use 5.20.0;
our $VERSION = '3.20241024';
use Sereal qw{encode_sereal decode_sereal};our $TestResolver;
sub new {
my ( $class, $thischild ) = @_;
my $self = {
'thischild' => $thischild,
};
bless $self, $class;
return $self;
}
sub get_version {
my ( $self ) = @_;
{
no strict 'refs';
return ${ ref( $self ) . "::VERSION" } // 'unknown';
}
}
sub get_json {
my ( $self, $file ) = @_;
my $basefile = __FILE__;
$basefile =~ s/Handler\.pm$/Handler\/$file/;
$basefile .= '.json';
if ( ! -e $basefile ) {
die 'json file ' . $file . ' not found';
}
open my $InF, '<', $basefile;
my @Content = <$InF>;
close $InF;
return join( q{}, @Content );
}
sub metric_register {
my ( $self, $id, $help ) = @_;
$self->{'thischild'}->{'metric'}->register( $id, $help, $self->{'thischild'} );
}
sub metric_count {
my ( $self, $count_id, $labels, $count ) = @_;
$labels = {} if ! defined $labels;
$count = 1 if ! defined $count;
my $metric = $self->{'thischild'}->{'metric'};
$metric->set_handler( $self );
$metric->count({
'count_id' => $count_id,
'labels' => $labels,
'server' => $self->{'thischild'},
'count' => $count,
});
$metric->set_handler( undef );
}
sub metric_set {
my ( $self, $gauge_id, $labels, $value ) = @_;
$labels = {} if ! defined $labels;
die 'Must set value in metric_set call' if ! defined $value;
my $metric = $self->{'thischild'}->{'metric'};
$metric->set_handler( $self );
$metric->set({
'gauge_id' => $gauge_id,
'labels' => $labels,
'server' => $self->{'thischild'},
'value' => $value,
});
$metric->set_handler( undef );
}
sub metric_send {
my ( $self ) = @_;
}
sub rbl_check_ip {
my ( $self, $ip, $list ) = @_;
my $lookup_ip;
if ( $ip->version() == 4 ) {
$lookup_ip = join( '.', reverse( split( /\./, $ip->ip() ) ) );
}
elsif ( $ip->version() == 6 ) {
my $ip_string = $ip->ip();
$ip_string =~ s/://g;
$lookup_ip = join( '.', reverse( split( '', $ip_string ) ) );
}
return 0 if ! $lookup_ip;
return $self->rbl_check_domain( $lookup_ip, $list );
}
sub rbl_check_domain {
my ( $self, $domain, $list ) = @_;
my $resolver = $self->get_object( 'resolver' );
my $lookup = join( '.', $domain, $list );
my $packet = $resolver->query( $lookup, 'A' );
if ($packet) {
foreach my $rr ( $packet->answer ) {
if ( lc $rr->type eq 'a' ) {
return $rr->address();
}
}
}
return 0;
}
sub rbl_check_email_address {
my ( $self, $email_address, $list ) = @_;
$email_address = lc $email_address;
$email_address =~ s/\+.*@/@/;
my $entry_hash = sha1_hex($email_address);
my $resolver = $self->get_object( 'resolver' );
my $lookup = join( '.', $entry_hash, $list );
my $packet = $resolver->query( $lookup, 'A' );
if ($packet) {
foreach my $rr ( $packet->answer ) {
if ( lc $rr->type eq 'a' ) {
return $rr->address();
}
}
}
return 0;
}
sub get_microseconds {
return int(Time::HiRes::time * 1000000);
}
sub get_microseconds_since {
my ( $self, $since ) = @_;
my $now = $self->get_microseconds();
my $elapsed = $now - $since;
$elapsed = 1 if $elapsed == 0;
return $elapsed;
}
sub register_metrics {
return {
'connect_total' => 'The number of connections made to authentication milter',
'callback_error_total' => 'The number of errors in callbacks',
'time_microseconds_total' => 'The time in microseconds spent in various handlers',
};
}
sub top_dequeue_callback {
my ( $self ) = @_;
$self->status('dequeue');
$self->set_symbol('C','i','DEQUEUE.'.substr( uc md5_hex( "Authentication Milter Client $PID " . time() . rand(100) ) , -11 ));
$self->dbgout( 'CALLBACK', 'Dequeue', LOG_DEBUG );
my $config = $self->config();
eval {
local $SIG{'ALRM'} = sub{ die Mail::Milter::Authentication::Exception->new({ 'Type' => 'Timeout', 'Text' => 'Dequeue callback timeout' }) };
if ( my $timeout = $self->get_type_timeout( 'dequeue' ) ) {
$self->set_alarm( $timeout );
}
my $callbacks = $self->get_callbacks( 'dequeue' );
foreach my $handler ( @$callbacks ) {
$self->dbgout( 'CALLBACK', 'Dequeue ' . $handler, LOG_DEBUG );
my $start_time = $self->get_microseconds();
$self->get_handler($handler)->dequeue_callback();
$self->dbgoutwrite();
$self->metric_count( 'time_microseconds_total', { 'callback' => 'dequeue', 'handler' => $handler }, $self->get_microseconds_since( $start_time ) );
}
$self->set_alarm(0);
};
if ( my $error = $@ ) {
if ( my $type = $self->is_exception_type( $error ) ) {
$self->metric_count( 'callback_error_total', { 'stage' => 'dequeue', 'type' => $type } );
}
else {
$self->metric_count( 'callback_error_total', { 'stage' => 'dequeue' } );
}
}
$self->dbgoutwrite();
$self->status('postdequeue');
}
sub top_setup_callback {
my ( $self ) = @_;
$self->status('setup');
$self->dbgout( 'CALLBACK', 'Setup', LOG_DEBUG );
$self->set_return( $self->smfis_continue() );
my $callbacks = $self->get_callbacks( 'setup' );
foreach my $handler ( @$callbacks ) {
$self->dbgout( 'CALLBACK', 'Setup ' . $handler, LOG_DEBUG );
my $start_time = $self->get_microseconds();
$self->get_handler($handler)->setup_callback();
$self->metric_count( 'time_microseconds_total', { 'callback' => 'setup', 'handler' => $handler }, $self->get_microseconds_since( $start_time ) );
}
$self->status('postsetup');
}
sub is_exception_type {
my ( $self, $exception ) = @_;
return if ! defined $exception;
return if ! $exception;
return if ref $exception ne 'Mail::Milter::Authentication::Exception';
my $Type = $exception->{ 'Type' } || 'Unknown';
return $Type;
}
sub handle_exception {
my ( $self, $exception ) = @_;
return if ! defined $exception;
my $Type = $self->is_exception_type( $exception );
return if ! $Type;
die $exception if $Type eq 'Timeout';
}
sub get_time_remaining {
my ( $self ) = @_;
my $top_handler = $self->get_top_handler();
return if ! exists $top_handler->{ 'timeout_at' };
my $now = $self->get_microseconds();
my $remaining = $top_handler->{ 'timeout_at' } - $now;
return $remaining;
}
sub set_alarm {
my ( $self, $microseconds ) = @_;
my $top_handler = $self->get_top_handler();
$self->dbgout( 'Timeout set', $microseconds, LOG_DEBUG );
ualarm( $microseconds );
if ( $microseconds == 0 ) {
delete $top_handler->{ 'timeout_at' };
}
else {
$top_handler->{ 'timeout_at' } = $self->get_microseconds() + ( $microseconds );
}
}
sub set_handler_alarm {
my ( $self, $microseconds ) = @_;
my $remaining = $self->get_time_remaining();
if ( $remaining < $microseconds ) {
$self->dbgout( 'Handler timeout set (remaining used)', $remaining, LOG_DEBUG );
ualarm( $remaining );
}
else {
$self->dbgout( 'Handler timeout set', $microseconds, LOG_DEBUG );
ualarm( $microseconds );
}
}
sub reset_alarm {
my ( $self ) = @_;
my $remaining = $self->get_time_remaining();
$self->dbgout( 'Timeout reset', $remaining, LOG_DEBUG );
if ( $remaining < 1 ) {
die Mail::Milter::Authentication::Exception->new({ 'Type' => 'Timeout', 'Text' => 'Reset check timeout' });
}
ualarm( $remaining );
}
sub clear_overall_timeout {
my ( $self ) = @_;
$self->dbgout( 'Overall timeout', 'Clear', LOG_DEBUG );
my $top_handler = $self->get_top_handler();
delete $top_handler->{ 'overall_timeout' };
}
sub set_overall_timeout {
my ( $self, $microseconds ) = @_;
my $top_handler = $self->get_top_handler();
