Make local exclusions configurable per-RBL

diff --git a/doc/markdown/modules/rbl.md b/doc/markdown/modules/rbl.md
index 8748f4617176f5e3aecd8173178d5897511f0776..7798f0069e62f32ebff4d3696f6a7d92763ea938 100644 (file)
--- a/doc/markdown/modules/rbl.md
+++ b/doc/markdown/modules/rbl.md
@@ -57,6 +57,10 @@ If set to true, do not use this RBL if the message sender is authenticated.
 
 If set to true, from/received RBL checks will ignore private IP address space.
 
+- default_exclude_local (true)
+
+If true, and local_exclude_ip_map has been set - exclude specified addresses/subnets from received/from RBL checks.
+
 Other parameters which can be set here are:
 
 - local_exclude_ip_map

diff --git a/src/plugins/lua/rbl.lua b/src/plugins/lua/rbl.lua
index f8018f550ac4d06cbd4d169103793014a03e89d7..2870e38ee982aca480cc8cb249ee64f4936e9701 100644 (file)
--- a/src/plugins/lua/rbl.lua
+++ b/src/plugins/lua/rbl.lua
@@ -209,7 +209,7 @@ local function rbl_cb (task)
            havegot['from'] = task:get_from_ip()
            if not havegot['from']:is_valid() or
               (rbl['exclude_private_ips'] and is_private_ip(havegot['from']))
-              or is_excluded_ip(havegot['from']) then
+              or (is_excluded_ip(havegot['from']) and rbl['exclude_local']) then
              notgot['from'] = true
              return
            end
@@ -239,7 +239,8 @@ local function rbl_cb (task)
               if ((rh['real_ip']:get_version() == 6 and rbl['ipv6']) or
                 (rh['real_ip']:get_version() == 4 and rbl['ipv4'])) and
                 ((rbl['exclude_private_ips'] and not is_private_ip(rh['real_ip'])) or
-                not rbl['exclude_private_ips']) and not is_excluded_ip(rh['real_ip']) then
+                not rbl['exclude_private_ips']) and not (is_excluded_ip(rh['real_ip'])
+                and rbl['exclude_local']) then
                   task:get_resolver():resolve_a(task:get_session(), task:get_mempool(),
                     ip_to_rbl(rh['real_ip'], rbl['rbl']), rbl_dns_cb, k)
               end
@@ -265,6 +266,7 @@ if type(rspamd_config.get_api_version) ~= 'nil' then
     rspamd_config:register_module_option('rbl', 'default_exclude_users', 'string')
     rspamd_config:register_module_option('rbl', 'default_exclude_private_ips', 'string')
     rspamd_config:register_module_option('rbl', 'local_exclude_ip_map', 'string')
+    rspamd_config:register_module_option('rbl', 'default_exclude_local', 'string')
   end
 end
 
@@ -300,13 +302,18 @@ end
 if(opts['default_exclude_private_ips'] == nil) then
   opts['default_exclude_private_ips'] = false
 end
-
+if(opts['default_exclude_local'] == nil) then
+  opts['default_exclude_local'] = true
+end
 if(opts['local_exclude_ip_map'] ~= nil) then
   local_exclusions = rspamd_config:add_radix_map(opts['local_exclude_ip_map'])
 end
 
 for key,rbl in pairs(opts['rbls']) do
-  local o = { "ipv4", "ipv6", "from", "received", "unknown", "rdns", "helo", "exclude_users", "exclude_private_ips" }
+  local o = {
+    "ipv4", "ipv6", "from", "received", "unknown", "rdns", "helo", "exclude_users",
+    "exclude_private_ips", "exclude_local"
+  }
   for i=1,table.maxn(o) do
     if(rbl[o[i]] == nil) then
       rbl[o[i]] = opts['default_' .. o[i]]