Compare commits

..

No commits in common. '6a7291faea8ccf2c81e32ee75d6ba76040dcebdf' and 'cbb2c88e860108ce7f5aa3c1451269d88d221379' have entirely different histories.

  1. 11
      filters/exim.pcre
  2. 20
      filters/ssh.preg
  3. 1
      src/backend.c
  4. 6
      src/filter-test.c
  5. 23
      src/filters/pcre.c
  6. 30
      src/filters/preg.c
  7. 2
      src/statefile.c

11
filters/exim.pcre

@ -1,10 +1,11 @@
# set: defscore=10
SMTP protocol synchronization error \(input sent without waiting for greeting\): rejected connection from .*\[<HOST>\] SMTP protocol synchronization error \(input sent without waiting for greeting\): rejected connection from .*\[<HOST>\]
SMTP protocol synchronization error \(next input sent too soon: pipelining was not advertised\): rejected .*\[<HOST>\] SMTP protocol synchronization error \(next input sent too soon: pipelining was not advertised\): rejected .*\[<HOST>\]
rejected [HE][EH]HLO from \[<HOST>\]: syntactically invalid argument rejected EHLO from \[<HOST>\]: syntactically invalid argument
\[<HOST>\] .* host is listed in .+ rejected HELO from \[<HOST>\]: syntactically invalid argument
Connection from \[<HOST>\] refused: too many connections from that IP address
\[<HOST>\] .* host is listed in zen.spamhaus.org
\[<HOST>\] .* host is listed in bl.spamcop.net
\[<HOST>\] .* relay not permitted \[<HOST>\] .* relay not permitted
\[<HOST>\] .* rejected after DATA: This message was detected as possible malware
# set: defscore=5
\[<HOST>\] .* too many connections from that IP address \[<HOST>\] .* too many connections from that IP address
\[<HOST>\] .* rejected after DATA: This message was detected as possible malware
\[<HOST>\] .* temporarily rejected RCPT \<\S+\>: lowest numbered MX record points to local host \[<HOST>\] .* temporarily rejected RCPT \<\S+\>: lowest numbered MX record points to local host

20
filters/ssh.preg

@ -1,17 +1,15 @@
# set: defscore=15
User [[:print:]]+ from <HOST> not allowed because listed in DenyUsers
User [[:print:]]+ from <HOST> not allowed because a group is listed in DenyGroups
# set: defscore=10
User [[:print:]]+ from <HOST> not allowed because not listed in AllowUsers
User [[:print:]]+ from <HOST> not allowed because not in any group
User [[:print:]]+ from <HOST> not allowed because none of user's groups are listed in AllowGroups
[Aa]uthentication failure for .* from <HOST>( via [[:print:]]*)? [Aa]uthentication failure for .* from <HOST>( via [[:print:]]*)?
[Aa]uthentication error for .* from <HOST>( via [[:print:]]*)? [Aa]uthentication error for .* from <HOST>( via [[:print:]]*)?
Failed password for .* from <HOST>
# set: defscore=5
User not known to the underlying authentication module for .* from <HOST> User not known to the underlying authentication module for .* from <HOST>
Invalid user [[:print:]]+ from <HOST> Failed password for .* from <HOST>
# set: defscore=3
refused connect from [[:print:]]+ \(<HOST>\) refused connect from [[:print:]]+ \(<HOST>\)
Received disconnect from <HOST>: [0-9]*: [[:print:]]+: Auth fail
Did not receive identification string from <HOST> Did not receive identification string from <HOST>
Invalid user [[:print:]]+ from <HOST>
Connection closed by <HOST>( port [0-9]+)? \[preauth\] Connection closed by <HOST>( port [0-9]+)? \[preauth\]
Postponed keyboard-interactive for invalid user [[:print:]]+ from <HOST> port [0-9]+
User [[:print:]]+ from <HOST> not allowed because not listed in AllowUsers
User [[:print:]]+ from <HOST> not allowed because listed in DenyUsers
User [[:print:]]+ from <HOST> not allowed because not in any group
User [[:print:]]+ from <HOST> not allowed because a group is listed in DenyGroups
User [[:print:]]+ from <HOST> not allowed because none of user's groups are listed in AllowGroups

1
src/backend.c

@ -138,7 +138,6 @@ f2b_backend_destroy(f2b_backend_t *backend) {
if (backend->cfg) if (backend->cfg)
backend->destroy(backend->cfg); backend->destroy(backend->cfg);
dlclose(backend->h); dlclose(backend->h);
backend->h = NULL;
} }
free(backend); free(backend);
} }

6
src/filter-test.c

@ -69,10 +69,12 @@ int main(int argc, char *argv[]) {
while (fgets(line, sizeof(line), file) != NULL) { while (fgets(line, sizeof(line), file) != NULL) {
read++; read++;
fputs(line, stdout);
if ((ftag = f2b_filter_match(filter, line, match, sizeof(match), &score)) > 0) { if ((ftag = f2b_filter_match(filter, line, match, sizeof(match), &score)) > 0) {
matched++; matched++;
fprintf(stdout, "# match -- addr: %s, score: %d, tag: %08X\n", match, score, ftag); fprintf(stdout, "+ %s (score: %d, tag: %08X)\n", match, score, ftag);
continue;
} else {
fprintf(stdout, "- (no-match): %s", line);
} }
} }
fclose(file); fclose(file);

