Context Navigation

source: npl/mailserver/dspam/dspam-3.10.2/src/dspam.c @ 0105685

gcc484ntopperl-5.22

Last change on this file since 0105685 was c5c522c, checked in by Edwin Eefting <edwin@datux.nl>, 8 years ago
initial commit, transferred from cleaned syn3 svn tree
Property mode set to `100644`
File size: 125.4 KB

Rev	Line
[c5c522c]	1	/* $Id: dspam.c,v 1.412 2011/11/10 00:26:00 tomhendr Exp $ */
	2
	3	/*
	4	DSPAM
	5	COPYRIGHT (C) 2002-2012 DSPAM PROJECT
	6
	7	This program is free software: you can redistribute it and/or modify
	8	it under the terms of the GNU Affero General Public License as
	9	published by the Free Software Foundation, either version 3 of the
	10	License, or (at your option) any later version.
	11
	12	This program is distributed in the hope that it will be useful,
	13	but WITHOUT ANY WARRANTY; without even the implied warranty of
	14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	GNU Affero General Public License for more details.
	16
	17	You should have received a copy of the GNU Affero General Public License
	18	along with this program. If not, see <http://www.gnu.org/licenses/>.
	19
	20	*/
	21
	22	/*
	23	* dspam.c - primary dspam processing agent
	24	*
	25	* DESCRIPTION
	26	* The agent provides a commandline interface to the libdspam core engine
	27	* and also provides advanced functions such as a daemonized LMTP server,
	28	* extended groups, and other agent features outlined in the documentation.
	29	*
	30	* This codebase is the full client/processing engine. See dspamc.c for
	31	* the lightweight client-only codebase.
	32	*/
	33
	34	#ifdef HAVE_CONFIG_H
	35	#include <auto-config.h>
	36	#endif
	37
	38	#include <stdio.h>
	39	#include <stdlib.h>
	40	#include <string.h>
	41	#include <strings.h>
	42	#include <ctype.h>
	43	#include <errno.h>
	44	#ifdef HAVE_UNISTD_H
	45	#include <unistd.h>
	46	#include <pwd.h>
	47	#endif
	48	#include <sys/types.h>
	49	#include <signal.h>
	50	#include <sys/stat.h>
	51	#include <netdb.h>
	52	#include <sys/socket.h>
	53	#include <sysexits.h>
	54
	55	#ifdef _WIN32
	56	#include <io.h>
	57	#include <process.h>
	58	#define WIDEXITED(x) 1
	59	#define WEXITSTATUS(x) (x)
	60	#include <windows.h>
	61	#else
	62	#include <sys/wait.h>
	63	#include <sys/param.h>
	64	#endif
	65	#include "config.h"
	66	#include "util.h"
	67	#include "read_config.h"
	68
	69	#ifdef DAEMON
	70	#include <pthread.h>
	71	#include "daemon.h"
	72	#include "client.h"
	73	#endif
	74
	75	#ifdef TIME_WITH_SYS_TIME
	76	# include <sys/time.h>
	77	# include <time.h>
	78	#else
	79	# ifdef HAVE_SYS_TIME_H
	80	# include <sys/time.h>
	81	# else
	82	# include <time.h>
	83	# endif
	84	#endif
	85
	86	#ifdef EXT_LOOKUP
	87	#include "external_lookup.h"
	88	int verified_user = 0;
	89	#endif
	90
	91	#include "dspam.h"
	92	#include "agent_shared.h"
	93	#include "pref.h"
	94	#include "libdspam.h"
	95	#include "language.h"
	96	#include "buffer.h"
	97	#include "base64.h"
	98	#include "heap.h"
	99	#include "pref.h"
	100	#include "config_api.h"
	101
	102	#define USE_LMTP (_ds_read_attribute(agent_config, "DeliveryProto") && !strcmp(_ds_read_attribute(agent_config, "DeliveryProto"), "LMTP"))
	103	#define USE_SMTP (_ds_read_attribute(agent_config, "DeliveryProto") && !strcmp(_ds_read_attribute(agent_config, "DeliveryProto"), "SMTP"))
	104	#define LOOKUP(A, B) ((_ds_pref_val(A, "localStore")[0]) ? _ds_pref_val(A, "localStore") : B)
	105
	106
	107	int
	108	main (int argc, char *argv[])
	109	{
	110	AGENT_CTX ATX; /* agent configuration */
	111	buffer message = NULL; / input message */
	112	int agent_init = 0; /* agent is initialized */
	113	int driver_init = 0; /* storage driver is initialized */
	114	int pwent_cache_init = 0; /* cache for username and uid is initialized */
	115	int exitcode = EXIT_SUCCESS;
	116	struct nt_node *node_nt;
	117	struct nt_c c_nt;
	118
	119	srand ((long) time(NULL) ^ (long) getpid ());
	120	umask (006); /* rw-rw---- */
	121	setbuf (stdout, NULL); /* unbuffered output */
	122	#ifdef DEBUG
	123	DO_DEBUG = 0;
	124	#endif
	125
	126	#ifdef DAEMON
	127	pthread_mutex_init(&__syslog_lock, NULL);
	128	#endif
	129
	130	/* Cache my username and uid for trusted user security */
	131
	132	if (!init_pwent_cache()) {
	133	LOG(LOG_ERR, ERR_AGENT_RUNTIME_USER);
	134	exitcode = EXIT_FAILURE;
	135	goto BAIL;
	136	} else
	137	pwent_cache_init = 1;
	138
	139	/* Read dspam.conf into global config structure (ds_config_t) */
	140
	141	agent_config = read_config(NULL);
	142	if (!agent_config) {
	143	LOG(LOG_ERR, ERR_AGENT_READ_CONFIG);
	144	exitcode = EXIT_FAILURE;
	145	goto BAIL;
	146	}
	147
	148	if (!_ds_read_attribute(agent_config, "Home")) {
	149	LOG(LOG_ERR, ERR_AGENT_DSPAM_HOME);
	150	exitcode = EXIT_FAILURE;
	151	goto BAIL;
	152	}
	153
	154	/* Set up an agent context to define the behavior of the processor */
	155
	156	if (initialize_atx(&ATX)) {
	157	LOG(LOG_ERR, ERR_AGENT_INIT_ATX);
	158	exitcode = EXIT_FAILURE;
	159	goto BAIL;
	160	} else {
	161	agent_init = 1;
	162	}
	163
	164	if (process_arguments(&ATX, argc, argv)) {
	165	LOG(LOG_ERR, ERR_AGENT_INIT_ATX);
	166	exitcode = EXIT_FAILURE;
	167	goto BAIL;
	168	}
	169
	170	/* Switch into daemon mode if --daemon was specified on the commandline */
	171
	172	#ifdef DAEMON
	173	#ifdef TRUSTED_USER_SECURITY
	174	if (ATX.operating_mode == DSM_DAEMON && ATX.trusted)
	175	#else
	176	if (ATX.operating_mode == DSM_DAEMON)
	177	#endif
	178	{
	179	exitcode = daemon_start(&ATX);
	180
	181	if (agent_init) {
	182	nt_destroy(ATX.users);
	183	nt_destroy(ATX.recipients);
	184	}
	185
	186	if (agent_config)
	187	_ds_destroy_config(agent_config);
	188
	189	pthread_mutex_destroy(&__syslog_lock);
	190	if (pwent_cache_init)
	191	free(__pw_name);
	192	exit(exitcode);
	193	}
	194	#endif
	195
	196	if (apply_defaults(&ATX)) {
	197	LOG(LOG_ERR, ERR_AGENT_INIT_ATX);
	198	exitcode = EXIT_FAILURE;
	199	goto BAIL;
	200	}
	201
	202	if (check_configuration(&ATX)) {
	203	LOG(LOG_ERR, ERR_AGENT_MISCONFIGURED);
	204	exitcode = EXIT_FAILURE;
	205	goto BAIL;
	206	}
	207
	208	/* Read the message in and apply ParseTo services */
	209
	210	message = read_stdin(&ATX);
	211	if (message == NULL) {
	212	exitcode = EXIT_FAILURE;
	213	goto BAIL;
	214	}
	215
	216	if (ATX.users->items == 0)
	217	{
	218	LOG(LOG_ERR, ERR_AGENT_USER_UNDEFINED);
	219	fprintf (stderr, "%s\n", SYNTAX);
	220	exitcode = EXIT_FAILURE;
	221	goto BAIL;
	222	}
	223
	224	/* Perform client-based processing of message if --client was specified */
	225
	226	#ifdef DAEMON
	227	if (ATX.client_mode &&
	228	_ds_read_attribute(agent_config, "ClientIdent") &&
	229	(_ds_read_attribute(agent_config, "ClientHost") \|\|
	230	_ds_read_attribute(agent_config, "ServerDomainSocketPath")))
	231	{
	232	exitcode = client_process(&ATX, message);
	233	if (exitcode<0) {
	234	LOG(LOG_ERR, ERR_CLIENT_EXIT, exitcode);
	235	}
	236	} else {
	237	#endif
	238
	239	/* Primary (non-client) processing procedure */
	240
	241	if (libdspam_init(_ds_read_attribute(agent_config, "StorageDriver"))) {
	242	LOG(LOG_CRIT, ERR_DRV_INIT);
	243	exitcode = EXIT_FAILURE;
	244	goto BAIL;
	245	}
	246
	247	if (dspam_init_driver (NULL))
	248	{
	249	LOG (LOG_WARNING, ERR_DRV_INIT);
	250	exitcode = EXIT_FAILURE;
	251	goto BAIL;
	252	} else {
	253	driver_init = 1;
	254	}
	255
	256	ATX.results = nt_create(NT_PTR);
	257	if (ATX.results == NULL) {
	258	LOG(LOG_CRIT, ERR_MEM_ALLOC);
	259	exitcode = EUNKNOWN;
	260	goto BAIL;
	261	}
	262
	263	exitcode = process_users(&ATX, message);
	264	if (exitcode) {
	265	LOGDEBUG("process_users() failed on error %d", exitcode);
	266	} else {
	267	exitcode = 0;
	268	node_nt = c_nt_first(ATX.results, &c_nt);
	269	while(node_nt) {
	270	agent_result_t result = (agent_result_t) node_nt->ptr;
	271	if (result->exitcode)
	272	exitcode--;
	273	node_nt = c_nt_next(ATX.results, &c_nt);
	274	}
	275	}
	276	nt_destroy(ATX.results);
	277	node_nt = NULL;
	278
	279	#ifdef DAEMON
	280	}
	281	#endif
	282
	283	BAIL:
	284
	285	if (message)
	286	buffer_destroy(message);
	287
	288	if (agent_init) {
	289	nt_destroy(ATX.users);
	290	nt_destroy(ATX.recipients);
	291	}
	292
	293	#ifdef DAEMON
	294	if (agent_init) {
	295	if (!ATX.client_mode) {
	296	#endif
	297	if (driver_init)
	298	dspam_shutdown_driver(NULL);
	299	libdspam_shutdown();
	300	#ifdef DAEMON
	301	}
	302	}
	303	#endif
	304
	305	if (agent_config)
	306	_ds_destroy_config(agent_config);
	307
	308	if (pwent_cache_init)
	309	free(__pw_name);
	310	#ifdef DAEMON
	311	pthread_mutex_destroy(&__syslog_lock);
	312	// pthread_exit(0);
	313	#endif
	314	exit(exitcode);
	315	}
	316
	317	/*
	318	* process_message(AGENT_CTX ATX, buffer message, const char *username)
	319	*
	320	* DESCRIPTION
	321	* Core message processing / interface to libdspam
	322	* This function should be called once for each destination user
	323	*
	324	* INPUT ARGUMENTS
	325	* ATX Agent context defining processing behavior
	326	* message Buffer structure containing the message
	327	* username Destination user
	328	*
	329	* RETURN VALUES
	330	* The processing result is returned:
	331	*
	332	* DSR_ISINNOCENT Message is innocent
	333	* DSR_ISSPAM Message is spam
	334	* (other) Error code (see libdspam.h)
	335	*/
	336
	337	int
	338	process_message (
	339	AGENT_CTX *ATX,
	340	buffer * message,
	341	const char *username,
	342	char **result_string)
	343	{
	344	DSPAM_CTX CTX = NULL; / (lib)dspam context */
	345	ds_message_t components;
	346	char *copyback;
	347	int have_signature = 0;
	348	int result, i;
	349	int internally_canned = 0;
	350
	351	ATX->timestart = _ds_gettime(); /* set tick count to get run time */
	352
	353	if (message->data == NULL) {
	354	LOGDEBUG("empty message provided");
	355	return EINVAL;
	356	}
	357
	358	/* Create a dspam context based on the agent context */
	359
	360	CTX = ctx_init(ATX, username);
	361	if (CTX == NULL) {
	362	LOG (LOG_WARNING, ERR_CORE_INIT);
	363	result = EUNKNOWN;
	364	goto RETURN;
	365	}
	366
	367	/* Configure libdspam's storage properties, then attach storage */
	368
	369	set_libdspam_attributes(CTX);
	370	if (ATX->sockfd && ATX->dbh == NULL)
	371	ATX->dbh = _ds_connect(CTX);
	372
	373	/* Re-Establish database connection (if failed) */
	374
	375	if (attach_context(CTX, ATX->dbh)) {
	376	if (ATX->sockfd) {
	377	ATX->dbh = _ds_connect(CTX);
	378	LOG(LOG_ERR, ERR_CORE_REATTACH);
	379
	380	if (attach_context(CTX, ATX->dbh)) {
	381	LOG(LOG_ERR, ERR_CORE_ATTACH);
	382	result = EUNKNOWN;
	383	goto RETURN;
	384	}
	385	} else {
	386	LOG(LOG_ERR, ERR_CORE_ATTACH);
	387	result = EUNKNOWN;
	388	goto RETURN;
	389	}
	390	}
	391
	392	/* Parse and decode the message into our message structure (ds_message_t) */
	393
	394	components = _ds_actualize_message (message->data);
	395	if (components == NULL) {
	396	LOG (LOG_ERR, ERR_AGENT_PARSER_FAILED);
	397	result = EUNKNOWN;
	398	goto RETURN;
	399	}
	400
	401	CTX->message = components;
	402
	403	#ifdef CLAMAV
	404	/* Check for viruses */
	405
	406	if (_ds_read_attribute(agent_config, "ClamAVPort") &&
	407	_ds_read_attribute(agent_config, "ClamAVHost") &&
	408	CTX->source != DSS_ERROR &&
	409	strcmp(_ds_pref_val(ATX->PTX, "optOutClamAV"), "on"))
	410	{
	411	if (has_virus(message)) {
	412	char ip[32];
	413	CTX->result = DSR_ISSPAM;
	414	CTX->probability = 1.0;
	415	CTX->confidence = 1.0;
	416	STATUS("A virus was detected in the message contents");
	417	result = DSR_ISSPAM;
	418	strcpy(CTX->class, LANG_CLASS_VIRUS);
	419	internally_canned = 1;
	420	if(!_ds_match_attribute(agent_config, "TrackSources", "virus")) {
	421	if (!dspam_getsource (CTX, ip, sizeof (ip)))
	422	{
	423	LOG(LOG_WARNING, "virus warning: infected message from %s", ip);
	424	}
	425	}
	426	}
	427	}
	428	#endif
	429
	430	/* Check for a domain blocklist (user-based setting) */
	431
	432	if (is_blocklisted(CTX, ATX)) {
	433	CTX->result = DSR_ISSPAM;
	434	CTX->probability = 1.0;
	435	CTX->confidence = 1.0;
	436	strcpy(CTX->class, LANG_CLASS_BLOCKLISTED);
	437	internally_canned = 1;
	438	}
	439
	440	/* Check for an RBL blacklist (system-based setting) */
	441
	442	if (CTX->classification == DSR_NONE &&
	443	_ds_read_attribute(agent_config, "Lookup"))
	444	{
	445	if(strcasecmp(_ds_pref_val(ATX->PTX, "ignoreRBLLookups"), "on")) {
	446	int bad = is_blacklisted(CTX, ATX);
	447	if (bad) {
	448	if ((_ds_match_attribute(agent_config, "RBLInoculate", "on") \|\|
	449	!strcasecmp(_ds_pref_val(ATX->PTX, "RBLInoculate"), "on")) &&
	450	strcasecmp(_ds_pref_val(ATX->PTX, "RBLInoculate"), "off")) {
	451	LOGDEBUG("source address is blacklisted. learning as spam.");
	452	CTX->classification = DSR_ISSPAM;
	453	CTX->source = DSS_INOCULATION;
	454	} else {
	455	CTX->result = DSR_ISSPAM;
	456	CTX->probability = 1.0;
	457	CTX->confidence = 1.0;
	458	strcpy(CTX->class, LANG_CLASS_BLACKLISTED);
	459	internally_canned = 1;
	460	}
	461	}
	462	}
	463	}
	464
	465	/* Process a signature if one was provided */
	466
	467	have_signature = find_signature(CTX, ATX);
	468	if (ATX->source == DSS_CORPUS \|\| ATX->source == DSS_NONE)
	469	have_signature = 0; /* ignore sigs from corpusfed and inbound email */
	470
	471	char *original_username = strdup(CTX->username);
	472
	473	if (have_signature)
	474	{
	475
	476	if (_ds_get_signature (CTX, &ATX->SIG, ATX->signature))
	477	{
	478	LOG(LOG_WARNING, ERR_AGENT_SIG_RET_FAILED, ATX->signature);
	479	have_signature = 0;
	480	}
	481	else {
	482
	483	/* uid-based signatures will change the active username, so reload
	484	preferences if it has changed */
	485
	486	CTX->signature = &ATX->SIG;
	487	if (!strcasecmp(CTX->username, original_username)) {
	488	if (ATX->PTX)
	489	_ds_pref_free(ATX->PTX);
	490	free(ATX->PTX);
	491	ATX->PTX = NULL;
	492
	493	ATX->PTX = load_aggregated_prefs(ATX, CTX->username);
	494
	495	ATX->train_pristine = 0;
	496	if ((_ds_match_attribute(agent_config, "TrainPristine", "on") \|\|
	497	!strcmp(_ds_pref_val(ATX->PTX, "trainPristine"), "on")) &&
	498	strcmp(_ds_pref_val(ATX->PTX, "trainPristine"), "off")) {
	499	ATX->train_pristine = 1;
	500	}
	501
	502	/* Change also the mail recipient */
	503	ATX->recipient = CTX->username;
	504
	505	}
	506	}
	507	} else if (CTX->operating_mode == DSM_CLASSIFY \|\|
	508	CTX->classification != DSR_NONE)
	509	{
	510	CTX->flags = CTX->flags ^ DSF_SIGNATURE;
	511	CTX->signature = NULL;
	512	}
	513
	514	if (have_signature && CTX->classification != DSR_NONE) {
	515
	516	/*
	517	* Reclassify (or retrain) message by signature
	518	*/
	519
	520	if (retrain_message(CTX, ATX) != 0) {
	521	have_signature = 0;
	522	result = EFAILURE;
	523	goto RETURN;
	524	}
	525	} else {
	526	CTX->signature = NULL;
	527	if (! ATX->train_pristine) {
	528	if (CTX->classification != DSR_NONE && CTX->source == DSS_ERROR) {
	529	LOG(LOG_WARNING, ERR_AGENT_NO_VALID_SIG);
	530	result = EFAILURE;
	531	goto RETURN;
	532	}
	533	}
	534
	535	/*
	536	* Call libdspam to process the environment we've configured
	537	*/
	538
	539	if (!internally_canned) {
	540	result = dspam_process (CTX, message->data);
	541	if (result != 0) {
	542	result = EFAILURE;
	543	goto RETURN;
	544	}
	545	}
	546	}
	547
	548	result = CTX->result;
	549
	550	if (result == DSR_ISINNOCENT && !strcmp(CTX->class, LANG_CLASS_WHITELISTED)) {
	551	STATUS("Auto-Whitelisted");
	552	}
	553
	554	/*
	555	* Send any relevant notifications to the user (first spam, etc)
	556	* Only if the process was successful
	557	*/
	558
	559	if (result == DSR_ISINNOCENT \|\| result == DSR_ISSPAM)
	560	{
	561	do_notifications(CTX, ATX);
	562	}
	563
	564	/* Consult global group or classification network */
	565	result = ensure_confident_result(CTX, ATX, result);
	566	if (result < 0)
	567	goto RETURN;
	568
	569	/* Inoculate other users (signature) */
	570
	571	if (have_signature &&
	572	CTX->classification == DSR_ISSPAM &&
	573	CTX->source != DSS_CORPUS &&
	574	ATX->inoc_users->items > 0)
	575	{
	576	struct nt_node *node_int;
	577	struct nt_c c_i;
	578
	579	node_int = c_nt_first (ATX->inoc_users, &c_i);
	580	while (node_int != NULL)
	581	{
	582	inoculate_user (ATX, (const char *) node_int->ptr, &ATX->SIG, NULL);
	583	node_int = c_nt_next (ATX->inoc_users, &c_i);
	584	}
	585	}
	586
	587	/* Inoculate other users (message) */
	588
	589	if (!have_signature &&
	590	CTX->classification == DSR_ISSPAM &&
	591	CTX->source != DSS_CORPUS &&
	592	ATX->inoc_users->items > 0)
	593	{
	594	struct nt_node *node_int;
	595	struct nt_c c_i;
	596	node_int = c_nt_first (ATX->inoc_users, &c_i);
	597	while (node_int != NULL)
	598	{
	599	inoculate_user (ATX, (const char *) node_int->ptr, NULL, message->data);
	600	node_int = c_nt_next (ATX->inoc_users, &c_i);
	601	}
	602	inoculate_user (ATX, CTX->username, NULL, message->data);
	603	result = DSR_ISSPAM;
	604	CTX->result = DSR_ISSPAM;
	605
	606	goto RETURN;
	607	}
	608
	609	/* Generate a signature id for the message and store */
	610
	611	if (internally_canned) {
	612	if (CTX->signature) {
	613	free(CTX->signature->data);
	614	free(CTX->signature);
	615	CTX->signature = NULL;
	616	}
	617	CTX->signature = calloc(1, sizeof(struct _ds_spam_signature));
	618	if (CTX->signature) {
	619	CTX->signature->length = 8;
	620	CTX->signature->data = calloc(1, (CTX->signature->length));
	621	}
	622	}
	623
	624	if (internally_canned \|\| (CTX->operating_mode == DSM_PROCESS &&
	625	CTX->classification == DSR_NONE &&
	626	CTX->signature != NULL))
	627	{
	628	int valid = 0;
	629
	630	while (!valid)
	631	{
	632	_ds_create_signature_id (CTX, ATX->signature, sizeof (ATX->signature));
	633	if (_ds_verify_signature (CTX, ATX->signature))
	634	valid = 1;
	635	}
	636	LOGDEBUG ("saving signature as %s", ATX->signature);
	637
	638	if (CTX->classification == DSR_NONE && CTX->training_mode != DST_NOTRAIN)
	639	{
	640	if (!ATX->train_pristine) {
	641	int x = _ds_set_signature (CTX, CTX->signature, ATX->signature);
	642	if (x) {
	643	LOG(LOG_WARNING, "_ds_set_signature() failed with error %d", x);
	644	}
	645	}
	646	}
	647	}
	648
	649	/* Restore original username if necessary */
	650
	651	if (CTX->group != NULL && strcasecmp(CTX->username, original_username) != 0)
	652	{
	653	LOGDEBUG ("restoring original username %s after group processing as %s", original_username, CTX->username);
	654	CTX->username = original_username;
	655	}
	656
	657	/* Write .stats file for web interface */
	658
	659	if (CTX->training_mode != DST_NOTRAIN && _ds_match_attribute(agent_config, "WebStats", "on")) {
	660	write_web_stats (
	661	ATX,
	662	(CTX->group == NULL \|\| CTX->flags & DSF_MERGED) ?
