/[pkg-listmaster]/trunk/gandalf/gandalf

Diff of /trunk/gandalf/gandalf

Parent Directory | Revision Log | View Patch Patch

-revision 9 by don,
Sun Sep  9 12:00:33 2007 UTC
+revision 10 by don,
Sun Sep  9 14:40:38 2007 UTC
 Line 43 
 use Pod::Usage;
  =head1 NAME
- greylist-tng.pl - weighted greylisting based on information we can obtain
+ gandalf - weighted greylisting based on information we can obtain
-                   before DATA stage of the SMTP process.
+           before DATA stage of the SMTP process.
  =head1 SYNOPSIS
-  [options]
+  gandalf [options]
   Options:
-   --debug, -d debugging level (Default 0)
+   --daemonize, -d daemonize (default)
+   --pidfile location of pidfile (/var/run/gandalf/gandalf.pid)
+   --socket location of socket (/var/run/gandalf/gandalf.sock)
+   --host host/port to use for tcp sockets
+   --max-connections maximum connections to allow per socket
+   --pidlock lockfile for pid (pidfile.lock)
+   --verbose, -v verbosity level (Default 0)
+   --debug, -D debugging level (Default 0)
    --help, -h display this help
    --man, -m display manual
-Line 59 
 greylist-tng.pl - weighted greylisting b
+Line 66 
 greylist-tng.pl - weighted greylisting b
  =over
- =item B<--debug, -d>
+ =item B<--daemonize,-d>
+ Whether to daemonize (default). --no-daemonize to disable
+ =item B<--pidfile>
+ Pidfile location; defaults to /var/run/gandalf/gandalf.pid
+ =item B<--socket>
+ Socket location; defaults to /var/run/gandalf/gandalf.sock if no other
+ socket or host is specified.
+ =item B<--host>
+ Host to listen on; specified as hostname:portnum (or ip:portnum).
+ =item B<--max-connections>
+ Maximum connections to allow to tcp ports; defaults to 30.
+ =item B<--pidlock>
+ Lockfile for the pidfile; defaults to the location of the pidfile with
+ .lock appended.
+ =item B<--debug, -D>
  Debug verbosity. (Default 0)
-Line 79 
 Display this manual.
+Line 112 
 Display this manual.
  =cut
- use Fcntl;
+ use Fcntl qw(:flock);
  #use BerkeleyDB;
  use Digest::MD5 qw(md5 md5_hex);
  use IO::Socket::INET;
+ use IO::Socket::UNIX;
  use IO::Select;
+ use IO::File;
  use Net::DNS;
- use POSIX;
+ use POSIX qw(strftime setsid);
  use Sys::Syslog qw(:DEFAULT setlogsock);
  use Params::Validate qw(:types validate_with);
-Line 95 
 use List::Util qw(first);
+Line 130 
 use List::Util qw(first);
  use constant {BAD => 0, GOOD => 1};
  use vars qw($DEBUG);
  my %options = (debug           => 0,
                 help            => 0,
                 man             => 0,
+                verbose         => 0,
+                daemonize       => 1,
+                pidfile         => '/var/run/gandalf/gandalf.pid',
+                pidlock         => undef,
+                socket          => [],
+                host            => [],
+                max_connections => 30,
                 );
- GetOptions(\%options,'debug|d+','help|h|?','man|m');
+ GetOptions(\%options,'debug|D+','help|h|?','man|m',
+            'verbose|v+',
+            'daemonize|daemon|d!',
+            'pidfile=s',
+            'pidlock=s',
+            'max_connections|max-connections=s',
+            'host=s@',
+            'socket=s@',
+           );
+ if (not defined $options{pidlock}) {
+      $options{pidlock} = $options{pidfile}.'.lock';
+ }
+ if (not @{$options{socket}} and
+     not @{$options{host}}) {
+      push @{$options{socket}},'/var/run/gandalf/gandalf.sock';
+ }
  pod2usage() if $options{help};
  pod2usage({verbose=>2}) if $options{man};
  $DEBUG = $options{debug};
+ if ($options{daemonize}) {
+      my $pidfh;
+      if ($options{pidfile}) {
+           my $pidlock = new IO::File->new($options{pidlock},'w') or
+                die "Unable to open pidlock $options{pidlock} for writing: $!";
+           flock($pidlock,LOCK_EX) or
+                die "Unable to lock pidlock $options{pidlock}: $!";
+           if (-e $options{pidfile}) {
+                $pidfh = IO::File->new($options{pidfile},'r') or
+                     die "Unable to open pidfile $options{pidfile} for reading: $!";
+                local $/;
+                my $pid = <$pidfh>;
+                ($pid) = $pid =~ /(\d+)/;
+                if (defined $pid and kill(0,$pid)) {
+                     print STDERR "Copy of $0 running with pid $pid (pidfile: $options{pidfile})";
+                     unlink($options{pidlock});
+                     undef $pidlock;
+                     exit 1;
+                }
+                close $pidfh;
+                unlink ($options{pidfile}) or
+                     die "Unable to unlink stale pidfile $options{pidfile}: $!";
+           }
+           $pidfh = IO::File->new($options{pidfile},'w') or
+                die "Unable to open $options{pidfile} for writing: $!";
+      }
+      # daemonize
+      chdir '/' or die "Can't chdir to /: $!";
+      open STDIN, '/dev/null' or die "Can't read /dev/null: $!";
+      open STDOUT, '>/dev/null'
+           or die "Can't write to /dev/null: $!";
+      defined(my $pid = fork) or die "Can't fork: $!";