$self->dbgout( 'Overall timeout', $microseconds, LOG_DEBUG );
$top_handler->{ 'overall_timeout' } = $self->get_microseconds() + $microseconds;
}
sub get_type_timeout {
my ( $self, $type ) = @_;
my @log;
push @log, "Type: $type";
my $effective;
my $timeout;
my $config = $self->config();
if ( $config->{ $type . '_timeout' } ) {
$timeout = $config->{ $type . '_timeout' } * 1000000;
$effective = $timeout;
push @log, "Section: $timeout";
}
my $remaining;
my $top_handler = $self->get_top_handler();
if ( my $overall_timeout = $top_handler->{ 'overall_timeout' } ) {
my $now = $self->get_microseconds();
$remaining = $overall_timeout - $now;
push @log, "Overall: $remaining";
if ( $remaining < 1 ) {
push @log, "Overall Timedout";
$remaining = 10;
}
}
if ( $remaining ) {
if ( $timeout ) {
if ( $remaining < $timeout ) {
$effective = $remaining;
}
}
else {
$effective = $remaining;
}
}
push @log, "Effective: $effective" if $effective;
$self->dbgout( 'Timeout set', join( ', ', @log ), LOG_DEBUG );
return $effective;
}
sub check_timeout {
my ( $self ) = @_;
my $top_handler = $self->get_top_handler();
return if ! exists $top_handler->{ 'timeout_at' };
return if $top_handler->{ 'timeout_at' } >= $self->get_microseconds();
delete $top_handler->{ 'timeout_at' };
ualarm( 0 );
die Mail::Milter::Authentication::Exception->new({ 'Type' => 'Timeout', 'Text' => 'Manual check timeout' });
}
sub _remap_ip_and_helo {
my ( $self ) = @_;
my $config = $self->config();
if ( exists ( $config->{ 'ip_map' } ) ) {
my $ip_object = $self->{ 'raw_ip_object' };
my $helo_host = $self->{'raw_helo_name'};
foreach my $ip_map ( sort keys %{ $config->{ 'ip_map' } } ) {
my $map_obj = Net::IP->new( $ip_map );
if ( !$map_obj ) {
$self->log_error( 'Core: Could not parse IP '.$ip_map );
}
else {
my $is_overlap = $ip_object->overlaps($map_obj) || 0;
if (
$is_overlap == $IP_A_IN_B_OVERLAP
|| $is_overlap == $IP_B_IN_A_OVERLAP
|| $is_overlap == $IP_PARTIAL_OVERLAP
|| $is_overlap == $IP_IDENTICAL
)
{
my $mapped_to = $config->{ 'ip_map' }->{ $ip_map };
if ( $helo_host && exists $mapped_to->{helo_map} && exists $mapped_to->{helo_map}->{ $helo_host } ) {
$mapped_to = $mapped_to->{helo_map}->{ $helo_host };
return {
ip => Net::IP->new( $mapped_to->{ip} ),
helo => $mapped_to->{helo},
};
}
else {
return {
ip => Net::IP->new( $mapped_to->{ip} ),
helo => $mapped_to->{helo},
};
}
}
}
}
}
}
sub remap_connect_callback {
my ( $self, $hostname, $ip ) = @_;
$self->{'raw_ip_object'} = $ip;
my $ip_remap = $self->_remap_ip_and_helo();
if ( $ip_remap ) {
if ( !$ip_remap->{ip} ) {
$self->log_error( 'Core: Ignored bad IP in remapping' );
}
else {
$ip = $ip_remap->{ip};
$self->dbgout( 'RemappedConnect', $self->{'raw_ip_object'}->ip() . ' > ' . $ip->ip(), LOG_DEBUG );
}
}
$self->{'ip_object'} = $ip;
}
sub top_metrics_callback {
my ( $self ) = @_;
my $callbacks = $self->get_callbacks( 'metrics' );
foreach my $handler ( @$callbacks ) {
$self->dbgout( 'CALLBACK', 'Metrics ' . $handler, LOG_DEBUG );
eval{ $self->get_handler($handler)->metrics_callback(); };
if ( my $error = $@ ) {
$self->handle_exception( $error );
$self->log_error( 'Metrics callback error ' . $error );
}
};
}
sub top_connect_callback {
my ( $self, $hostname, $ip ) = @_;
$self->metric_count( 'connect_total' );
$self->status('connect');
$self->dbgout( 'CALLBACK', 'Connect', LOG_DEBUG );
$self->set_return( $self->smfis_continue() );
$self->clear_reject_mail();
$self->clear_defer_mail();
$self->clear_quarantine_mail();
my $config = $self->config();
eval {
local $SIG{'ALRM'} = sub{ die Mail::Milter::Authentication::Exception->new({ 'Type' => 'Timeout', 'Text' => 'Connect callback timeout' }) };
if ( my $timeout = $self->get_type_timeout( 'connect' ) ) {
$self->set_alarm( $timeout );
}
$self->dbgout( 'ConnectFrom', $ip->ip(), LOG_DEBUG );
my $callbacks = $self->get_callbacks( 'connect' );
foreach my $handler ( @$callbacks ) {
$self->dbgout( 'CALLBACK', 'Connect ' . $handler, LOG_DEBUG );
my $start_time = $self->get_microseconds();
eval{ $self->get_handler($handler)->connect_callback( $hostname, $ip ); };
if ( my $error = $@ ) {
$self->handle_exception( $error );
$self->exit_on_close( 'Connect callback error ' . $error );
$self->tempfail_on_error();
$self->metric_count( 'callback_error_total', { 'stage' => 'connect', 'handler' => $handler } );
}
$self->metric_count( 'time_microseconds_total', { 'callback' => 'connect', 'handler' => $handler }, $self->get_microseconds_since( $start_time ) );
$self->check_timeout();
}
$self->set_alarm(0);
};
if ( my $error = $@ ) {
if ( my $type = $self->is_exception_type( $error ) ) {
$self->metric_count( 'callback_error_total', { 'stage' => 'connect', 'type' => $type } );
$self->exit_on_close( 'Connect callback error ' . $type . ' - ' . $error->{ 'Text' } );
}
else {
$self->metric_count( 'callback_error_total', { 'stage' => 'connect' } );
$self->exit_on_close( 'Connect callback error ' . $error );
}
$self->tempfail_on_error();
}
$self->status('postconnect');
return $self->get_return();
}
sub remap_helo_callback {
my ( $self, $helo_host ) = @_;
if ( !( $self->{'helo_name'} ) ) {
$self->{'raw_helo_name'} = $helo_host;
my $ip_remap = $self->_remap_ip_and_helo();
if ( $ip_remap ) {
my $ip = $ip_remap->{ip};
if ( $self->{'ip_object'}->ip() ne $ip_remap->{ip}->ip() ) {
$self->{'ip_object'} = $ip;
$self->dbgout( 'RemappedConnectHELO', $self->{'ip_object'}->ip() . ' > ' . $ip->ip(), LOG_DEBUG );
}
$helo_host = $ip_remap->{helo};
$self->dbgout( 'RemappedHELO', $self->{'raw_helo_name'} . ' > ' . $helo_host, LOG_DEBUG );
}
$self->{'helo_name'} = $helo_host;
}
}
sub top_helo_callback {
my ( $self, $helo_host ) = @_;
$self->status('helo');
$self->dbgout( 'CALLBACK', 'Helo', LOG_DEBUG );
$self->set_return( $self->smfis_continue() );
$helo_host = q{} if ! defined $helo_host;
my $config = $self->config();
eval {
local $SIG{'ALRM'} = sub{ die Mail::Milter::Authentication::Exception->new({ 'Type' => 'Timeout', 'Text' => 'HELO callback timeout' }) };
if ( my $timeout = $self->get_type_timeout( 'command' ) ) {
$self->set_alarm( $timeout );
}
if ( !( $self->{'seen_helo_name'} ) ) {
$self->{'seen_helo_name'} = $helo_host;
my $callbacks = $self->get_callbacks( 'helo' );
foreach my $handler ( @$callbacks ) {
$self->dbgout( 'CALLBACK', 'Helo ' . $handler, LOG_DEBUG );
my $start_time = $self->get_microseconds();
eval{ $self->get_handler($handler)->helo_callback($helo_host); };
if ( my $error = $@ ) {
$self->handle_exception( $error );
$self->exit_on_close( 'HELO callback error ' . $error );
$self->tempfail_on_error();
$self->metric_count( 'callback_error_total', { 'stage' => 'helo', 'handler' => $handler } );
}
$self->metric_count( 'time_microseconds_total', { 'callback' => 'helo', 'handler' => $handler }, $self->get_microseconds_since( $start_time ) );
$self->check_timeout();
}
}
else {
$self->dbgout('Multiple HELO callbacks detected and ignored', $self->{'seen_helo_name'} . ' / ' . $helo_host, LOG_DEBUG );
}
$self->set_alarm(0);
};
if ( my $error = $@ ) {
if ( my $type = $self->is_exception_type( $error ) ) {
