BadRcptShutdown for 8.14.2
am 20.12.2007 13:01:32 von Markus LuttenbergerThis is a multi-part message in MIME format.
--------------010104040106000203040001
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Hi all,
attached is the BadRcptShutdown patch for 8.14.2. It is based on the
work from Thomas Schulz and Joe Maimon. Thanks guys!
Didi
p.s: @sendmail developers: would it be possible to include it in future
versions?
--------------010104040106000203040001
Content-Type: text/x-patch;
name="sendmail-8.14.2-badrcptshutdown.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="sendmail-8.14.2-badrcptshutdown.patch"
diff -ur sendmail-8.14.2/cf/README sendmail-8.14.2-badrcptshutdown/cf/README
--- sendmail-8.14.2/cf/README 2007-04-03 23:26:58.000000000 +0200
+++ sendmail-8.14.2-badrcptshutdown/cf/README 2007-12-20 10:20:56.000000000 +0100
@@ -4153,6 +4153,23 @@
transaction have been rejected, sleep
for one second after each subsequent
RCPT command in that transaction.
+confBAD_RCPT_SHUTDOWN BadRcptShutdown [infinite] If set and the specified
+ number of recipients in a single SMTP
+ transaction have been rejected and
+ the percentage of bad recipients of
+ the total recipients as specified by
+ BadRcptShutdownGood has been met,
+ shutdown the connection with a 421
+ code.
+confBAD_RCPT_SHUTDOWN_GOOD BadRcptShutdownGood
+ [zero] Percentage of bad recipients
+ of the total recipients before shutdown
+ is allowed. If 100, the connection
+ will never be shut down if there are
+ any good recipients. If 0 the
+ connection will be shut down as soon
+ as BadRcptShutdown bad rcpts are
+ reached.
confDONT_PROBE_INTERFACES DontProbeInterfaces
[False] If set, sendmail will _not_
insert the names and addresses of any
diff -ur sendmail-8.14.2/cf/m4/proto.m4 sendmail-8.14.2-badrcptshutdown/cf/m4/proto.m4
--- sendmail-8.14.2/cf/m4/proto.m4 2007-04-20 02:53:30.000000000 +0200
+++ sendmail-8.14.2-badrcptshutdown/cf/m4/proto.m4 2007-12-20 10:20:55.000000000 +0100
@@ -580,6 +580,19 @@
# once the threshold number of recipients have been rejected
_OPTION(BadRcptThrottle, `confBAD_RCPT_THROTTLE', `0')
+ifdef(`_FFR_BADRCPT_SHUTDOWN', `dnl
+# Number of bad recipients before connection is evaluated for
+# shutdown with 421 code. Zero disables. Numbers less than 5 not
+# recommended.
+_OPTION(BadRcptShutdown, `confBAD_RCPT_SHUTDOWN', `0')
+# Percentage of bad recipients of total before shutdown is
+# allowed. 81 is a good number, only dropping connection if
+# 2 out of 10 rcpts or less are good.
+# If 100, the connection will never be shut down if there are any good
+# recipients. If 0 the connection will be shut down as soon as
+# BadRcptShutdown bad rcpts are reached.
+_OPTION(BadRcptShutdownGood, `confBAD_RCPT_SHUTDOWN_GOOD', `0')')
+
# shall we get local names from our installed interfaces?
_OPTION(DontProbeInterfaces, `confDONT_PROBE_INTERFACES', `False')
diff -ur sendmail-8.14.2/doc/op/op.me sendmail-8.14.2-badrcptshutdown/doc/op/op.me
--- sendmail-8.14.2/doc/op/op.me 2007-06-23 01:08:59.000000000 +0200
+++ sendmail-8.14.2-badrcptshutdown/doc/op/op.me 2007-12-20 10:20:56.000000000 +0100
@@ -6522,6 +6522,18 @@
If set and the specified number of recipients in a single SMTP
transaction have been rejected, sleep for one second after each subsequent
RCPT command in that transaction.
+.ip BadRcptShutdown=\fIN\fP
+[no short name]
+If set and the specified number of recipients in a single SMTP transaction
+have been rejected and the percentage of bad recipients of the total
+recipients as specified by BadRcptShutdownGood has been met, shutdown the
+connection with a 421 code.
+.ip BadRcptShutdownGood=\fIN\fP
+[no short name]
+If set, the percentage of bad recipients of the total recipients before
+shutdown is allowed. If 100, the connection will never be shut down if
+there are any good recipients. If 0 the connection will be shut down as
+soon as BadRcptShutdown bad rcpts are reached.
