server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/fastfail/ValidRcptMX.java - james-project - Git at Google

 /****************************************************************
  * Licensed to the Apache Software Foundation (ASF) under one   *
  * or more contributor license agreements.  See the NOTICE file *
  * distributed with this work for additional information        *
  * regarding copyright ownership.  The ASF licenses this file   *
  * to you under the Apache License, Version 2.0 (the            *
  * "License"); you may not use this file except in compliance   *
  * with the License.  You may obtain a copy of the License at   *
  *                                                              *
  *   http://www.apache.org/licenses/LICENSE-2.0                 *
  *                                                              *
  * Unless required by applicable law or agreed to in writing,   *
  * software distributed under the License is distributed on an  *
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY       *
  * KIND, either express or implied.  See the License for the    *
  * specific language governing permissions and limitations      *
  * under the License.                                           *
  ****************************************************************/
 package org.apache.james.smtpserver.fastfail;

 import java.net.UnknownHostException;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Iterator;

 import javax.inject.Inject;

 import org.apache.commons.configuration2.Configuration;
 import org.apache.commons.configuration2.ex.ConfigurationException;
 import org.apache.james.core.Domain;
 import org.apache.james.core.MailAddress;
 import org.apache.james.core.MaybeSender;
 import org.apache.james.dnsservice.api.DNSService;
 import org.apache.james.dnsservice.api.TemporaryResolutionException;
 import org.apache.james.dnsservice.library.netmatcher.NetMatcher;
 import org.apache.james.protocols.api.handler.ProtocolHandler;
 import org.apache.james.protocols.smtp.SMTPRetCode;
 import org.apache.james.protocols.smtp.SMTPSession;
 import org.apache.james.protocols.smtp.dsn.DSNStatus;
 import org.apache.james.protocols.smtp.hook.HookResult;
 import org.apache.james.protocols.smtp.hook.HookReturnCode;
 import org.apache.james.protocols.smtp.hook.RcptHook;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import com.google.common.collect.ImmutableList;

 /**
  * This class can be used to reject email with bogus MX which is send from a
  * authorized user or an authorized network.
  */
 public class ValidRcptMX implements RcptHook, ProtocolHandler {
     private static final Logger LOGGER = LoggerFactory.getLogger(ValidRcptMX.class);

     private  final DNSService dnsService;
     private NetMatcher bNetwork = null;

     @Inject
     public ValidRcptMX(DNSService dnsService) {
         this.dnsService = dnsService;
     }

     /**
      * Set the banned networks
      *
      * @param networks  Collection of networks
      * @param dnsServer The DNSServer
      */
     public void setBannedNetworks(Collection<String> networks, DNSService dnsServer) {
         bNetwork = new NetMatcher(networks, dnsServer);
     }

     @Override
     public HookResult doRcpt(SMTPSession session, MaybeSender sender, MailAddress rcpt) {

         Domain domain = rcpt.getDomain();

         // Email should be deliver local
         if (!domain.equals(Domain.LOCALHOST)) {

             Iterator<String> mx;
             try {
                 mx = dnsService.findMXRecords(domain.name()).iterator();
             } catch (TemporaryResolutionException e1) {
                 return HookResult.DENYSOFT;
             }

             if (mx != null && mx.hasNext()) {
                 while (mx.hasNext()) {
                     String mxRec = mx.next();

                     try {
                         String ip = dnsService.getByName(mxRec).getHostAddress();

                         // Check for invalid MX
                         if (bNetwork.matchInetNetwork(ip)) {
                             return HookResult.builder()
                                 .hookReturnCode(HookReturnCode.deny())
                                 .smtpReturnCode(SMTPRetCode.AUTH_REQUIRED)
                                 .smtpDescription(DSNStatus.getStatus(DSNStatus.PERMANENT, DSNStatus.SECURITY_AUTH)
                                     + " Invalid MX " + session.getRemoteAddress().getAddress().toString() + " for domain " + domain.asString() + ". Reject email")
                                 .build();
                         }
                     } catch (UnknownHostException e) {
                         // Ignore this
                     }
                 }
             }
         }
         return HookResult.DECLINED;
     }

     @Override
     public void init(Configuration config) throws ConfigurationException {

         String[] networks = config.getStringArray("invalidMXNetworks");

         if (networks.length == 0) {

             Collection<String> bannedNetworks = Arrays.stream(networks)
                 .map(String::trim)
                 .collect(ImmutableList.toImmutableList());

             setBannedNetworks(bannedNetworks, dnsService);