$self->metric_count( 'callback_error_total', { 'stage' => 'helo', 'type' => $type } );
$self->exit_on_close( 'HELO error ' . $type . ' - ' . $error->{ 'Text' } );
}
else {
$self->metric_count( 'callback_error_total', { 'stage' => 'helo' } );
$self->exit_on_close( 'HELO callback error ' . $error );
}
$self->tempfail_on_error();
}
$self->status('posthelo');
return $self->get_return();
}
sub top_envfrom_callback {
my ( $self, $env_from, @params ) = @_;
$self->status('envfrom');
$self->dbgout( 'CALLBACK', 'EnvFrom', LOG_DEBUG );
$self->set_return( $self->smfis_continue() );
$env_from = q{} if ! defined $env_from;
my $config = $self->config();
eval {
local $SIG{'ALRM'} = sub{ die Mail::Milter::Authentication::Exception->new({ 'Type' => 'Timeout', 'Text' => 'EnvFrom callback timeout' }) };
if ( my $timeout = $self->get_type_timeout( 'command' ) ) {
$self->set_alarm( $timeout );
}
delete $self->{'auth_headers'};
delete $self->{'pre_headers'};
delete $self->{'add_headers'};
delete $self->{'suppress_error_emails'};
my $callbacks = $self->get_callbacks( 'envfrom' );
foreach my $handler ( @$callbacks ) {
$self->dbgout( 'CALLBACK', 'EnvFrom ' . $handler, LOG_DEBUG );
my $start_time = $self->get_microseconds();
eval { $self->get_handler($handler)->envfrom_callback($env_from, @params); };
if ( my $error = $@ ) {
$self->handle_exception( $error );
$self->exit_on_close( 'Env From callback error ' . $error );
$self->tempfail_on_error();
$self->metric_count( 'callback_error_total', { 'stage' => 'envfrom', 'handler' => $handler } );
}
$self->metric_count( 'time_microseconds_total', { 'callback' => 'envfrom', 'handler' => $handler }, $self->get_microseconds_since( $start_time ) );
$self->check_timeout();
}
$self->set_alarm(0);
};
if ( my $error = $@ ) {
if ( my $type = $self->is_exception_type( $error ) ) {
$self->metric_count( 'callback_error_total', { 'stage' => 'envfrom', 'type' => $type } );
$self->exit_on_close( 'Env From error ' . $type . ' - ' . $error->{ 'Text' } );
}
else {
$self->metric_count( 'callback_error_total', { 'stage' => 'envfrom' } );
$self->exit_on_close( 'Env From callback error ' . $error );
}
$self->tempfail_on_error();
}
$self->status('postenvfrom');
return $self->get_return();
}
sub top_envrcpt_callback {
my ( $self, $env_to, @params ) = @_;
$self->status('envrcpt');
$self->dbgout( 'CALLBACK', 'EnvRcpt', LOG_DEBUG );
$self->set_return( $self->smfis_continue() );
$env_to = q{} if ! defined $env_to;
my $config = $self->config();
eval {
local $SIG{'ALRM'} = sub{ die Mail::Milter::Authentication::Exception->new({ 'Type' => 'Timeout', 'Text' => 'EnvRcpt callback timeout' }) };
if ( my $timeout = $self->get_type_timeout( 'command' ) ) {
$self->set_alarm( $timeout );
}
my $callbacks = $self->get_callbacks( 'envrcpt' );
foreach my $handler ( @$callbacks ) {
$self->dbgout( 'CALLBACK', 'EnvRcpt ' . $handler, LOG_DEBUG );
my $start_time = $self->get_microseconds();
eval{ $self->get_handler($handler)->envrcpt_callback($env_to, @params); };
if ( my $error = $@ ) {
$self->handle_exception( $error );
$self->exit_on_close( 'Env Rcpt callback error ' . $error );
$self->tempfail_on_error();
$self->metric_count( 'callback_error_total', { 'stage' => 'rcptto', 'handler' => $handler } );
}
$self->metric_count( 'time_microseconds_total', { 'callback' => 'rcptto', 'handler' => $handler }, $self->get_microseconds_since( $start_time ) );
$self->check_timeout();
}
$self->set_alarm(0);
};
if ( my $error = $@ ) {
if ( my $type = $self->is_exception_type( $error ) ) {
$self->metric_count( 'callback_error_total', { 'stage' => 'rcptto', 'type' => $type } );
$self->exit_on_close( 'Env Rcpt callback error ' . $type . ' - ' . $error->{ 'Text' } );
}
else {
$self->metric_count( 'callback_error_total', { 'stage' => 'rcptto' } );
$self->exit_on_close( 'Env Rcpt callback error ' . $error );
}
$self->tempfail_on_error();
}
$self->status('postenvrcpt');
return $self->get_return();
}
sub top_header_callback {
my ( $self, $header, $value, $original ) = @_;
$self->status('header');
$self->dbgout( 'CALLBACK', 'Header', LOG_DEBUG );
$self->set_return( $self->smfis_continue() );
$value = q{} if ! defined $value;
my $config = $self->config();
if ( $header eq 'X-Authentication-Milter-Error' && $value eq 'Generated Error Report' ) {
$self->{'suppress_error_emails'} = 1;
}
eval {
local $SIG{'ALRM'} = sub{ die Mail::Milter::Authentication::Exception->new({ 'Type' => 'Timeout', 'Text' => 'Header callback timeout' }) };
if ( my $timeout = $self->get_type_timeout( 'content' ) ) {
$self->set_alarm( $timeout );
}
if ( my $error = $@ ) {
$self->dbgout( 'inline error $error', '', LOG_DEBUG );
}
$self->{'header_metrics'} ||= {};
my $callbacks = $self->get_callbacks( 'header' );
foreach my $handler ( @$callbacks ) {
$self->dbgout( 'CALLBACK', 'Header ' . $handler, LOG_DEBUG );
my $start_time = $self->get_microseconds();
eval{ $self->get_handler($handler)->header_callback( $header, $value, $original ); };
if ( my $error = $@ ) {
$self->handle_exception( $error );
$self->exit_on_close( 'Header callback error ' . $error );
$self->tempfail_on_error();
$self->metric_count( 'callback_error_total', { 'stage' => 'header', 'handler' => $handler } );
}
$self->{'header_metrics'}->{$handler} += $self->get_microseconds_since( $start_time );
$self->check_timeout();
}
$self->set_alarm(0);
};
if ( my $error = $@ ) {
if ( my $type = $self->is_exception_type( $error ) ) {
$self->metric_count( 'callback_error_total', { 'stage' => 'header', 'type' => $type } );
$self->exit_on_close( 'Header error ' . $type . ' - ' . $error->{ 'Text' } );
}
else {
$self->metric_count( 'callback_error_total', { 'stage' => 'header' } );
$self->exit_on_close( 'Header callback error ' . $error );
}
$self->tempfail_on_error();
}
$self->status('postheader');
return $self->get_return();
}
sub top_eoh_callback {
my ($self) = @_;
$self->status('eoh');
$self->dbgout( 'CALLBACK', 'EOH', LOG_DEBUG );
$self->set_return( $self->smfis_continue() );
my $config = $self->config();
eval {
local $SIG{'ALRM'} = sub{ die Mail::Milter::Authentication::Exception->new({ 'Type' => 'Timeout', 'Text' => 'EOH callback timeout' }) };
if ( my $timeout = $self->get_type_timeout( 'content' ) ) {
$self->set_alarm( $timeout );
}
foreach my $handler (keys %{$self->{'header_metrics'}}) {
$self->metric_count( 'time_microseconds_total', { 'callback' => 'header', 'handler' => $handler }, $self->{'header_metrics'}->{$handler} );
}
delete $self->{'header_metrics'};
my $callbacks = $self->get_callbacks( 'eoh' );
foreach my $handler ( @$callbacks ) {
$self->dbgout( 'CALLBACK', 'EOH ' . $handler, LOG_DEBUG );
my $start_time = $self->get_microseconds();
eval{ $self->get_handler($handler)->eoh_callback(); };
if ( my $error = $@ ) {
$self->handle_exception( $error );
$self->exit_on_close( 'EOH callback error ' . $error );
$self->tempfail_on_error();
$self->metric_count( 'callback_error_total', { 'stage' => 'eoh', 'handler' => $handler } );
}
