Make ignoring private IP space configurable; avoid changing plugin default behaviour

diff --git a/conf/modules.conf b/conf/modules.conf
index de125866a9978eaa010cf0182be7eac97561dd51..2f291de794f43f4701ffb74301b1554623f624eb 100644 (file)
--- a/conf/modules.conf
+++ b/conf/modules.conf
@@ -87,6 +87,7 @@ rbl {
  default_from = true;
  default_received = false;
  default_exclude_users = true;
+ default_exclude_private_ips = true;
 
  rbls {
        

diff --git a/doc/markdown/modules/rbl.md b/doc/markdown/modules/rbl.md
index 41854c5422084bacf9a5d5762a8d5ae32a4f8828..2c654c8082eca35845e8565cb94f0d9f06aa496d 100644 (file)
--- a/doc/markdown/modules/rbl.md
+++ b/doc/markdown/modules/rbl.md
@@ -53,6 +53,10 @@ If set to false, do not yield a result unless the response received from the RBL
 
 If set to true, do not use this RBL if the message sender is authenticated.
 
+- default_exclude_private_ips (false)
+
+If set to true, from/received RBL checks will ignore private IP address space.
+
 RBL-specific subsection is structured as follows:
 
 ~~~nginx

diff --git a/src/plugins/lua/rbl.lua b/src/plugins/lua/rbl.lua
index ef48428b3fef080754ae956f7db31abec040d607..6950ab7cb97a9aaafd85f22522039ca20536736a 100644 (file)
--- a/src/plugins/lua/rbl.lua
+++ b/src/plugins/lua/rbl.lua
@@ -199,7 +199,8 @@ local function rbl_cb (task)
          end
          if not havegot['from'] then
            havegot['from'] = task:get_from_ip()
-           if not havegot['from']:is_valid() or is_private_ip(havegot['from']) then
+           if not havegot['from']:is_valid() or
+              (rbl['exclude_private_ips'] and is_private_ip(havegot['from'])) then
              notgot['from'] = true
              return
            end
@@ -227,10 +228,11 @@ local function rbl_cb (task)
          for _,rh in ipairs(havegot['received']) do
            if rh['real_ip'] and rh['real_ip']:is_valid() then
               if ((rh['real_ip']:get_version() == 6 and rbl['ipv6']) or
-                (rh['real_ip']:get_version() == 4 and rbl['ipv4']))
-                and not is_private_ip(rh['real_ip']) then
-                task:get_resolver():resolve_a(task:get_session(), task:get_mempool(),
-                  ip_to_rbl(rh['real_ip'], rbl['rbl']), rbl_dns_cb, k)
+                (rh['real_ip']:get_version() == 4 and rbl['ipv4'])) and
+                ((rbl['exclude_private_ips'] and not is_private_ip(rh['real_ip'])) or
+                not rbl['exclude_private_ips']) then
+                  task:get_resolver():resolve_a(task:get_session(), task:get_mempool(),
+                    ip_to_rbl(rh['real_ip'], rbl['rbl']), rbl_dns_cb, k)
               end
            end
          end
@@ -252,6 +254,7 @@ if type(rspamd_config.get_api_version) ~= 'nil' then
     rspamd_config:register_module_option('rbl', 'default_helo', 'string')
     rspamd_config:register_module_option('rbl', 'default_unknown', 'string')
     rspamd_config:register_module_option('rbl', 'default_exclude_users', 'string')
+    rspamd_config:register_module_option('rbl', 'default_exclude_private_ips', 'string')
   end
 end
 
@@ -284,8 +287,12 @@ end
 if(opts['default_exclude_users'] == nil) then
   opts['default_exclude_users'] = false
 end
+if(opts['default_exclude_private_ips'] == nil) then
+  opts['default_exclude_private_ips'] = false
+end
+
 for key,rbl in pairs(opts['rbls']) do
-  local o = { "ipv4", "ipv6", "from", "received", "unknown", "rdns", "helo", "exclude_users" }
+  local o = { "ipv4", "ipv6", "from", "received", "unknown", "rdns", "helo", "exclude_users", "exclude_private_ips" }
   for i=1,table.maxn(o) do
     if(rbl[o[i]] == nil) then
       rbl[o[i]] = opts['default_' .. o[i]]