	663	CTX->username : CTX->group,
	664	(CTX->group != NULL && CTX->flags & DSF_MERGED) ?
	665	CTX->group: NULL,
	666	&CTX->totals);
	667	}
	668
	669	LOGDEBUG ("libdspam returned probability of %f", CTX->probability);
	670	LOGDEBUG ("message result: %s", (result != DSR_ISSPAM) ? "NOT SPAM" : "SPAM");
	671
	672	/* System and User logging */
	673
	674	if (CTX->operating_mode != DSM_CLASSIFY &&
	675	(_ds_match_attribute(agent_config, "SystemLog", "on") \|\|
	676	_ds_match_attribute(agent_config, "UserLog", "on")))
	677	{
	678	log_events(CTX, ATX);
	679	}
	680
	681	/* Fragment Store - Store 1k fragments of each message for web users who
	682	* want to be able to see them from history. This requires some type of
	683	* find recipe for purging
	684	*/
	685
	686	if (ATX->PTX != NULL
	687	&& !strcmp(_ds_pref_val(ATX->PTX, "storeFragments"), "on")
	688	&& CTX->source != DSS_ERROR)
	689	{
	690	char dirname[MAX_FILENAME_LENGTH];
	691	char corpusfile[MAX_FILENAME_LENGTH];
	692	char output[1024];
	693	FILE *file;
	694
	695	_ds_userdir_path(dirname, _ds_read_attribute(agent_config, "Home"),
	696	LOOKUP(ATX->PTX, (ATX->managed_group[0]) ? ATX->managed_group :
	697	CTX->username), "frag");
	698	snprintf(corpusfile, MAX_FILENAME_LENGTH, "%s/%s.frag",
	699	dirname, ATX->signature);
	700
	701	LOGDEBUG("writing to frag file %s", corpusfile);
	702
	703	_ds_prepare_path_for(corpusfile);
	704	file = fopen(corpusfile, "w");
	705	if (file != NULL) {
	706	char *body = strstr(message->data, "\n\n");
	707	if (!body)
	708	body = message->data;
	709	strlcpy(output, body, sizeof(output));
	710	fputs(output, file);
	711	fputs("\n", file);
	712	fclose(file);
	713	}
	714	}
	715
	716	/* Corpus Maker - Build a corpus in DSPAM_HOME/data/USERPATH/USER.corpus */
	717
	718	if (ATX->PTX != NULL && !strcmp(_ds_pref_val(ATX->PTX, "makeCorpus"), "on")) {
	719	if (ATX->source != DSS_ERROR) {
	720	char dirname[MAX_FILENAME_LENGTH];
	721	char corpusfile[MAX_FILENAME_LENGTH];
	722	FILE *file;
	723
	724	_ds_userdir_path(dirname, _ds_read_attribute(agent_config, "Home"),
	725	LOOKUP(ATX->PTX, (ATX->managed_group[0]) ? ATX->managed_group
	726	: CTX->username), "corpus");
	727	snprintf(corpusfile, MAX_FILENAME_LENGTH, "%s/%s/%s.msg",
	728	dirname, (result == DSR_ISSPAM) ? "spam" : "nonspam",
	729	ATX->signature);
	730
	731	LOGDEBUG("writing to corpus file %s", corpusfile);
	732
	733	_ds_prepare_path_for(corpusfile);
	734	file = fopen(corpusfile, "w");
	735	if (file != NULL) {
	736	fputs(message->data, file);
	737	fclose(file);
	738	}
	739	} else {
	740	char dirname[MAX_FILENAME_LENGTH];
	741	char corpusfile[MAX_FILENAME_LENGTH];
	742	char corpusdest[MAX_FILENAME_LENGTH];
	743
	744	_ds_userdir_path(dirname, _ds_read_attribute(agent_config, "Home"),
	745	LOOKUP(ATX->PTX, (ATX->managed_group[0]) ? ATX->managed_group
	746	: CTX->username), "corpus");
	747	snprintf(corpusdest, MAX_FILENAME_LENGTH, "%s/%s/%s.msg",
	748	dirname, (result == DSR_ISSPAM) ? "spam" : "nonspam",
	749	ATX->signature);
	750	snprintf(corpusfile, MAX_FILENAME_LENGTH, "%s/%s/%s.msg",
	751	dirname, (result == DSR_ISSPAM) ? "nonspam" : "spam",
	752	ATX->signature);
	753	LOGDEBUG("moving corpusfile %s -> %s", corpusfile, corpusdest);
	754	_ds_prepare_path_for(corpusdest);
	755	rename(corpusfile, corpusdest);
	756	}
	757	}
	758
	759	/* False positives and spam misses should return here */
	760
	761	if (CTX->message == NULL)
	762	goto RETURN;
	763
	764	/* Add headers, tag, and deliver if necessary */
	765
	766	{
	767	add_xdspam_headers(CTX, ATX);
	768	}
	769
	770	if (!strcmp(_ds_pref_val(ATX->PTX, "spamAction"), "tag") &&
	771	result == DSR_ISSPAM)
	772	{
	773	tag_message(ATX, CTX->message);
	774	}
	775
	776
	777	if (
	778	(!strcmp(_ds_pref_val(ATX->PTX, "tagSpam"), "on")
	779	&& CTX->result == DSR_ISSPAM)
	780	\|\|
	781	(!strcmp(_ds_pref_val(ATX->PTX, "tagNonspam"), "on")
	782	&& CTX->result == DSR_ISINNOCENT)
	783	)
	784	{
	785	i = embed_msgtag(CTX, ATX);
	786	if (i<0) {
	787	result = i;
	788	goto RETURN;
	789	}
	790	}
	791
	792	if (strcmp(_ds_pref_val(ATX->PTX, "signatureLocation"), "headers") &&
	793	!ATX->train_pristine &&
	794	(CTX->classification == DSR_NONE \|\| internally_canned))
	795	{
	796	i = embed_signature(CTX, ATX);
	797	if (i<0) {
	798	result = i;
	799	goto RETURN;
	800	}
	801	}
	802
	803	/* Reassemble message from components */
	804
	805	copyback = _ds_assemble_message (CTX->message, (USE_LMTP \|\| USE_SMTP) ? "\r\n" : "\n");
	806	buffer_clear (message);
	807	buffer_cat (message, copyback);
	808	free (copyback);
	809
	810	/* Track source address and report to syslog, RABL */
	811
	812	if ( _ds_read_attribute(agent_config, "TrackSources") &&
	813	CTX->operating_mode == DSM_PROCESS &&
	814	CTX->source != DSS_CORPUS &&
	815	CTX->source != DSS_ERROR)
	816	{
	817	tracksource(CTX);
	818	}
	819
	820	/* Print --classify output */
	821
	822	if (CTX->operating_mode == DSM_CLASSIFY \|\| ATX->flags & DAF_SUMMARY)
	823	{
	824	char data[128];
	825	FILE *fout;
	826
	827	switch (CTX->result) {
	828	case DSR_ISSPAM:
	829	strcpy(data, "Spam");
	830	break;
	831	default:
	832	strcpy(data, "Innocent");
	833	break;
	834	}
	835
	836	if (ATX->sockfd) {
	837	fout = ATX->sockfd;
	838	ATX->sockfd_output = 1;
	839	}
	840	else {
	841	fout = stdout;
	842	}
	843
	844	fprintf(fout, "X-DSPAM-Result: %s; result=\"%s\"; class=\"%s\"; "
	845	"probability=%01.4f; confidence=%02.2f; signature=%s\n",
	846	CTX->username,
	847	data,
	848	CTX->class,
	849	CTX->probability,
	850	CTX->confidence,
	851	(ATX->signature[0]) ? ATX->signature : "N/A");
	852	}
	853
	854	ATX->learned = CTX->learned;
	855	if (result_string)
	856	*result_string = strdup(CTX->class);
	857
	858	RETURN:
	859	if (have_signature) {
	860	if (ATX->SIG.data != NULL) {
	861	free(ATX->SIG.data);
	862	ATX->SIG.data = NULL;
	863	}
	864	}
	865	ATX->signature[0] = 0;
	866	nt_destroy (ATX->inoc_users);
	867	nt_destroy (ATX->classify_users);
	868	if (CTX) {
	869	if (CTX->signature == &ATX->SIG) {
	870	CTX->signature = NULL;
	871	} else if (CTX->signature != NULL) {
	872	if (CTX->signature->data != NULL) {
	873	free (CTX->signature->data);
	874	}
	875	free (CTX->signature);
	876	CTX->signature = NULL;
	877	}
	878	dspam_destroy (CTX);
	879	}
	880	return result;
	881	}
	882
	883	/*
	884	* deliver_message(AGENT_CTX ATX, const char message,
	885	* const char mailer_args, const char username, FILE *stream,
	886	* int result)
	887	*
	888	* DESCRIPTION
	889	* Deliver message to the appropriate destination. This could be one of:
	890	* - Trusted/Untrusted Delivery Agent
	891	* - Delivery Host (SMTP/LMTP)
	892	* - Quarantine Agent
	893	* - File stream (--stdout)
	894	*
	895	* INPUT ARGUMENTS
	896	* ATX Agent context defining processing behavior
	897	* message Message to be delivered
	898	* mailer_args Arguments to pass to local agents via pipe()
	899	* username Destination username
	900	* stream File stream (if any) for stdout delivery
	901	* result Message classification result (DSR_)
	902	*
	903	* RETURN VALUES
	904	* returns 0 on success
	905	* EINVAL on permanent failure
	906	* EFAILURE on temporary failure
	907	* EFILE local agent failure
	908	*/
	909
	910	int
	911	deliver_message (
	912	AGENT_CTX *ATX,
	913	const char *message,
	914	const char *mailer_args,
	915	const char *username,
	916	FILE *stream,
	917	int result)
	918	{
	919	char args[1024];
	920	char margs, mmargs, *arg;
	921	FILE *file;
	922	int rc;
	923
	924	#ifdef DAEMON
	925
	926	/* If QuarantineMailbox defined and delivering a spam, get
	927	* name of recipient, truncate possible "+detail", and
	928	* add the QuarantineMailbox name (that must include the "+")
	929	*/
	930
	931	if ((_ds_read_attribute(agent_config, "QuarantineMailbox")) &&
	932	(result == DSR_ISSPAM)) {
	933	strlcpy(args, ATX->recipient, sizeof(args));
	934
	935	/* strip trailing @domain, if present: */
	936	arg=index(args, '@');
	937	if (arg) *arg = '\0';
	938
	939	arg=index(args,'+');
	940	if (arg != NULL) *arg='\0';
	941	strlcat(args,_ds_read_attribute(agent_config, "QuarantineMailbox"),
	942	sizeof(args));
	943
	944	/* append trailing @domain again, if it was present: */
	945	arg=index(ATX->recipient, '@');
	946	if (arg) strlcat (args, arg, sizeof(args));
	947
	948	ATX->recipient=args;
	949	}
	950
	951	/* If (using LMTP or SMTP) and (not delivering to stdout) and
	952	* (we shouldn't be delivering this to a quarantine agent)
	953	* then call deliver_socket to deliver to DeliveryHost
	954	*/
	955
	956	if (
	957	(USE_LMTP \|\| USE_SMTP) && ! (ATX->flags & DAF_STDOUT) &&
	958	(!(result == DSR_ISSPAM &&
	959	_ds_read_attribute(agent_config, "QuarantineAgent") &&
	960	ATX->PTX && !strcmp(_ds_pref_val(ATX->PTX, "spamAction"), "quarantine")))
	961	)
	962	{
	963	return deliver_socket(ATX, message, (USE_LMTP) ? DDP_LMTP : DDP_SMTP);
	964	}
	965	#endif
	966
	967	if (message == NULL)
	968	return EINVAL;
	969
	970	/* If we're delivering to stdout, we need to provide a classification for
	971	* use by client/daemon setups where the client needs to know the result
	972	* in order to support broken returnCodes.
	973	*/
	974
	975	if (ATX->sockfd && ATX->flags & DAF_STDOUT)
	976	fprintf(stream, "X-Daemon-Classification: %s\n",
	977	(result == DSR_ISSPAM) ? "SPAM" : "INNOCENT");
	978
	979	if (mailer_args == NULL) {
	980	fputs (message, stream);
	981	return 0;
	982	}
	983
	984	/* Prepare local mailer args and interpolate all special symbols */
	985
	986	args[0] = 0;
	987	margs = strdup (mailer_args);
	988	mmargs = margs;
	989	arg = strsep (&margs, " ");
	990	while (arg != NULL)
	991	{
	992	char a[256], b[256];
	993
	994	/* Destination user */
	995
	996	if (!strcmp (arg, "$u") \|\| !strcmp (arg, "\\$u") \|\|
	997	!strcmp (arg, "%u") \|\| !strcmp(arg, "\\%u"))
	998	{
	999	strlcpy(a, username, sizeof(a));
	1000	}
	1001
	1002	/* Recipient (from RCPT TO)*/
	1003
	1004	else if (!strcmp (arg, "%r") \|\| !strcmp (arg, "\\%r"))
	1005	{
	1006	if (ATX->recipient)
	1007	strlcpy(a, ATX->recipient, sizeof(a));
	1008	else
	1009	strlcpy(a, username, sizeof(a));
	1010	}
	1011
	1012	/* Sender (from MAIL FROM) */
	1013
	1014	else if (!strcmp (arg, "%s") \|\| !strcmp (arg, "\\%s"))
	1015	strlcpy(a, ATX->mailfrom, sizeof(a));
	1016
	1017	else
	1018	strlcpy(a, arg, sizeof(a));
	1019
	1020	/* Escape special characters */
	1021
	1022	if (strcmp(a, "\"\"")) {
	1023	size_t i;
	1024	for(i=0;i<strlen(a);i++) {
	1025	if (!(isalnum((unsigned char) a[i]) \|\| a[i] == '+' \|\| a[i] == '_' \|\|
	1026	a[i] == '-' \|\| a[i] == '.' \|\| a[i] == '/' \|\| a[i] == '@')) {
	1027	strlcpy(b, a+i, sizeof(b));
	1028	a[i] = '\\';
	1029	a[i+1] = 0;
	1030	strlcat(a, b, sizeof(a));
	1031	i++;
	1032	}
	1033	}
	1034	}
	1035
	1036	if (arg != NULL)
	1037	strlcat (args, a, sizeof(args));
	1038
	1039	arg = strsep(&margs, " ");
	1040
	1041	if (arg) {
	1042	strlcat (args, " ", sizeof (args));
	1043	}
	1044	}
	1045	free (mmargs);
	1046
	1047	LOGDEBUG ("Opening pipe to LDA: %s", args);
	1048	file = popen (args, "w");
	1049	if (file == NULL)
	1050	{
	1051	LOG(LOG_ERR, ERR_LDA_OPEN, args, strerror (errno));
	1052	return EFILE;
	1053	}
	1054
	1055	/* Manage local delivery agent failures */
	1056
	1057	fputs (message, file);
	1058	rc = pclose (file);
	1059	if (rc == -1) {
	1060	LOG(LOG_WARNING, ERR_LDA_STATUS, args, strerror (errno));
	1061	return EFILE;
	1062	} else if (WIFEXITED (rc)) {
	1063	int lda_exit_code;
	1064	lda_exit_code = WEXITSTATUS (rc);
	1065	if (lda_exit_code == 0) {
	1066	LOGDEBUG ("LDA returned success");
	1067	} else {
	1068	LOG(LOG_ERR, ERR_LDA_EXIT, lda_exit_code, args);
	1069	if (_ds_match_attribute(agent_config, "LMTPLDAErrorsPermanent", "on"))
	1070	return EINVAL;
	1071	else
	1072	return lda_exit_code;
	1073	}
	1074	}
	1075	#ifndef _WIN32
	1076	else if (WIFSIGNALED (rc))
	1077	{
	1078	int sig;
	1079	sig = WTERMSIG (rc);
	1080	LOG(LOG_ERR, ERR_LDA_SIGNAL, sig, args);
	1081	return sig;
	1082	}
	1083	else
	1084	{
	1085	LOG(LOG_ERR, ERR_LDA_CLOSE, rc);
	1086	return rc;
	1087	}
	1088	#endif
	1089
	1090	return 0;
	1091	}
	1092
	1093	/*
	1094	* tag_message(AGENT_CTX *ATX, ds_message_t message)
	1095	*
	1096	* DESCRIPTION
	1097	* Tags a message's subject line as spam using spamSubject
	1098	*
	1099	* INPUT ARGUMENTS
	1100	* ATX Agent context defining processing behavior
	1101	* message Message structure (ds_message_t) to tag
	1102	*
	1103	* RETURN VALUES
	1104	* returns 0 on success
	1105	* EINVAL on permanent failure
	1106	* EFAILURE on temporary failure
	1107	* EFILE local agent failure
	1108	*/
	1109
	1110	int tag_message(AGENT_CTX *ATX, ds_message_t message)
	1111	{
	1112	ds_message_part_t block = message->components->first->ptr;
	1113	struct nt_node *node_header = block->headers->first;
	1114	int tagged = 0;
	1115	char spam_subject[16];
	1116
	1117	strcpy(spam_subject, "[SPAM]");
	1118	if (_ds_pref_val(ATX->PTX, "spamSubject")[0] != '\n' &&
	1119	_ds_pref_val(ATX->PTX, "spamSubject")[0] != 0)
	1120	{
	1121	strlcpy(spam_subject, _ds_pref_val(ATX->PTX, "spamSubject"),
	1122	sizeof(spam_subject));
	1123	}
	1124
	1125	/* Only scan the first (primary) header of the message. */
	1126
	1127	while (node_header != NULL)
	1128	{
	1129	ds_header_t head;
	1130
	1131	head = (ds_header_t) node_header->ptr;
	1132	if (head->heading && !strcasecmp(head->heading, "Subject"))
	1133	{
	1134
	1135	/* CURRENT HEADER: Is this header already tagged? */
	1136
	1137	if (strncmp(head->data, spam_subject, strlen(spam_subject)))
	1138	{
	1139	/* Not tagged, so tag it */
	1140	long subject_length = strlen(head->data)+strlen(spam_subject)+2;
	1141	char *subject = malloc(subject_length);
	1142	if (subject != NULL) {
	1143	snprintf(subject,
	1144	subject_length, "%s %s",
	1145	spam_subject,
	1146	head->data);
	1147	free(head->data);
	1148	head->data = subject;
	1149	}
	1150	}
	1151
	1152	/* ORIGINAL HEADER: Is this header already tagged? */
	1153
	1154	if (head->original_data != NULL &&
	1155	strncmp(head->original_data, spam_subject, strlen(spam_subject)))
	1156	{
	1157	/* Not tagged => tag it. */
	1158	long subject_length = strlen(head->original_data)+strlen(spam_subject)+2;
	1159	char *subject = malloc(subject_length);
	1160	if (subject != NULL) {
	1161	snprintf(subject,
	1162	subject_length, "%s %s",
	1163	spam_subject,
	1164	head->original_data);
	1165	free(head->original_data);
	1166	head->original_data = subject;
	1167	}
	1168	}
	1169
	1170	tagged = 1;
	1171	}
	1172	node_header = node_header->next;
	1173	}
	1174
	1175	/* There doesn't seem to be a subject field, so make one */
	1176
	1177	if (!tagged)
	1178	{
	1179	char text[80];
	1180	ds_header_t header;
	1181	snprintf(text, sizeof(text), "Subject: %s", spam_subject);
	1182	header = _ds_create_header_field(text);
	1183	if (header != NULL)
	1184	{
	1185	#ifdef VERBOSE
	1186	LOGDEBUG("appending header %s: %s", header->heading, header->data);
	1187	#endif
	1188	nt_add(block->headers, (void *) header);
	1189	}
	1190	}
	1191
	1192	return 0;
	1193	}
	1194
	1195	/*
	1196	* quarantine_message(AGENT_CTX ATX, const char message,
	1197	* const char *username)
	1198	*
	1199	* DESCRIPTION
	1200	* Quarantine a message using DSPAM's internal quarantine function
	1201	*
	1202	* INPUT ARGUMENTS
	1203	* ATX Agent context defining processing behavior
	1204	* message Text message to quarantine
	1205	* username Destination user
	1206	*
	1207	* RETURN VALUES
	1208	* returns 0 on success, standard errors on failure
	1209	*/
	1210
	1211	int
	1212	quarantine_message (AGENT_CTX ATX, const char message, const char *username)
	1213	{
	1214	char filename[MAX_FILENAME_LENGTH];
	1215	char x, msg;
	1216	int line = 1, i;
	1217	FILE *file;
	1218
	1219	_ds_userdir_path(filename, _ds_read_attribute(agent_config, "Home"),
	1220	LOOKUP(ATX->PTX, username), "mbox");
	1221	_ds_prepare_path_for(filename);
	1222	file = fopen (filename, "a");
	1223	if (file == NULL)
	1224	{
	1225	LOG(LOG_ERR, ERR_IO_FILE_WRITE, filename, strerror (errno));
	1226	return EFILE;
	1227	}
	1228
	1229	i = _ds_get_fcntl_lock(fileno(file));
	1230	if (i) {
	1231	LOG(LOG_WARNING, ERR_IO_LOCK, filename, i, strerror(errno));
	1232	return EFILE;
	1233	}
	1234
	1235	/* Write our own "From " header if the MTA didn't give us one. This
	1236	* allows for the viewing of a mailbox from elm or some other local
	1237	* client that would otherwise believe the mailbox is corrupt.
