diff --git a/Makefile b/Makefile index 3856f59..db9e115 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ F=amber.1 Makefile test.sh P=/usr/local M=$P/man/man1 -V=0.1 +V=0.2 CFLAGS=-g diff --git a/amber.1 b/amber.1 index 2c1fbc8..1f9056b 100644 --- a/amber.1 +++ b/amber.1 @@ -10,7 +10,8 @@ amber -- amber list for incoming mail .I [-T secs] .I [-i secs] .I [-I secs] -.I [-b file] +.I [-r file] +.I [-g file] .I [-p NAME[=VAL]] .I [-s "NNN Message"] .I [command [args]...] @@ -97,13 +98,21 @@ Defer eager writers indefinitely. Specify an alternate SMTP error code to generate on connection instead of the default "430 Message Deferred". .TP --b bad-file -If everything else passes, check this file for bad IP addresses to explicitly +-r redlist-file +If everything else passes, check this file for IP addresses to explicitly block. The file format is one address per line, optionally followed by an alternate SMTP error code and message. This file may be fed from a spamtrap, or statically built, or created using any other method that makes sense in your environment. .TP +-g greenlist-file +After the connection delay, check this file for IP addresses to explicitly +allow. The file format is one address per line. This file may be fed from +a mail server for POP3/IMAP4-before-SMTP, or any other method that fits your +policies. This should be a small file for sort-lived greenlisting +to avoid beating on tcpserver's tcp.smtp.cdb file (or your local +equivalent)... long term greenlisting would be handled before amber. +.TP command [args]... On success, run this command. On failure, send an SMTP code back down the socket and close the connection. If this is omitted then diff --git a/amber.c b/amber.c index c6a6827..f357edb 100644 --- a/amber.c +++ b/amber.c @@ -69,7 +69,8 @@ int idle = NOTIME; int long_idle = NOTIME; int error_mode = PRINTING; -char *bad_ip = NULL; +char *red_file = NULL; +char *green_file = NULL; typedef struct _vl { struct _vl *next; @@ -82,10 +83,10 @@ char default_var[] = "AMBERCHECK=NO"; char *smtp_code = "430 Message Deferred"; char *usage_string = - "[-lnNeE] [-d dir] [-c secs] [-t secs] [-T secs] [-i secs] [-I secs] [-b file] [-s string] [-p NAME[=VAL]] [command [args...]]"; + "[-lnNeE] [-d dir] [-c secs] [-t secs] [-T secs] [-i secs] [-I secs] [-r file] [-g file] [-s string] [-p NAME[=VAL]] [command [args...]]"; char *version_string = - "AMBER version " VER " Copyright (c) 2004 Peter da Silva."; + "AMBER version " VER " Copyright (c) 2004-2006 Peter da Silva."; char *prog; char *remote_ip = NULL; @@ -173,7 +174,9 @@ int main(int ac, char **av) case 'i': idle = parse_time(arg); break; case 'I': long_idle = parse_time(arg); break; case 'd': workdir = arg; break; - case 'b': bad_ip = arg; break; + case 'r': /* red list */ + case 'b': red_file = arg; break; + case 'g': green_file = arg; break; case 'p': add_pass_env(arg); break; case 's': smtp_code = arg; break; default: syntax_exit("Unknown option", opt); @@ -223,6 +226,14 @@ int main(int ac, char **av) normal_exit(av, UNKNOWN); } + /* If there's a green list, use it */ + if(green_file) { + if(check_file(remote_ip, green_file)) { + log_pass("GREENLIST OK"); + normal_exit(av, ACCEPT); + } + } + /* If the host lookup failed, use a longer delay */ remote_host = getenv("TCPREMOTEHOST"); if(!remote_host || remote_host[0] == '[') { @@ -283,9 +294,9 @@ int main(int ac, char **av) if(rec.first_seen + deferral > now) normal_exit(av, DEFER); else { - if(bad_ip) { - if(check_file(remote_ip, bad_ip)) { - log_warning("In 'bad IP' file."); + if(red_file) { + if(check_file(remote_ip, red_file)) { + log_warning("In REDLIST file."); normal_exit(av, DEFER); } }