$self->metric_count( 'time_microseconds_total', { 'callback' => 'eoh', 'handler' => $handler }, $self->get_microseconds_since( $start_time ) );
$self->check_timeout();
}
$self->set_alarm(0);
};
if ( my $error = $@ ) {
if ( my $type = $self->is_exception_type( $error ) ) {
$self->metric_count( 'callback_error_total', { 'stage' => 'eoh', 'type' => $type } );
$self->exit_on_close( 'EOH error ' . $type . ' - ' . $error->{ 'Text' } );
}
else {
$self->metric_count( 'callback_error_total', { 'stage' => 'eoh' } );
$self->exit_on_close( 'EOH callback error ' . $error );
}
$self->tempfail_on_error();
}
$self->dbgoutwrite();
$self->status('posteoh');
return $self->get_return();
}
sub top_body_callback {
my ( $self, $body_chunk ) = @_;
$self->status('body');
$self->dbgout( 'CALLBACK', 'Body', LOG_DEBUG );
$self->set_return( $self->smfis_continue() );
my $config = $self->config();
eval {
local $SIG{'ALRM'} = sub{ die Mail::Milter::Authentication::Exception->new({ 'Type' => 'Timeout', 'Text' => 'Body callback timeout' }) };
if ( my $timeout = $self->get_type_timeout( 'content' ) ) {
$self->set_alarm( $timeout );
}
my $callbacks = $self->get_callbacks( 'body' );
foreach my $handler ( @$callbacks ) {
$self->dbgout( 'CALLBACK', 'Body ' . $handler, LOG_DEBUG );
my $start_time = $self->get_microseconds();
eval{ $self->get_handler($handler)->body_callback( $body_chunk ); };
if ( my $error = $@ ) {
$self->handle_exception( $error );
$self->exit_on_close( 'Body callback error ' . $error );
$self->tempfail_on_error();
$self->metric_count( 'callback_error_total', { 'stage' => 'body', 'handler' => $handler } );
}
$self->metric_count( 'time_microseconds_total', { 'callback' => 'body', 'handler' => $handler }, $self->get_microseconds_since( $start_time ) );
$self->check_timeout();
}
$self->set_alarm(0);
};
if ( my $error = $@ ) {
if ( my $type = $self->is_exception_type( $error ) ) {
$self->metric_count( 'callback_error_total', { 'stage' => 'body', 'type' => $type } );
$self->exit_on_close( 'Body error ' . $type . ' - ' . $error->{ 'Text' } );
}
else {
$self->metric_count( 'callback_error_total', { 'stage' => 'body' } );
$self->exit_on_close( 'Body callback error ' . $error );
}
$self->tempfail_on_error();
}
$self->dbgoutwrite();
$self->status('postbody');
return $self->get_return();
}
sub top_eom_callback {
my ($self) = @_;
$self->status('eom');
$self->dbgout( 'CALLBACK', 'EOM', LOG_DEBUG );
$self->set_return( $self->smfis_continue() );
my $config = $self->config();
eval {
local $SIG{'ALRM'} = sub{ die Mail::Milter::Authentication::Exception->new({ 'Type' => 'Timeout', 'Text' => 'EOM callback timeout' }) };
if ( my $timeout = $self->get_type_timeout( 'content' ) ) {
$self->set_alarm( $timeout );
}
my $callbacks = $self->get_callbacks( 'eom' );
foreach my $handler ( @$callbacks ) {
$self->dbgout( 'CALLBACK', 'EOM ' . $handler, LOG_DEBUG );
my $start_time = $self->get_microseconds();
eval{ $self->get_handler($handler)->eom_callback(); };
if ( my $error = $@ ) {
$self->handle_exception( $error );
$self->exit_on_close( 'EOM callback error ' . $error );
$self->tempfail_on_error();
$self->metric_count( 'callback_error_total', { 'stage' => 'eom', 'handler' => $handler } );
}
$self->metric_count( 'time_microseconds_total', { 'callback' => 'eom', 'handler' => $handler }, $self->get_microseconds_since( $start_time ) );
$self->check_timeout();
}
$self->set_alarm(0);
};
if ( my $error = $@ ) {
if ( my $type = $self->is_exception_type( $error ) ) {
$self->metric_count( 'callback_error_total', { 'stage' => 'eom', 'type' => $type } );
$self->exit_on_close( 'EOM error ' . $type . ' - ' . $error->{ 'Text' } );
}
else {
$self->metric_count( 'callback_error_total', { 'stage' => 'eom' } );
$self->exit_on_close( 'EOM callback error ' . $error );
}
$self->tempfail_on_error();
}
$self->add_headers();
$self->dbgoutwrite();
$self->status('posteom');
return $self->get_return();
}
sub apply_policy {
}
sub top_abort_callback {
my ($self) = @_;
$self->status('abort');
$self->dbgout( 'CALLBACK', 'Abort', LOG_DEBUG );
$self->set_return( $self->smfis_continue() );
my $config = $self->config();
eval {
local $SIG{'ALRM'} = sub{ die Mail::Milter::Authentication::Exception->new({ 'Type' => 'Timeout', 'Text' => 'Abord callback timeout' }) };
if ( my $timeout = $self->get_type_timeout( 'command' ) ) {
$self->set_alarm( $timeout );
}
my $callbacks = $self->get_callbacks( 'abort' );
foreach my $handler ( @$callbacks ) {
$self->dbgout( 'CALLBACK', 'Abort ' . $handler, LOG_DEBUG );
my $start_time = $self->get_microseconds();
eval{ $self->get_handler($handler)->abort_callback(); };
if ( my $error = $@ ) {
$self->handle_exception( $error );
$self->exit_on_close( 'Abort callback error ' . $error );
$self->tempfail_on_error();
$self->metric_count( 'callback_error_total', { 'stage' => 'abort', 'handler' => $handler } );
}
$self->metric_count( 'time_microseconds_total', { 'callback' => 'abort', 'handler' => $handler }, $self->get_microseconds_since( $start_time ) );
$self->check_timeout();
}
$self->set_alarm(0);
};
if ( my $error = $@ ) {
if ( my $type = $self->is_exception_type( $error ) ) {
$self->metric_count( 'callback_error_total', { 'stage' => 'abort', 'type' => $type } );
$self->exit_on_close( 'Abort error ' . $type . ' - ' . $error->{ 'Text' } );
}
else {
$self->metric_count( 'callback_error_total', { 'stage' => 'abort' } );
$self->exit_on_close( 'Abort callback error ' . $error );
}
$self->tempfail_on_error();
}
$self->status('postabort');
return $self->get_return();
}
sub top_close_callback {
my ($self) = @_;
$self->status('close');
$self->dbgout( 'CALLBACK', 'Close', LOG_DEBUG );
$self->set_return( $self->smfis_continue() );
$self->clear_reject_mail();
$self->clear_defer_mail();
$self->clear_quarantine_mail();
my $config = $self->config();
eval {
local $SIG{'ALRM'} = sub{ die Mail::Milter::Authentication::Exception->new({ 'Type' => 'Timeout', 'Text' => 'Close callback timeout' }) };
if ( my $timeout = $self->get_type_timeout( 'command' ) ) {
$self->set_alarm( $timeout );
}
my $callbacks = $self->get_callbacks( 'close' );
foreach my $handler ( @$callbacks ) {
$self->dbgout( 'CALLBACK', 'Close ' . $handler, LOG_DEBUG );
my $start_time = $self->get_microseconds();
eval{ $self->get_handler($handler)->close_callback(); };
if ( my $error = $@ ) {
$self->handle_exception( $error );
$self->exit_on_close( 'Close callback error ' . $error );
$self->tempfail_on_error();
$self->metric_count( 'callback_error_total', { 'stage' => 'close', 'handler' => $handler } );
}
$self->metric_count( 'time_microseconds_total', { 'callback' => 'close', 'handler' => $handler }, $self->get_microseconds_since( $start_time ) );
$self->check_timeout();
my $handler_object = $self->get_handler($handler);
foreach my $key ( sort keys $handler_object->%* ) {
next if $key eq 'thischild';
$self->exit_on_close( 'Handler '.$handler.' did not clean up data for key '.$key.' in close callback' );
}
}
$self->set_alarm(0);
};
if ( my $error = $@ ) {
if ( my $type = $self->is_exception_type( $error ) ) {