	1238	*/
	1239
	1240	if (strncmp (message, "From ", 5))
	1241	{
	1242	char head[128];
	1243	time_t tm = time (NULL);
	1244
	1245	snprintf (head, sizeof (head), "From QUARANTINE %s", ctime (&tm));
	1246	fputs (head, file);
	1247	}
	1248
	1249	msg = strdup(message);
	1250
	1251	if (msg == NULL) {
	1252	LOG (LOG_CRIT, ERR_MEM_ALLOC);
	1253	return EUNKNOWN;
	1254	}
	1255
	1256	/* TODO: Is there a way to do this without a strdup/strsep ? */
	1257
	1258	x = strsep (&msg, "\n");
	1259	while (x)
	1260	{
	1261	/* Quote any lines beginning with 'From ' to keep mbox from breaking */
	1262
	1263	if (!strncmp (x, "From ", 5) && line != 1)
	1264	fputs (">", file);
	1265	fputs (x, file);
	1266	fputs ("\n", file);
	1267	line++;
	1268	x = strsep (&msg, "\n");
	1269	}
	1270	free (msg);
	1271	fputs ("\n\n", file);
	1272
	1273	_ds_free_fcntl_lock(fileno(file));
	1274	fclose (file);
	1275
	1276	return 0;
	1277	}
	1278
	1279	/*
	1280	* write_web_stats(AGENT_CTX ATX, const char username, const char *group,
	1281	* struct _ds_spam_totals *totals)
	1282	*
	1283	* DESCRIPTION
	1284	* Writes a .stats file in the user's data directory for use with web UI
	1285	*
	1286	* INPUT ARGUMENTS
	1287	* ATX Agent context defining processing behavior
	1288	* username Destination user
	1289	* group Group membership
	1290	* totals Pointer to processing totals
	1291	*
	1292	* RETURN VALUES
	1293	* returns 0 on success, standard errors on failure
	1294	*/
	1295
	1296	int
	1297	write_web_stats (
	1298	AGENT_CTX *ATX,
	1299	const char *username,
	1300	const char *group,
	1301	struct _ds_spam_totals *totals)
	1302	{
	1303	char filename[MAX_FILENAME_LENGTH];
	1304	FILE *file;
	1305
	1306	if (!totals)
	1307	return EINVAL;
	1308
	1309	_ds_userdir_path(filename, _ds_read_attribute(agent_config, "Home"),
	1310	LOOKUP(ATX->PTX, username), "stats");
	1311	_ds_prepare_path_for (filename);
	1312	file = fopen (filename, "w");
	1313	if (file == NULL) {
	1314	LOG(LOG_ERR, ERR_IO_FILE_WRITE, filename, strerror (errno));
	1315	return EFILE;
	1316	}
	1317
	1318	fprintf (file, "%ld,%ld,%ld,%ld,%ld,%ld\n",
	1319	MAX(0, (totals->spam_learned + totals->spam_classified) -
	1320	(totals->spam_misclassified + totals->spam_corpusfed)),
	1321	MAX(0, (totals->innocent_learned + totals->innocent_classified) -
	1322	(totals->innocent_misclassified + totals->innocent_corpusfed)),
	1323	totals->spam_misclassified, totals->innocent_misclassified,
	1324	totals->spam_corpusfed, totals->innocent_corpusfed);
	1325
	1326	if (group)
	1327	fprintf(file, "%s\n", group);
	1328
	1329	fclose (file);
	1330	return 0;
	1331	}
	1332
	1333	/*
	1334	* inoculate_user(AGENT_CTX ATX, const char username,
	1335	* struct _ds_spam_signature SIG, const char message)
	1336	*
	1337	* DESCRIPTION
	1338	* Provide a vaccination for the spam processed to the target user
	1339	*
	1340	* INPUT ARGUMENTS
	1341	* ATX Agent context defining processing behavior
	1342	* username Target user
	1343	* SIG Signature (if providing signature-based inoculation)
	1344	* message Text Message (if providing message-based inoculation)
	1345	*
	1346	* RETURN VALUES
	1347	* returns 0 on success, standard errors on failure
	1348	*/
	1349
	1350	int
	1351	inoculate_user (
	1352	AGENT_CTX *ATX,
	1353	const char *username,
	1354	struct _ds_spam_signature *SIG,
	1355	const char *message)
	1356	{
	1357	DSPAM_CTX *INOC;
	1358	int do_inoc = 1, result = 0;
	1359	int f_all = 0;
	1360
	1361	LOGDEBUG ("checking if user %s requires this inoculation", username);
	1362	if (user_classify(ATX, username, SIG, message) == DSR_ISSPAM) {
	1363	do_inoc = 0;
	1364	}
	1365
	1366	if (!do_inoc)
	1367	{
	1368	LOGDEBUG ("skipping user %s: doesn't require inoculation", username);
	1369	return EFAILURE;
	1370	}
	1371	else
	1372	{
	1373	LOGDEBUG ("inoculating user %s", username);
	1374
	1375	if (ATX->flags & DAF_NOISE)
	1376	f_all \|= DSF_NOISE;
	1377
	1378	if (ATX->PTX != NULL &&
	1379	strcmp(_ds_pref_val(ATX->PTX, "processorBias"), ""))
	1380	{
	1381	if (!strcmp(_ds_pref_val(ATX->PTX, "processorBias"), "on"))
	1382	f_all \|= DSF_BIAS;
	1383	} else {
	1384	if (_ds_match_attribute(agent_config, "ProcessorBias", "on"))
	1385	f_all \|= DSF_BIAS;
	1386	}
	1387
	1388	INOC = dspam_create (username,
	1389	NULL,
	1390	_ds_read_attribute(agent_config, "Home"),
	1391	DSM_PROCESS,
	1392	f_all);
	1393	if (INOC)
	1394	{
	1395	set_libdspam_attributes(INOC);
	1396	if (attach_context(INOC, ATX->dbh)) {
	1397	LOG (LOG_WARNING, ERR_CORE_ATTACH);
	1398	dspam_destroy(INOC);
	1399	return EUNKNOWN;
	1400	}
	1401
	1402	INOC->classification = DSR_ISSPAM;
	1403	INOC->source = DSS_INOCULATION;
	1404	if (SIG)
	1405	{
	1406	INOC->flags \|= DSF_SIGNATURE;
	1407	INOC->signature = SIG;
	1408	result = dspam_process (INOC, NULL);
	1409	}
	1410	else
	1411	{
	1412	result = dspam_process (INOC, message);
	1413	}
	1414
	1415	if (SIG)
	1416	INOC->signature = NULL;
	1417	dspam_destroy (INOC);
	1418	}
	1419	}
	1420
	1421	return result;
	1422	}
	1423
	1424	/*
	1425	* user_classify(AGENT_CTX ATX, const char username,
	1426	* struct _ds_spam_signature SIG, const char message)
	1427	*
	1428	* DESCRIPTION
	1429	* Determine the classification of a message for another user
	1430	*
	1431	* INPUT ARGUMENTS
	1432	* ATX Agent context defining processing behavior
	1433	* username Target user
	1434	* SIG Signature (if performing signature-based classification)
	1435	* message Text Message (if performing message-based ciassification)
	1436	*
	1437	* RETURN VALUES
	1438	* returns DSR_ value, standard errors on failure
	1439	*/
	1440
	1441	int
	1442	user_classify (
	1443	AGENT_CTX *ATX,
	1444	const char *username,
	1445	struct _ds_spam_signature *SIG,
	1446	const char *message)
	1447	{
	1448	DSPAM_CTX *CLX;
	1449	int result = 0;
	1450	int f_all = 0;
	1451
	1452	if (SIG == NULL && message == NULL) {
	1453	LOG(LOG_WARNING, "user_classify(): SIG == NULL, message == NULL");
	1454	return EINVAL;
	1455	}
	1456
	1457	if (ATX->flags & DAF_NOISE)
	1458	f_all \|= DSF_NOISE;
	1459
	1460	if (ATX->PTX != NULL && strcmp(_ds_pref_val(ATX->PTX, "processorBias"), "")) {
	1461	if (!strcmp(_ds_pref_val(ATX->PTX, "processorBias"), "on"))
	1462	f_all \|= DSF_BIAS;
	1463	} else {
	1464	if (_ds_match_attribute(agent_config, "ProcessorBias", "on"))
	1465	f_all \|= DSF_BIAS;
	1466	}
	1467
	1468	/* First see if the user needs to be inoculated */
	1469	CLX = dspam_create (username,
	1470	NULL,
	1471	_ds_read_attribute(agent_config, "Home"),
	1472	DSM_CLASSIFY,
	1473	f_all);
	1474	if (CLX)
	1475	{
	1476	set_libdspam_attributes(CLX);
	1477	if (attach_context(CLX, ATX->dbh)) {
	1478	LOG (LOG_WARNING, ERR_CORE_ATTACH);
	1479	dspam_destroy(CLX);
	1480	return EUNKNOWN;
	1481	}
	1482
	1483	if (SIG)
	1484	{
	1485	CLX->flags \|= DSF_SIGNATURE;
	1486	CLX->signature = SIG;
	1487	result = dspam_process (CLX, NULL);
	1488	}
	1489	else
	1490	{
	1491	if (message == NULL) {
	1492	LOG(LOG_WARNING, "user_classify: SIG = %ld, message = NULL\n", (unsigned long) SIG);
	1493	if (SIG) CLX->signature = NULL;
	1494	dspam_destroy (CLX);
	1495	return EFAILURE;
	1496	}
	1497	result = dspam_process (CLX, message);
	1498	}
	1499
	1500	if (SIG)
	1501	CLX->signature = NULL;
	1502
	1503	if (result)
	1504	{
	1505	LOGDEBUG ("user_classify() returned error %d", result);
	1506	result = EFAILURE;
	1507	}
	1508	else
	1509	result = CLX->result;
	1510
	1511	dspam_destroy (CLX);
	1512	}
	1513
	1514	return result;
	1515	}
	1516
	1517	/*
	1518	* send_notice(AGENT_CTX ATX, const char filename, const char *mailer_args,
	1519	* const char *username)
	1520	*
	1521	* DESCRIPTION
	1522	* Sends a canned notice to the destination user
	1523	*
	1524	* INPUT ARGUMENTS
	1525	* ATX Agent context defining processing behavior
	1526	* filename Filename of canned notice
	1527	* mailer_args Local agent arguments
	1528	* username Destination user
	1529	*
	1530	* RETURN VALUES
	1531	* returns 0 on success, standard errors on failure
	1532	*/
	1533
	1534	int send_notice(
	1535	AGENT_CTX *ATX,
	1536	const char *filename,
	1537	const char *mailer_args,
	1538	const char *username)
	1539	{
	1540	FILE *f;
	1541	char msgfile[MAX_FILENAME_LENGTH];
	1542	buffer *b;
	1543	char buf[1024];
	1544	time_t now;
	1545	int ret;
	1546
	1547	time(&now);
	1548
	1549	if (_ds_read_attribute(agent_config, "TxtDirectory")) {
	1550	snprintf(msgfile, sizeof(msgfile), "%s/%s", _ds_read_attribute(agent_config, "TxtDirectory"), filename);
	1551	} else {
	1552	snprintf(msgfile, sizeof(msgfile), "%s/txt/%s", _ds_read_attribute(agent_config, "Home"), filename);
	1553	}
	1554	f = fopen(msgfile, "r");
	1555	if (!f) {
	1556	LOG(LOG_ERR, ERR_IO_FILE_OPEN, filename, strerror(errno));
	1557	return EFILE;
	1558	}
	1559
	1560	b = buffer_create(NULL);
	1561	if (!b) {
	1562	LOG(LOG_CRIT, ERR_MEM_ALLOC);
	1563	fclose(f);
	1564	return EUNKNOWN;
	1565	}
	1566
	1567	strftime(buf,sizeof(buf), "Date: %a, %d %b %Y %H:%M:%S %z\n",
	1568	localtime(&now));
	1569	buffer_cat(b, buf);
	1570
	1571	while(fgets(buf, sizeof(buf), f)!=NULL) {
	1572	char *s = buf;
	1573	char *w = strstr(buf, "$u");
	1574	while(w != NULL) {
	1575	w[0] = 0;
	1576	buffer_cat(b, s);
	1577	buffer_cat(b, username);
	1578	s = w+2;
	1579	w = strstr(s, "$u");
	1580	}
	1581	buffer_cat(b, s);
	1582	}
	1583	fclose(f);
	1584	ret = deliver_message(ATX, b->data, mailer_args, username,
	1585	stdout, DSR_ISINNOCENT);
	1586
	1587	buffer_destroy(b);
	1588
	1589	return ret;
	1590	}
	1591
	1592	/*
	1593	* process_users(AGENT_CTX ATX, buffer message)
	1594	*
	1595	* DESCRIPTION
	1596	* Primary processing loop: cycle through all destination users and process
	1597	*
	1598	* INPUT ARGUMENTS
	1599	* ATX Agent context defining processing behavior
	1600	* message Buffer structure containing text message
	1601	*
	1602	* RETURN VALUES
	1603	* returns 0 on success, standard errors on failure
	1604	*/
	1605
	1606	int process_users(AGENT_CTX ATX, buffer message) {
	1607	int i = 0, have_rcpts = 0, return_code = 0, retcode = 0;
	1608	struct nt_node *node_nt;
	1609	struct nt_node *node_rcpt = NULL;
	1610	struct nt_c c_nt, c_rcpt;
	1611	buffer *parse_message;
	1612	agent_result_t presult = NULL;
	1613	char plus, atsign;
	1614	char mailbox[256];
	1615	FILE *fout;
	1616
	1617	if (ATX->sockfd) {
	1618	fout = ATX->sockfd;
	1619	} else {
	1620	fout = stdout;
	1621	}
	1622
	1623	node_nt = c_nt_first (ATX->users, &c_nt);
	1624	if (ATX->recipients) {
	1625	node_rcpt = c_nt_first (ATX->recipients, &c_rcpt);
	1626	have_rcpts = ATX->recipients->items;
	1627	}
	1628
	1629	/* Keep going as long as we have destination users */
	1630
	1631	while (node_nt \|\| node_rcpt)
	1632	{
	1633	struct stat s;
	1634	char filename[MAX_FILENAME_LENGTH];
	1635	int optin, optout;
	1636	char *username = NULL;
	1637
	1638	/* If ServerParameters specifies a --user, there will only be one
	1639	* instance on the stack, but possible multiple recipients. So we
	1640	* need to recycle.
	1641	*/
	1642
	1643	if (node_nt == NULL)
	1644	node_nt = ATX->users->first;
	1645
	1646	/* Set the "current recipient" to either the next item on the rcpt stack
	1647	* or the current user if not present.
	1648	*/
	1649
	1650
	1651	#ifdef EXT_LOOKUP
	1652	verified_user = 0;
	1653	if (_ds_match_attribute(agent_config, "ExtLookup", "on")) {
	1654	LOGDEBUG ("looking up user %s using %s driver.", node_nt->ptr, _ds_read_attribute(agent_config, "ExtLookupDriver"));
	1655	username = external_lookup(agent_config, node_nt->ptr, username);
	1656	if (username != NULL) {
	1657	LOGDEBUG ("external lookup verified user %s", node_nt->ptr);
	1658	verified_user = 1;
	1659	if (_ds_match_attribute(agent_config, "ExtLookupMode", "map") \|\|
	1660	_ds_match_attribute(agent_config, "ExtLookupMode", "strict")) {
	1661	LOGDEBUG ("mapping address %s to uid %s", node_nt->ptr, username);
	1662	node_nt->ptr = username;
	1663	}
	1664	} else if (_ds_match_attribute(agent_config, "ExtLookupMode", "map")) {
	1665	LOGDEBUG ("no match for user %s but mode is %s. continuing...", node_nt->ptr, _ds_read_attribute(agent_config, "ExtLookupMode"));
	1666	verified_user = 1;
	1667	}
	1668	} else {
	1669	verified_user = 1;
	1670	}
	1671	#endif
	1672	username = node_nt->ptr;
	1673
	1674	if (node_rcpt) {
	1675	ATX->recipient = node_rcpt->ptr;
	1676	node_rcpt = c_nt_next (ATX->recipients, &c_rcpt);
	1677	} else {
	1678
	1679	/* We started out using the recipients list and it's exhausted, so quit */
	1680	if (have_rcpts)
	1681	break;
	1682
	1683	ATX->recipient = node_nt->ptr;
	1684	}
	1685
	1686	/* If support for "+detail" is enabled, save full mailbox name for
	1687	delivery and strip detail for processing */
	1688
	1689	if (_ds_match_attribute(agent_config, "EnablePlusedDetail", "on")) {
	1690	char plused_char = '+';
	1691	if (_ds_read_attribute(agent_config, "PlusedCharacter"))
	1692	plused_char = _ds_read_attribute(agent_config, "PlusedCharacter")[0];
	1693	strlcpy(mailbox, username, sizeof(mailbox));
	1694	ATX->recipient = mailbox;
	1695	if (_ds_match_attribute(agent_config, "PlusedUserLowercase", "on"))
	1696	lc (username, username);
	1697	plus = index(username, plused_char);
	1698	if (plus) {
	1699	atsign = index(plus, '@');
	1700	if (atsign)
	1701	strcpy(plus, atsign);
	1702	else
	1703	*plus='\0';
	1704	}
	1705	}
	1706
	1707	presult = calloc(1, sizeof(struct agent_result));
	1708	parse_message = buffer_create(message->data);
	1709	if (parse_message == NULL) {
	1710	LOG(LOG_CRIT, ERR_MEM_ALLOC);
	1711	presult->exitcode = ERC_PROCESS;
	1712	strcpy(presult->text, ERR_MEM_ALLOC);
	1713
	1714	if (ATX->results) {
	1715	nt_add(ATX->results, presult);
	1716	if (ATX->results->nodetype == NT_CHAR)
	1717	free(presult);
	1718	} else
	1719	free(presult);
	1720
	1721	presult = NULL;
	1722
	1723	continue;
	1724	}
	1725
	1726	/* Determine whether to activate debug. If we're running in daemon mode,
	1727	* debug is either on or off (it's a global variable), so this only
	1728	* applies to running in client or local processing mode.
