Inn-2.4.5.filter nnrpd.patch | open news network

--- inn-2.4.5/samples/filter_nnrpd.pl 2008-06-29 19:56:57.000000000 +0200 +++ inn-2.4.5/samples/filter_nnrpd.pl 2009-01-03 00:10:35.000000000 +0100 @@ -1,5 +1,5 @@ # -# $Id: filter_nnrpd.pl 5981 2002-12-12 05:01:42Z vinocur $ +# $Id: filter_nnrpd.pl, 2009/01/03 open.news.network.org $ # # Sample perl filtering code for nnrpd hook. # @@ -27,6 +27,14 @@ my %config = (checkincludedtext => 0, # # Sample filter # +# for Encryption use Crypt::CBC; +use Crypt::CBC; +use Compress::Zlib; +use MIME::Base64; +use Digest::HMAC_SHA1; +use Digest::SHA1; + + sub filter_post { my $rval = "" ; # assume we'll accept. # @@ -34,14 +42,14 @@ sub filter_post { ### in their subject, or which have a "Re: " subject, but noReferences: ### header, or which have an invalid From. # -## if ($hdr{"Subject"} =~ /make.*money/i) { -## $rval = "Spam is not acceptable here..." ; -## } elsif ($hdr{'Subject'} =~ /^Re: /o and $hdr{'References'} eq "") { -## $rval = "Followup without References:"; -## } elsif ($hdr{'From'} =~ /^\w*$/o or -## $hdr{'From'} !~ /^(.+?)\@([-\w\d]+\.)*([-\w\d]+)\.([-\w\d]{2,})$/o) { -## $rval = "From: is invalid, must be user\@[host.]domain.tld"; -## } + if ($hdr{"Subject"} =~ /make.*money/i) { + $rval = "Spam is not acceptable here..." ; +### } elsif ($hdr{'Subject'} =~ /^Re: /o and $hdr{'References'} eq "") { +### $rval = "Followup without References:"; +### } elsif ($hdr{'From'} =~ /^\w*$/o or +### $hdr{'From'} !~ /^(.+?)\@([-\w\d]+\.)*([-\w\d]+)\.([-\w\d]{2,})$/o) { +### $rval = "From: is invalid, must be user\@[host.]domain.tld"; + }

### The next block rejects articles with too much quoted text, if the
@@ -55,6 +63,127 @@ sub filter_post {
}
}

+###########################
+# ka private hierachie rules
+############################
+
+@newsgroups = split(/,/, $hdr{"Newsgroups"});
+ foreach (@newsgroups) {
+ if (/^ka\./i) {
+ $ka++;
+ } else {
+ $nka++;
+ }
+ if (/^net\./i) {
+ $net++;
+ } else {
+ $notnet++;
+ }
+
+
+ }
+ if ($ka && $nka) {
+ if (!defined($hdr{"Followup-To"})) {
+ $fka = 1;
+ } else {
+ @followupgroups = split(/,/, $hdr{"Followup-To"});
+ foreach (@followupgroups) {
+ if (/^ka\./i){
+ $fka++;
+ }
+ }
+ }
+ if ($fka) {
+ $rval = "Keine Crosspostings nach ka.* (-> http://www.karlsruhe.org/)";
+ }
+ }
+ if ($ka > 3) {
+ $rval = "Zu viele Gruppen fuer ka.* (-> http://www.karlsruhe.org/)";
+ }
+
+
+
+
+
+##############################################################
+# encrytion
+# Christian Gall
+# sub encrypt see below
+#############################################################
+
+
+#########################
+# X-Trace encrypt
+########################
+
+ if ($hdr{'X-Trace'} =~ /^(\S+)\s+(.*)\s+($[^$]+\))$/) {
+ # $hdr{'X-Trace'} = "$1 " . encrypt($2) . " $3";
+ $hdr{'X-Trace'} = "$1 ".encode_base64(compress(encrypt($2)),"")." $3";
+ $modify_headers = 1;
+ }
+
+#############################################
+# NNTP-Posting-HOST encrypt and Cancelock
+##############################################
+ if($hdr{'Control'}){
+ @control = split(/ /, $hdr{"Control"});
+
+ foreach(@control) {
+ if (/^cancel/i) {
+ $cancel++;
+ }
+ $CancelID = $_;
+ }
+ }
+
+ if ($hdr{'NNTP-Posting-Host'}) {
+ $hdr{'NNTP-Posting-Host'} = encode_base64(encrypt($hdr{'NNTP-Posting-Host' }),"");
+ $hdr{'X-User-ID'} = encode_base64(encrypt($user ),"");
+ if($hdr{'Cancel-Lock'}) {
+ $newlock = $hdr{'Cancel-Lock'};
+ $hmac = Digest::HMAC_SHA1->new("admin");
+ $data = "cancel ".$hdr{'Message-ID'}."$CANCELLOCK";
+ $hmac->add("$data");
+ $digest = $hmac->b64digest;
+ $lock = encode_base64(Digest::SHA1::sha1($digest),"");
+ $hdr{'Cancel-Lock'} = $newlock." sha1:".$lock."";
+ }
+
+ if(!$hdr{'Cancel-Lock'}) {
+ $hmac = Digest::HMAC_SHA1->new("$user");
+ $data = "cancel ".$hdr{'Message-ID'}."$CANCELLOCK";
+ $hmac->add("$data");
+ $digest = $hmac->b64digest;
+ $lock = encode_base64(Digest::SHA1::sha1($digest),"");
+ $hdr{'Cancel-Lock'} = "sha1:".$lock."";
+ }
+
+ # if($cancel) {
+ if($cancel && !$hdr{'Cancel-Key'}) {
+ $hmac = Digest::HMAC_SHA1->new("$user");
+ $data = $hdr{'Control'}."$CANCELLOCK";
+ $hmac->add($data);
+ $digest = $hmac->b64digest;
+ $schluessel = $digest;
+ $hdr{'Cancel-key'} = "sha1:".$schluessel;
+ }
+ if($hdr{'Supersedes'} && !$hdr{'Cancel-Key'}) {
+ $hmac = Digest::HMAC_SHA1->new("$user");
+ $data = "cancel ".$hdr{'Supersedes'}."$CANCELLOCK";
+ $hmac->add($data);
+ $digest = $hmac->b64digest;
+ $schluessel = $digest;
+ $hdr{'Cancel-key'} = "sha1:".$schluessel;
+ }
+
+ $modify_headers = 1;
+
+ }
+
+
+
+
+
return $rval;
}

@@ -72,3 +201,41 @@ sub analyze {

return ($lines, $quoted, $antiquoted);
}
+
+#########################################
+# encrypt X-header
+########################################
+
+sub encrypt {
+
+ my $line = shift;
+ my $cipher = Crypt::CBC->new( {
+ 'key' => 'ServerVerySecretKey',
+ 'cipher' => 'Blowfish',
+ 'prepend_iv' => 1
+ });
+ return $cipher->encrypt_hex($line);
+}
+
+
+###################################################
+# Für das Entschlüsseln:
+#
+#
+# use strict;
+# use warnings;
+#
+# use Crypt::CBC;
+#
+# my $cipher = Crypt::CBC->new( {
+# 'key' => '',
+# 'cipher' => 'Blowfish',
+# 'prepend_iv' => 1
+# });
+
+# my $encrypted = ;
+# chomp($encrypted);
+#
+# print $cipher->decrypt_hex($encrypted) . "\n";
+#
+