gboolean vectorized_hyperscan; /**< use vectorized hyperscan matching */
gboolean enable_shutdown_workaround; /**< enable workaround for legacy SA clients (exim) */
gboolean ignore_received; /**< Ignore data from the first received header */
+ gboolean check_local; /** Don't disable any checks for local networks */
+ gboolean check_authed; /** Don't disable any checks for authenticated users */
gsize max_diff; /**< maximum diff size for text parts */
gsize max_cores_size; /**< maximum size occupied by rspamd core files */
G_STRUCT_OFFSET (struct rspamd_config, strict_protocol_headers),
0,
"Emit errors if there are unknown HTTP headers in a request");
+ rspamd_rcl_add_default_handler (sub,
+ "check_local",
+ rspamd_rcl_parse_struct_boolean,
+ G_STRUCT_OFFSET (struct rspamd_config, check_local),
+ 0,
+ "Don't disable any checks for local networks");
+ rspamd_rcl_add_default_handler (sub,
+ "check_authed",
+ rspamd_rcl_parse_struct_boolean,
+ G_STRUCT_OFFSET (struct rspamd_config, check_authed),
+ 0,
+ "Don't disable any checks for authenticated users");
rspamd_rcl_add_default_handler (sub,
"check_all_filters",
rspamd_rcl_parse_struct_boolean,
guint max_sigs;
gboolean trusted_only;
gboolean skip_multi;
+ gboolean check_local;
+ gboolean check_authed;
};
struct dkim_check_result {
dkim_module_ctx->whitelist_ip = radix_create_compressed ();
+ if ((value =
+ rspamd_config_get_module_opt (cfg, "options", "check_local")) != NULL) {
+ dkim_module_ctx->check_local = ucl_obj_toboolean (value);
+ }
+ else {
+ dkim_module_ctx->check_local = FALSE;
+ }
+ if ((value =
+ rspamd_config_get_module_opt (cfg, "options", "check_authed")) != NULL) {
+ dkim_module_ctx->check_authed = ucl_obj_toboolean (value);
+ }
+ else {
+ dkim_module_ctx->check_authed = FALSE;
+ }
if ((value =
rspamd_config_get_module_opt (cfg, "dkim", "symbol_reject")) != NULL) {
dkim_module_ctx->symbol_reject = ucl_obj_tostring (value);
guint checked = 0, i;
/* First check if plugin should be enabled */
- if (task->user != NULL || rspamd_inet_address_is_local (task->from_addr)) {
+ if ((!dkim_module_ctx->check_authed && task->user != NULL)
+ || (!dkim_module_ctx->check_local && rspamd_inet_address_is_local (task->from_addr))) {
msg_info_task ("skip DKIM checks for local networks and authorized users");
return;
}
local rspamd_redis = require "rspamd_redis"
local upstream_list = require "rspamd_upstream_list"
local rspamd_util = require "rspamd_util"
+local check_local = false
+local check_authed = false
local symbols = {
spf_allow_symbol = 'R_SPF_ALLOW',
local dmarc_domain
local ip_addr = task:get_ip()
- if task:get_user() or (ip_addr and ip_addr:is_local()) then
+ if ((not check_user and task:get_user()) or
+ (not check_local and ip_addr and ip_addr:is_local())) then
rspamd_logger.infox(task, "skip DMARC checks for local networks and authorized users");
return
end
forced = true})
end
+local opts = rspamd_config:get_all_opt('options')
+if opts and type(opts) ~= 'table' then
+ if type(opts['check_local']) == 'boolean' then
+ check_local = opts['check_local']
+ end
+ if type(opts['check_authed']) == 'boolean' then
+ check_authed = opts['check_authed']
+ end
+end
+
local opts = rspamd_config:get_all_opt('dmarc')
if not opts or type(opts) ~= 'table' then
return
['url_enabled'] = false
}
+local check_local = false
+local check_authed = false
+
local function check_regexp(str, regexp_text)
if not compiled_regexp[regexp_text] then
compiled_regexp[regexp_text] = rspamd_regexp.create(regexp_text, 'i')
--No more checks for auth user or local network
local rip = task:get_from_ip()