$self->metric_count( 'callback_error_total', { 'stage' => 'close', 'type' => $type } );
$self->exit_on_close( 'Close error ' . $type . ' - ' . $error->{ 'Text' } );
}
else {
$self->metric_count( 'callback_error_total', { 'stage' => 'close' } );
$self->exit_on_close( 'Close callback error ' . $error );
}
$self->tempfail_on_error();
}
delete $self->{'helo_name'};
delete $self->{'seen_helo_name'};
delete $self->{'raw_helo_name'};
delete $self->{'c_auth_headers'};
delete $self->{'auth_headers'};
delete $self->{'pre_headers'};
delete $self->{'add_headers'};
delete $self->{'ip_object'};
delete $self->{'raw_ip_object'};
delete $self->{'header_metrics'};
$self->dbgoutwrite();
$self->clear_all_symbols();
$self->status('postclose');
return $self->get_return();
}
sub top_addheader_callback {
my ( $self ) = @_;
my $config = $self->config();
eval {
local $SIG{'ALRM'} = sub{ die Mail::Milter::Authentication::Exception->new({ 'Type' => 'Timeout', 'Text' => 'AddHeader callback timeout' }) };
if ( my $timeout = $self->get_type_timeout( 'addheader' ) ) {
$self->set_alarm( $timeout );
}
my $callbacks = $self->get_callbacks( 'addheader' );
foreach my $handler ( @$callbacks ) {
my $start_time = $self->get_microseconds();
$self->get_handler($handler)->addheader_callback($self);
$self->metric_count( 'time_microseconds_total', { 'callback' => 'addheader', 'handler' => $handler }, $self->get_microseconds_since( $start_time ) );
$self->check_timeout();
}
$self->set_alarm(0);
};
if ( my $error = $@ ) {
if ( my $type = $self->is_exception_type( $error ) ) {
$self->metric_count( 'callback_error_total', { 'stage' => 'addheader', 'type' => $type } );
$self->exit_on_close( 'AddHeader error ' . $type . ' - ' . $error->{ 'Text' } );
}
else {
$self->metric_count( 'callback_error_total', { 'stage' => 'addheader' } );
$self->exit_on_close( 'AddHeader callback error ' . $error );
}
$self->tempfail_on_error();
}
}
sub status {
my ($self, $status) = @_;
my $count = $self->{'thischild'}->{'count'};
if ( exists ( $self->{'thischild'}->{'smtp'} ) ) {
if ( $self->{'thischild'}->{'smtp'}->{'count'} ) {
$count .= '.' . $self->{'thischild'}->{'smtp'}->{'count'};
}
}
if ( $status ) {
$PROGRAM_NAME = $Mail::Milter::Authentication::Config::IDENT . ':processing:' . $status . '(' . $count . ')';
}
else {
$PROGRAM_NAME = $Mail::Milter::Authentication::Config::IDENT . ':processing(' . $count . ')';
}
}
sub config {
my ($self) = @_;
return $self->{'thischild'}->{'config'};
}
sub handler_config {
my ($self) = @_;
my $type = $self->handler_type();
return if ! $type;
if ( $self->is_handler_loaded( $type ) ) {
my $config = $self->config();
my $handler_config = $config->{'handlers'}->{$type};
if ( exists( $config->{ '_external_callback_processor' } ) ) {
if ( $config->{ '_external_callback_processor' }->can( 'handler_config' ) ) {
$handler_config = clone $handler_config;
$config->{ '_external_callback_processor' }->handler_config( $type, $handler_config );
}
}
return $handler_config;
}
}
sub handler_type {
my ($self) = @_;
my $type = ref $self;
if ( $type eq 'Mail::Milter::Authentication::Handler' ) {
return 'Handler';
}
elsif ( $type =~ /^Mail::Milter::Authentication::Handler::(.*)/ ) {
my $handler_type = $1;
return $handler_type;
}
else {
return undef;
}
}
sub set_return {
my ( $self, $return ) = @_;
my $top_handler = $self->get_top_handler();
$top_handler->{'return_code'} = $return;
}
sub get_return {
my ( $self ) = @_;
my $top_handler = $self->get_top_handler();
if ( defined $self->get_reject_mail() ) {
return $self->smfis_reject();
}
elsif ( defined $self->get_defer_mail() ) {
return $self->smfis_tempfail();
}
elsif ( defined $self->get_quarantine_mail() ) {
}
return $top_handler->{'return_code'};
}
sub get_reject_mail {
my ( $self ) = @_;
my $top_handler = $self->get_top_handler();
return $top_handler->{'reject_mail'};
}
sub clear_reject_mail {
my ( $self ) = @_;
my $top_handler = $self->get_top_handler();
delete $top_handler->{'reject_mail'};
}
sub get_defer_mail {
my ( $self ) = @_;
my $top_handler = $self->get_top_handler();
return $top_handler->{'defer_mail'};
}
sub clear_defer_mail {
my ( $self ) = @_;
my $top_handler = $self->get_top_handler();
delete $top_handler->{'defer_mail'};
}
sub get_quarantine_mail {
my ( $self ) = @_;
my $top_handler = $self->get_top_handler();
return $top_handler->{'quarantine_mail'};
}
sub clear_quarantine_mail {
my ( $self ) = @_;
my $top_handler = $self->get_top_handler();
delete $top_handler->{'quarantine_mail'};
}
sub get_top_handler {
my ($self) = @_;
my $thischild = $self->{'thischild'};
my $object = $thischild->{'handler'}->{'_Handler'};
return $object;
}
sub is_handler_loaded {
my ( $self, $name ) = @_;
my $config = $self->config();
if ( exists ( $config->{'handlers'}->{$name} ) ) {
return 1;
}
return 0;
}
sub get_handler {
my ( $self, $name ) = @_;
my $thischild = $self->{'thischild'};
my $object = $thischild->{'handler'}->{$name};
return $object;
}
sub get_callbacks {
my ( $self, $callback ) = @_;
my $thischild = $self->{'thischild'};
return $thischild->{'callbacks_list'}->{$callback};
}
sub set_object_maker {
my ( $self, $name, $ref ) = @_;
my $thischild = $self->{'thischild'};
return if $thischild->{'object_maker'}->{$name};
$thischild->{'object_maker'}->{$name} = $ref;
}
sub get_object {
my ( $self, $name ) = @_;
my $thischild = $self->{'thischild'};
my $object = $thischild->{'object'}->{$name};
if ( ! $object ) {
if ( exists( $thischild->{'object_maker'}->{$name} ) ) {
my $maker = $thischild->{'object_maker'}->{$name};
&$maker( $self, $name );
}
elsif ( $name eq 'resolver' ) {
$self->dbgout( 'Object created', $name, LOG_DEBUG );
if ( defined $TestResolver ) {
$object = $TestResolver;
warn "Using FAKE TEST DNS Resolver - I Hope this isn't production!";
}
else {
my $config = $self->config();
my %args;
$args{_handler} = $self;
$args{udp_timeout} = $config->{'dns_timeout'} || 8;
$args{tcp_timeout} = $config->{'dns_timeout'} || 8;
$args{retry} = $config->{'dns_retry'} || 2;
$args{cache_dns_timeouts} = $config->{'cache_dns_timeouts'} // 1;
$args{nameservers} = $config->{'dns_resolvers'} if $config->{'dns_resolvers'} && $config->{'dns_resolvers'}->@*;
$object = Mail::Milter::Authentication::Resolver->new(%args);
$object->udppacketsize(1240);
$object->persistent_udp(1);
}
$thischild->{'object'}->{$name} = {
'object' => $object,
'destroy' => 0,
};
}
}
return $thischild->{'object'}->{$name}->{'object'};
}
sub set_object {
my ( $self, $name, $object, $destroy ) = @_;
my $thischild = $self->{'thischild'};
$self->dbgout( 'Object set', $name, LOG_DEBUG );
$thischild->{'object'}->{$name} = {
'object' => $object,
'destroy' => $destroy,
};
}
sub destroy_object {
my ( $self, $name ) = @_;
my $thischild = $self->{'thischild'};
return if ! $thischild->{'object'}->{$name};
if ($name eq 'resolver' ) {
if ( $thischild->{'object'}->{'resolver'}->{'object'}->can( 'clear_error_cache' ) ) {
$thischild->{'object'}->{'resolver'}->{'object'}->clear_error_cache();
}
}
return if ! $thischild->{'object'}->{$name}->{'destroy'};
$self->dbgout( 'Object destroyed', $name, LOG_DEBUG );