             LOGGER.info("Invalid MX Networks: {}", bNetwork);
         } else {
             throw new ConfigurationException("Please configure at least on invalid MX network");
         }
     }
 }
	/****************************************************************
	* Licensed to the Apache Software Foundation (ASF) under one *
	* or more contributor license agreements. See the NOTICE file *
	* distributed with this work for additional information *
	* regarding copyright ownership. The ASF licenses this file *
	* to you under the Apache License, Version 2.0 (the *
	* "License"); you may not use this file except in compliance *
	* with the License. You may obtain a copy of the License at *
	* *
	* http://www.apache.org/licenses/LICENSE-2.0 *
	* *
	* Unless required by applicable law or agreed to in writing, *
	* software distributed under the License is distributed on an *
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
	* KIND, either express or implied. See the License for the *
	* specific language governing permissions and limitations *
	* under the License. *
	****************************************************************/
	package org.apache.james.smtpserver.fastfail;

	import java.net.UnknownHostException;
	import java.util.Arrays;
	import java.util.Collection;
	import java.util.Iterator;

	import javax.inject.Inject;

	import org.apache.commons.configuration2.Configuration;
	import org.apache.commons.configuration2.ex.ConfigurationException;
	import org.apache.james.core.Domain;
	import org.apache.james.core.MailAddress;
	import org.apache.james.core.MaybeSender;
	import org.apache.james.dnsservice.api.DNSService;
	import org.apache.james.dnsservice.api.TemporaryResolutionException;
	import org.apache.james.dnsservice.library.netmatcher.NetMatcher;
	import org.apache.james.protocols.api.handler.ProtocolHandler;
	import org.apache.james.protocols.smtp.SMTPRetCode;
	import org.apache.james.protocols.smtp.SMTPSession;
	import org.apache.james.protocols.smtp.dsn.DSNStatus;
	import org.apache.james.protocols.smtp.hook.HookResult;
	import org.apache.james.protocols.smtp.hook.HookReturnCode;
	import org.apache.james.protocols.smtp.hook.RcptHook;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	import com.google.common.collect.ImmutableList;

	/**
	* This class can be used to reject email with bogus MX which is send from a
	* authorized user or an authorized network.
	*/
	public class ValidRcptMX implements RcptHook, ProtocolHandler {
	private static final Logger LOGGER = LoggerFactory.getLogger(ValidRcptMX.class);

	private final DNSService dnsService;
	private NetMatcher bNetwork = null;

	@Inject
	public ValidRcptMX(DNSService dnsService) {
	this.dnsService = dnsService;
	}

	/**
	* Set the banned networks
	*
	* @param networks Collection of networks
	* @param dnsServer The DNSServer
	*/
	public void setBannedNetworks(Collection<String> networks, DNSService dnsServer) {
	bNetwork = new NetMatcher(networks, dnsServer);
	}

	@Override
	public HookResult doRcpt(SMTPSession session, MaybeSender sender, MailAddress rcpt) {

	Domain domain = rcpt.getDomain();

	// Email should be deliver local
	if (!domain.equals(Domain.LOCALHOST)) {

	Iterator<String> mx;
	try {
	mx = dnsService.findMXRecords(domain.name()).iterator();
	} catch (TemporaryResolutionException e1) {
	return HookResult.DENYSOFT;
	}

	if (mx != null && mx.hasNext()) {
	while (mx.hasNext()) {
	String mxRec = mx.next();

	try {
	String ip = dnsService.getByName(mxRec).getHostAddress();

	// Check for invalid MX
	if (bNetwork.matchInetNetwork(ip)) {
	return HookResult.builder()
	.hookReturnCode(HookReturnCode.deny())
	.smtpReturnCode(SMTPRetCode.AUTH_REQUIRED)
	.smtpDescription(DSNStatus.getStatus(DSNStatus.PERMANENT, DSNStatus.SECURITY_AUTH)
	+ " Invalid MX " + session.getRemoteAddress().getAddress().toString() + " for domain " + domain.asString() + ". Reject email")
	.build();
	}
	} catch (UnknownHostException e) {
	// Ignore this
	}
	}
	}
	}
	return HookResult.DECLINED;
	}

	@Override
	public void init(Configuration config) throws ConfigurationException {

	String[] networks = config.getStringArray("invalidMXNetworks");

	if (networks.length == 0) {

	Collection<String> bannedNetworks = Arrays.stream(networks)
	.map(String::trim)
	.collect(ImmutableList.toImmutableList());

	setBannedNetworks(bannedNetworks, dnsService);

	LOGGER.info("Invalid MX Networks: {}", bNetwork);
	} else {
	throw new ConfigurationException("Please configure at least on invalid MX network");
	}
	}
	}