	1729	*/
	1730
	1731	#ifdef DEBUG
	1732	if (!DO_DEBUG &&
	1733	(_ds_match_attribute(agent_config, "Debug", "*") \|\|
	1734	_ds_match_attribute(agent_config, "Debug", node_nt->ptr)))
	1735	{
	1736	// No DebugOpt specified; turn it on for everything
	1737	if (!_ds_read_attribute(agent_config, "DebugOpt"))
	1738	{
	1739	DO_DEBUG = 1;
	1740	}
	1741	else {
	1742	if (_ds_match_attribute(agent_config, "DebugOpt", "process") &&
	1743	ATX->source == DSS_NONE &&
	1744	ATX->operating_mode == DSM_PROCESS)
	1745	{
	1746	DO_DEBUG = 1;
	1747	}
	1748
	1749	if (_ds_match_attribute(agent_config, "DebugOpt", "classify") &&
	1750	ATX->operating_mode == DSM_CLASSIFY)
	1751	{
	1752	DO_DEBUG = 1;
	1753	}
	1754
	1755	if (_ds_match_attribute(agent_config, "DebugOpt", "spam") &&
	1756	ATX->classification == DSR_ISSPAM &&
	1757	ATX->source == DSS_ERROR)
	1758	{
	1759	DO_DEBUG = 1;
	1760	}
	1761
	1762	if (_ds_match_attribute(agent_config, "DebugOpt", "fp") &&
	1763	ATX->classification == DSR_ISINNOCENT &&
	1764	ATX->source == DSS_ERROR)
	1765	{
	1766	DO_DEBUG = 1;
	1767	}
	1768
	1769	if (_ds_match_attribute(agent_config, "DebugOpt", "inoculation") &&
	1770	ATX->source == DSS_INOCULATION)
	1771	{
	1772	DO_DEBUG = 1;
	1773	}
	1774
	1775	if (_ds_match_attribute(agent_config, "DebugOpt", "corpus") &&
	1776	ATX->source == DSS_CORPUS)
	1777	{
	1778	DO_DEBUG = 1;
	1779	}
	1780	}
	1781	}
	1782
	1783	ATX->status[0] = 0;
	1784
	1785	if (DO_DEBUG) {
	1786	LOGDEBUG ("DSPAM Instance Startup");
	1787	LOGDEBUG ("input args: %s", ATX->debug_args);
	1788	LOGDEBUG ("pass-thru args: %s", ATX->mailer_args);
	1789	LOGDEBUG ("processing user %s", (const char *) node_nt->ptr);
	1790	LOGDEBUG ("uid = %d, euid = %d, gid = %d, egid = %d",
	1791	getuid(), geteuid(), getgid(), getegid());
	1792
	1793	/* Write message to dspam.messags */
	1794	{
	1795	FILE *f;
	1796	char m[MAX_FILENAME_LENGTH];
	1797	snprintf (m, sizeof (m), "%s/dspam.messages", LOGDIR);
	1798	f = fopen (m, "a");
	1799	if (f != NULL)
	1800	{
	1801	fprintf (f, "%s\n", parse_message->data);
	1802	fclose (f);
	1803	}
	1804	}
	1805	}
	1806	#endif
	1807
	1808	/*
	1809	* Determine if the user is opted in or out
	1810	*/
	1811
	1812	ATX->PTX = load_aggregated_prefs(ATX, username);
	1813	if (!strcmp(_ds_pref_val(ATX->PTX, "fallbackDomain"), "on")) {
	1814	if (username != NULL && strchr(username, '@')) {
	1815	char *domain = strchr(username, '@');
	1816	username = domain;
	1817	} else {
	1818	LOG(LOG_ERR, "process_users(): Can not fallback to domains for username '%s' without @domain part.", username);
	1819	}
	1820	}
	1821
	1822	ATX->train_pristine = 0;
	1823	if ((_ds_match_attribute(agent_config, "TrainPristine", "on") \|\|
	1824	!strcmp(_ds_pref_val(ATX->PTX, "trainPristine"), "on")) &&
	1825	strcmp(_ds_pref_val(ATX->PTX, "trainPristine"), "off")) {
	1826	ATX->train_pristine = 1;
	1827	}
	1828
	1829	_ds_userdir_path(filename,
	1830	_ds_read_attribute(agent_config, "Home"),
	1831	LOOKUP(ATX->PTX, username), "dspam");
	1832	optin = stat(filename, &s);
	1833
	1834	#ifdef HOMEDIR
	1835	if (!optin && (!S_ISDIR(s.st_mode))) {
	1836	optin = -1;
	1837	LOG(LOG_WARNING, ERR_AGENT_OPTIN_DIR, filename);
	1838	}
	1839	#endif
	1840
	1841	_ds_userdir_path(filename,
	1842	_ds_read_attribute(agent_config, "Home"),
	1843	LOOKUP(ATX->PTX, username), "nodspam");
	1844	optout = stat(filename, &s);
	1845
	1846	/* If the message is too big to process, just deliver it */
	1847
	1848	if (_ds_read_attribute(agent_config, "MaxMessageSize")) {
	1849	if (parse_message->used >
	1850	atoi(_ds_read_attribute(agent_config, "MaxMessageSize")))
	1851	{
	1852	LOG (LOG_INFO, "message too big, delivering");
	1853	optout = 0;
	1854	}
	1855	}
	1856
	1857	/* Deliver the message if the user has opted not to be filtered */
	1858
	1859	optout = (optout) ? 0 : 1;
	1860	optin = (optin) ? 0 : 1;
	1861
	1862	if /* opted out implicitly */
	1863	(optout \|\| !strcmp(_ds_pref_val(ATX->PTX, "optOut"), "on") \|\|
	1864
	1865	/* not opted in (in an opt-in system) */
	1866	(_ds_match_attribute(agent_config, "Opt", "in") &&
	1867	!optin && strcmp(_ds_pref_val(ATX->PTX, "optIn"), "on")))
	1868	{
	1869	if (ATX->flags & DAF_DELIVER_INNOCENT)
	1870	{
	1871	retcode =
	1872	deliver_message (ATX, parse_message->data,
	1873	(ATX->flags & DAF_STDOUT) ? NULL : ATX->mailer_args,
	1874	node_nt->ptr, fout, DSR_ISINNOCENT);
	1875	if (retcode)
	1876	presult->exitcode = ERC_DELIVERY;
	1877	if (retcode == EINVAL)
	1878	presult->exitcode = ERC_PERMANENT_DELIVERY;
	1879	strlcpy(presult->text, ATX->status, sizeof(presult->text));
	1880
	1881	if (ATX->sockfd && ATX->flags & DAF_STDOUT)
	1882	ATX->sockfd_output = 1;
	1883	}
	1884	}
	1885
	1886	/* Call process_message(), then handle result appropriately */
	1887
	1888	else
	1889	{
	1890	char *result_string = NULL;
	1891	int result;
	1892	result = process_message (ATX, parse_message, username, &result_string);
	1893	presult->classification = result;
	1894
	1895	#ifdef CLAMAV
	1896	if (result_string && !strcmp(result_string, LANG_CLASS_VIRUS)) {
	1897	if (_ds_match_attribute(agent_config, "ClamAVResponse", "reject")) {
	1898	presult->classification = DSR_ISSPAM;
	1899	presult->exitcode = ERC_PERMANENT_DELIVERY;
	1900	strlcpy(presult->text, ATX->status, sizeof(presult->text));
	1901	free(result_string);
	1902	result_string = NULL;
	1903	goto RSET;
	1904	}
	1905	else if (_ds_match_attribute(agent_config, "ClamAVResponse", "spam"))
	1906	{
	1907	presult->classification = DSR_ISSPAM;
	1908	presult->exitcode = ERC_SUCCESS;
	1909	result = DSR_ISSPAM;
	1910	strlcpy(presult->text, ATX->status, sizeof(presult->text));
	1911	} else {
	1912	presult->classification = DSR_ISINNOCENT;
	1913	presult->exitcode = ERC_SUCCESS;
	1914	free(result_string);
	1915	result_string = NULL;
	1916	goto RSET;
	1917	}
	1918	}
	1919	#endif
	1920	free(result_string);
	1921	result_string = NULL;
	1922
	1923	/* Exit code 99 for spam (when using broken return codes) */
	1924
	1925	if (_ds_match_attribute(agent_config, "Broken", "returnCodes")) {
	1926	if (result == DSR_ISSPAM)
	1927	return_code = 99;
	1928	}
	1929
	1930	/*
	1931	* Classify Only
	1932	*/
	1933
	1934	if (ATX->operating_mode == DSM_CLASSIFY)
	1935	{
	1936	node_nt = c_nt_next (ATX->users, &c_nt);
	1937	_ds_pref_free(ATX->PTX);
	1938	free(ATX->PTX);
	1939	ATX->PTX = NULL;
	1940	buffer_destroy(parse_message);
	1941	free(presult);
	1942	presult = NULL;
	1943	i++;
	1944	continue;
	1945	}
	1946
	1947	/*
	1948	* Classify and Process
	1949	*/
	1950
	1951	/* Innocent */
	1952
	1953	if (result != DSR_ISSPAM)
	1954	{
	1955	int deliver = 1;
	1956
	1957	/* Processing Error */
	1958
	1959	if (result != DSR_ISINNOCENT) {
	1960	if (ATX->classification != DSR_NONE) {
	1961	deliver = 0;
	1962	LOG (LOG_WARNING,
	1963	"process_message returned error %d. dropping message.", result);
	1964	} else if (ATX->classification == DSR_NONE) {
	1965	LOG (LOG_WARNING,
	1966	"process_message returned error %d. delivering.", result);
	1967	}
	1968	}
	1969
	1970	/* Deliver */
	1971
	1972	if (deliver && ATX->flags & DAF_DELIVER_INNOCENT) {
	1973	LOGDEBUG ("delivering message");
	1974	retcode = deliver_message
	1975	(ATX, parse_message->data,
	1976	(ATX->flags & DAF_STDOUT) ? NULL : ATX->mailer_args,
	1977	node_nt->ptr, fout, DSR_ISINNOCENT);
	1978
	1979	if (ATX->sockfd && ATX->flags & DAF_STDOUT)
	1980	ATX->sockfd_output = 1;
	1981	if (retcode) {
	1982	presult->exitcode = ERC_DELIVERY;
	1983	if (retcode == EINVAL)
	1984	presult->exitcode = ERC_PERMANENT_DELIVERY;
	1985	strlcpy(presult->text, ATX->status, sizeof(presult->text));
	1986
	1987	if (result == DSR_ISINNOCENT &&
	1988	_ds_match_attribute(agent_config, "OnFail", "unlearn") &&
	1989	ATX->learned)
	1990	{
	1991	ATX->classification = result;
	1992	ATX->source = DSS_ERROR;
	1993	ATX->flags \|= DAF_UNLEARN;
	1994	process_message (ATX, parse_message, username, NULL);
	1995	}
	1996
	1997	}
	1998	}
	1999	}
	2000
	2001	/* Spam */
	2002
	2003	else
	2004	{
	2005	/* Do not Deliver Spam */
	2006
	2007	if (! (ATX->flags & DAF_DELIVER_SPAM))
	2008	{
	2009	retcode = 0;
	2010
	2011	/* If a specific quarantine has been configured, use it */
	2012
	2013	if (ATX->source != DSS_CORPUS) {
	2014	if (ATX->spam_args[0] != 0 \|\|
	2015	(ATX->PTX != NULL &&
	2016	( !strcmp(_ds_pref_val(ATX->PTX, "spamAction"), "tag") \|\|
	2017	!strcmp(_ds_pref_val(ATX->PTX, "spamAction"), "deliver") )
	2018	)
	2019	)
	2020	{
	2021	if (ATX->classification == DSR_NONE) {
	2022	if (ATX->spam_args[0] != 0) {
	2023	retcode = deliver_message
	2024	(ATX, parse_message->data,
	2025	(ATX->flags & DAF_STDOUT) ? NULL : ATX->spam_args,
	2026	node_nt->ptr, fout, DSR_ISSPAM);
	2027	if (ATX->sockfd && ATX->flags & DAF_STDOUT)
	2028	ATX->sockfd_output = 1;
	2029	} else {
	2030	retcode = deliver_message
	2031	(ATX, parse_message->data,
	2032	(ATX->flags & DAF_STDOUT) ? NULL : ATX->mailer_args,
	2033	node_nt->ptr, fout, DSR_ISSPAM);
	2034	if (ATX->sockfd && ATX->flags & DAF_STDOUT)
	2035	ATX->sockfd_output = 1;
	2036	}
	2037
	2038	if (retcode)
	2039	presult->exitcode = ERC_DELIVERY;
	2040	if (retcode == EINVAL)
	2041	presult->exitcode = ERC_PERMANENT_DELIVERY;
	2042	strlcpy(presult->text, ATX->status, sizeof(presult->text));
	2043	}
	2044	}
	2045	else
	2046	{
	2047	/* Use standard quarantine procedure */
	2048	if (ATX->source == DSS_INOCULATION \|\|
	2049	ATX->classification == DSR_NONE)
	2050	{
	2051	if (ATX->flags & DAF_SUMMARY) {
	2052	retcode = 0;
	2053	} else {
	2054	if (ATX->managed_group[0] == 0)
	2055	retcode =
	2056	quarantine_message (ATX, parse_message->data, username);
	2057	else
	2058	retcode =
	2059	quarantine_message (ATX, parse_message->data,
	2060	ATX->managed_group);
	2061	}
	2062	}
	2063	}
	2064
	2065	if (retcode) {
	2066	presult->exitcode = ERC_DELIVERY;
	2067	if (retcode == EINVAL)
	2068	presult->exitcode = ERC_PERMANENT_DELIVERY;
	2069	strlcpy(presult->text, ATX->status, sizeof(presult->text));
	2070
	2071
	2072	/* Unlearn the message on a local delivery failure */
	2073	if (_ds_match_attribute(agent_config, "OnFail", "unlearn") &&
	2074	ATX->learned) {
	2075	ATX->classification = result;
	2076	ATX->source = DSS_ERROR;
	2077	ATX->flags \|= DAF_UNLEARN;
	2078	process_message (ATX, parse_message, username, NULL);
	2079	}
	2080	}
	2081	}
	2082	}
	2083
	2084	/* Deliver Spam */
	2085
	2086	else
	2087	{
	2088	if (ATX->sockfd && ATX->flags & DAF_STDOUT)
	2089	ATX->sockfd_output = 1;
	2090	retcode = deliver_message
	2091	(ATX, parse_message->data,
	2092	(ATX->flags & DAF_STDOUT) ? NULL : ATX->mailer_args,
	2093	node_nt->ptr, fout, DSR_ISSPAM);
	2094
	2095	if (retcode) {
	2096	presult->exitcode = ERC_DELIVERY;
	2097	if (retcode == EINVAL)
	2098	presult->exitcode = ERC_PERMANENT_DELIVERY;
	2099	strlcpy(presult->text, ATX->status, sizeof(presult->text));
	2100
	2101
	2102	if (_ds_match_attribute(agent_config, "OnFail", "unlearn") &&
	2103	ATX->learned) {
	2104	ATX->classification = result;
	2105	ATX->source = DSS_ERROR;
	2106	ATX->flags \|= DAF_UNLEARN;
	2107	process_message (ATX, parse_message, username, NULL);
	2108	}
	2109	}
	2110	}
	2111	}
	2112	}
	2113
	2114	#ifdef CLAMAV
	2115	RSET:
	2116	#endif
	2117	_ds_pref_free(ATX->PTX);
	2118	free(ATX->PTX);
	2119	ATX->PTX = NULL;
	2120	node_nt = c_nt_next (ATX->users, &c_nt);
	2121
	2122	if (ATX->results) {
	2123	nt_add(ATX->results, presult);
	2124	if (ATX->results->nodetype == NT_CHAR)
	2125	free(presult);
	2126	} else
	2127	free(presult);
	2128	presult = NULL;
	2129	LOGDEBUG ("DSPAM Instance Shutdown. Exit Code: %d", return_code);
	2130	buffer_destroy(parse_message);
	2131	}
	2132
	2133	if (presult) free(presult);
	2134	return return_code;
	2135	}
	2136	// break
	2137	// load_agg
	2138	// continue
	2139	// return
	2140
	2141	/*
	2142	* find_signature(DSPAM_CTX CTX, AGENT_CTX ATX)
	2143	*
	2144	* DESCRIPTION
	2145	* Find and parse DSPAM signature
	2146	*
	2147	* INPUT ARGUMENTS
	2148	* CTX DSPAM context containing message and parameters
	2149	* ATX Agent context defining processing behavior
	2150	*
	2151	* RETURN VALUES
	2152	* returns 1 (and sets CTX->signature) if found
	2153	*
	2154	*/
	2155
	2156	int find_signature(DSPAM_CTX CTX, AGENT_CTX ATX) {
	2157	struct nt_node *node_nt;
	2158	struct nt_c c, c2;
	2159	ds_message_part_t block = NULL;
	2160	char first_boundary[512];
	2161	int is_signed = 0, i = 0;
	2162	char signature_begin = NULL, signature_end, *erase_begin;
	2163	int signature_length, have_signature = 0;
	2164	struct nt_node *node_header;
	2165
	2166	first_boundary[0] = 0;
	2167
	2168	if (ATX->signature[0] != 0)
	2169	return 1;
	2170
	2171	/* Iterate through each message component in search of a signature
	2172	* and decode components as necessary
	2173	*/
	2174
	2175	node_nt = c_nt_first (CTX->message->components, &c);
	2176	while (node_nt != NULL)
	2177	{
	2178	block = (ds_message_part_t) node_nt->ptr;
	2179
	2180	if (block->media_type == MT_MULTIPART && block->media_subtype == MST_SIGNED)
	2181	is_signed = 1;
	2182
	2183	if (!strcmp(_ds_pref_val(ATX->PTX, "signatureLocation"), "headers"))
	2184	is_signed = 2;
	2185
	2186	#ifdef VERBOSE
	2187	LOGDEBUG ("scanning component %d for a DSPAM signature", i);
	2188	#endif
	2189
	2190	if (block->media_type == MT_TEXT
	2191	\|\| block->media_type == MT_MESSAGE
	2192	\|\| block->media_type == MT_UNKNOWN
	2193	\|\| (!i && block->media_type == MT_MULTIPART))
	2194	{
	2195	char *body;
	2196
	2197	/* Verbose output of each message component */
	2198
	2199	#ifdef VERBOSE
	2200	if (DO_DEBUG) {
	2201	if (block->boundary != NULL)
	2202	{
	2203	LOGDEBUG (" : Boundary : %s", block->boundary);
	2204	}
	2205	if (block->terminating_boundary != NULL)
	2206	LOGDEBUG (" : Term Boundary: %s", block->terminating_boundary);
	2207	LOGDEBUG (" : Encoding : %d", block->encoding);
	2208	LOGDEBUG (" : Media Type : %d", block->media_type);
	2209	LOGDEBUG (" : Media Subtype: %d", block->media_subtype);
	2210	LOGDEBUG (" : Headers:");
	2211	node_header = c_nt_first (block->headers, &c2);
	2212	while (node_header != NULL)
	2213	{
	2214	ds_header_t header =
	2215	(ds_header_t) node_header->ptr;
	2216	LOGDEBUG (" %-32s %s", header->heading, header->data);
	2217	node_header = c_nt_next (block->headers, &c2);
	2218	}
	2219	}
	2220	#endif
	2221
	2222	body = block->body->data;
	2223	if (block->encoding == EN_BASE64
	2224	\|\| block->encoding == EN_QUOTED_PRINTABLE)
	2225	{
	2226	if (block->content_disposition != PCD_ATTACHMENT)
	2227	{
	2228	#ifdef VERBOSE
	2229	LOGDEBUG ("decoding message block from encoding type %d",
	2230	block->encoding);
	2231	#endif
	2232
	2233	body = _ds_decode_block (block);
	2234
	2235	if (is_signed)
	2236	{
	2237	LOGDEBUG
	2238	("message is signed. retaining original text for reassembly");
	2239	block->original_signed_body = block->body;
	2240	}
	2241	else
	2242	{
	2243	block->encoding = EN_8BIT;
	2244
	2245	node_header = c_nt_first (block->headers, &c2);
	2246	while (node_header != NULL)
	2247	{
	2248	ds_header_t header =
	2249	(ds_header_t) node_header->ptr;
	2250	if (!strcasecmp
	2251	(header->heading, "Content-Transfer-Encoding"))
	2252	{
	2253	free (header->data);
	2254	header->data = strdup ("8bit");
	2255	}
	2256	node_header = c_nt_next (block->headers, &c2);
	2257	}
	2258
	2259	buffer_destroy (block->body);
	2260	}
	2261	block->body = buffer_create (body);
	2262	free (body);
	2263
	2264	body = block->body->data;
	2265	}
	2266	}
	2267
	2268	if (!strcmp(_ds_pref_val(ATX->PTX, "signatureLocation"), "headers")) {
	2269	if (block->headers != NULL && !have_signature)
	2270	{
	2271	struct nt_node *node_header;
	2272	ds_header_t head;
	2273
	2274	node_header = block->headers->first;
	2275	while(node_header != NULL) {
	2276	head = (ds_header_t) node_header->ptr;
	2277	if (head->heading &&
	2278	!strcasecmp(head->heading, "X-DSPAM-Signature")) {
	2279	if (!strncmp(head->data, SIGNATURE_BEGIN,
	2280	strlen(SIGNATURE_BEGIN)))
	2281	{
	2282	body = head->data;
	2283	}
	2284	else
	2285	{
	2286	strlcpy(ATX->signature, head->data, sizeof(ATX->signature));
	2287	have_signature = 1;
	2288	}
	2289	break;
	2290	}
	2291	node_header = node_header->next;
	2292	}
	2293	}
	2294	}
	2295
	2296	if (!ATX->train_pristine &&
	2297
	2298	/* Don't keep searching if we've already found the signature in the
	2299	* headers, and we're using signatureLocation=headers
	2300	*/
	2301	(!have_signature \|\|
	2302	strcmp(_ds_pref_val(ATX->PTX, "signatureLocation"), "headers")))
	2303	{
	2304	/* Look for signature */
	2305	if (body != NULL)
	2306	{
	2307	int tight = 1;
	2308	signature_begin = strstr (body, SIGNATURE_BEGIN);