delete $thischild->{'object'}->{$name};
}
sub destroy_all_objects {
my ( $self ) = @_;
my $thischild = $self->{'thischild'};
foreach my $name ( keys %{ $thischild->{'object'} } )
{
$self->destroy_object( $name );
}
}
sub exit_on_close {
my ( $self, $error ) = @_;
$error = 'Generic exit_on_close requested' if ! $error;
$self->log_error( $error );
my $top_handler = $self->get_top_handler();
$top_handler->{'exit_on_close'} = 1;
$top_handler->{'exit_on_close_error'} = 'Exit on close requested' if ! exists $top_handler->{'exit_on_close_error'};
$top_handler->{'exit_on_close_error'} .= "\n$error";
}
sub reject_mail {
my ( $self, $reason ) = @_;
my ( $rcode, $xcode, $message ) = split( ' ', $reason, 3 );
if ($rcode !~ /^[5]\d\d$/ || $xcode !~ /^[5]\.\d+\.\d+$/ || substr($rcode, 0, 1) ne substr($xcode, 0, 1)) {
$self->loginfo ( "Invalid reject message $reason - setting to default" );
$reason = '550 5.0.0 Message rejected';
}
my $top_handler = $self->get_top_handler();
$top_handler->{'reject_mail'} = $reason;
}
sub quarantine_mail {
my ( $self, $reason ) = @_;
my $top_handler = $self->get_top_handler();
$top_handler->{'quarantine_mail'} = $reason;
}
sub defer_mail {
my ( $self, $reason ) = @_;
my ( $rcode, $xcode, $message ) = split( ' ', $reason, 3 );
if ($rcode !~ /^[4]\d\d$/ || $xcode !~ /^[4]\.\d+\.\d+$/ || substr($rcode, 0, 1) ne substr($xcode, 0, 1)) {
$self->loginfo ( "Invalid defer message $reason - setting to default" );
$reason = '450 4.0.0 Message deferred';
}
my $top_handler = $self->get_top_handler();
$top_handler->{'defer_mail'} = $reason;
}
sub clear_all_symbols {
my ( $self ) = @_;
my $top_handler = $self->get_top_handler();
delete $top_handler->{'symbols'};
}
sub clear_symbols {
my ( $self ) = @_;
my $top_handler = $self->get_top_handler();
my $connect_symbols;
if ( exists ( $top_handler->{'symbols'} ) ) {
if ( exists ( $top_handler->{'symbols'}->{'C'} ) ) {
$connect_symbols = $top_handler->{'symbols'}->{'C'};
}
}
delete $top_handler->{'symbols'};
if ( $connect_symbols ) {
$top_handler->{'symbols'} = {
'C' => $connect_symbols,
};
}
}
sub set_symbol {
my ( $self, $code, $key, $value ) = @_;
$self->dbgout( 'SetSymbol', "$code: $key: $value", LOG_DEBUG );
my $top_handler = $self->get_top_handler();
if ( ! exists ( $top_handler->{'symbols'} ) ) {
$top_handler->{'symbols'} = {};
}
if ( ! exists ( $top_handler->{'symbols'}->{$code} ) ) {
$top_handler->{'symbols'}->{$code} = {};
}
$top_handler->{'symbols'}->{$code}->{$key} = $value;;
}
sub get_symbol {
my ( $self, $searchkey ) = @_;
my $symbols = $self->{'thischild'}->{'handler'}->{'_Handler'}->{'symbols'} || {};
foreach my $subsymbols (values %{$symbols}) {
return $subsymbols->{$searchkey} if exists $subsymbols->{$searchkey};
}
}
sub tempfail_on_error {
my ( $self ) = @_;
my $config = $self->config();
if ( $self->is_authenticated() ) {
if ( $config->{'tempfail_on_error_authenticated'} ) {
$self->log_error('TempFail set');
$self->set_return( $self->smfis_tempfail() );
}
}
elsif ( $self->is_local_ip_address() ) {
if ( $config->{'tempfail_on_error_local'} ) {
$self->log_error('TempFail set');
$self->set_return( $self->smfis_tempfail() );
}
}
elsif ( $self->is_trusted_ip_address() ) {
if ( $config->{'tempfail_on_error_trusted'} ) {
$self->log_error('TempFail set');
$self->set_return( $self->smfis_tempfail() );
}
}
else {
if ( $config->{'tempfail_on_error'} ) {
$self->log_error('TempFail set');
$self->set_return( $self->smfis_tempfail() );
}
}
}
sub _dequeue_dir($self) {
my $config = $self->config();
my $dir = $config->{spool_dir}.'/dequeue';
mkdir $dir if ! -d $dir;
return $dir;
}
{
my $queue_index = 1;
sub add_dequeue($self,$key,$data) {
my $dir = $self->_dequeue_dir;
my $fullpath;
my $timestamp = join( '.',gettimeofday);
my $filename = join( '.',$key,$PID,$timestamp,$queue_index++,'dequeue');
$fullpath = "$dir/$filename";
my $serialised_data = encode_sereal($data);
write_file($fullpath,{atomic=>1},$serialised_data);
}
}
sub get_dequeue_list($self,$key) {
my $dir = $self->_dequeue_dir;
my $dequeue_index_file = $dir.'/dequeue.index';
my $dequeue_lock_file = $dir.'/dequeue.lock';
my $lock = Lock::File->new( $dequeue_lock_file, {} );
my $count_new = 0;
my $count_allocated = 0;
my $count_stale = 0;
my $dequeue_index = {};
my $j = JSON->new->pretty->canonical->utf8;
my $process_ids = {};
my $process_table = Proc::ProcessTable->new();
foreach my $process ( @{$process_table->table} ) {
$process_ids->{$process->pid} = 1;
}
if ( -e $dequeue_index_file ) {
eval {
my $body = scalar read_file($dequeue_index_file);
$dequeue_index = $j->decode($body);
};
}
my @dequeue_list;
opendir(my $dh, $dir) || die "Failed to open dequeue directory: $!";
FILE:
while (my $file = readdir $dh) {
if ( $file =~ /^$key\..*\.dequeue$/ ) {
if ( exists ( $dequeue_index->{ $file } ) ) {
if ( exists $process_ids->{ $dequeue_index->{$file}->{pid} } ) {
$count_allocated++;
next FILE;
}
else {
$count_stale++;
}
}
$dequeue_index->{$file} = {
pid => $PID,
};
$count_new++;
push @dequeue_list, $file;
}
}
closedir $dh;
foreach my $id ( sort keys $dequeue_index->%* ) {
my $filepath = join('/',$dir,$id);
delete $dequeue_index->{$id} unless -e $filepath;
}
write_file($dequeue_index_file,{atomic=>1},$j->encode($dequeue_index));
$lock->unlock;
$self->metric_set( 'dequeue_files_total', { 'key' => $key, 'state' => 'new' }, $count_new - $count_stale );
$self->metric_set( 'dequeue_files_total', { 'key' => $key, 'state' => 'allocated' }, $count_allocated );
$self->metric_set( 'dequeue_files_total', { 'key' => $key, 'state' => 'stale' }, $count_stale );
return \@dequeue_list;
}
sub get_dequeue($self,$id) {
my $dir = $self->_dequeue_dir;
my $filepath = join('/',$dir,$id);
return if ! -e $filepath;
return if ! -f $filepath;
my $serialized = scalar read_file($filepath);
my $data = decode_sereal($serialized);
return $data;
}
sub delete_dequeue($self,$id) {
my $dir = $self->_dequeue_dir;
my $filepath = join('/',$dir,$id);
return if ! -e $filepath;
return if ! -f $filepath;
unlink $filepath;
}
sub error_dequeue($self,$id) {
my $dir = $self->_dequeue_dir;
my $filepath = join('/',$dir,$id);
return if ! -e $filepath;
return if ! -f $filepath;
rename $filepath, $filepath . '.err';
}
sub add_header_to_sanitize_list {
my($self,$header,$silent) = @_;
return 0 if ! $self->is_handler_loaded('Sanitize');
return $self->get_handler('Sanitize')->add_header_to_sanitize_list($header,$silent);
}
sub is_local_ip_address {
my ($self) = @_;
return 0 if ! $self->is_handler_loaded('LocalIP');
return $self->get_handler('LocalIP')->{'is_local_ip_address'};
}
sub is_trusted_ip_address {
my ($self) = @_;
return 0 if ! $self->is_handler_loaded('TrustedIP');
return $self->get_handler('TrustedIP')->{'is_trusted_ip_address'};
}
sub is_encrypted {
my ($self) = @_;
return undef if ! $self->is_handler_loaded('TLS');
return $self->get_handler('TLS')->{'is_encrypted'};
}
sub is_authenticated {
my ($self) = @_;
return 0 if ! $self->is_handler_loaded('Auth');
return $self->get_handler('Auth')->{'is_authenticated'};