.ip BlankSub=\fIc\fP
[B]
Set the blank substitution character to
diff -ur sendmail-8.14.2/sendmail/readcf.c sendmail-8.14.2-badrcptshutdown/sendmail/readcf.c
--- sendmail-8.14.2/sendmail/readcf.c 2007-07-10 19:01:22.000000000 +0200
+++ sendmail-8.14.2-badrcptshutdown/sendmail/readcf.c 2007-12-20 10:30:26.000000000 +0100
@@ -2249,6 +2249,12 @@
# define O_ADDR_TYPE_MODES 0xe0
{ "AddrTypeModes", O_ADDR_TYPE_MODES, OI_NONE },
#endif /* _FFR_ADDR_TYPE_MODES */
+#if _FFR_BADRCPT_SHUTDOWN
+# define O_RCPTSHUTD 0xf0
+ { "BadRcptShutdown", O_RCPTSHUTD, OI_SAFE },
+# define O_RCPTSHUTDG 0xf1
+ { "BadRcptShutdownGood", O_RCPTSHUTDG, OI_SAFE },
+#endif /* _FFR_BADRCPT_SHUTDOWN */
{ NULL, '\0', OI_NONE }
};
@@ -3817,6 +3823,16 @@
break;
#endif /* _FFR_ADDR_TYPE_MODES */
+#if _FFR_BADRCPT_SHUTDOWN
+ case O_RCPTSHUTD:
+ BadRcptShutdown = atoi(val);
+ break;
+
+ case O_RCPTSHUTDG:
+ BadRcptShutdownGood = atoi(val);
+ break;
+#endif /* _FFR_BADRCPT_SHUTDOWN */
+
default:
if (tTd(37, 1))
{
diff -ur sendmail-8.14.2/sendmail/sendmail.h sendmail-8.14.2-badrcptshutdown/sendmail/sendmail.h
--- sendmail-8.14.2/sendmail/sendmail.h 2007-10-06 01:06:30.000000000 +0200
+++ sendmail-8.14.2-badrcptshutdown/sendmail/sendmail.h 2007-12-20 10:20:55.000000000 +0100
@@ -2229,6 +2229,10 @@
EXTERN char OpMode; /* operation mode, see below */
EXTERN char SpaceSub; /* substitution for
EXTERN int BadRcptThrottle; /* Throttle rejected RCPTs per SMTP message */
+#if _FFR_BADRCPT_SHUTDOWN
+EXTERN int BadRcptShutdown; /* Shutdown connection for rejected RCPTs */
+EXTERN int BadRcptShutdownGood; /* above even when there are good RCPTs */
+#endif /* _FFR_BADRCPT_SHUTDOWN */
EXTERN int CheckpointInterval; /* queue file checkpoint interval */
EXTERN int ConfigLevel; /* config file level */
EXTERN int ConnRateThrottle; /* throttle for SMTP connection rate */
diff -ur sendmail-8.14.2/sendmail/srvrsmtp.c sendmail-8.14.2-badrcptshutdown/sendmail/srvrsmtp.c
--- sendmail-8.14.2/sendmail/srvrsmtp.c 2007-10-01 18:22:14.000000000 +0200
+++ sendmail-8.14.2-badrcptshutdown/sendmail/srvrsmtp.c 2007-12-20 10:20:56.000000000 +0100
@@ -637,6 +637,9 @@
# define p_addr_st NULL
#endif /* MILTER */
size_t inplen;
+#if _FFR_BADRCPT_SHUTDOWN
+ int n_badrcpts_adj;
+#endif /* _FFR_BADRCPT_SHUTDOWN */
SevenBitInput_Saved = SevenBitInput;
smtp.sm_nrcpts = 0;
@@ -2523,6 +2526,44 @@
milter_rcpt_added = false;
smtp.sm_e_nrcpts_orig = e->e_nrcpts;
#endif
+#if _FFR_BADRCPT_SHUTDOWN
+ n_badrcpts_adj =
+ (BadRcptThrottle > 0 && n_badrcpts > BadRcptThrottle
+ && LogLevel > 5 ? n_badrcpts - 1 : n_badrcpts) ;
+ if (BadRcptShutdown > 0 &&
+ n_badrcpts_adj >= BadRcptShutdown)
+ {
+ bool result_flag = false;
+
+ if (!BadRcptShutdownGood || !smtp.sm_nrcpts)
+ result_flag = true;
+
+ if (!result_flag)
+ {
+ float f = n_badrcpts_adj;
+ float g = smtp.sm_nrcpts + n_badrcpts;
+ float h = f/g;
+
+ h *= 100.00;
+ if (h >= BadRcptShutdownGood)
+ result_flag = true;
+ }
+
+ if (result_flag)
+ {
+ if (LogLevel > 5)
+ sm_syslog(LOG_INFO, e->e_id,
+ "%s: Possible SMTP RCPT flood, shutting down connection.",
+ CurSmtpClient);
+ message("421 4.7.0 %s Too many bad recipients; closing connection",
+ MyHostName);
+
+ /* arrange to ignore any current send list */
+ e->e_sendqueue = NULL;
+ goto doquit;
+ }
+ }
+#endif /* _FFR_BADRCPT_SHUTDOWN */
if (BadRcptThrottle > 0 &&
n_badrcpts >= BadRcptThrottle)
{
--------------010104040106000203040001--