	2309	if (signature_begin == NULL) {
	2310	signature_begin = strstr (body, LOOSE_SIGNATURE_BEGIN);
	2311	tight = 0;
	2312	}
	2313
	2314	if (signature_begin)
	2315	{
	2316	erase_begin = signature_begin;
	2317	if (tight)
	2318	signature_begin += strlen(SIGNATURE_BEGIN);
	2319	else {
	2320	char *loose = strstr (signature_begin, SIGNATURE_DELIMITER);
	2321	if (!loose) {
	2322	LOGDEBUG("found loose signature begin, but no delimiter");
	2323	goto NEXT;
	2324	}
	2325	signature_begin = loose + strlen(SIGNATURE_DELIMITER);
	2326	}
	2327
	2328	signature_end = signature_begin;
	2329
	2330	/* Find the signature's end character */
	2331	while (signature_end != NULL
	2332	&& signature_end[0] != 0
	2333	&& (isalnum ((int) signature_end[0]) \|\| signature_end[0] == 32 \|\|
	2334	signature_end[0] == ','))
	2335	{
	2336	signature_end++;
	2337	}
	2338
	2339	if (signature_end != NULL)
	2340	{
	2341	signature_length = signature_end - signature_begin;
	2342
	2343	if (signature_length < 128)
	2344	{
	2345	memcpy (ATX->signature, signature_begin, signature_length);
	2346	ATX->signature[signature_length] = 0;
	2347
	2348	while(isspace( (int) ATX->signature[0]))
	2349	{
	2350	memmove(ATX->signature, ATX->signature+1, strlen(ATX->signature));
	2351	}
	2352
	2353	if (strcmp(_ds_pref_val(ATX->PTX, "signatureLocation"),
	2354	"headers")) {
	2355
	2356	if (!is_signed && ATX->classification == DSR_NONE) {
	2357	memmove(erase_begin, signature_end+1, strlen(signature_end+1)+1);
	2358	block->body->used = (long) strlen(body);
	2359	}
	2360	}
	2361	have_signature = 1;
	2362	LOGDEBUG ("found signature '%s'", ATX->signature);
	2363	}
	2364	}
	2365	}
	2366	}
	2367	} /* TrainPristine */
	2368	}
	2369	NEXT:
	2370	node_nt = c_nt_next (CTX->message->components, &c);
	2371	i++;
	2372	}
	2373
	2374	CTX->message->protect = is_signed;
	2375
	2376	return have_signature;
	2377	}
	2378
	2379	/*
	2380	* ctx_init(AGENT_CTX ATX, const char username)
	2381	*
	2382	* DESCRIPTION
	2383	* Initialize a DSPAM context from an agent context
	2384	*
	2385	* INPUT ARGUMENTS
	2386	* ATX Agent context defining processing behavior
	2387	* username Destination user
	2388	*
	2389	* RETURN VALUES
	2390	* pointer to newly allocated DSPAM context, NULL on failure
	2391	*
	2392	*/
	2393
	2394	DSPAM_CTX ctx_init(AGENT_CTX ATX, const char *username) {
	2395	/* We NEED a username. Without it we can't do much */
	2396	if (username == NULL) {
	2397	LOG (LOG_CRIT, ERR_AGENT_USER_UNDEFINED);
	2398	return NULL;
	2399	}
	2400	DSPAM_CTX *CTX;
	2401	char filename[MAX_FILENAME_LENGTH];
	2402	char ctx_group[128] = { 0 };
	2403	int f_all = 0, f_mode = DSM_PROCESS;
	2404	FILE *file;
	2405
	2406	ATX->inoc_users = nt_create (NT_CHAR);
	2407	if (ATX->inoc_users == NULL) {
	2408	LOG (LOG_CRIT, ERR_MEM_ALLOC);
	2409	return NULL;
	2410	}
	2411
	2412	ATX->classify_users = nt_create (NT_CHAR);
	2413	if (ATX->classify_users == NULL)
	2414	{
	2415	nt_destroy(ATX->inoc_users);
	2416	LOG (LOG_CRIT, ERR_MEM_ALLOC);
	2417	return NULL;
	2418	}
	2419
	2420	/* Set Group Membership */
	2421
	2422	if (ATX->operating_mode == DSM_CLASSIFY) {
	2423	LOGDEBUG ("Group support disabled in classify mode");
	2424	} else if (!strcmp(_ds_pref_val(ATX->PTX, "ignoreGroups"), "on")) {
	2425	LOGDEBUG ("Ignoring groups due preference ignoreGroups on");
	2426	} else if (ATX->operating_mode == DSM_PROCESS) {
	2427	snprintf (filename, sizeof (filename), "%s",
	2428	_ds_read_attribute(agent_config, "GroupConfig"));
	2429	file = fopen (filename, "r");
	2430	if (file != NULL)
	2431	{
	2432	int is_group_member_inoculation = 0;
	2433	int is_group_member_classification = 0;
	2434	int is_group_member_global = 0;
	2435	int is_group_member_shared = 0;
	2436	int is_group_member_merged = 0;
	2437	char *group;
	2438	char buffer[10240];
	2439
	2440	while (fgets (buffer, sizeof (buffer), file) != NULL)
	2441	{
	2442	int do_inocgroups = 0;
	2443	int do_classgroups = 0;
	2444	char type, list, *listentry;
	2445	chomp (buffer);
	2446
	2447	if (buffer[0] == 0 \|\| buffer[0] == '#' \|\| buffer[0] == ';')
	2448	continue;
	2449
	2450	list = strdup (buffer);
	2451	listentry = strdup (buffer);
	2452	group = strtok (buffer, ":");
	2453
	2454	if (group != NULL)
	2455	{
	2456	type = strtok (NULL, ":");
	2457	if (!type)
	2458	continue;
	2459
	2460	/* Check if user is member of inoculation group */
	2461	if (strcasecmp (type, "INOCULATION") == 0 &&
	2462	ATX->classification == DSR_ISSPAM &&
	2463	ATX->source != DSS_CORPUS)
	2464	{
	2465	if (is_group_member_shared == 1) {
	2466	LOGDEBUG ("skipping innoculation group %s: user %s is already in a shared group", group, username);
	2467	/* Process next entry in group file */
	2468	continue;
	2469	} else {
	2470	char l = list, u;
	2471	strsep (&l, ":");
	2472	strsep (&l, ":");
	2473	u = strsep (&l, ",");
	2474	while (u != NULL) {
	2475	if (strcasecmp(u,username) == 0) {
	2476	LOGDEBUG ("user %s is member of inoculation group %s", username, group);
	2477	is_group_member_inoculation = 1;
	2478	do_inocgroups = 1;
	2479	break;
	2480	}
	2481	u = strsep (&l, ",");
	2482	}
	2483	}
	2484	}
	2485	/* Check if user is member of classification group */
	2486	else if (strcasecmp (type, "CLASSIFICATION") == 0)
	2487	{
	2488	if (is_group_member_shared == 1) {
	2489	LOGDEBUG ("skipping classification or global group %s: user %s is already in a shared group", group, username);
	2490	/* Process next entry in group file */
	2491	continue;
	2492	} else {
	2493	char l = list, u;
	2494	strsep (&l, ":");
	2495	strsep (&l, ":");
	2496	u = strsep (&l, ",");
	2497	while (u != NULL) {
	2498	if (u[0] == '' && strcmp(u,"") != 0) {
	2499	if (is_group_member_classification == 1) {
	2500	LOGDEBUG ("skipping global group %s: user %s is already in a classification group", group, username);
	2501	break;
	2502	}
	2503	LOGDEBUG ("user %s is member of global group %s", username, group);
	2504	is_group_member_global = 1;
	2505	do_classgroups = 1;
	2506	break;
	2507	} else if (strcasecmp(u,username) == 0) {
	2508	if (is_group_member_global == 1) {
	2509	LOGDEBUG ("skipping classification group %s: user %s is already in a global group", group, username);
	2510	break;
	2511	}
	2512	LOGDEBUG ("user %s is member of classification group %s", username, group);
	2513	is_group_member_classification = 1;
	2514	do_classgroups = 1;
	2515	break;
	2516	}
	2517	u = strsep (&l, ",");
	2518	}
	2519	}
	2520	}
	2521	/* Process shared and shared,managed group */
	2522	else if (strncasecmp (type, "SHARED", 6) == 0)
	2523	{
	2524	if (is_group_member_shared == 1) {
	2525	LOGDEBUG ("skipping shared group %s: user %s is already in a shared group", group, username);
	2526	/* Process next entry in group file */
	2527	continue;
	2528	} else if (is_group_member_merged == 1) {
	2529	LOGDEBUG ("skipping shared group %s: user %s is already in a merged group", group, username);
	2530	/* Process next entry in group file */
	2531	continue;
	2532	} else if (is_group_member_inoculation == 1) {
	2533	LOGDEBUG ("skipping shared group %s: user %s is already in a inoculation group", group, username);
	2534	/* Process next entry in group file */
	2535	continue;
	2536	} else if (is_group_member_classification == 1) {
	2537	LOGDEBUG ("skipping shared group %s: user %s is already in a classification group", group, username);
	2538	/* Process next entry in group file */
	2539	continue;
	2540	} else if (is_group_member_global == 1) {
	2541	LOGDEBUG ("skipping shared group %s: user %s is already in a global group", group, username);
	2542	/* Process next entry in group file */
	2543	continue;
	2544	} else {
	2545	char l = list, u;
	2546	strsep (&l, ":");
	2547	strsep (&l, ":");
	2548	u = strsep (&l, ",");
	2549	while (u != NULL) {
	2550	if (strcasecmp(u,username) == 0 \|\|
	2551	strcmp(u,"*") == 0 \|\|
	2552	(strncmp(u,"*@",2) == 0 && strchr(username,'@') != NULL && strcasecmp(u+1,strchr(username,'@')) == 0))
	2553	{
	2554	LOGDEBUG ("assigning user %s to shared group %s", username, group);
	2555	strlcpy (ctx_group, group, sizeof (ctx_group));
	2556	if (strncasecmp (type + 6, ",MANAGED", 8) == 0) {
	2557	LOGDEBUG ("shared group is managed by %s", group);
	2558	strlcpy (ATX->managed_group, ctx_group, sizeof(ATX->managed_group));
	2559	}
	2560	is_group_member_shared = 1;
	2561	break;
	2562	}
	2563	u = strsep (&l, ",");
	2564	}
	2565	}
	2566	/* Process next entry in group file */
	2567	continue;
	2568	}
	2569	/* Process merged group */
	2570	else if (strcasecmp (type, "MERGED") == 0 && strcasecmp(group, username) != 0)
	2571	{
	2572	if (is_group_member_merged == 1) {
	2573	LOGDEBUG ("skipping merged group %s: user %s is already in merged group %s", group, username, ctx_group);
	2574	/* Process next entry in group file */
	2575	continue;
	2576	} else if (is_group_member_shared == 1) {
	2577	LOGDEBUG ("skipping merged group %s: user %s is already in a shared group", group, username);
	2578	/* Process next entry in group file */
	2579	continue;
	2580	} else if (ATX->flags & DAF_MERGED) {
	2581	LOGDEBUG ("BUG in DSPAM. Please report this bug:");
	2582	LOGDEBUG (" --> Skipping merged group %s: user %s is already in merged group %s", group, username, ctx_group);
	2583	/* Process next entry in group file */
	2584	continue;
	2585	} else {
	2586	char l = list, u;
	2587	strsep (&l, ":");
	2588	strsep (&l, ":");
	2589	u = strsep (&l, ",");
	2590	while (u != NULL) {
	2591	if (strcasecmp(u,username) == 0 \|\| strcmp(u,"*") == 0 \|\|
	2592	(strncmp(u,"*@",2) == 0 && strchr(username,'@') != NULL && strcasecmp(u+1,strchr(username,'@')) == 0))
	2593	{
	2594	if (is_group_member_merged == 1) {
	2595	LOGDEBUG ("skipping entry %s for merged group %s. User is already in merged group.", u, group);
	2596	continue;
	2597	} else {
	2598	LOGDEBUG ("adding user to merged group %s", group);
	2599	ATX->flags \|= DAF_MERGED;
	2600	strlcpy(ctx_group, group, sizeof(ctx_group));
	2601	is_group_member_merged = 1;
	2602	}
	2603	} else if ((strncmp(u,"-",1) == 0 && strcasecmp(u+1,username) == 0) \|\|
	2604	(strncmp(u,"-*@",3) == 0 && strchr(username,'@') != NULL && strcasecmp(u+2,strchr(username,'@')) == 0))
	2605	{
	2606	if (is_group_member_merged == 0) {
	2607	LOGDEBUG ("skipping entry %s for merged group %s. User is already not in merged group.", u, group);
	2608	continue;
	2609	} else {
	2610	LOGDEBUG ("removing user from merged group %s", group);
	2611	ATX->flags ^= DAF_MERGED;
	2612	ctx_group[0] = 0;
	2613	is_group_member_merged = 0;
	2614	}
	2615	} else {
	2616	LOGDEBUG ("unhandled entry %s in merged group %s", u, group);
	2617	}
	2618	u = strsep (&l, ",");
	2619	}
	2620	}
	2621	/* Process next entry in group file */
	2622	continue;
	2623	}
	2624
	2625	/*
	2626	* If we are reporting a spam, report it as a spam to all other
	2627	* users in the inoculation group
	2628	*/
	2629	if (do_inocgroups)
	2630	{
	2631	char l = listentry, u;
	2632	strsep (&l, ":");
	2633	strsep (&l, ":");
	2634	u = strsep (&l, ",");
	2635	while (u != NULL) {
	2636	if (strcasecmp(u,username) != 0) {
	2637	LOGDEBUG ("adding user %s as target for inoculation", u);
	2638	nt_add (ATX->inoc_users, u);
	2639	}
	2640	u = strsep (&l, ",");
	2641	}
	2642	}
	2643	/*
	2644	* When user is member of a global group or classification network
	2645	* then consult all other users in the group
	2646	*/
	2647	else if (do_classgroups)
	2648	{
	2649	char l = listentry, u;
	2650	strsep (&l, ":");
	2651	strsep (&l, ":");
	2652	u = strsep (&l, ",");
	2653	while (u != NULL) {
	2654	if (u[0] == '' && strcmp(u,"") != 0) {
	2655	/* global classification group */
	2656	if (is_group_member_classification == 1) {
	2657	LOGDEBUG ("skipping global group (%s) entry %s: user %s is already in a classification group", group, u, username);
	2658	continue;
	2659	} else if (strcasecmp(u+1,username) != 0 && is_group_member_global == 1) {
	2660	LOGDEBUG ("adding %s as classification peer for %s", u+1, username);
	2661	ATX->flags \|= DAF_GLOBAL;
	2662	nt_add (ATX->classify_users, u+1);
	2663	} else {
	2664	LOGDEBUG ("skipping global group entry %s for user %s", u+1, username);
	2665	}
	2666	} else if (strcasecmp(u,username) != 0) {
	2667	/* classification network group */
	2668	if (is_group_member_global == 1) {
	2669	LOGDEBUG ("skipping classification group (%s) entry %s: user %s is already in a global group", group, u, username);
	2670	continue;
	2671	} else if (is_group_member_classification == 1) {
	2672	LOGDEBUG ("adding user %s to classification network group %", u, group);
	2673	nt_add (ATX->classify_users, u);
	2674	} else {
	2675	LOGDEBUG ("skipping classification group entry %s for user %s", u, username);
	2676	}
	2677	}
	2678	u = strsep (&l, ",");
	2679	}
	2680	}
	2681	}
	2682	free (list);
	2683	free (listentry);
	2684	}
	2685	fclose (file);
	2686	}
	2687	}
	2688
	2689	/* Crunch our agent context into a DSPAM context */
	2690
	2691	f_mode = ATX->operating_mode;
	2692	f_all = DSF_SIGNATURE;
	2693
	2694	if (ATX->flags & DAF_UNLEARN)
	2695	f_all \|= DSF_UNLEARN;
	2696
	2697	/* If there is no preference, defer to commandline */
	2698	if (ATX->PTX != NULL && strcmp(_ds_pref_val(ATX->PTX, "enableBNR"), "")) {
	2699	if (!strcmp(_ds_pref_val(ATX->PTX, "enableBNR"), "on"))
	2700	f_all \|= DSF_NOISE;
	2701	} else {
	2702	if (ATX->flags & DAF_NOISE)
	2703	f_all \|= DSF_NOISE;
	2704	}
	2705
	2706	if (ATX->PTX != NULL && strcmp(_ds_pref_val(ATX->PTX, "processorBias"), "")) {
	2707	if (!strcmp(_ds_pref_val(ATX->PTX, "processorBias"), "on"))
	2708	f_all \|= DSF_BIAS;
	2709	} else {
	2710	if (_ds_match_attribute(agent_config, "ProcessorBias", "on"))
	2711	f_all \|= DSF_BIAS;
	2712	}
	2713
	2714	if (ATX->PTX != NULL && strcmp(_ds_pref_val(ATX->PTX, "enableWhitelist"), "")) {
	2715	if (!strcmp(_ds_pref_val(ATX->PTX, "enableWhitelist"), "on"))
	2716	f_all \|= DSF_WHITELIST;
	2717	} else {
	2718	if (ATX->flags & DAF_WHITELIST)
	2719	f_all \|= DSF_WHITELIST;
	2720	}
	2721
	2722	if (ATX->flags & DAF_MERGED)
	2723	f_all \|= DSF_MERGED;
	2724
	2725	CTX = dspam_create (username,
	2726	ctx_group,
	2727	_ds_read_attribute(agent_config, "Home"),
	2728	f_mode,
	2729	f_all);
	2730
	2731	if (CTX == NULL)
	2732	return NULL;
	2733
	2734	if (ATX->PTX != NULL && strcmp(_ds_pref_val(ATX->PTX, "statisticalSedation"), "")) {
	2735	CTX->training_buffer = atoi(_ds_pref_val(ATX->PTX, "statisticalSedation"));
	2736	LOGDEBUG("sedation level set to: %d", CTX->training_buffer);
	2737	} else if (ATX->training_buffer>=0) {
	2738	CTX->training_buffer = ATX->training_buffer;
	2739	LOGDEBUG("sedation level set to: %d", CTX->training_buffer);
	2740	}
	2741
	2742	if (ATX->PTX != NULL && strcmp(_ds_pref_val(ATX->PTX, "whitelistThreshold"), ""))
	2743	CTX->wh_threshold = atoi(_ds_pref_val(ATX->PTX, "whitelistThreshold"));
	2744
	2745	if (ATX->classification != DSR_NONE) {
	2746	CTX->classification = ATX->classification;
	2747	CTX->source = ATX->source;
	2748	}
	2749
	2750	if (!( ATX->flags & DAF_FIXED_TR_MODE)
	2751	&& ATX->PTX != NULL
	2752	&& strcmp(_ds_pref_val(ATX->PTX, "trainingMode"), "")) {
	2753	if (!strcasecmp(_ds_pref_val(ATX->PTX, "trainingMode"), "TEFT"))
	2754	CTX->training_mode = DST_TEFT;
	2755	else if (!strcasecmp(_ds_pref_val(ATX->PTX, "trainingMode"), "TOE"))
	2756	CTX->training_mode = DST_TOE;
	2757	else if (!strcasecmp(_ds_pref_val(ATX->PTX, "trainingMode"), "TUM"))
	2758	CTX->training_mode = DST_TUM;
	2759	else if (!strcasecmp(_ds_pref_val(ATX->PTX, "trainingMode"), "NOTRAIN"))
	2760	CTX->training_mode = DST_NOTRAIN;
	2761	else
	2762	CTX->training_mode = ATX->training_mode;
	2763	} else {
	2764	CTX->training_mode = ATX->training_mode;
	2765	}
	2766
	2767	return CTX;
	2768	}
	2769
	2770	/*
	2771	* retrain_message(DSPAM_CTX CTX, AGENT_CTX ATX)
	2772	*
	2773	* DESCRIPTION
	2774	* Retrain a message and perform iterative training
	2775	*
	2776	* INPUT ARGUMENTS
	2777	* CTX DSPAM context containing the classification results
	2778	* ATX Agent context defining processing behavior
	2779	*
	2780	* RETURN VALUES
	2781	* returns 0 on success, standard errors on failure
	2782	*/
	2783
	2784	int retrain_message(DSPAM_CTX CTX, AGENT_CTX ATX) {
	2785	int do_train = 1, iter = 0, ck_result = 0, t_mode = CTX->source;
	2786
	2787	/* Train until test conditions are met, 5 iterations max */
	2788
	2789	if (!_ds_match_attribute(agent_config, "TestConditionalTraining", "on")) {
	2790	ck_result = dspam_process (CTX, NULL);
	2791	if (ck_result != 0)
	2792	return EFAILURE;
	2793	} else {
	2794	while (do_train && iter < 5)
	2795	{
	2796	DSPAM_CTX *CLX;
	2797	int match;
	2798
	2799	match = (CTX->classification == DSR_ISSPAM) ?