}
sub ip_address {
my ($self) = @_;
my $top_handler = $self->get_top_handler();
return $top_handler->{'ip_object'}->ip();
}
sub format_ctext {
my ( $self, $text ) = @_;
$text = q{} if ! defined $text;
$text =~ s/\t/ /g;
$text =~ s/\n/ /g;
$text =~ s/\r/ /g;
$text =~ s/\(/ /g;
$text =~ s/\)/ /g;
$text =~ s/\\/ /g;
return $text;
}
sub format_ctext_no_space {
my ( $self, $text ) = @_;
$text = $self->format_ctext($text);
$text =~ s/ //g;
$text =~ s/;/_/g;
return $text;
}
sub format_header_comment {
my ( $self, $comment ) = @_;
$comment = $self->format_ctext($comment);
return $comment;
}
sub format_header_entry {
my ( $self, $key, $value ) = @_;
$key = $self->format_ctext_no_space($key);
$value = $self->format_ctext_no_space($value);
my $string = "$key=$value";
return $string;
}
sub get_domain_from {
my ( $self, $address ) = @_;
$address = q{} if ! defined $address;
$address = $self->get_address_from($address);
my $domain = 'localhost.localdomain';
$address =~ s/<//g;
$address =~ s/>//g;
if ( $address =~ /\@/ ) {
($domain) = $address =~ /.*\@(.*)/;
}
$domain =~ s/\s//g;
return lc $domain;
}
sub get_domains_from {
my ( $self, $addresstxt ) = @_;
$addresstxt = q{} if ! defined $addresstxt;
my $addresses = $self->get_addresses_from($addresstxt);
my $domains = [];
foreach my $address ( @$addresses ) {
my $domain;
$address =~ s/<//g;
$address =~ s/>//g;
if ( $address =~ /\@/ ) {
($domain) = $address =~ /.*\@(.*)/;
}
next if ! defined $domain;
$domain =~ s/\s//g;
next if $domain =~ /\@/;
push @$domains, lc $domain;
}
return $domains;
}
sub get_address_from {
my ( $self, $Str ) = @_;
my $addresses = $self->get_addresses_from( $Str );
return $addresses->[0];
}
sub get_addresses_from {
my ( $self, $Str ) = @_;
$Str = q{} if ! defined $Str;
if ( $Str eq q{} ) {
$self->log_error( 'Could not parse empty address' );
return [ $Str ];
}
my $IDNComponentRE = qr/[^\x20-\x2c\x2e\x2f\x3a-\x40\x5b-\x60\x7b-\x7f]+/;
my $IDNRE = qr/(?:$IDNComponentRE\.)+$IDNComponentRE/;
my $RFC_atom = qr/[a-z0-9\!\#\$\%\&\'\*\+\-\/\=\?\^\_\`\{\|\}\~]+/i;
my $RFC_dotatom = qr/${RFC_atom}(?:\.${RFC_atom})*/;
my ( @Tokens, @Types );
TOKEN_LOOP:
while (1) {
if ($Str =~ m/\G\"(.*?)(?<!\\)(?:\"|\z)\s*/sgc) {
push @Tokens, $1;
push @Types, IsPhrase;
}
elsif ( $Str =~ m/\G\<(.*?)(?<!\\)(?:[>,;]|\z)\s*/sgc) {
push @Tokens, $1;
push @Types, IsEmail;
}
elsif ($Str =~ m/\G\((.*?)(?<!\\)\)\s*/sgc) {
push @Tokens, $1;
push @Types, IsComment;
}
elsif ($Str =~ m/\G[,;]\s*/gc) {
push @Tokens, undef;
push @Types, IsSep;
}
elsif ($Str =~ m/\G$/gc) {
last TOKEN_LOOP;
}
elsif ($Str =~ m/\G([^\s,;"<]*)\s*/gc) {
if (length $1) {
push @Tokens, $1;
push @Types, IsPhrase;
}
}
else {
$self->log_error('Could not parse address ' . $Str . ' : Unknown line remainder : ' . substr( $Str, pos() ) );
push @Tokens, substr($Str, pos($Str));
push @Types, IsComment;
last TOKEN_LOOP;
}
}
my @Addrs;
my ($Phrase, $Email, $Comment, $Type);
for (my $i = 0; $i < scalar(@Tokens); $i++) {
my ($Type, $Token) = ($Types[$i], $Tokens[$i]);
if (($Type == IsSep) ||
($Type == IsEmail && defined($Email)) ||
($Type == IsPhrase && defined($Email)) ) {
push @Addrs, $Email if defined $Email;
($Phrase, $Email, $Comment) = (undef, undef, undef);
}
if ($Type == IsPhrase) {
$Token =~ s/^'(.*)'$/$1/;
$Token =~ s/\r?\n//g;
if ($Token =~ /^$RFC_dotatom\@$IDNRE$/o) {
$Token =~ s/^\s+//;
$Token =~ s/\s+$//;
$Token =~ s/\s+\@/\@/;
$Token =~ s/\@\s+/\@/;
if ($i+1 < scalar(@Tokens) && $Types[$i+1] == IsEmail) {
$Phrase = defined($Phrase) ? $Phrase . " " . $Token : $Token;
}
else {
if (defined($Email)) {
push @Addrs, $Email;
($Phrase, $Email, $Comment) = (undef, undef, undef);
}
$Email = $Token;
}
}
else {
$Phrase = defined($Phrase) ? $Phrase . " " . $Token : $Token;
}
}
elsif ($Type == IsEmail) {
$Email = $Token;
}
elsif ($Type == IsComment) {
$Comment = defined($Comment) ? $Comment . ", " . $Token : $Token;
}
}
push @Addrs, $Email if defined($Email);
if ( ! @Addrs ) {
push @Addrs, $Str;
$self->log_error( 'Could not parse address ' . $Str );
}
my @TidyAddresses;
foreach my $Address ( @Addrs ) {
next if ( $Address =~ /\@unspecified-domain$/ );
if ( $Address =~ /^mailto:(.*)$/ ) {
$Address = $1;
}
$Address =~ s/^\s+//;
$Address =~ s/\s+$//;
$Address =~ s/\s+\@/\@/;
$Address =~ s/\@\s+/\@/;
next if $Address =~ /\@.*\@/;
push @TidyAddresses, $Address;
}
if ( ! @TidyAddresses ) {
return [] if $Str =~ /\@.*\@/;
push @TidyAddresses, $Str;
}
return \@TidyAddresses;
}
sub get_my_hostname {
my ($self) = @_;
my $hostname = $self->get_symbol('j');
if ( ! $hostname ) {
$hostname = $self->get_symbol('{rcpt_host}');
}
if ( ! $hostname ) {
$hostname = hostname;
}
return $hostname;
}
sub get_my_authserv_id {
my ($self) = @_;
my $config = $self->config();
if ( exists( $config->{'authserv_id'} ) && $config->{'authserv_id'} ) {
return $config->{'authserv_id'};
}
return $self->get_my_hostname();
}
sub dbgout {
my ( $self, $key, $value, $priority ) = @_;
my $queue_id = $self->get_symbol('i') || q{--};
$key = q{--} if ! defined $key;
$value = q{--} if ! defined $value;
my $thischild = $self->{'thischild'};
if ( exists $thischild->{'tracelog'} ) {
push $thischild->{'tracelog'}->@*, [ time, "$queue_id: $key: $value" ];
}
my $config = $self->config();
if (
$priority == LOG_DEBUG
&&
! $config->{'debug'}
) {
return;
}
my $log_priority = $priority == LOG_DEBUG ? 'debug'
: $priority == LOG_INFO ? 'info'
: $priority == LOG_NOTICE ? 'notice'
: $priority == LOG_WARNING ? 'warning'
: $priority == LOG_ERR ? 'error'
: $priority == LOG_CRIT ? 'critical'
: $priority == LOG_ALERT ? 'alert'
: $priority == LOG_EMERG ? 'emergency'
: 'info';
if ( $config->{'logtoerr'} ) {
Mail::Milter::Authentication::_warn( "$queue_id: $key: $value" );
}
my $top_handler = $self->get_top_handler();
if ( !exists( $top_handler->{'dbgout'} ) ) {
$top_handler->{'dbgout'} = [];
}
push @{ $top_handler->{'dbgout'} },
{
'priority' => $log_priority,
'key' => $key || q{},
'value' => $value || q{},
};
if ( $self->get_symbol('i') ) {
$self->dbgoutwrite();
}
}
sub log_error {
my ( $self, $error ) = @_;
$self->dbgout( 'ERROR', $error, LOG_ERR );
}
sub dbgoutwrite {
my ($self) = @_;
eval {
my $config = $self->config();
my $queue_id = $self->get_symbol('i') ||
'NOQUEUE.' . substr( uc md5_hex( "Authentication Milter Client $PID " . time() . rand(100) ) , -11 );
my $top_handler = $self->get_top_handler();
if ( exists( $top_handler->{'dbgout'} ) ) {
LOGENTRY:
foreach my $entry ( @{ $top_handler->{'dbgout'} } ) {
my $key = $entry->{'key'};
my $value = $entry->{'value'};
my $priority = $entry->{'priority'};
my $line = "$queue_id: $key: $value";
if (
$priority eq 'debug'
&&
! $config->{'debug'}
) {
next LOGENTRY;
}
Mail::Milter::Authentication::logger()->log( { 'level' => $priority }, $line );
}
}
delete $top_handler->{'dbgout'};
};
$self->handle_exception( $@ );
}
sub can_sort_header {
my ( $self, $header ) = @_;
return 0;
}
sub header_sort {
my ( $self, $sa, $sb ) = @_;
my $config = $self->config();
my $string_a;
my $string_b;
my $handler_a;
if ( ref $sa eq 'Mail::AuthenticationResults::Header::Entry' ) {
