[Postfixbuch-users] Fallstudie: Missbrauch des Dienstes durch Spammer - Die Lösung

Achim Lammerts ml-pbu at admin.syntaxys.net
So Sep 3 17:21:39 CEST 2006


Alexander Dalloz schrieb:

> Einen patch solltest du besser per "diff" generieren, damit man ihn auch 
> vernünftig im Code indentifizieren kann; z.B. `diff -uN throttle.c.orig 
> throttle.c'
> .
>
> Alexander
>
>
>   
--- throttle.c.orig    2006-06-28 12:41:37.000000000 +0200
+++ throttle.c    2006-09-03 14:45:12.000000000 +0200
@@ -38,6 +38,8 @@
 int
 throttle_check (unsigned int fd)
 {
+    if(strlen(triplet_array[fd][4]) > 0)
+      {
   unsigned int tnum = 0;
   unsigned int tresult = 0;
   
@@ -58,13 +60,14 @@
       " ORDER BY _priority DESC LIMIT 1",
       host_array[fd][2], host_array[fd][3], host_array[fd][4], 
host_array[fd][5]);
     
-  } else if((SENDER_THROTTLE_SASL == 1) && (triplet_array[fd][4][0] != 
0x00))  {
-    tnum = 2;
-    snprintf(mysqlquery_array[fd], 512,
-      "SELECT _from,_count_max,_count_cur,_date,_quota_cur,_quota_max,"
-      " _time_limit,_mail_size,_count_tot,_rcpt_max,_rcpt_cur,_rcpt_tot,"
-      " _log_warn, _log_panic, _abuse_tot"
-      " FROM throttle WHERE _from='%s'", triplet_array[fd][4]);
+  } else if(SENDER_THROTTLE_SASL == 1)  {
+/*  } else if((SENDER_THROTTLE_SASL == 1) && (triplet_array[fd][4][0] 
!= 0x00))  { */
+        tnum = 2;
+        snprintf(mysqlquery_array[fd], 512,
+          "SELECT _from,_count_max,_count_cur,_date,_quota_cur,_quota_max,"
+          " 
_time_limit,_mail_size,_count_tot,_rcpt_max,_rcpt_cur,_rcpt_tot,"
+          " _log_warn, _log_panic, _abuse_tot"
+          " FROM throttle WHERE _from='%s'", triplet_array[fd][4]);
   } else {
     tnum = 3;
     snprintf(mysqlquery_array[fd], 512,
@@ -184,6 +187,12 @@
       logmessage("fatal: throttle_check(): no tnum\n");
       return (-1);
   }
+      }
+    else
+      {
+      if(DEBUG > 0)
+      logmessage("DEBUG: No SASL user");
+      }
   
   return (0); /* never reached */
 }
--- throttle_sasl.c.orig    2006-04-04 16:39:57.000000000 +0200
+++ throttle_sasl.c    2006-09-03 14:21:26.000000000 +0200
@@ -37,7 +37,8 @@
 int
 throttle_sasl (unsigned int fd)
 {
-
+if(strlen(triplet_array[fd][4]) > 0)
+  {
   if(DEBUG > 0)
     logmessage("DEBUG: fd: %d checking throttle-sasl\n", fd);
   
@@ -193,9 +194,7 @@
 
     return (-5);
   }
-
 update:
-
   /* if the sender has not reached his quota, increase count */
   logmessage("rcpt=%lu, throttle=update(%c), host=%s, from=%s, to=%s, 
size=%d/%d, "
     "quota=%d/%d, count=%d/%d(%d), rcpt=%d/%d(%d), 
threshold=%d%|%d%|%d%, sasl_username=%s\n",
@@ -235,6 +234,13 @@
     instance_inc[fd],
     triplet_array[fd][4]);
   if(db_doquery(fd) == -1) return(db_failure(fd, "throttle"));
+}
+else
+ {
+ if(DEBUG > 0)
+   logmessage("DEBUG: No SASL user");
+ }
+
 
   return (0); /* never reached */
 }




Mehr Informationen über die Mailingliste Postfixbuch-users