X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/3386088d5af4d4c61faa12ae29560e2c5bd43304..6f6dedccb47f231a0712d882da20feffbac8d0bc:/src/src/verify.c diff --git a/src/src/verify.c b/src/src/verify.c index 6c6e6d618..cb88f28a9 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -21,6 +21,7 @@ uschar ctbuffer[8192]; /* Structure for caching DNSBL lookups */ typedef struct dnsbl_cache_block { + time_t expiry; dns_address *rhs; uschar *text; int rc; @@ -443,7 +444,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6; - if (!smtp_get_interface(tf->interface, host_af, addr, NULL, &interface, + if (!smtp_get_interface(tf->interface, host_af, addr, &interface, US"callout") || !smtp_get_port(tf->port, addr, &port, US"callout")) log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address, @@ -578,7 +579,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. deliver_domain = addr->domain; transport_name = addr->transport->name; - if ( !smtp_get_interface(tf->interface, host_af, addr, NULL, &interface, + if ( !smtp_get_interface(tf->interface, host_af, addr, &interface, US"callout") || !smtp_get_port(tf->port, addr, &port, US"callout") ) @@ -2363,6 +2364,7 @@ for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++) while (len++ < maxaddlen) fprintf(f," "); if (h->mx >= 0) fprintf(f, "MX=%d", h->mx); if (h->port != PORT_NONE) fprintf(f, " port=%d", h->port); + if (running_in_test_harness) #ifndef DISABLE_DNSSEC fprintf(f, " ad=%s", h->dnssec==DS_YES ? "yes" : "no"); #else @@ -2915,7 +2917,7 @@ if (ip_bind(sock, host_af, interface_address, 0) < 0) if (ip_connect(sock, host_af, sender_host_address, port, rfc1413_query_timeout) < 0) { - if (errno == ETIMEDOUT && (log_extra_selector & LX_ident_timeout) != 0) + if (errno == ETIMEDOUT && LOGGING(ident_timeout)) { log_write(0, LOG_MAIN, "ident connection to %s timed out", sender_host_address); @@ -3583,21 +3585,37 @@ if (!string_format(query, sizeof(query), "%s.%s", prepend, domain)) /* Look for this query in the cache. */ -t = tree_search(dnsbl_cache, query); +if ( (t = tree_search(dnsbl_cache, query)) + && (cb = t->data.ptr)->expiry > time(NULL) + ) + +/* Previous lookup was cached */ + + { + HDEBUG(D_dnsbl) debug_printf("using result of previous DNS lookup\n"); + } /* If not cached from a previous lookup, we must do a DNS lookup, and cache the result in permanent memory. */ -if (t == NULL) +else { + uint ttl = UINT_MAX; + store_pool = POOL_PERM; - /* Set up a tree entry to cache the lookup */ + if (t) + { + HDEBUG(D_dnsbl) debug_printf("cached data found but past valid time; "); + } - t = store_get(sizeof(tree_node) + Ustrlen(query)); - Ustrcpy(t->name, query); - t->data.ptr = cb = store_get(sizeof(dnsbl_cache_block)); - (void)tree_insertnode(&dnsbl_cache, t); + else + { /* Set up a tree entry to cache the lookup */ + t = store_get(sizeof(tree_node) + Ustrlen(query)); + Ustrcpy(t->name, query); + t->data.ptr = cb = store_get(sizeof(dnsbl_cache_block)); + (void)tree_insertnode(&dnsbl_cache, t); + } /* Do the DNS loopup . */ @@ -3633,6 +3651,7 @@ if (t == NULL) *addrp = da; while (da->next != NULL) da = da->next; addrp = &(da->next); + if (ttl > rr->ttl) ttl = rr->ttl; } } } @@ -3644,17 +3663,10 @@ if (t == NULL) if (cb->rhs == NULL) cb->rc = DNS_NODATA; } + cb->expiry = time(NULL)+ttl; store_pool = old_pool; } -/* Previous lookup was cached */ - -else - { - HDEBUG(D_dnsbl) debug_printf("using result of previous DNS lookup\n"); - cb = t->data.ptr; - } - /* We now have the result of the DNS lookup, either newly done, or cached from a previous call. If the lookup succeeded, check against the address list if there is one. This may be a positive equality list (introduced by