+      exit if $pid;
+      setsid or die "Can't start a new session: $!";
+      if (defined $pidfh) {
+           print {$pidfh} $$ or die "Unable to write to pidfile $options{pidfile}: $!";
+           close $pidfh or die "Unable to close pidfile $options{pidfile}: $!";
+      }
+      open STDERR, '>&STDOUT' or die "Can't dup stdout: $!";
+ }
  my $tcp_port            = 10025;
  my $bind_address        = "localhost";
-Line 582 
 sub handle_message{
+Line 682 
 sub handle_message{
       # announce decision
  }
- sub parse_input($) {
+ # sub parse_input($) {
-     my $attr = shift();
+ #     my $attr = shift();
-     my $response;
+ #     my $response;
-     my $score=0;
+ #     my $score=0;
+ #
-     if (defined(read_database($attr))) {
+ #     if (defined(read_database($attr))) {
-         $response = read_database($attr);
+ #       $response = read_database($attr);
-         if ($response) {
+ #       if ($response) {
-             return "dunno";
+ #           return "dunno";
-         } else {
+ #       } else {
-             return "defer_if_permit Service temporarily unavailable";
+ #           return "defer_if_permit Service temporarily unavailable";
-         }
+ #       }
-     } else {
+ #     } else {
-         # Test: Is client's IP listed in some RBL lists?
+ #       # Test: Is client's IP listed in some RBL lists?
-         $score = $score + test_rbldns($attr->{client_address});
+ #       $score = $score + test_rbldns($attr->{client_address});
+ #
-         # Test: Is sender listed in some RH RBL lists?
+ #       # Test: Is sender listed in some RH RBL lists?
-         $score = $score + test_rhrbldns($attr->{sender});
+ #       $score = $score + test_rhrbldns($attr->{sender});
+ #
-         # Test: is HELO numeric?
+ #       # Test: is HELO numeric?
-         if (test_helo_numeric($attr->{helo_name})) {
+ #       if (test_helo_numeric($attr->{helo_name})) {
-             $score = $score + $helo_numeric_score[BAD];
+ #           $score = $score + $helo_numeric_score[BAD];
-         } else {
+ #       } else {
-             # Test: Reverse IP == HELO check?
+ #           # Test: Reverse IP == HELO check?
-             $score = $score + test_helo_reverse($attr->{helo_name}, $attr->{reverse_client_name});
+ #           $score = $score + test_helo_reverse($attr->{helo_name}, $attr->{reverse_client_name});
-         }
+ #       }
+ #
-         if ($client_seems_dialup == 1) {
+ #       if ($client_seems_dialup == 1) {
-             $score = $score + test_helo_seems_dialup($attr->{helo_name});
+ #           $score = $score + test_helo_seems_dialup($attr->{helo_name});
-         }
+ #       }
+ #
-         # Test: is our mail coming from a potential daemon?
+ #       # Test: is our mail coming from a potential daemon?
-         $score = $score + test_sender_anonymous($attr->{sender});
+ #       $score = $score + test_sender_anonymous($attr->{sender});
+ #
-         # Test: is our mail coming from a domain with SPF records?
+ #       # Test: is our mail coming from a domain with SPF records?
-         $score = $score + test_sender_spf($attr->{sender});
+ #       $score = $score + test_sender_spf($attr->{sender});
+ #
-         if ($score > $cutoff) {
+ #       if ($score > $cutoff) {
-             write_database($attr);
+ #           write_database($attr);
-             return "defer_if_permit Service temporarily unavailable";
+ #           return "defer_if_permit Service temporarily unavailable";
-         } else {
+ #       } else {
-             return "PREPEND X-Greylisting: score is $score";
+ #           return "PREPEND X-Greylisting: score is $score";
-         }
+ #       }
+ #
-     }
+ #     }
+ #
+ #     # no strict 'refs';
+ #     # $response = weighted_check->(attr=>\%attr);
+ # }
-     # no strict 'refs';
+ $SIG{INT} = \&cleanup;
-     # $response = weighted_check->(attr=>\%attr);
- }
  sub main {
-     my $tcp_socket = IO::Socket::INET->new(
+      # Create the sockets
-         Proto       => 'tcp',
+      my @sockets;
-         LocalHost   => $bind_address,
+      # handle unix sockets
-         LocalPort   => $tcp_port,
+      for my $socket_file (@{$options{socket}}) {
-         Listen      => $max_connection,
+           my $socket =
-         Reuse       => 1) or
+                IO::Socket::UNIX->new(#Type => SOCK_STREAM,
-     die "master: bind $tcp_port: $@ $!";
+                                      Local => $socket_file,
+                                      Listen => 1,
-     my $env = BerkeleyDB::Env->new(
+                                     )
-         -Home       => $dbdir,
+                          or die "Unable to create socket for $socket_file";
-         -Flags      => DB_CREATE|DB_RECOVER|DB_INIT_TXN|DB_INIT_MPOOL|DB_INIT_LOG,
+           push @sockets,$socket;
-     ) or die "ERROR: can't create DB environment: $!\n";
+      }
+      for my $socket_host (@{$options{host}}) {
-     tie %db, 'BerkeleyDB::Btree',
+           # figure out hostname/port