- if task:get_user() or (rip and rip:is_local()) then
+ if ((not check_user and task:get_user()) or
+ (not check_local and rip and rip:is_local())) then
return false
end
"HFILTER_FROM_BOUNCE"
}
+local opts = rspamd_config:get_all_opt('options')
+if opts and type(opts) ~= 'table' then
+ if type(opts['check_local']) == 'boolean' then
+ check_local = opts['check_local']
+ end
+ if type(opts['check_authed']) == 'boolean' then
+ check_authed = opts['check_authed']
+ end
+end
+
local opts = rspamd_config:get_all_opt('hfilter')
if opts then
for k,v in pairs(opts) do
local redis_params = nil
local whitelist = nil
local asn_cc_whitelist = nil
+local check_authed = false
local options = {
actions = { -- how each action is treated in scoring
-- Configuration options
local configure_ip_score_module = function()
- local opts = rspamd_config:get_all_opt('ip_score')
+ local opts = rspamd_config:get_all_opt('options')
+ if opts and type(opts) ~= 'table' then
+ if type(opts['check_authed']) == 'boolean' then
+ check_authed = opts['check_authed']
+ end
+ end
+ opts = rspamd_config:get_all_opt('ip_score')
if opts then
for k,v in pairs(opts) do
options[k] = v
if not redis_params then
rspamd_logger.infox(rspamd_config, 'no servers are specified')
end
+ else
+ return false
end
if options['whitelist'] then
whitelist = rspamd_config:add_radix_map(opts['whitelist'])
end
-configure_ip_score_module()
+if not configure_ip_score_module() then return end
if redis_params then
-- Register ip_score module
rspamd_config:register_symbol({
local good_hosts = {}
local whitelist = nil
local rspamd_logger = require "rspamd_logger"
+local check_local = false
+local check_authed = false
local function check_quantity_received (task)
local recvh = task:get_received_headers()
local task_ip = task:get_ip()
- if task:get_user() or (task_ip and task_ip:is_local()) then
+ if ((not check_user and task:get_user()) or
+ (not check_local and ip_addr and ip_addr:is_local())) then
+ rspamd_logger.infox(task, 'Skipping once_received for authenticated user or local network')
return
end
if whitelist and task_ip and whitelist:get_key(task_ip) then
end
end
+local opts = rspamd_config:get_all_opt('options')
+if opts and type(opts) ~= 'table' then
+ if type(opts['check_local']) == 'boolean' then
+ check_local = opts['check_local']
+ end
+ if type(opts['check_authed']) == 'boolean' then
+ check_authed = opts['check_authed']
+ end
+end
-- Configuration
local opts = rspamd_config:get_all_opt('once_received')
if opts then
rspamd_mempool_t *spf_pool;
radix_compressed_t *whitelist_ip;
rspamd_lru_hash_t *spf_hash;
+
+ gboolean check_local;
+ gboolean check_authed;
};
static struct spf_ctx *spf_module_ctx = NULL;
spf_module_ctx->whitelist_ip = radix_create_compressed ();
+ if ((value =
+ rspamd_config_get_module_opt (cfg, "options", "check_local")) != NULL) {
+ spf_module_ctx->check_local = ucl_obj_toboolean (value);
+ }
+ else {
+ spf_module_ctx->check_local = FALSE;
+ }
+ if ((value =
+ rspamd_config_get_module_opt (cfg, "options", "check_authed")) != NULL) {
+ spf_module_ctx->check_authed = ucl_obj_toboolean (value);
+ }
+ else {
+ spf_module_ctx->check_authed = FALSE;
+ }
if ((value =
rspamd_config_get_module_opt (cfg, "spf", "symbol_fail")) != NULL) {
spf_module_ctx->symbol_fail = ucl_obj_tostring (value);
return;
}
- if (task->user != NULL || rspamd_inet_address_is_local (task->from_addr)) {
+ if ((!spf_module_ctx->check_authed && task->user != NULL)
+ || (!spf_module_ctx->check_local && rspamd_inet_address_is_local (task->from_addr))) {
msg_info_task ("skip SPF checks for local networks and authorized users");
return;
}