	2800	DSR_ISSPAM : DSR_ISINNOCENT;
	2801	iter++;
	2802
	2803	ck_result = dspam_process (CTX, NULL);
	2804	if (ck_result != 0)
	2805	return EFAILURE;
	2806
	2807	/* Only subtract innocent values once */
	2808	CTX->source = DSS_CORPUS;
	2809
	2810	LOGDEBUG ("reclassifying iteration %d result: %d", iter, ck_result);
	2811
	2812	if (t_mode == DSS_CORPUS)
	2813	do_train = 0;
	2814
	2815	/* Only attempt test-conditional training on a mature corpus */
	2816
	2817	if (CTX->totals.innocent_learned+CTX->totals.innocent_classified<1000 &&
	2818	CTX->classification == DSR_ISSPAM)
	2819	{
	2820	do_train = 0;
	2821	}
	2822	else
	2823	{
	2824	int f_all = DSF_SIGNATURE;
	2825
	2826	/* CLX = Classify Context */
	2827	if (ATX->flags & DAF_NOISE)
	2828	f_all \|= DSF_NOISE;
	2829
	2830	if (ATX->PTX != NULL &&
	2831	strcmp(_ds_pref_val(ATX->PTX, "processorBias"), ""))
	2832	{
	2833	if (!strcmp(_ds_pref_val(ATX->PTX, "processorBias"), "on"))
	2834	f_all \|= DSF_BIAS;
	2835	} else {
	2836	if (_ds_match_attribute(agent_config, "ProcessorBias", "on"))
	2837	f_all \|= DSF_BIAS;
	2838	}
	2839
	2840	CLX = dspam_create (CTX->username,
	2841	CTX->group,
	2842	_ds_read_attribute(agent_config, "Home"),
	2843	DSM_CLASSIFY,
	2844	f_all);
	2845	if (!CLX)
	2846	break;
	2847
	2848	CLX->training_mode = CTX->training_mode;
	2849
	2850	set_libdspam_attributes(CLX);
	2851	if (attach_context(CLX, ATX->dbh)) {
	2852	dspam_destroy(CLX);
	2853	break;
	2854	}
	2855
	2856	CLX->signature = &ATX->SIG;
	2857	ck_result = dspam_process (CLX, NULL);
	2858	if (ck_result < 0) {
	2859	CLX->signature = NULL;
	2860	dspam_destroy(CLX);
	2861	return EFAILURE;
	2862	}
	2863	if (ck_result == 0 \|\| CLX->result == match)
	2864	do_train = 0;
	2865	CLX->signature = NULL;
	2866	dspam_destroy (CLX);
	2867	}
	2868	}
	2869
	2870	CTX->source = DSS_ERROR;
	2871	}
	2872
	2873	return 0;
	2874	}
	2875
	2876	/*
	2877	* ensure_confident_result(DSPAM_CTX CTX, AGENT_CTX ATX, int result)
	2878	*
	2879	* DESCRIPTION
	2880	* Consult a global group or classification network if
	2881	* the user's filter instance isn't confident in its result
	2882	*
	2883	* INPUT ARGUMENTS
	2884	* CTX DSPAM context containing classification results
	2885	* ATX Agent context defining processing behavior
	2886	* result DSR_ processing result
	2887	*
	2888	* RETURN VALUES
	2889	* returns result networks believe the message should be
	2890	*/
	2891
	2892	/* ensure_confident_result: consult global group or
	2893	clasification network if the user isn't confident in their result */
	2894
	2895	int ensure_confident_result(DSPAM_CTX CTX, AGENT_CTX ATX, int result) {
	2896	int was_spam = 0;
	2897
	2898	/* Exit if no users available for global group or classification network */
	2899	if (ATX->classify_users && ATX->classify_users->items == 0)
	2900	return result;
	2901
	2902	/* global groups or classification network only operates on SPAM or INNOCENT */
	2903	if (strcmp(CTX->class, LANG_CLASS_WHITELISTED) ==0 \|\|
	2904	strcmp(CTX->class, LANG_CLASS_VIRUS) == 0 \|\|
	2905	strcmp(CTX->class, LANG_CLASS_BLOCKLISTED) == 0 \|\|
	2906	strcmp(CTX->class, LANG_CLASS_BLACKLISTED) == 0)
	2907	{
	2908	LOGDEBUG ("Not consulting %s group: message class is %s",
	2909	(ATX->flags & DAF_GLOBAL) ? "global" : "classification",
	2910	CTX->class);
	2911	return result;
	2912	}
	2913
	2914	/* Defer to global group */
	2915	if (ATX->flags & DAF_GLOBAL &&
	2916	((CTX->totals.innocent_learned + CTX->totals.innocent_corpusfed < 1000 \|\|
	2917	CTX->totals.spam_learned + CTX->totals.spam_corpusfed < 250) \|\|
	2918	(CTX->training_mode == DST_NOTRAIN))
	2919	)
	2920	{
	2921	if (result == DSR_ISSPAM) {
	2922	was_spam = 1;
	2923	CTX->result = DSR_ISINNOCENT;
	2924	result = DSR_ISINNOCENT;
	2925	}
	2926	CTX->confidence = 0.60f;
	2927	}
	2928
	2929	if (result != DSR_ISSPAM &&
	2930	CTX->operating_mode == DSM_PROCESS &&
	2931	CTX->classification == DSR_NONE &&
	2932	CTX->confidence < 0.65)
	2933	{
	2934	LOGDEBUG ("consulting %s group member list", (ATX->flags & DAF_GLOBAL) ? "global" : "classification");
	2935
	2936	struct nt_node *node_int;
	2937	struct nt_c c_i;
	2938
	2939	node_int = c_nt_first (ATX->classify_users, &c_i);
	2940	while (node_int != NULL && result != DSR_ISSPAM) {
	2941	LOGDEBUG ("checking result for user %s", (const char *) node_int->ptr);
	2942	result = user_classify (ATX, (const char *) node_int->ptr, CTX->signature, NULL);
	2943	if (result == DSR_ISSPAM) {
	2944	LOGDEBUG ("CLASSIFY CATCH: %s", (const char *) node_int->ptr);
	2945	CTX->result = result;
	2946	}
	2947	node_int = c_nt_next (ATX->classify_users, &c_i);
	2948	}
	2949
	2950	/* If the global user thinks it's spam, and the user thought it was
	2951	* innocent, retrain the user as a false negative.
	2952	*/
	2953	if (result == DSR_ISSPAM && !was_spam) {
	2954	LOGDEBUG ("re-adding as %s", LANG_CLASS_SPAM);
	2955	DSPAM_CTX *CTC = malloc(sizeof(DSPAM_CTX));
	2956	if (CTC == NULL) {
	2957	LOG(LOG_CRIT, ERR_MEM_ALLOC);
	2958	return EUNKNOWN;
	2959	}
	2960	memcpy(CTC, CTX, sizeof(DSPAM_CTX));
	2961	CTC->operating_mode = DSM_PROCESS;
	2962	CTC->classification = DSR_ISSPAM;
	2963	CTC->source = DSS_ERROR;
	2964	CTC->flags \|= DSF_SIGNATURE;
	2965	dspam_process (CTC, NULL);
	2966	memcpy(&CTX->totals, &CTC->totals, sizeof(struct _ds_spam_totals));
	2967	free(CTC);
	2968	CTC = NULL;
	2969	CTX->totals.spam_misclassified--;
	2970	strncpy(CTX->class, LANG_CLASS_SPAM, sizeof(CTX->class));
	2971	/* should we be resetting CTX->probability and CTX->confidence here as well? */
	2972	CTX->result = result;
	2973	/* If the global user thinks it's innocent, and the user thought it was
	2974	* spam, retrain the user as a false positive
	2975	*/
	2976	} else if (result == DSR_ISINNOCENT && was_spam) {
	2977	LOGDEBUG ("re-adding as %s", LANG_CLASS_INNOCENT);
	2978	DSPAM_CTX *CTC = malloc(sizeof(DSPAM_CTX));
	2979	if (CTC == NULL) {
	2980	LOG(LOG_CRIT, ERR_MEM_ALLOC);
	2981	return EUNKNOWN;
	2982	}
	2983	memcpy(CTC, CTX, sizeof(DSPAM_CTX));
	2984	CTC->operating_mode = DSM_PROCESS;
	2985	CTC->classification = DSR_ISINNOCENT;
	2986	CTC->source = DSS_ERROR;
	2987	CTC->flags \|= DSF_SIGNATURE;
	2988	dspam_process (CTC, NULL);
	2989	memcpy(&CTX->totals, &CTC->totals, sizeof(struct _ds_spam_totals));
	2990	free(CTC);
	2991	CTC = NULL;
	2992	CTX->totals.innocent_misclassified--;
	2993	strncpy(CTX->class, LANG_CLASS_INNOCENT, sizeof(CTX->class));
	2994	/* should we be resetting CTX->probability and CTX->confidence here as well? */
	2995	CTX->result = result;
	2996	}
	2997	}
	2998
	2999	return result;
	3000	}
	3001
	3002	/*
	3003	* log_prepare(char buffer, char value)
	3004	*
	3005	* DESCRIPTION
	3006	* Prepares a value for logging by copying it to the buffer and removing
	3007	* all potentially dangerous characters.
	3008	*
	3009	* INPUT ARGUMENTS
	3010	* buffer A 256-byte buffer to store the result into
	3011	* value Value to be logged or NULL
	3012	*
	3013	* RETURN VALUES
	3014	* None
	3015	*/
	3016
	3017	static void log_prepare(char buffer, char value) {
	3018	char *p;
	3019
	3020	if (!value)
	3021	value = "<None Specified>";
	3022	strncpy(buffer, value, 255);
	3023	buffer[255] = 0;
	3024	for (p=buffer; *p; p++)
	3025	if (p >= 0 && p < 32)
	3026	*p = ' ';
	3027	}
	3028
	3029	/*
	3030	* log_events(DSPAM_CTX CTX, AGENT_CTX ATX)
	3031	*
	3032	* DESCRIPTION
	3033	* Log events to system and user logs
	3034	*
	3035	* INPUT ARGUMENTS
	3036	* CTX DSPAM context
	3037	* ATX Agent context defining processing behavior
	3038	*
	3039	* RETURN VALUES
	3040	* returns 0 on success, standard errors on failure
	3041	*/
	3042
	3043	int log_events(DSPAM_CTX CTX, AGENT_CTX ATX) {
	3044	char filename[MAX_FILENAME_LENGTH];
	3045	char subject = NULL, from = NULL;
	3046	struct nt_node *node_nt;
	3047	struct nt_c c_nt;
	3048	FILE *file;
	3049	char class;
	3050	char x[1024], subject_buf[256], from_buf[256];
	3051	char *messageid = NULL;
	3052
	3053	if (CTX->message)
	3054	messageid = _ds_find_header(CTX->message, "Message-Id");
	3055
	3056	if (ATX->status[0] == 0 && CTX->source == DSS_ERROR &&
	3057	(!(ATX->flags & DAF_UNLEARN)))
	3058	{
	3059	STATUS("Retrained");
	3060	}
	3061
	3062	if (ATX->status[0] == 0 && CTX->classification == DSR_NONE
	3063	&& CTX->result == DSR_ISSPAM
	3064	&& ATX->status[0] == 0)
	3065	{
	3066	if (_ds_pref_val(ATX->PTX, "spamAction")[0] == 0 \|\|
	3067	!strcmp(_ds_pref_val(ATX->PTX, "spamAction"), "quarantine"))
	3068	{
	3069	STATUS("Quarantined");
	3070	} else if (!strcmp(_ds_pref_val(ATX->PTX, "spamAction"), "tag")) {
	3071	STATUS("Tagged");
	3072	} else if (!strcmp(_ds_pref_val(ATX->PTX, "spamAction"), "deliver")) {
	3073	STATUS("Delivered");
	3074	}
	3075	}
	3076
	3077	if (ATX->status[0] == 0 &&
	3078	CTX->classification == DSR_NONE &&
	3079	CTX->result == DSR_ISINNOCENT)
	3080	{
	3081	STATUS("Delivered");
	3082	}
	3083
	3084	_ds_userdir_path(filename, _ds_read_attribute(agent_config, "Home"), LOOKUP(ATX->PTX, (ATX->managed_group[0]) ? ATX->managed_group : CTX->username), "log");
	3085
	3086	if (CTX->message)
	3087	{
	3088	node_nt = c_nt_first (CTX->message->components, &c_nt);
	3089	if (node_nt != NULL)
	3090	{
	3091	ds_message_part_t block;
	3092	block = node_nt->ptr;
	3093	if (block->headers != NULL)
	3094	{
	3095	ds_header_t head;
	3096	struct nt_node *node_header;
	3097	node_header = block->headers->first;
	3098	while(node_header != NULL) {
	3099	head = (ds_header_t) node_header->ptr;
	3100	if (head) {
	3101	if (!strcasecmp(head->heading, "Subject")) {
	3102	subject = head->data;
	3103	if (from != NULL) break;
	3104	} else if (!strcasecmp(head->heading, "From")) {
	3105	from = head->data;
	3106	if (subject != NULL) break;
	3107	}
	3108	}
	3109	node_header = node_header->next;
	3110	}
	3111	}
	3112	}
	3113	}
	3114
	3115	if (!strcmp(CTX->class, LANG_CLASS_WHITELISTED))
	3116	class = 'W';
	3117	else if (!strcmp(CTX->class, LANG_CLASS_VIRUS))
	3118	class = 'V';
	3119	else if (!strcmp(CTX->class, LANG_CLASS_BLACKLISTED))
	3120	class = 'A';
	3121	else if (!strcmp(CTX->class, LANG_CLASS_BLOCKLISTED))
	3122	class = 'O';
	3123	else if (CTX->result == DSR_ISSPAM)
	3124	class = 'S';
	3125	else if (CTX->result == DSR_ISINNOCENT)
	3126	class = 'I';
	3127	else
	3128	class = 'U';
	3129
	3130	if (CTX->source == DSS_ERROR) {
	3131	if (CTX->classification == DSR_ISSPAM)
	3132	class = 'M';
	3133	else if (CTX->classification == DSR_ISINNOCENT)
	3134	class = 'F';
	3135	} else if (CTX->source == DSS_INOCULATION)
	3136	class = 'N';
	3137	else if (CTX->source == DSS_CORPUS)
	3138	class = 'C';
	3139
	3140	if (ATX->flags & DAF_UNLEARN) {
	3141	char stat[256];
	3142	snprintf(stat, sizeof(stat), "Delivery Failed (%s)",
	3143	(ATX->status[0]) ? ATX->status : "No error provided");
	3144	STATUS("%s", stat);
	3145	class = 'E';
	3146	}
	3147
	3148	log_prepare(from_buf, from);
	3149	log_prepare(subject_buf, subject);
	3150
	3151	/* Write USER.log */
	3152
	3153	if (_ds_match_attribute(agent_config, "UserLog", "on")) {
	3154
	3155	snprintf(x, sizeof(x), "%ld\t%c\t%s\t%s\t%s\t%s\t%s\n",
	3156	(long) time(NULL),
	3157	class,
	3158	from_buf,
	3159	ATX->signature,
	3160	subject_buf,
	3161	ATX->status,
	3162	(messageid) ? messageid : "");
	3163
	3164
	3165	_ds_prepare_path_for(filename);
	3166	file = fopen(filename, "a");
	3167	if (file != NULL) {
	3168	int i = _ds_get_fcntl_lock(fileno(file));
	3169	if (!i) {
	3170	fputs(x, file);
	3171	fputs("\n", file);
	3172	_ds_free_fcntl_lock(fileno(file));
	3173	} else {
	3174	LOG(LOG_WARNING, ERR_IO_LOCK, filename, i, strerror(errno));
	3175	}
	3176	fclose(file);
	3177	}
	3178	}
	3179
	3180	/* Write system.log */
	3181
	3182	if (_ds_match_attribute(agent_config, "SystemLog", "on")) {
	3183	snprintf(filename, sizeof(filename), "%s/system.log",
	3184	_ds_read_attribute(agent_config, "Home"));
	3185	file = fopen(filename, "a");
	3186	if (file != NULL) {
	3187	int i = _ds_get_fcntl_lock(fileno(file));
	3188	if (!i) {
	3189
	3190	snprintf(x, sizeof(x), "%ld\t%c\t%s\t%s\t%s\t%f\t%s\t%s\t%s\n",
	3191	(long) time(NULL),
	3192	class,
	3193	from_buf,
	3194	ATX->signature,
	3195	subject_buf,
	3196	_ds_gettime()-ATX->timestart,
	3197	(CTX->username) ? CTX->username: "",
	3198	(ATX->status) ? ATX->status : "",
	3199	(messageid) ? messageid : "");
	3200	fputs(x, file);
	3201	_ds_free_fcntl_lock(fileno(file));
	3202	} else {
	3203	LOG(LOG_WARNING, ERR_IO_LOCK, filename, i, strerror(errno));
	3204	}
	3205	fclose(file);
	3206	}
	3207	}
	3208	return 0;
	3209	}
	3210
	3211	/*
	3212	* add_xdspam_headers(DSPAM_CTX CTX, AGENT_CTX ATX)
	3213	*
	3214	* DESCRIPTION
	3215	* Add X-DSPAM headers to the message being processed
	3216	*
	3217	* INPUT ARGUMENTS
	3218	* CTX DSPAM context containing message and results
	3219	* ATX Agent context defining processing behavior
	3220	*
	3221	* RETURN VALUES
	3222	* returns 0 on success, standard errors on failure
	3223	*/
	3224
	3225
	3226	int add_xdspam_headers(DSPAM_CTX CTX, AGENT_CTX ATX) {
	3227	struct nt_node *node_nt;
	3228	struct nt_c c_nt;
	3229
	3230	node_nt = c_nt_first (CTX->message->components, &c_nt);
	3231	if (node_nt != NULL)
	3232	{
	3233	ds_message_part_t block = node_nt->ptr;
	3234	struct nt_node *node_ft;
	3235	struct nt_c c_ft;
	3236	if (block != NULL && block->headers != NULL)
	3237	{
	3238	ds_header_t head;
	3239	char data[10240];
	3240	char scratch[128];
	3241
	3242	snprintf(data, sizeof(data), "%s: %s",
	3243	(CTX->source == DSS_ERROR) ? "X-DSPAM-Reclassified" : "X-DSPAM-Result",
	3244	CTX->class);
	3245
	3246	head = _ds_create_header_field(data);
	3247	if (head != NULL)
	3248	{
	3249	#ifdef VERBOSE
	3250	LOGDEBUG ("appending header %s: %s", head->heading, head->data);
	3251	#endif
	3252	nt_add (block->headers, (void *) head);
	3253	}
	3254	else {
	3255	LOG (LOG_CRIT, ERR_MEM_ALLOC);
	3256	}
	3257
	3258	if (CTX->source == DSS_NONE) {
	3259	char buf[27];
	3260	time_t t = time(NULL);
	3261	ctime_r(&t, buf);
	3262	chomp(buf);
	3263	snprintf(data, sizeof(data), "X-DSPAM-Processed: %s", buf);
	3264	head = _ds_create_header_field(data);
	3265	if (head != NULL)
	3266	{
	3267	#ifdef VERBOSE
	3268	LOGDEBUG("appending header %s: %s", head->heading, head->data);
	3269	#endif
	3270	nt_add(block->headers, (void *) head);
	3271	}
	3272	else
	3273	LOG (LOG_CRIT, ERR_MEM_ALLOC);
	3274	}
	3275
	3276	if (CTX->source != DSS_ERROR) {
	3277	snprintf(data, sizeof(data), "X-DSPAM-Confidence: %01.4f",
	3278	CTX->confidence);
	3279	head = _ds_create_header_field(data);
	3280	if (head != NULL)
	3281	{
	3282	#ifdef VERBOSE
	3283	LOGDEBUG("appending header %s: %s", head->heading, head->data);
	3284	#endif
	3285	nt_add(block->headers, (void *) head);
	3286	}
	3287	else
	3288	LOG (LOG_CRIT, ERR_MEM_ALLOC);
	3289
	3290	snprintf(data, sizeof(data), "X-DSPAM-Recipient: %s",
	3291	ATX->recipient);
	3292	head = _ds_create_header_field(data);
	3293	if (head != NULL)
	3294	{
	3295	#ifdef VERBOSE
	3296	LOGDEBUG("appending header %s: %s", head->heading, head->data);
	3297	#endif
	3298	nt_add(block->headers, (void *) head);
	3299	}
	3300	else
	3301	LOG (LOG_CRIT, ERR_MEM_ALLOC);
	3302
	3303	if (_ds_match_attribute(agent_config, "ImprobabilityDrive", "on"))
	3304	{
	3305	float probability = CTX->confidence;
	3306	char *as;
	3307	if (probability > 0.999999)
	3308	probability = 0.999999;
	3309	if (CTX->result == DSR_ISINNOCENT) {
	3310	as = "spam";
	3311	} else {
	3312	as = "ham";
	3313	}
	3314	snprintf(data, sizeof(data), "X-DSPAM-Improbability: 1 in %.0f "
	3315	"chance of being %s",
	3316	1.0+(100*(probability / (1-probability))), as);
	3317	head = _ds_create_header_field(data);
	3318	if (head != NULL)
	3319	{
	3320	#ifdef VERBOSE
	3321	LOGDEBUG("appending header %s: %s", head->heading, head->data);
	3322	#endif
	3323	nt_add(block->headers, (void *) head);
	3324	}
	3325	else
	3326	LOG (LOG_CRIT, ERR_MEM_ALLOC);
	3327	}
	3328
	3329
	3330	snprintf(data, sizeof(data), "X-DSPAM-Probability: %01.4f",
	3331	CTX->probability);
	3332
	3333	head = _ds_create_header_field(data);
	3334	if (head != NULL)
	3335	{
	3336	#ifdef VERBOSE
	3337	LOGDEBUG ("appending header %s: %s", head->heading, head->data);
	3338	#endif
	3339	nt_add (block->headers, (void *) head);
	3340	}
	3341	else
	3342	LOG (LOG_CRIT, ERR_MEM_ALLOC);
	3343
	3344	if (CTX->training_mode != DST_NOTRAIN && ATX->signature[0] != 0) {
	3345	snprintf(data, sizeof(data), "X-DSPAM-Signature: %s", ATX->signature);
	3346
	3347	head = _ds_create_header_field(data);
	3348	if (head != NULL)
	3349	{
	3350	if (strlen(ATX->signature)<5)
	3351	{
