From 19717bb6b4bea979efc5b441f91ae11b982f6fd4 Mon Sep 17 00:00:00 2001
From: Sam Varshavchik
Date: Sat, 11 Mar 2017 10:10:39 -0500
Subject: couriertcpd: do not issue ANY queries for DNSBL lookups.

---
 tcpd/tcpd.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

(limited to 'tcpd/tcpd.c')

diff --git a/tcpd/tcpd.c b/tcpd/tcpd.c
index 819dc51..093a23a 100644
--- a/tcpd/tcpd.c
+++ b/tcpd/tcpd.c
@@ -1624,11 +1624,11 @@ static void docheckblocklist(struct blocklist_s *p, const char *nameptr)
 	if (p->allow)
 		wanttxt = p->msg != 0;
 	else
-		wanttxt = (p->msg == 0 || *p->msg == 0);
+		wanttxt = p->msg && strcmp(p->msg, "*") == 0;
 
 	(void)rfc1035_resolve_cname(&res,
 			hostname,
-			wanttxt ? RFC1035_TYPE_ANY:RFC1035_TYPE_A,
+			wanttxt ? RFC1035_TYPE_TXT:RFC1035_TYPE_A,
 			RFC1035_CLASS_IN, &replyp, 0);
 
 	if (!replyp)
@@ -1673,12 +1673,25 @@ static void docheckblocklist(struct blocklist_s *p, const char *nameptr)
 		if (!search_txt_records(&res, p->allow, varname, replyp,
 					hostname) && !p->allow)
 		{
+			size_t l=strlen(p->zone)+40;
+			char *buf=malloc(l+1);
+
+			if (!buf)
+			{
+				perror("malloc");
+				_exit(1);
+			}
+
+			buf[snprintf(buf, l, "Sender @ blacklisted by %s",
+				     p->zone)]=0;
+
 			/*
 			** Even though we did not find a TXT record, we're here
 			** because of an A record, so for -blocks, we must
 			** set varname to something.
 			*/
-			mysetenv(varname, "Access denied.");
+			mkmymsg(varname, buf);
+			free(buf);
 		}
 
 		found=1;
-- 
cgit v1.2.3