd db by the daemons, it does *not* provide for sychonizing changes
to the spamd db made manually with the spamdb command.
Synchronization protocol and most of the work by reyk@,
with a bunch of the spamd, and spamlogd stuff by me.
testing mostly at the U of A, running happily there under big load.
ok reyk@ jmc@
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
1) config files move to /etc/mail
2) -g option goes away in spamd-setup and spamd - greylisting is now the default
3) option change to spamd, -b addr becomes -l addr.
4) -b option in spamd-setup and spamd to turn on old blacklisting mode.
Man page shortly to be flensed to make this easier to explain
ok deraadt@ millert@
|
| |
|
|
|
|
|
|
|
| |
the connecting hosts in the tuple key when greylisting. catches
a few more bogus hosts and will let us trap based on HELO later.
Changes spamdb(8) output to include the new field.
ok deraadt@, jmc@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
1) remove requirement for <> around spamtrap addresses
2) add support for /etc/spamd/alloweddomains to specify
suffixes for which any destinations that don't match
get trapped
various knf's by theo, feedback from jmc, millert, deraadt
|
| |
|
|
|
|
|
|
|
|
| |
command not after the RCPT command, as this helps people out when
they are faced with retarded sender verification schemes - tested
out by a number of people on tech@, and running at u of a for a
while. Supposedly this makes verizon sender verification happy.
Suggested as a stable candidate by people on tech@, I'm ok with
that.
|
| | |
|
| |
|
|
|
|
| |
SMTP banner
ok beck@
|
| |
|
|
|
|
|
| |
the per-connection copy of the connecting address was being pointed
to the on-stack copy. Spotted (and fix suggested) by Michael Durket
in pr 5046
ok deraadt@
|
| | |
|
| | |
|
| |
|
|
| |
always skipping the last address. ok beck@
|
| |
|
|
| |
closing the connection while we're trying to write to it
|
| | |
|
| |
|
|
|
|
|
|
| |
full speed. By default do this for 10 seconds. Many spammers disconnect by
then. Adds -S option to select the amount of time greylisted connections
will be stuttered at.
feedback from jmc@, deraadt@, ok deraadt@
|
| |
|
|
|
|
|
|
| |
a list of spamtrap destination addresses in the spamd database. When
a spamtrap address gets an attempted greylist delivery, blacklist the
offending host for a day. Does not affect hosts already whitelisted.
ok deraadt@, jmc@, dhartmei@ to get it in so it can be whacked on
|
| |
|
|
|
|
|
|
|
| |
- Implement RSET in spamd - some virus scanning products (notably symantec's
viruswall) spew a RSET into the smtp stream before every attempted delivery.
(noticed by reitenba@fh-brandenburg.de and some others). This ensures
such things can successfully talk to a spamd greylister.
ok millert@ henning@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
people on misc, and some observations by Evan harris on the greylisting
mailing list that a number of clustered mailers like aol behave better
(and retry from the same IP) when they see a 451, but do not when
they see a 450 (traditionally used for mailbox lock failure)
450 was the original for spamd, as the default for the tarpit is to
encourage quick retries to punish blacklisted smtp servers more. This
got carried over to the greylisting implementation, and isnt' really
optimal for that case.
ok millert@, henning@, todd@
|
| |
|
|
| |
ok henning@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
with -v, you get From/To/Subject at LOG_INFO, and the first ten body
lines at LOG_DEBUG. ok beck@
|
| |
|
|
|
|
| |
so separate lines before logging headers/body. doesn't make logging
more verbose, just fixes the case where chunks contain multiple lines.
ok beck@
|
| |
|
|
|
|
| |
would get messed up when the blacklist limit was hit.
tested by danh@ and me
ok cedric@
|
| | |
|
| |
|
|
|
|
|
| |
connections to something less than maxcon when greylisting. This ensures
you don't completely run out of connections tarpitting spammers, and not
allow real mail through.
ok dhartmei@ millert@
|
| |
|
|
|
|
|
|
| |
connection. This ensures that greylisted connections are not delayed
by a small windows size, but blacklisted connections still have to
send the body through a tiny window, and presumably the body is
the vast majority of what is being sent anyway.
ok dhartmei@ millert@
|
| |
|
|
|
|
| |
kill all three processes to make it go away. Adjust daemon() call and
logging appropriately.
ok henning@, millert@
|
| |
|
|
| |
ok millert@ dhartmei@
|
| |
|
|
|
| |
found by yongari@kt-is.co.kr
ok dhartmei@, millert@
|
| |
|
|
|
| |
yongari@kt-is.co.kr
ok deraadt@
|
thib
beck
reyk
jmc
deraadt
henning
jcs
otto
frantzen
mickey
itojun
dhartmei