svn commit: r496779 - head/mail/sendmail/files

[Dirk Meyer]

Author: dinoex
Date: Sun Mar 24 20:35:45 2019
New Revision: 496779
URL: https://svnweb.freebsd.org/changeset/ports/496779

Log:
  - additional blacklisting for frequent useless connections
  PR:		236605
  Submitted by:	Helge Oldach

Modified:
  head/mail/sendmail/files/patch-srvrsmtp.c

Modified: head/mail/sendmail/files/patch-srvrsmtp.c
==============================================================================
--- head/mail/sendmail/files/patch-srvrsmtp.c	Sun Mar 24 20:34:58 2019	(r496778)
+++ head/mail/sendmail/files/patch-srvrsmtp.c	Sun Mar 24 20:35:45 2019	(r496779)
@@ -1,6 +1,16 @@
 --- sendmail/srvrsmtp.c.orig	2015-03-18 11:47:12 UTC
 +++ sendmail/srvrsmtp.c
-@@ -1328,6 +1328,7 @@ smtp(nullserver, d_flags, e)
+@@ -831,6 +831,9 @@ smtp(nullserver, d_flags, e)
+ #if _FFR_BADRCPT_SHUTDOWN
+ 	int n_badrcpts_adj;
+ #endif /* _FFR_BADRCPT_SHUTDOWN */
++#ifdef USE_BLACKLIST
++	int saved_bl_fd;
++#endif
+ 
+ 	SevenBitInput_Saved = SevenBitInput;
+ 	smtp.sm_nrcpts = 0;
+@@ -1328,6 +1331,7 @@ smtp(nullserver, d_flags, e)
  					  (int) tp.tv_sec +
  						(tp.tv_usec >= 500000 ? 1 : 0)
  					 );
@@ -8,7 +18,18 @@
  			}
  		}
  	}
-@@ -1721,8 +1722,11 @@ smtp(nullserver, d_flags, e)
+@@ -1421,6 +1425,10 @@ smtp(nullserver, d_flags, e)
+ 		SmtpPhase = "server cmd read";
+ 		sm_setproctitle(true, e, "server %s cmd read", CurSmtpClient);
+ 
++#ifdef USE_BLACKLIST
++		saved_bl_fd = dup(sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL));
++#endif
++
+ 		/* handle errors */
+ 		if (sm_io_error(OutChannel) ||
+ 		    (p = sfgets(inp, sizeof(inp), InChannel,
+@@ -1721,8 +1729,11 @@ smtp(nullserver, d_flags, e)
  			}
  			else
  			{
@@ -20,7 +41,7 @@
  				if (LogLevel > 9)
  					sm_syslog(LOG_WARNING, e->e_id,
  						  "AUTH failure (%s): %s (%d) %s, relay=%.100s",
-@@ -1867,6 +1871,9 @@ smtp(nullserver, d_flags, e)
+@@ -1867,6 +1878,9 @@ smtp(nullserver, d_flags, e)
  			DELAY_CONN("AUTH");
  			if (!sasl_ok || n_mechs <= 0)
  			{
@@ -30,7 +51,25 @@
  				message("503 5.3.3 AUTH not available");
  				break;
  			}
-@@ -3523,7 +3530,10 @@ doquit:
+@@ -3462,10 +3476,17 @@ doquit:
+ 				**  timeouts for the same connection.
+ 				*/
+ 
++#ifdef USE_BLACKLIST
++				/* no immediate BLACKLIST_ABUSIVE_BEHAVIOR */
++				BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, saved_bl_fd, "no command issued");
++#endif
+ 				sm_syslog(LOG_INFO, e->e_id,
+ 					  "%s did not issue MAIL/EXPN/VRFY/ETRN during connection to %s",
+ 					  CurSmtpClient, d);
+ 			}
++#ifdef USE_BLACKLIST
++			close(saved_bl_fd);
++#endif
+ 			if (tTd(93, 100))
+ 			{
+ 				/* return to handle next connection */
+@@ -3523,7 +3544,10 @@ doquit:
  #if MAXBADCOMMANDS > 0
  			if (++n_badcmds > MAXBADCOMMANDS)
  			{
@@ -41,3 +80,13 @@
  				message("421 4.7.0 %s Too many bad commands; closing connection",
  					MyHostName);
  
+@@ -3575,6 +3599,9 @@ doquit:
+ #if SASL
+ 		}
+ #endif /* SASL */
++#ifdef USE_BLACKLIST
++		close(saved_bl_fd);
++#endif
+ 	    }
+ 	    SM_EXCEPT(exc, "[!F]*")
+ 	    {