23
src/filters/pcre.c

@ -13,24 +13,23 @@
struct _regexp { struct _regexp {
rx_t *next; rx_t *next;
uint32_t ftag;
int matches;
short int score;
pcre *regex; pcre *regex;
pcre_extra *data; pcre_extra *data;
int matches;
uint32_t ftag;
short int score;
char pattern[PATTERN_MAX]; char pattern[PATTERN_MAX];
}; };
struct _config { struct _config {
rx_t *regexps;
rx_t *rlast; /* pointer to last regex in list */
void (*logcb)(enum loglevel lvl, const char *msg); void (*logcb)(enum loglevel lvl, const char *msg);
short int defscore; rx_t *regexps;
int flags; int flags;
char id[ID_MAX]; short int defscore;
bool icase; bool icase;
bool study; bool study;
bool usejit; bool usejit;
char id[ID_MAX];
}; };
#include "filter.c" #include "filter.c"
@ -134,14 +133,9 @@ append(cfg_t *cfg, const char *pattern) {
regex->score = cfg->defscore; regex->score = cfg->defscore;
regex->ftag = fnv_32a_str(pattern, FNV1_32A_INIT); regex->ftag = fnv_32a_str(pattern, FNV1_32A_INIT);
regex->next = cfg->regexps;
cfg->regexps = regex;
strlcpy(regex->pattern, pattern, sizeof(regex->pattern)); strlcpy(regex->pattern, pattern, sizeof(regex->pattern));
/* update regex list */
if (cfg->rlast) {
cfg->rlast->next = regex;
} else {
cfg->regexps = regex;
}
cfg->rlast = regex;
cfg->flags |= MOD_IS_READY; cfg->flags |= MOD_IS_READY;
return true; return true;
} }
@ -199,7 +193,6 @@ flush(cfg_t *cfg) {
free(r); free(r);
} }
cfg->regexps = NULL; cfg->regexps = NULL;
cfg->rlast = NULL;
cfg->defscore = MATCH_DEFSCORE; cfg->defscore = MATCH_DEFSCORE;
} }

30
src/filters/preg.c

@ -24,7 +24,6 @@ struct _regexp {
struct _config { struct _config {
rx_t *regexps; rx_t *regexps;
rx_t *rlast; /* pointer to last regex in list */
void (*logcb)(enum loglevel lvl, const char *msg); void (*logcb)(enum loglevel lvl, const char *msg);
short int defscore; short int defscore;
int flags; int flags;
@ -95,26 +94,22 @@ append(cfg_t *cfg, const char *pattern) {
if ((regex = calloc(1, sizeof(rx_t))) == NULL) if ((regex = calloc(1, sizeof(rx_t))) == NULL)
return false; return false;
if ((ret = regcomp(&regex->regex, buf, flags)) != 0) { if ((ret = regcomp(&regex->regex, buf, flags)) == 0) {
regex->score = cfg->defscore;
regex->ftag = fnv_32a_str(pattern, FNV1_32A_INIT);
regex->next = cfg->regexps;
cfg->regexps = regex;
strlcpy(regex->pattern, pattern, sizeof(regex->pattern));
cfg->flags |= MOD_IS_READY;
return true;
} else {
char buf[256] = ""; char buf[256] = "";
regerror(ret, &regex->regex, buf, sizeof(buf)); regerror(ret, &regex->regex, buf, sizeof(buf));
log_msg(cfg, error, "regex compile error: %s", buf); log_msg(cfg, error, "regex compile error: %s", buf);
free(regex);
return false;
} }
regex->score = cfg->defscore; free(regex);
regex->ftag = fnv_32a_str(pattern, FNV1_32A_INIT); return false;
strlcpy(regex->pattern, pattern, sizeof(regex->pattern));
/* update regex list */
if (cfg->rlast) {
cfg->rlast->next = regex;
} else {
cfg->regexps = regex;
}
cfg->rlast = regex;
cfg->flags |= MOD_IS_READY;
return true;
} }
uint32_t uint32_t
@ -136,7 +131,7 @@ match(cfg_t *cfg, const char *line, char *buf, size_t buf_size, short int *score
memcpy(buf, &line[match[1].rm_so], match_len); memcpy(buf, &line[match[1].rm_so], match_len);
buf[match_len] = '\0'; buf[match_len] = '\0';
buf[buf_size - 1] = '\0'; buf[buf_size - 1] = '\0';
*score = r->score; *score = cfg->defscore;
return r->ftag; return r->ftag;
} }
@ -155,7 +150,6 @@ flush(cfg_t *cfg) {
free(r); free(r);
} }
cfg->regexps = NULL; cfg->regexps = NULL;
cfg->rlast = NULL;
cfg->defscore = MATCH_DEFSCORE; cfg->defscore = MATCH_DEFSCORE;
} }

2
src/statefile.c

@ -56,7 +56,7 @@ f2b_statefile_load(f2b_statefile_t *sf) {
const int fields = 3; const int fields = 3;
const char *format = "%48s %u %u"; /* 48 == IPADDR_MAX == sizeof(addr) */ const char *format = "%48s %u %u"; /* 48 == IPADDR_MAX == sizeof(addr) */
f2b_ipaddr_t *addrlist = NULL, *ipaddr = NULL; f2b_ipaddr_t *addrlist = NULL, *ipaddr = NULL;
char buf[256], addr[IPADDR_MAX + 1], *p; char buf[256], addr[IPADDR_MAX], *p;
unsigned int banned_at, release_at; unsigned int banned_at, release_at;
FILE *f = NULL; FILE *f = NULL;

Loading…
Cancel
Save