-         -Filename   => $dbname,
+           my ($host,$port) = $socket_host =~ /(.+)\:(\d+)$/;
-         -Flags      => DB_CREATE,
+           if (not defined $host or not defined $port) {
-         -Env        => $env,
+                die "Socket host $socket_host not foohost:23 format";
-     or die "ERROR: can't create database $dbdir/$dbname: $!\n";
+           }
+           my $socket =
-     my %attr;
+                IO::Socket::INET->new(Proto       => 'tcp',
-     # FIXME: catch TCPSocketInUseExeption e
+                                      LocalHost   => $host,
-     my $read_set = new IO::Select();
+                                      LocalPort   => $port,
-     $read_set->add($tcp_socket);
+                                      Listen      => $options{max_connections},
-     # end FIXME
+                                      Reuse       => 1)
-     #
+                          or die "master: bind $tcp_port: $@ $!";
-     # FIXME: endless loop... grrr
+           push @sockets,$socket;
-     while (1) {
+      }
-         # get a set of readable handles (blocks until at least one handle is ready)
+      my %attr;
-         my ($rh_set) = IO::Select->select($read_set, undef, undef, 0);
+      # FIXME: catch TCPSocketInUseExeption e
+      my $read_set = IO::Select->new() or
+           die "Unable to create IO::Select";
+      $read_set->add(@sockets);
+      my %listen_sockets;
+      # keep track of which sockets are listen sockets
+      @listen_sockets{@sockets} = (1) x @sockets;
+      # end FIXME
+      #
+      my %request_sockets;
+      # FIXME: endless loop... grrr
+      my @reads;
+      # get a set of readable handles (blocks until at least one handle is ready)
+      while (@reads = $read_set->can_read()) {
          # take all readable handles in turn
-         foreach my $rh (@$rh_set) {
+         foreach my $rh (@reads) {
              # if it is the main socket then we have an incoming connection and
-             # we should accept() it and then add the new socket to the $read_set
+              # we should accept() it and then add the new socket to the $read_set
-             if ($rh == $tcp_socket) {
+             if ($listen_sockets{$rh}) {
                  my $ns = $rh->accept();
                  $read_set->add($ns);
+                 $request_sockets{$ns} = {};
              } else {
                  # otherwise it is an ordinary socket and we should read and process the request
                  my $buf = <$rh>;
-Line 678 
 sub main {
+Line 794 
 sub main {
                          # we get a newline, no more information will come from
                          # postfix for this mail
                          # postfix now waits for my answer
-                         if (%attr) {
+                         if ($request_sockets{$rh}{variables}) {
-                             if ($verbose) {
+                             if ($options{verbose}) {
-                                 for (keys %attr) {
+                                  while (my ($key,$value) =
-                                     syslog $syslog_priority, "Key: %s, Value: %s", $_, $attr{$_};
+                                         each %{$request_sockets{$rh}{variables}}
-                                 }
+                                        ) {
+                                       syslog $syslog_priority, "Key: %s, Value: %s", $key,$value;
+                                  }
                              }
-                             my $action = parse_input(\%attr);
+                             #my $action = parse_input(\%attr);
+                             my $action = "PREPEND X-Greylisting: disabled";
+                             print STDERR "Handled $action\n";
                              $rh->send("action=".$action."\r\n");
                              $rh->send("\r\n");
-                             %attr=();
+                             delete $request_sockets{$rh}{variables};
                          }
                      } elsif ( $buf =~ /([^=]+)=(.*)\r\n/ ) {
                          # we get valid input from postfix
-                         $attr{substr($1, 0, 512)} = substr($2, 0, 512);
+                         $request_sockets{$rh}{variables}{substr($1, 0, 512)} = substr($2, 0, 512);
                      } else {
                          syslog $syslog_priority, "warning: ignoring garbage: %.100s", $buf;
                      }
-Line 703 
 sub main {
+Line 823 
 sub main {
              }
          }
      }
-     untie %db;
  }
  main();
+ sub cleanup {
+      print STDERR "got sig int\n";
+      exit 0;
+ }
+ END {
+      for my $socket_file (@{$options{socket}}) {
+           print STDERR "unlinking $socket_file\n";
+           unlink($socket_file) if -e $socket_file;
+      }
+ }
  __END__

 Legend:



Removed from v.9
 


changed lines


 
Added in v.10
 Legend:



Removed from v.9
 


changed lines


 
Added in v.10
-Removed from v.9
+Added in v.10

	ViewVC Help
Powered by ViewVC 1.1.5