use base qw(Net::Server::PreForkSimple);
+$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
+
+delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
+
my $greylist_delay = 3*60; # greylist window
my $greylist_lifetime = 3600*24*2; # retry window
my $greylist_awlifetime = 3600*24*36; # expire window
my $sth = $dbh->prepare(
'INSERT INTO LocalStat (Time, RBLCount, PregreetCount, CID, MTime) ' .
- 'VALUES (?, ?, ?, ?, EXTRACT(EPOCH FROM now())) ' .
+ 'VALUES (?, ?, ?, ?, EXTRACT(EPOCH FROM now())::INTEGER) ' .
'ON CONFLICT (Time, CID) DO UPDATE SET ' .
'RBLCount = LocalStat.RBLCount + excluded.RBLCount, ' .
'PregreetCount = LocalStat.PregreetCount + excluded.PregreetCount, ' .
sub run_dequeue {
my $self = shift;
- $self->log(2, "starting policy database maintainance (greylist, rbl)");
+ $self->log(2, "starting policy database maintenance (greylist, rbl)");
my $cinfo = PMG::ClusterConfig->new();
my $lcid = $cinfo->{local}->{cid};
$self->log(0, "greylist database update error: $err");
}
- $self->log(2, "end policy database maintainance ($rbltime ms, $ptime ms)");
+ $self->log(2, "end policy database maintenance ($rbltime ms, $ptime ms)");
$dbh->disconnect() if $dbh;
}
$prop->{log_level} = 3;
- $self->log(0, "Policy daemon (re)started");
+ $self->log('info', "Policy daemon (re)started");
$SIG{'USR1'} = sub {
# reloading server configuration
if (defined $prop->{children}) {
foreach my $pid (keys %{$prop->{children}}) {
- kill(10, $pid); # SIGUSR1 childs
+ kill(10, $pid); # SIGUSR1 children
}
}
};
my $prop = $self->{server};
if ($self->{ruledb}) {
- $self->log(0, "reloading configuration $database");
+ $self->log('info', "reloading configuration $database");
$self->{ruledb}->close();
}
my $auth_expl;
# we only use helo tests when we have no sender,
- # helo is sometimes empty, so we cant use SPF helo tests
+ # helo is sometimes empty, so we can't use SPF helo tests
# in that case - strange
if ($helo && !$sender) {
my $query;
$self->{cache}->{$dkey}->{status} = 1;
my @mxa = grep { $_->type eq 'MX' } $mx->answer;
my @mxl = sort { $a->preference <=> $b->preference } @mxa;
- # shift @mxl; # optionaly skip primary MX ?
+ # shift @mxl; # optionally skip primary MX ?
foreach my $rr (@mxl) {
my $a = $resolver->send ($rr->exchange, 'A');
if ($a) {
if (defined ($user) && defined ($domain)) {
# see http://cr.yp.to/proto/verp.txt
$user =~ s/\+.*//; # strip extensions (mailing-list VERP)
- $user =~ s/\b\d+\b/#/g; #replace nubmers in VERP address
+ $user =~ s/\b\d+\b/#/g; #replace numbers in VERP address
$sender = "$user\@$domain";
}
# table later. We set 'blocked' to 100000 to identify those entries.
if (!defined($ref->{rctime})) {
-
- # FIXME: drop Host column with PMG 7.0
$dbh->do(PMG::DBTools::cgreylist_merge_sql(1), undef,
- $ip, $masklen, 0, $sender, $rcpt, $instance,
+ $ip, $masklen, $sender, $rcpt, $instance,
$ctime, $ctime + 10, 0, 100000, 0, $ctime, $self->{lcid});
}
eval {
- # we dont use alarm here, because it does not work with DBI
+ # we don't use alarm here, because it does not work with DBI
$dbh->begin_work;
if (!defined($ref->{rctime})) {
- $dbh->do(PMG::DBTools::cgreylist_merge_sql(1), undef,
- $ip, $masklen, 0, $sender, $rcpt, $instance,
- $ctime, $ctime + $greylist_lifetime, 0, 1, 0, $ctime, $self->{lcid});
+ $dbh->do(
+ PMG::DBTools::cgreylist_merge_sql(1), undef, $ip, $masklen,
+ $sender, $rcpt, $instance, $ctime, $ctime + $greylist_lifetime,
+ 0, 1, 0, $ctime, $self->{lcid}
+ );
$res = $defer_res;
$self->log(3, "defer greylisted mail");
# defer (resent within greylist_delay window)
$res = $defer_res;
$self->log(3, "defer greylisted mail");
- $dbh->do("UPDATE CGreylist " .