$handler_a = $sa->key();
$string_a = $sa->as_string();
}
else {
( $handler_a ) = split( '=', $sa, 2 );
$string_a = $sa;
}
my $handler_b;
if ( ref $sb eq 'Mail::AuthenticationResults::Header::Entry' ) {
$handler_b = $sb->key();
$string_b = $sb->as_string();
}
else {
( $handler_b ) = split( '=', $sb, 2 );
$string_b = $sb;
}
if ( $handler_a eq $handler_b ) {
foreach my $name ( @{$config->{'load_handlers'}} ) {
my $handler = $self->get_handler($name);
if ( $handler->can_sort_header( lc $handler_a ) ) {
if ( $handler->can( 'handler_header_sort' ) ) {
return $handler->handler_header_sort( $sa, $sb );
}
}
}
}
return $string_a cmp $string_b;
}
sub _stringify_header {
my ( $self, $header ) = @_;
if ( ref $header eq 'Mail::AuthenticationResults::Header::Entry' ) {
return $header->as_string();
}
return $header;
}
sub add_headers {
my ($self) = @_;
my $config = $self->config();
my $top_handler = $self->get_top_handler();
my @types;
push @types, keys $top_handler->{'c_auth_headers'}->%* if exists $top_handler->{'c_auth_headers'};
push @types, keys $top_handler->{'auth_headers'}->%* if exists $top_handler->{'auth_headers'};
my $queue_id = $self->get_symbol('i') || q{--};
$self->{extended_log} = {ar => [], queue_id => $queue_id};
for my $type (uniq sort @types) {
$self->add_auth_headers_of_type($type);
}
if ($config->{extended_log}) {
my $j = JSON->new->canonical->utf8;
$self->dbgout( 'ARex',$j->encode($self->{extended_log}), LOG_INFO );
}
if ( my $reason = $self->get_quarantine_mail() ) {
$self->prepend_header( 'X-Disposition-Quarantine', $reason );
}
$top_handler->top_addheader_callback();
if ( exists( $top_handler->{'pre_headers'} ) ) {
foreach my $header ( @{ $top_handler->{'pre_headers'} } ) {
$self->dbgout( 'PreHeader',
$header->{'field'} . ': ' . $header->{'value'}, LOG_DEBUG );
$self->insert_header( 1, $header->{'field'}, $header->{'value'} );
}
}
if ( exists( $top_handler->{'add_headers'} ) ) {
foreach my $header ( @{ $top_handler->{'add_headers'} } ) {
$self->dbgout( 'AddHeader',
$header->{'field'} . ': ' . $header->{'value'}, LOG_DEBUG );
$self->add_header( $header->{'field'}, $header->{'value'} );
}
}
}
sub add_auth_headers_of_type($self,$type) {
my $config = $self->config();
my $top_handler = $self->get_top_handler();
my @auth_headers;
if ( exists( $top_handler->{'c_auth_headers'}->{$type} ) ) {
@auth_headers = @{ $top_handler->{'c_auth_headers'}->{$type} };
}
if ( exists( $top_handler->{'auth_headers'}->{$type} ) ) {
@auth_headers = ( @auth_headers, @{ $top_handler->{'auth_headers'}->{$type} } );
}
if (@auth_headers) {
@auth_headers = sort { $self->header_sort( $a, $b ) } @auth_headers;
my $are_string_headers = 0;
my $header_obj = Mail::AuthenticationResults::Header->new();
foreach my $header ( @auth_headers ) {
if ( ref $header ne 'Mail::AuthenticationResults::Header::Entry' ) {
$are_string_headers = 1;
last;
}
$header->orphan() if exists $header->{parent};
$header_obj->add_child( $header );
}
my $header_text;
if ( $are_string_headers ) {
$header_text = $self->get_my_authserv_id();
$header_text .= ";\n ";
$header_text .= join( ";\n ", map { $self->_stringify_header( $_ ) } @auth_headers );
$self->dbgout( 'auth header added: $type: ',$header_text, LOG_INFO );
}
else {
$header_obj->set_value( Mail::AuthenticationResults::Header::AuthServID->new()->safe_set_value( $self->get_my_authserv_id() ) );
$header_obj->set_eol( "\n" );
if ( exists( $config->{'header_indent_style'} ) ) {
$header_obj->set_indent_style( $config->{'header_indent_style'} );
}
else {
$header_obj->set_indent_style( 'entry' );
}
if ( exists( $config->{'header_indent_by'} ) ) {
$header_obj->set_indent_by( $config->{'header_indent_by'} );
}
else {
$header_obj->set_indent_by( 4 );
}
if ( exists( $config->{'header_fold_at'} ) ) {
$header_obj->set_fold_at( $config->{'header_fold_at'} );
}
$header_text = $header_obj->as_string();
$header_obj->set_indent_style('none');
$header_obj->set_fold_at(9999);
my $header_log_text = $header_obj->as_string();
$self->dbgout( "A-R: $type",$header_log_text, LOG_INFO ) unless $config->{extended_log} && ! $config->{legacy_log};
push $self->{extended_log}->{ar}->@*, {type => $type, payload =>$header_obj->_as_hashref} if $config->{extended_log};
}
my ($header_type,$header_type_postfix) = split /:/, $type;
$self->prepend_header( $header_type, $header_text );
}
elsif ( !$config->{'hide_none'} ) {
my $header_text = $self->get_my_authserv_id();
$header_text .= '; none';
my ($header_type,$header_type_postfix) = split /:/, $type;
$self->prepend_header( $header_type, $header_text );
} else {
}
}
sub prepend_header {
my ( $self, $field, $value ) = @_;
my $top_handler = $self->get_top_handler();
if ( !exists( $top_handler->{'pre_headers'} ) ) {
$top_handler->{'pre_headers'} = [];
}
push @{ $top_handler->{'pre_headers'} },
{
'field' => $field,
'value' => $value,
};
}
sub add_auth_header($self,$value) {
my $config = $self->handler_config();
my $header_name = $config->{auth_header_name} // 'Authentication-Results';
my $top_handler = $self->get_top_handler();
$top_handler->{auth_headers} = {} unless exists $top_handler->{auth_headers};
$top_handler->{auth_headers}->{$header_name} = [] unless exists $top_handler->{auth_headers}->{$header_name};
push $top_handler->{auth_headers}->{$header_name}->@*, $value;
}
sub add_c_auth_header($self,$value) {
my $config = $self->handler_config();
my $header_name = $config->{auth_header_name} // 'Authentication-Results';
my $top_handler = $self->get_top_handler();
$top_handler->{c_auth_headers} = {} unless exists $top_handler->{c_auth_headers};
$top_handler->{c_auth_headers}->{$header_name} = [] unless exists $top_handler->{c_auth_headers}->{$header_name};
push $top_handler->{c_auth_headers}->{$header_name}->@*, $value;
}
sub append_header {
my ( $self, $field, $value ) = @_;
my $top_handler = $self->get_top_handler();
if ( !exists( $top_handler->{'add_headers'} ) ) {
$top_handler->{'add_headers'} = [];
}
push @{ $top_handler->{'add_headers'} },
{
'field' => $field,
'value' => $value,
};
}
sub smfis_continue {
return SMFIS_CONTINUE;
}
sub smfis_tempfail {
return SMFIS_TEMPFAIL;
}
sub smfis_reject {
return SMFIS_REJECT;
}
sub smfis_discard {
return SMFIS_DISCARD;
}
sub smfis_accept {
return SMFIS_ACCEPT;
}
sub write_packet {
my ( $self, $type, $data ) = @_;
my $thischild = $self->{'thischild'};
$thischild->write_packet( $type, $data );
}
sub add_header {
my ( $self, $key, $value ) = @_;
my $thischild = $self->{'thischild'};
my $config = $self->config();
return if $config->{'dryrun'};
$thischild->add_header( $key, $value );
}
sub insert_header {
my ( $self, $index, $key, $value ) = @_;
my $thischild = $self->{'thischild'};
my $config = $self->config();
return if $config->{'dryrun'};
$thischild->insert_header( $index, $key, $value );
}
sub change_header {
my ( $self, $key, $index, $value ) = @_;
my $thischild = $self->{'thischild'};
my $config = $self->config();
return if $config->{'dryrun'};
$thischild->change_header( $key, $index, $value );
}
1;