	3352	LOGDEBUG("WARNING: Signature not generated, or invalid");
	3353	}
	3354	#ifdef VERBOSE
	3355	LOGDEBUG ("appending header %s: %s", head->heading, head->data);
	3356	#endif
	3357	nt_add (block->headers, (void *) head);
	3358	}
	3359	else
	3360	LOG (LOG_CRIT, ERR_MEM_ALLOC);
	3361	}
	3362
	3363	if (CTX->result == DSR_ISSPAM && (ATX->managed_group[0] \|\| (_ds_pref_val(ATX->PTX, "localStore")[0])))
	3364	{
	3365	snprintf(data, sizeof(data), "X-DSPAM-User: %s", CTX->username);
	3366	head = _ds_create_header_field(data);
	3367	if (head != NULL)
	3368	{
	3369	#ifdef VERBOSE
	3370	LOGDEBUG ("appending header %s: %s", head->heading, head->data);
	3371	#endif
	3372	nt_add (block->headers, (void *) head);
	3373	}
	3374	else
	3375	LOG (LOG_CRIT, ERR_MEM_ALLOC);
	3376	}
	3377
	3378	if (!strcmp(_ds_pref_val(ATX->PTX, "showFactors"), "on")) {
	3379
	3380	if (CTX->factors != NULL) {
	3381	snprintf(data, sizeof(data), "X-DSPAM-Factors: %d",
	3382	CTX->factors->items);
	3383	node_ft = c_nt_first(CTX->factors, &c_ft);
	3384	while(node_ft != NULL) {
	3385	struct dspam_factor f = (struct dspam_factor ) node_ft->ptr;
	3386	if (f) {
	3387	char s, t;
	3388	strlcat(data, ",\n\t", sizeof(data));
	3389	s = f->token_name;
	3390	t = scratch;
	3391	while (*s && t < scratch + sizeof(scratch) - 16)
	3392	if (s >= ' ' && s < 0x7f && *s != '%')
	3393	t++ = s++;
	3394	else
	3395	t += sprintf(t, "%%%02x", (unsigned char) *s++);
	3396	snprintf(t, 15, ", %2.5f", f->value);
	3397	strlcat(data, scratch, sizeof(data));
	3398	}
	3399	node_ft = c_nt_next(CTX->factors, &c_ft);
	3400	}
	3401	head = _ds_create_header_field(data);
	3402	if (head != NULL)
	3403	{
	3404	#ifdef VERBOSE
	3405	LOGDEBUG("appending header %s: %s", head->heading, head->data);
	3406	#endif
	3407	nt_add(block->headers, (void *) head);
	3408	}
	3409	}
	3410	}
	3411
	3412	} /* CTX->source != DSS_ERROR */
	3413	}
	3414	}
	3415	return 0;
	3416	}
	3417
	3418	/*
	3419	* embed_msgtag(DSPAM_CTX CTX, AGENT_CTX ATX)
	3420	*
	3421	* DESCRIPTION
	3422	* Embed a message tag
	3423	*
	3424	* INPUT ARGUMENTS
	3425	* CTX DSPAM context containing the message
	3426	* ATX Agent context defining processing behavior
	3427	*
	3428	* RETURN VALUES
	3429	* returns 0 on success, standard errors on failure
	3430	*/
	3431
	3432	int embed_msgtag(DSPAM_CTX CTX, AGENT_CTX ATX) {
	3433	struct nt_node *node_nt;
	3434	struct nt_c c_nt;
	3435	char toplevel_boundary[128] = { 0 };
	3436	ds_message_part_t block;
	3437	int i = 0;
	3438	FILE *f;
	3439	char buff[1024], msgfile[MAX_FILENAME_LENGTH];
	3440	buffer *b;
	3441	ATX = ATX; /* Keep compiler happy */
	3442
	3443	if (CTX->result != DSR_ISSPAM && CTX->result != DSR_ISINNOCENT)
	3444	return EINVAL;
	3445
	3446	node_nt = c_nt_first (CTX->message->components, &c_nt);
	3447	if (node_nt == NULL \|\| node_nt->ptr == NULL)
	3448	return EFAILURE;
	3449
	3450	block = node_nt->ptr;
	3451
	3452	/* Signed messages cannot be tagged */
	3453
	3454	if (block->media_subtype == MST_SIGNED)
	3455	return EINVAL;
	3456
	3457	/* Load the message tag */
	3458	if (_ds_read_attribute(agent_config, "TxtDirectory")) {
	3459	snprintf(msgfile, sizeof(msgfile), "%s/msgtag.%s",
	3460	_ds_read_attribute(agent_config, "TxtDirectory"),
	3461	(CTX->result == DSR_ISSPAM) ? "spam" : "nonspam");
	3462	} else {
	3463	snprintf(msgfile, sizeof(msgfile), "%s/txt/msgtag.%s",
	3464	_ds_read_attribute(agent_config, "Home"),
	3465	(CTX->result == DSR_ISSPAM) ? "spam" : "nonspam");
	3466	}
	3467	f = fopen(msgfile, "r");
	3468	if (!f) {
	3469	LOG(LOG_ERR, ERR_IO_FILE_OPEN, msgfile, strerror(errno));
	3470	return EFILE;
	3471	}
	3472	b = buffer_create(NULL);
	3473	if (!b) {
	3474	LOG(LOG_CRIT, ERR_MEM_ALLOC);
	3475	fclose(f);
	3476	return EUNKNOWN;
	3477	}
	3478	while(fgets(buff, sizeof(buff), f)!=NULL) {
	3479	buffer_cat(b, buff);
	3480	}
	3481	fclose(f);
	3482
	3483	if (block->media_type == MT_MULTIPART && block->terminating_boundary != NULL)
	3484	{
	3485	strlcpy(toplevel_boundary, block->terminating_boundary,
	3486	sizeof(toplevel_boundary));
	3487	}
	3488
	3489	while (node_nt != NULL)
	3490	{
	3491	char body_close = NULL, dup = NULL;
	3492
	3493	block = node_nt->ptr;
	3494
	3495	/* Append signature to blocks when... */
	3496
	3497	if (block != NULL
	3498
	3499	/* Either a text section, or this is a non-multipart message AND...*/
	3500	&& (block->media_type == MT_TEXT
	3501	\|\| (block->boundary == NULL && i == 0
	3502	&& block->media_type != MT_MULTIPART))
	3503	&& (toplevel_boundary[0] == 0 \|\| (block->body && block->body->used)))
	3504	{
	3505	if (block->content_disposition == PCD_ATTACHMENT)
	3506	{
	3507	node_nt = c_nt_next (CTX->message->components, &c_nt);
	3508	i++;
	3509	continue;
	3510	}
	3511
	3512	/* Some email clients reformat HTML parts, and require that we include
	3513	* the signature before the HTML close tags (because they're stupid)
	3514	*/
	3515
	3516	if (body_close == NULL &&
	3517	block->body != NULL &&
	3518	block->body->data != NULL &&
	3519	block->media_subtype == MST_HTML)
	3520
	3521	{
	3522	body_close = strcasestr(block->body->data, "</body");
	3523	if (!body_close)
	3524	body_close = strcasestr(block->body->data, "</html");
	3525	}
	3526
	3527	/* Save and truncate everything after and including the close tag */
	3528	if (body_close)
	3529	{
	3530	dup = strdup (body_close);
	3531	block->body->used -= (long) strlen (dup);
	3532	body_close[0] = 0;
	3533	}
	3534
	3535	buffer_cat (block->body, "\n");
	3536	buffer_cat (block->body, b->data);
	3537
	3538	if (dup)
	3539	{
	3540	buffer_cat (block->body, dup);
	3541	free (dup);
	3542	}
	3543	}
	3544
	3545	node_nt = c_nt_next (CTX->message->components, &c_nt);
	3546	i++;
	3547	}
	3548	buffer_destroy(b);
	3549	return 0;
	3550	}
	3551
	3552	/*
	3553	* embed_signature(DSPAM_CTX CTX, AGENT_CTX ATX)
	3554	*
	3555	* DESCRIPTION
	3556	* Embed the DSPAM signature in all relevant parts of the message
	3557	*
	3558	* INPUT ARGUMENTS
	3559	* CTX DSPAM context containing the message
	3560	* ATX Agent context defining processing behavior
	3561	*
	3562	* RETURN VALUES
	3563	* returns 0 on success, standard errors on failure
	3564	*/
	3565
	3566	int embed_signature(DSPAM_CTX CTX, AGENT_CTX ATX) {
	3567	struct nt_node *node_nt;
	3568	struct nt_c c_nt;
	3569	char toplevel_boundary[128] = { 0 };
	3570	ds_message_part_t block;
	3571	int i = 0;
	3572
	3573	if (CTX->training_mode == DST_NOTRAIN \|\| ! ATX->signature[0])
	3574	return 0;
	3575
	3576	node_nt = c_nt_first (CTX->message->components, &c_nt);
	3577
	3578	if (node_nt == NULL \|\| node_nt->ptr == NULL)
	3579	return EFAILURE;
	3580
	3581	block = node_nt->ptr;
	3582
	3583	/* Signed messages are handled differently */
	3584
	3585	if (block->media_subtype == MST_SIGNED)
	3586	return embed_signed(CTX, ATX);
	3587
	3588	if (block->media_type == MT_MULTIPART && block->terminating_boundary != NULL)
	3589	{
	3590	strlcpy(toplevel_boundary, block->terminating_boundary,
	3591	sizeof(toplevel_boundary));
	3592	}
	3593
	3594	while (node_nt != NULL)
	3595	{
	3596	char body_close = NULL, dup = NULL;
	3597
	3598	block = node_nt->ptr;
	3599
	3600	/* Append signature to blocks when... */
	3601
	3602	if (block != NULL
	3603
	3604	/* Either a text section, or this is a non-multipart message AND...*/
	3605	&& (block->media_type == MT_TEXT
	3606	\|\| (block->boundary == NULL && i == 0
	3607	&& block->media_type != MT_MULTIPART))
	3608	&& (toplevel_boundary[0] == 0 \|\| (block->body && block->body->used)))
	3609	{
	3610	if (block->content_disposition == PCD_ATTACHMENT)
	3611	{
	3612	node_nt = c_nt_next (CTX->message->components, &c_nt);
	3613	i++;
	3614	continue;
	3615	}
	3616
	3617	/* Some email clients reformat HTML parts, and require that we include
	3618	* the signature before the HTML close tags (because they're stupid)
	3619	*/
	3620
	3621	if (body_close == NULL &&
	3622	block->body != NULL &&
	3623	block->body->data != NULL &&
	3624	block->media_subtype == MST_HTML)
	3625
	3626	{
	3627	body_close = strcasestr(block->body->data, "</body");
	3628	if (!body_close)
	3629	body_close = strcasestr(block->body->data, "</html");
	3630	}
	3631
	3632	/* Save and truncate everything after and including the close tag */
	3633	if (body_close)
	3634	{
	3635	dup = strdup (body_close);
	3636	block->body->used -= (long) strlen (dup);
	3637	body_close[0] = 0;
	3638	}
	3639
	3640	buffer_cat (block->body, "\n");
	3641	buffer_cat (block->body, SIGNATURE_BEGIN);
	3642	buffer_cat (block->body, ATX->signature);
	3643	buffer_cat (block->body, SIGNATURE_END);
	3644	buffer_cat (block->body, "\n\n");
	3645
	3646	if (dup)
	3647	{
	3648	buffer_cat (block->body, dup);
	3649	buffer_cat (block->body, "\n\n");
	3650	free (dup);
	3651	}
	3652	}
	3653
	3654	node_nt = c_nt_next (CTX->message->components, &c_nt);
	3655	i++;
	3656	}
	3657	return 0;
	3658	}
	3659
	3660	/*
	3661	* embed_signed(DSPAM_CTX CTX, AGENT_CTX ATX)
	3662	*
	3663	* DESCRIPTION
	3664	* Embed the DSPAM signature within a signed message
	3665	*
	3666	* INPUT ARGUMENTS
	3667	* CTX DSPAM context containing message
	3668	* ATX Agent context defining processing behavior
	3669	*
	3670	* RETURN VALUES
	3671	* returns 0 on success, standard errors on failure
	3672	*/
	3673
	3674	int embed_signed(DSPAM_CTX CTX, AGENT_CTX ATX) {
	3675	struct nt_node node_nt, node_block, *parent;
	3676	struct nt_c c_nt;
	3677	ds_message_part_t block, newblock;
	3678	ds_header_t field;
	3679	char scratch[256], data[256];
	3680
	3681	node_block = c_nt_first (CTX->message->components, &c_nt);
	3682	if (node_block == NULL \|\| node_block->ptr == NULL)
	3683	return EFAILURE;
	3684
	3685	block = node_block->ptr;
	3686
	3687	/* Construct a new block to contain the signed message */
	3688
	3689	newblock = (ds_message_part_t) malloc(sizeof(struct _ds_message_part));
	3690	if (newblock == NULL)
	3691	goto MEM_ALLOC;
	3692
	3693	newblock->headers = nt_create(NT_PTR);
	3694	if (newblock->headers == NULL)
	3695	goto MEM_ALLOC;
	3696
	3697	newblock->boundary = NULL;
	3698	newblock->terminating_boundary= block->terminating_boundary;
	3699	newblock->encoding = block->encoding;
	3700	newblock->original_encoding = block->original_encoding;
	3701	newblock->media_type = block->media_type;
	3702	newblock->media_subtype = block->media_subtype;
	3703	newblock->body = buffer_create (NULL);
	3704	newblock->original_signed_body= NULL;
	3705
	3706	/* Move the relevant headers from the main part to the new block */
	3707
	3708	parent = NULL;
	3709	node_nt = c_nt_first(block->headers, &c_nt);
	3710	while(node_nt != NULL) {
	3711	field = node_nt->ptr;
	3712	if (field) {
	3713	if (!strcasecmp(field->heading, "Content-Type") \|\|
	3714	!strcasecmp(field->heading, "Content-Disposition"))
	3715	{
	3716	struct nt_node *old = node_nt;
	3717	node_nt = c_nt_next(block->headers, &c_nt);
	3718	if (parent)
	3719	parent->next = node_nt;
	3720	else
	3721	block->headers->first = node_nt;
	3722	nt_add(newblock->headers, field);
	3723	free(old);
	3724	old = NULL;
	3725	block->headers->items--;
	3726	continue;
	3727	}
	3728	}
	3729	parent = node_nt;
	3730	node_nt = c_nt_next(block->headers, &c_nt);
	3731	}
	3732
	3733	/* Create a new top-level boundary */
	3734	snprintf(scratch, sizeof(scratch), "DSPAM_MULTIPART_EX-%ld", (long)getpid());
	3735	block->terminating_boundary = strdup(scratch);
	3736
	3737	/* Create a new content-type field */
	3738	block->media_type = MT_MULTIPART;
	3739	block->media_subtype = MST_MIXED;
	3740	snprintf(data, sizeof(data), "Content-Type: multipart/mixed; boundary=%s", scratch);
	3741	field = _ds_create_header_field(data);
	3742	if (field != NULL)
	3743	nt_add(block->headers, field);
	3744
	3745	/* Insert the new block right below the top headers and blank body */
	3746	node_nt = nt_node_create(newblock);
	3747	if (node_nt == NULL)
	3748	goto MEM_ALLOC;
	3749	node_nt->next = node_block->next;
	3750	node_block->next = node_nt;
	3751	CTX->message->components->items++;
	3752
	3753	/* Strip the old terminating boundary */
	3754
	3755	parent = NULL;
	3756	node_nt = c_nt_first (CTX->message->components, &c_nt);
	3757	while (node_nt)
	3758	{
	3759	if (!node_nt->next && parent) {
	3760	parent->next = NULL;
	3761	CTX->message->components->items--;
	3762	CTX->message->components->insert = NULL;
	3763	_ds_destroy_block(node_nt->ptr);
	3764	free(node_nt);
	3765	node_nt = NULL;
	3766	} else {
	3767	parent = node_nt;
	3768	node_nt = node_nt->next;
	3769	}
	3770	}
	3771
	3772	/* Create a new message part containing only the boundary delimiter */
	3773
	3774	newblock = (ds_message_part_t)
	3775	malloc(sizeof(struct _ds_message_part));
	3776	if (newblock == NULL)
	3777	goto MEM_ALLOC;
	3778
	3779	newblock->headers = nt_create(NT_PTR);
	3780	if (newblock->headers == NULL)
	3781	goto MEM_ALLOC;
	3782
	3783	newblock->boundary = NULL;
	3784	newblock->terminating_boundary= strdup(scratch);
	3785	newblock->encoding = EN_7BIT;
	3786	newblock->original_encoding = EN_7BIT;
	3787	newblock->media_type = MT_TEXT;
	3788	newblock->media_subtype = MST_PLAIN;
	3789	newblock->body = buffer_create (NULL);
	3790	newblock->original_signed_body= NULL;
	3791	nt_add (CTX->message->components, newblock);
	3792
	3793	/* Create a new message part containing the signature */
	3794
	3795	newblock = (ds_message_part_t) malloc(sizeof(struct _ds_message_part));
	3796	if (newblock == NULL)
	3797	goto MEM_ALLOC;
	3798
	3799	newblock->headers = nt_create(NT_PTR);
	3800	if (newblock->headers == NULL)
	3801	goto MEM_ALLOC;
	3802
	3803	snprintf(data, sizeof(data), "%s--\n\n", scratch);
	3804	newblock->boundary = NULL;
	3805	newblock->terminating_boundary= strdup(data);
	3806	newblock->encoding = EN_7BIT;
	3807	newblock->original_encoding = EN_7BIT;
	3808	newblock->media_type = MT_TEXT;
	3809	newblock->media_subtype = MST_PLAIN;
	3810	snprintf (scratch, sizeof (scratch),
	3811	"%s%s%s\n", SIGNATURE_BEGIN, ATX->signature, SIGNATURE_END);
	3812	newblock->body = buffer_create (scratch);
	3813	newblock->original_signed_body= NULL;
	3814
	3815	field = _ds_create_header_field ("Content-Type: text/plain");
	3816	nt_add (newblock->headers, field);
	3817	snprintf(data, sizeof(data), "X-DSPAM-Signature: %s", ATX->signature);
	3818	nt_add (newblock->headers, _ds_create_header_field(data));
	3819	nt_add (CTX->message->components, newblock);
	3820
	3821	return 0;
	3822
	3823	MEM_ALLOC:
	3824	if (newblock) {
	3825	if (newblock->headers)
	3826	nt_destroy(newblock->headers);
	3827	free(newblock);
	3828	newblock = NULL;
	3829	}
	3830
	3831	LOG (LOG_CRIT, ERR_MEM_ALLOC);
	3832	return EUNKNOWN;
	3833	}
	3834
	3835	/*
	3836	* tracksources(DSPAM_CTX *CTX)
	3837	*
	3838	* DESCRIPTION
	3839	* Track the source address of a message, report to syslog and/or RABL
	3840	*
	3841	* INPUT ARGUMENTS
	3842	* CTX DSPAM context containing filter results and message
	3843	*
	3844	* RETURN VALUES
	3845	* returns 0 on success, standard errors on failure
	3846	*/
	3847
	3848	int tracksource(DSPAM_CTX *CTX) {
	3849	char ip[32];
	3850
	3851	if (!dspam_getsource (CTX, ip, sizeof (ip)))
	3852	{
	3853	if (CTX->totals.innocent_learned + CTX->totals.innocent_classified > 2500) {
	3854	if (CTX->result == DSR_ISSPAM &&
	3855	strcmp(CTX->class, LANG_CLASS_VIRUS) != 0 &&
	3856	_ds_match_attribute(agent_config, "TrackSources", "spam")) {
	3857	FILE *file;
	3858	char dropfile[MAX_FILENAME_LENGTH];
	3859	LOG (LOG_INFO, "spam detected from %s", ip);
	3860	if (_ds_read_attribute(agent_config, "RABLQueue")) {
	3861	snprintf(dropfile, sizeof(dropfile), "%s/%s",
	3862	_ds_read_attribute(agent_config, "RABLQueue"), ip);
	3863	file = fopen(dropfile, "w");
	3864	if (file != NULL)
	3865	fclose(file);
	3866	}
	3867	} else if (CTX->result == DSR_ISSPAM &&
	3868	strcmp(CTX->class, LANG_CLASS_VIRUS) == 0 &&
	3869	_ds_match_attribute(agent_config, "TrackSources", "virus"))
	3870	{
	3871	LOG (LOG_INFO, "infected message from %s", ip);
	3872	} else if (CTX->result != DSR_ISSPAM &&
	3873	strcmp(CTX->class, LANG_CLASS_VIRUS) != 0 &&
	3874	_ds_match_attribute(agent_config, "TrackSources", "nonspam"))
	3875	{
	3876	LOG (LOG_INFO, "innocent message from %s", ip);
	3877	}
	3878	}
	3879	}
	3880	return 0;
	3881	}
	3882
	3883	#ifdef CLAMAV
	3884
	3885	/*
	3886	* has_virus(buffer *message)
	3887	*
	3888	* DESCRIPTION
	3889	* Call ClamAV to determine if the message has a virus
	3890	*
	3891	* INPUT ARGUMENTS
	3892	* message pointer to buffer containing message for scanning
	3893	*
	3894	* RETURN VALUES
	3895	* returns 1 if virus, 0 otherwise
	3896	*/
	3897
	3898	int has_virus(buffer *message) {
