Change "-b" (bad IP) option to "-r" (redlist file) and add "-g" (gree…

…nlist file)

Makefile

@@ -4,7 +4,7 @@ F=amber.1 Makefile test.sh
 P=/usr/local
 M=$P/man/man1
 
-V=0.1
+V=0.2
 
 CFLAGS=-g
 

amber.1

@@ -10,7 +10,8 @@ amber -- amber list for incoming mail
 .I [-T secs]
 .I [-i secs]
 .I [-I secs]
-.I [-b file]
+.I [-r file]
+.I [-g file]
 .I [-p NAME[=VAL]]
 .I [-s "NNN Message"]
 .I [command [args]...]
@@ -97,13 +98,21 @@ Defer eager writers indefinitely.
 Specify an alternate SMTP error code to generate on connection
 instead of the default "430 Message Deferred".
 .TP
--b bad-file
-If everything else passes, check this file for bad IP addresses to explicitly
+-r redlist-file
+If everything else passes, check this file for IP addresses to explicitly
 block. The file format is one address per line, optionally followed by an
 alternate SMTP error code and message. This file may be fed from a spamtrap,
 or statically built, or created using any other method that makes sense in
 your environment.
 .TP
+-g greenlist-file
+After the connection delay, check this file for IP addresses to explicitly
+allow. The file format is one address per line. This file may be fed from
+a mail server for POP3/IMAP4-before-SMTP, or any other method that fits your
+policies. This should be a small file for sort-lived greenlisting
+to avoid beating on tcpserver's tcp.smtp.cdb file (or your local
+equivalent)... long term greenlisting would be handled before amber.
+.TP
 command [args]...
 On success, run this command. On failure, send an SMTP code back down the
 socket and close the connection. If this is omitted then

amber.c

@@ -69,7 +69,8 @@ int idle = NOTIME;
 int long_idle = NOTIME;
 int error_mode = PRINTING;
 
-char *bad_ip = NULL;
+char *red_file = NULL;
+char *green_file = NULL;
 
 typedef struct _vl {
 	struct _vl *next;
@@ -82,10 +83,10 @@ char default_var[] = "AMBERCHECK=NO";
 char *smtp_code = "430 Message Deferred";
 
 char *usage_string =
-  "[-lnNeE] [-d dir] [-c secs] [-t secs] [-T secs] [-i secs] [-I secs] [-b file] [-s string] [-p NAME[=VAL]] [command [args...]]";
+  "[-lnNeE] [-d dir] [-c secs] [-t secs] [-T secs] [-i secs] [-I secs] [-r file] [-g file] [-s string] [-p NAME[=VAL]] [command [args...]]";
 
 char *version_string =
-  "AMBER version " VER " Copyright (c) 2004 Peter da Silva.";
+  "AMBER version " VER " Copyright (c) 2004-2006 Peter da Silva.";
 
 char *prog;
 char *remote_ip = NULL;
@@ -173,7 +174,9 @@ int main(int ac, char **av)
 				case 'i': idle = parse_time(arg); break;
 				case 'I': long_idle = parse_time(arg); break;
 				case 'd': workdir = arg; break;
-				case 'b': bad_ip = arg; break;
+				case 'r': /* red list */
+				case 'b': red_file = arg; break;
+				case 'g': green_file = arg; break;
 				case 'p': add_pass_env(arg); break;
 				case 's': smtp_code = arg; break;
 				default: syntax_exit("Unknown option", opt);
@@ -223,6 +226,14 @@ int main(int ac, char **av)
 		normal_exit(av, UNKNOWN);
 	}
 
+	/* If there's a green list, use it */
+	if(green_file) {
+		if(check_file(remote_ip, green_file)) {
+			log_pass("GREENLIST OK");
+			normal_exit(av, ACCEPT);
+		}
+	}
+
 	/* If the host lookup failed, use a longer delay */
 	remote_host = getenv("TCPREMOTEHOST");
 	if(!remote_host || remote_host[0] == '[') {
@@ -283,9 +294,9 @@ int main(int ac, char **av)
 	if(rec.first_seen + deferral > now)
 		normal_exit(av, DEFER);
 	else {
-		if(bad_ip) {
-			if(check_file(remote_ip, bad_ip)) {
-				log_warning("In 'bad IP' file.");
+		if(red_file) {
+			if(check_file(remote_ip, red_file)) {
+				log_warning("In REDLIST file.");
 				normal_exit(av, DEFER);
 			}
 		}