- "SET Blocked = Blocked + 1, MTime = ? " .
- "WHERE IPNet::cidr = network(set_masklen(?, ?)) AND ".
- "Sender = ? AND Receiver = ?", undef,
- $ctime, $ip, $masklen, $sender, $rcpt);
+ $dbh->do(
+ "UPDATE CGreylist " .
+ "SET Blocked = Blocked + 1, MTime = ? " .
+ "WHERE IPNet::cidr = network(set_masklen(?, ?)) ".
+ " AND Sender = ? AND Receiver = ?", undef,
+ $ctime, $ip, $masklen, $sender, $rcpt
+ );
} else {
if ($ctime < $ref->{extime}) {
# accept (not expired)
my $lifetime = $sender eq "" ? 0 : $greylist_awlifetime;
my $delay = $ref->{passed} ? "" : "Delay = $age, ";
- $dbh->do("UPDATE CGreylist " .
- "SET Passed = Passed + 1, $delay ExTime = ?, MTime = ? " .
- "WHERE IPNet::cidr = network(set_masklen(?, ?)) AND ".
- "Sender = ? AND Receiver = ?", undef,
- $ctime + $lifetime, $ctime, $ip, $masklen, $sender, $rcpt);
+ $dbh->do(
+ "UPDATE CGreylist " .
+ "SET Passed = Passed + 1, $delay ExTime = ?, MTime = ? " .
+ "WHERE IPNet::cidr = network(set_masklen(?, ?)) ".
+ " AND Sender = ? AND Receiver = ?", undef,
+ $ctime + $lifetime, $ctime, $ip, $masklen, $sender, $rcpt
+ );
} else {
# defer (record is expired)
$res = $defer_res;
- $dbh->do("UPDATE CGreylist " .
- "SET RCTime = ?, ExTime = ?, MTime = ?, Instance = ?, " .
- "Blocked = 1, Passed = 0 " .
- "WHERE IPNet::cidr = network(set_masklen(?, ?)) AND ".
- "Sender = ? AND Receiver = ?", undef,
- $ctime, $ctime + $greylist_lifetime, $ctime, $instance,
- $ip, $masklen, $sender, $rcpt);
+ $dbh->do(
+ "UPDATE CGreylist " .
+ "SET RCTime = ?, ExTime = ?, MTime = ?, Instance = ?, " .
+ "Blocked = 1, Passed = 0 " .
+ "WHERE IPNet::cidr = network(set_masklen(?, ?)) ".
+ " AND Sender = ? AND Receiver = ?", undef,
+ $ctime, $ctime + $greylist_lifetime, $ctime, $instance,
+ $ip, $masklen, $sender, $rcpt
+ );
}
}
}
if (defined $prop->{children}) {
foreach my $pid (keys %{$prop->{children}}) {
- kill(1, $pid); # HUP childs
+ kill(1, $pid); # HUP children
}
}
- # nicely shutdown childs (give them max 30 seconds to shut down)
+ # nicely shutdown children (give them max 30 seconds to shut down)
my $previous_alarm = alarm(30);
eval {
local $SIG{ALRM} = sub { die "Timed Out!\n" };
# subroutine to start up a specified number of children.
# We need to block signals until handlers are set up correctly.
# Else its possible that HUP occurs after fork, which triggers
-# singal TERM at childs and calls server_close() instead of
+# signal TERM at children and calls server_close() instead of
# simply exit the child.
# Note: on server startup signals are setup to trigger
# asynchronously for a short period of time (in PreForkSimple]::loop,