	3899	struct sockaddr_in addr;
	3900	int sockfd;
	3901	int virus = 0;
	3902	int yes = 1;
	3903	int port = atoi(_ds_read_attribute(agent_config, "ClamAVPort"));
	3904	int addr_len;
	3905	char *host = _ds_read_attribute(agent_config, "ClamAVHost");
	3906	FILE *sock;
	3907	FILE *sockout;
	3908	char buf[128];
	3909
	3910	sockfd = socket(AF_INET, SOCK_STREAM, 0);
	3911	if (sockfd < 0) {
	3912	LOG(LOG_ERR, "socket(AF_INET, SOCK_STREAM, 0): %s", strerror(errno));
	3913	return 0;
	3914	}
	3915	memset(&addr, 0, sizeof(struct sockaddr_in));
	3916	addr.sin_family = AF_INET;
	3917	addr.sin_addr.s_addr = inet_addr(host);
	3918	addr.sin_port = htons(port);
	3919	addr_len = sizeof(struct sockaddr_in);
	3920	LOGDEBUG("Connecting to %s:%d for virus check", host, port);
	3921	if(connect(sockfd, (struct sockaddr *)&addr, addr_len)<0) {
	3922	LOG(LOG_ERR, ERR_CLIENT_CONNECT_HOST, host, port, strerror(errno));
	3923	close(sockfd);
	3924	return 0;
	3925	}
	3926
	3927	setsockopt(sockfd,SOL_SOCKET,TCP_NODELAY,&yes,sizeof(int));
	3928
	3929	sock = fdopen(sockfd, "r");
	3930	if (sock == NULL) {
	3931	LOG(LOG_ERR, ERR_CLIENT_CONNECT_HOST, host, port, strerror(errno));
	3932	close(sockfd);
	3933	return 0;
	3934	}
	3935	sockout = fdopen(sockfd, "w");
	3936	if (sockout == NULL) {
	3937	LOG(LOG_ERR, ERR_CLIENT_CONNECT_HOST, host, port, strerror(errno));
	3938	fclose(sock);
	3939	close(sockfd);
	3940	return 0;
	3941	}
	3942	fprintf(sockout, "STREAM\r\n");
	3943	fflush(sockout);
	3944
	3945	if ((fgets(buf, sizeof(buf), sock))!=NULL && !strncmp(buf, "PORT", 4)) {
	3946	int s_port = atoi(buf+5);
	3947	if (feed_clam(s_port, message)==0) {
	3948	if ((fgets(buf, sizeof(buf), sock))!=NULL) {
	3949	if (!strstr(buf, ": OK"))
	3950	virus = 1;
	3951	}
	3952	}
	3953	}
	3954	fclose(sock);
	3955	fclose(sockout);
	3956	close(sockfd);
	3957
	3958	return virus;
	3959	}
	3960
	3961	/*
	3962	* feed_clam(int port, buffer *message)
	3963	*
	3964	* DESCRIPTION
	3965	* Feed a stream to ClamAV for virus detection
	3966	*
	3967	* INPUT ARGUMENTS
	3968	* sockfd port number of stream
	3969	* message pointer to buffer containing message for scanning
	3970	*
	3971	* RETURN VALUES
	3972	* returns 0 on success
	3973	*/
	3974
	3975	int feed_clam(int port, buffer *message) {
	3976	struct sockaddr_in addr;
	3977	int sockfd, r, addr_len;
	3978	int yes = 1;
	3979	long sent = 0;
	3980	long size = strlen(message->data);
	3981	char *host = _ds_read_attribute(agent_config, "ClamAVHost");
	3982
	3983	sockfd = socket(AF_INET, SOCK_STREAM, 0);
	3984	if (sockfd < 0) {
	3985	LOG(LOG_ERR, "socket(AF_INET, SOCK_STREAM, 0): %s", strerror(errno));
	3986	return EFAILURE;
	3987	}
	3988	memset(&addr, 0, sizeof(struct sockaddr_in));
	3989	addr.sin_family = AF_INET;
	3990	addr.sin_addr.s_addr = inet_addr(host);
	3991	addr.sin_port = htons(port);
	3992	addr_len = sizeof(struct sockaddr_in);
	3993	LOGDEBUG("Connecting to %s:%d for virus stream transmission", host, port);
	3994	if(connect(sockfd, (struct sockaddr *)&addr, addr_len)<0) {
	3995	LOG(LOG_ERR, ERR_CLIENT_CONNECT_HOST, host, port, strerror(errno));
	3996	close(sockfd);
	3997	return EFAILURE;
	3998	}
	3999
	4000	setsockopt(sockfd,SOL_SOCKET,TCP_NODELAY,&yes,sizeof(int));
	4001
	4002	while(sent<size) {
	4003	r = send(sockfd, message->data+sent, size-sent, 0);
	4004	if (r <= 0) {
	4005	close(sockfd);
	4006	return r;
	4007	}
	4008	sent += r;
	4009	}
	4010
	4011	close(sockfd);
	4012	return 0;
	4013	}
	4014
	4015	#endif
	4016
	4017	/*
	4018	* is_blacklisted(DSPAM_CTX CTX, AGENT_CTX ATX)
	4019	*
	4020	* DESCRIPTION
	4021	* Determine if the source address of the message is blacklisted
	4022	*
	4023	* INPUT ARGUMENTS
	4024	* CTX DSPAM context containing the message
	4025	* ATX Agent context defining processing behavior
	4026	*
	4027	* RETURN VALUES
	4028	* returns 1 if blacklisted, 0 otherwise
	4029	*/
	4030
	4031	int is_blacklisted(DSPAM_CTX CTX, AGENT_CTX ATX) {
	4032	#ifdef __CYGWIN__
	4033	/* No cygwin support for IP Blacklisting */
	4034	return 0;
	4035	#else
	4036	char ip[32];
	4037	int bad = 0;
	4038	struct attribute *attrib;
	4039	struct addrinfo *res = NULL;
	4040	struct sockaddr_in saddr;
	4041	char host[32];
	4042	char lookup[256];
	4043	char *ptr;
	4044	char *octet[4];
	4045	int i = 3;
	4046	octet[0] = octet[1] = octet[2] = octet[3] = NULL;
	4047
	4048	if (!dspam_getsource (CTX, ip, sizeof (ip))) {
	4049	host[0] = 0;
	4050	ptr = strtok(ip, ".");
	4051	while(ptr != NULL && i>=0 && i<4) {
	4052	octet[i] = ptr;
	4053	ptr = strtok(NULL, ".");
	4054	if (ptr == NULL && i!=0)
	4055	return 0;
	4056	i--;
	4057	}
	4058
	4059	if (octet[0] == NULL \|\| octet[1] == NULL \|\| octet[2] == NULL \|\| octet[3] == NULL)
	4060	return 0;
	4061
	4062	snprintf(host, sizeof(host), "%s.%s.%s.%s.", octet[0], octet[1], octet[2], octet[3]);
	4063
	4064	attrib = _ds_find_attribute(agent_config, "Lookup");
	4065	while(attrib != NULL) {
	4066	int error;
	4067	snprintf(lookup, sizeof(lookup), "%s%s", host, attrib->value);
	4068	error = getaddrinfo(lookup, NULL, NULL, &res);
	4069	if (!error) {
	4070	char buff[128];
	4071	if (!bad) {
	4072	memcpy(&saddr, res->ai_addr, sizeof(struct sockaddr));
	4073	#ifdef HAVE_INET_NTOA_R_2
	4074	inet_ntoa_r(saddr.sin_addr, buff);
	4075	#else
	4076	inet_ntoa_r(saddr.sin_addr, buff, sizeof(buff));
	4077	#endif
	4078	if (strncmp(buff, "127.0.0.", 8) == 0) {
	4079	STATUS("Blacklisted (%s)", attrib->value);
	4080	bad = 1;
	4081	freeaddrinfo(res);
	4082	break;
	4083	}
	4084	}
	4085	freeaddrinfo(res);
	4086	}
	4087	attrib = attrib->next;
	4088	}
	4089	}
	4090
	4091	return bad;
	4092	#endif
	4093	}
	4094
	4095	/*
	4096	* is_blocklisted(DSPAM_CTX CTX, AGENT_CTX ATX)
	4097	*
	4098	* DESCRIPTION
	4099	* Determine if the source address of the message is blocklisted on
	4100	* the destination user's blocklist
	4101	*
	4102	* INPUT ARGUMENTS
	4103	* CTX DSPAM context containing the message
	4104	* ATX Agent context defining processing behavior
	4105	*
	4106	* RETURN VALUES
	4107	* returns 1 if blacklisted, 0 otherwise
	4108	*/
	4109
	4110	int is_blocklisted(DSPAM_CTX CTX, AGENT_CTX ATX) {
	4111	char filename[MAX_FILENAME_LENGTH];
	4112	FILE *file;
	4113	int blocklisted = 0;
	4114	_ds_userdir_path(filename, _ds_read_attribute(agent_config, "Home"),
	4115	LOOKUP(ATX->PTX, (ATX->managed_group[0]) ? ATX->managed_group
	4116	: CTX->username), "blocklist");
	4117	file = fopen(filename, "r");
	4118	if (file != NULL) {
	4119	char *heading = _ds_find_header(CTX->message, "From");
	4120	char buf[256];
	4121	if (heading) {
	4122	char *dup = strdup(heading);
	4123	char *domain = strrchr(dup, '@');
	4124	if (domain) {
	4125	int i;
	4126	for(i=0;domain[i] && domain[i]!='\r' && domain[i]!='\n'
	4127	&& domain[i]!='>' && !isspace((int) domain[i]);i++) { }
	4128	domain[i] = 0;
	4129	while((fgets(buf, sizeof(buf), file))!=NULL) {
	4130	chomp(buf);
	4131	if (!strcasecmp(buf, domain+1)) {
	4132	blocklisted = 1;
	4133	break;
	4134	}
	4135	}
	4136	}
	4137	free(dup);
	4138	dup = NULL;
	4139	}
	4140	fclose(file);
	4141	}
	4142	return blocklisted;
	4143	}
	4144
	4145	/*
	4146	* daemon_start(AGENT_CTX *ATX)
	4147	*
	4148	* DESCRIPTION
	4149	* Launch into daemon mode and start listener
	4150	*
	4151	* INPUT ARGUMENTS
	4152	* ATX Agent context defining processing behavior
	4153	*
	4154	* RETURN VALUES
	4155	* returns 0 on successful termination
	4156	*/
	4157
	4158	#ifdef DAEMON
	4159	int daemon_start(AGENT_CTX *ATX) {
	4160	DRIVER_CTX DTX;
	4161	char *pidfile;
	4162	ATX = ATX; /* Keep compiler happy */
	4163	int exitcode = EXIT_SUCCESS;
	4164
	4165	if (ATX->fork && fork()) /* Fork DSPAM into the background */
	4166	exit(exitcode);
	4167
	4168	__daemon_run = 1;
	4169	__num_threads = 0;
	4170	__hup = 0;
	4171	pthread_mutex_init(&__lock, NULL);
	4172	if (libdspam_init(_ds_read_attribute(agent_config, "StorageDriver"))) {
	4173	LOG(LOG_CRIT, ERR_DRV_INIT);
	4174	// pthread_mutex_destroy(&__lock);
	4175	exit(EXIT_FAILURE);
	4176	}
	4177
	4178	LOG(LOG_INFO, INFO_DAEMON_START);
	4179
	4180	while(__daemon_run) {
	4181
	4182	DTX.CTX = dspam_create (NULL, NULL,
	4183	_ds_read_attribute(agent_config, "Home"),
	4184	DSM_TOOLS, 0);
	4185	if (!DTX.CTX)
	4186	{
	4187	LOG(LOG_ERR, ERR_CORE_INIT);
	4188	// pthread_mutex_destroy(&__lock);
	4189	// libdspam_shutdown();
	4190	exit(EXIT_FAILURE);
	4191	}
	4192
	4193	set_libdspam_attributes(DTX.CTX);
	4194	DTX.flags = DRF_STATEFUL;
	4195
	4196	#ifdef DEBUG
	4197	if (DO_DEBUG)
	4198	DO_DEBUG = 2;
	4199	#endif
	4200	if (dspam_init_driver (&DTX))
	4201	{
	4202	LOG (LOG_WARNING, ERR_DRV_INIT);
	4203	// pthread_mutex_destroy(&__lock);
	4204	// libdspam_shutdown();
	4205	exit(EXIT_FAILURE);
	4206	}
	4207
	4208	pidfile = _ds_read_attribute(agent_config, "ServerPID");
	4209	if ( pidfile == NULL )
	4210	pidfile = "/var/run/dspam/dspam.pid";
	4211
	4212	if (pidfile) {
	4213	FILE *file;
	4214	file = fopen(pidfile, "w");
	4215	if (file == NULL) {
	4216	LOG(LOG_ERR, ERR_IO_FILE_WRITE, pidfile, strerror(errno));
	4217	dspam_shutdown_driver(&DTX);
	4218	libdspam_shutdown();
	4219	exit(EXIT_FAILURE);
	4220	} else {
	4221	fprintf(file, "%ld\n", (long) getpid());
	4222	fclose(file);
	4223	}
	4224	}
	4225
	4226	LOGDEBUG("Spawning daemon listener");
	4227
	4228	if (daemon_listen(&DTX)) {
	4229	LOG(LOG_CRIT, ERR_DAEMON_FAIL);
	4230	__daemon_run = 0;
	4231	exitcode = EXIT_FAILURE;
	4232	} else {
	4233	LOG(LOG_WARNING, "Received signal. Waiting for processing threads to exit.");
	4234	while(__num_threads) {
	4235	struct timeval tv;
	4236	tv.tv_sec = 1;
	4237	tv.tv_usec = 0;
	4238	select(0, NULL, NULL, NULL, &tv);
	4239	}
	4240	LOG(LOG_WARNING, "Processing threads terminated.");
	4241	}
	4242
	4243	/* only unlink pid file if daemon is shut down */
	4244	if (pidfile && !__daemon_run)
	4245	unlink(pidfile);
	4246
	4247	dspam_shutdown_driver(&DTX);
	4248	dspam_destroy(DTX.CTX);
	4249
	4250	/* Reload */
	4251	if (__hup) {
	4252	LOG(LOG_WARNING, INFO_DAEMON_RELOAD);
	4253
	4254	if (agent_config)
	4255	_ds_destroy_config(agent_config);
	4256
	4257	agent_config = read_config(NULL);
	4258	if (!agent_config) {
	4259	LOG(LOG_ERR, ERR_AGENT_READ_CONFIG);
	4260	pthread_mutex_destroy(&__lock);
	4261	libdspam_shutdown();
	4262	exit(EXIT_FAILURE);
	4263	}
	4264
	4265	__daemon_run = 1;
	4266	__hup = 0;
	4267	}
	4268	}
	4269
	4270	LOG(LOG_WARNING, INFO_DAEMON_EXIT);
	4271	pthread_mutex_destroy(&__lock);
	4272	libdspam_shutdown();
	4273
	4274	return exitcode;
	4275	}
	4276	#endif
	4277
	4278	/*
	4279	* load_aggregated_prefs(AGENT_CTX ATX, const char username)
	4280	*
	4281	* DESCRIPTION
	4282	* Load and aggregate system+user preferences
	4283	*
	4284	* INPUT ARGUMENTS
	4285	* ATX Agent context defining processing behavior
	4286	* username Target user
	4287	*
	4288	* RETURN VALUES
	4289	* pointer to aggregated preference structure, NULL on failure
	4290	*/
	4291
	4292	agent_pref_t load_aggregated_prefs(AGENT_CTX ATX, const char username) {
	4293	agent_pref_t PTX = NULL;
	4294	agent_pref_t STX = NULL;
	4295	agent_pref_t UTX = NULL;
	4296
	4297	LOGDEBUG("loading preferences for user %s", username);
	4298	UTX = _ds_pref_load(agent_config, username,
	4299	_ds_read_attribute(agent_config, "Home"), ATX->dbh);
	4300
	4301	if (!UTX && _ds_match_attribute(agent_config, "FallbackDomains", "on")) {
	4302	if (username != NULL && strchr(username, '@')) {
	4303	char *domain = strchr(username, '@');
	4304	if (domain) {
	4305	UTX = _ds_pref_load(agent_config,
	4306	domain,
	4307	_ds_read_attribute(agent_config, "Home"), ATX->dbh);
	4308	if (UTX && !strcmp(_ds_pref_val(UTX, "fallbackDomain"), "on")) {
	4309	LOGDEBUG("empty prefs found. falling back to %s", domain);
	4310	} else {
	4311	_ds_pref_free(UTX);
	4312	UTX = NULL;
	4313	}
	4314	}
	4315	} else {
	4316	LOG(LOG_ERR, "load_aggregated_prefs(): Can not fallback to domains for username '%s' without @domain part.", username);
	4317	}
	4318	}
	4319
	4320	if (!UTX) {
	4321	UTX = _ds_pref_load(agent_config, NULL,
	4322	_ds_read_attribute(agent_config, "Home"), ATX->dbh);
	4323	}
	4324
	4325	STX = _ds_pref_load(agent_config, NULL,
	4326	_ds_read_attribute(agent_config, "Home"), ATX->dbh);
	4327
	4328	if (!STX \|\| STX[0] == 0) {
	4329	if (STX) {
	4330	_ds_pref_free(STX);
	4331	}
	4332	LOGDEBUG("default preferences empty. reverting to dspam.conf preferences.");
	4333	STX = pref_config();
	4334	} else {
	4335	LOGDEBUG("loaded default preferences externally");
	4336	}
	4337
	4338	PTX = _ds_pref_aggregate(STX, UTX);
	4339	_ds_pref_free(UTX);
	4340	free(UTX);
	4341	UTX = NULL;
	4342	_ds_pref_free(STX);
	4343	free(STX);
	4344	STX = NULL;
	4345
	4346	#ifdef VERBOSE
	4347	if (PTX) {
	4348	int j;
	4349	for(j=0;PTX[j];j++) {
	4350	LOGDEBUG("aggregated preference '%s' => '%s'",
	4351	PTX[j]->attribute, PTX[j]->value);
	4352	}
	4353	}
	4354	#endif
	4355
	4356	return PTX;
	4357	}
	4358
	4359	/*
	4360	* do_notifications(DSPAM_CTX CTX, AGENT_CTX ATX)
	4361	*
	4362	* DESCRIPTION
	4363	* Evaluate and send notifications as necessary
	4364	*
	4365	* INPUT ARGUMENTS
	4366	* CTX DSPAM context
	4367	* ATX Agent context defining processing behavior
	4368	*
	4369	* RETURN VALUES
	4370	* returns 0 on success, standard errors in failure
	4371	*/
	4372
	4373	int do_notifications(DSPAM_CTX CTX, AGENT_CTX ATX) {
	4374	char filename[MAX_FILENAME_LENGTH];
	4375	FILE *file;
	4376
	4377	/* First run notification */
	4378
	4379	if ((_ds_match_attribute(agent_config, "Notifications", "on") \|\|
	4380	!strcasecmp(_ds_pref_val(ATX->PTX, "notifications"), "on")) &&
	4381	strcasecmp(_ds_pref_val(ATX->PTX, "notifications"), "off")) {
	4382	_ds_userdir_path(filename,
	4383	_ds_read_attribute(agent_config, "Home"),
	4384	LOOKUP(ATX->PTX, CTX->username), "firstrun");
	4385	file = fopen(filename, "r");
	4386	if (file == NULL) {
	4387	LOGDEBUG("sending firstrun.txt to %s (%s): %s",
	4388	CTX->username, filename, strerror(errno));
	4389	send_notice(ATX, "firstrun.txt", ATX->mailer_args, CTX->username);
	4390	_ds_prepare_path_for(filename);
	4391	file = fopen(filename, "w");
	4392	if (file) {
	4393	fprintf(file, "%ld\n", (long) time(NULL));
	4394	fclose(file);
	4395	}
	4396	} else {
	4397	fclose(file);
	4398	}
	4399	}
	4400
	4401
	4402	/* First spam notification */
	4403
	4404	if (CTX->result == DSR_ISSPAM &&
	4405	(_ds_match_attribute(agent_config, "Notifications", "on") \|\|
	4406	!strcasecmp(_ds_pref_val(ATX->PTX, "notifications"), "on")) &&
	4407	strcasecmp(_ds_pref_val(ATX->PTX, "notifications"), "off"))
	4408	{
	4409	_ds_userdir_path(filename,
	4410	_ds_read_attribute(agent_config, "Home"),
	4411	LOOKUP(ATX->PTX, CTX->username), "firstspam");
	4412	file = fopen(filename, "r");
	4413	if (file == NULL) {
	4414	LOGDEBUG("sending firstspam.txt to %s (%s): %s",
	4415	CTX->username, filename, strerror(errno));
	4416	send_notice(ATX, "firstspam.txt", ATX->mailer_args, CTX->username);
	4417	_ds_prepare_path_for(filename);
	4418	file = fopen(filename, "w");
	4419	if (file) {
	4420	fprintf(file, "%ld\n", (long) time(NULL));
	4421	fclose(file);
	4422	}
	4423	} else {
	4424	fclose(file);
	4425	}
	4426	}
	4427
	4428	/* Quarantine size notification */
	4429
	4430	if ((_ds_match_attribute(agent_config, "Notifications", "on") \|\|
	4431	!strcasecmp(_ds_pref_val(ATX->PTX, "notifications"), "on")) &&
	4432	strcasecmp(_ds_pref_val(ATX->PTX, "notifications"), "off")) {
	4433	struct stat s;
	4434	char qfile[MAX_FILENAME_LENGTH];
	4435	int qwarn_size = 102410242;
	4436
	4437	if (_ds_read_attribute(agent_config, "QuarantineWarnSize")) {
	4438	qwarn_size = atoi(_ds_read_attribute(agent_config, "QuarantineWarnSize"));
	4439	if (qwarn_size == INT_MAX && errno == ERANGE) {
	4440	LOG (LOG_INFO, "Value for 'QuarantineWarnSize' not valid (will use 2MB for now)");
	4441	qwarn_size = 102410242;
	4442	}
	4443	}
	4444
	4445	_ds_userdir_path(qfile, _ds_read_attribute(agent_config, "Home"),
	4446	LOOKUP(ATX->PTX, CTX->username), "mbox");
	4447
	4448	if (!stat(qfile, &s) && s.st_size > qwarn_size) {
	4449	_ds_userdir_path(qfile, _ds_read_attribute(agent_config, "Home"),
	4450	LOOKUP(ATX->PTX, CTX->username), "mboxwarn");
	4451	if (stat(qfile, &s)) {
	4452	FILE *f;
	4453
	4454	_ds_prepare_path_for(qfile);
	4455	f = fopen(qfile, "w");
	4456	if (f != NULL) {
	4457	fprintf(f, "%ld", (long) time(NULL));
	4458	fclose(f);
	4459
	4460	send_notice(ATX, "quarantinefull.txt", ATX->mailer_args, CTX->username);
	4461	}
	4462	}
	4463	}
	4464	}
	4465
	4466	return 0;
	4467	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: