From: Andrew Lewis Date: Mon, 16 Feb 2015 15:23:44 +0000 (+0200) Subject: Use radix for private IP exclusions in rbl.lua X-Git-Tag: 0.8.2~41^2~1 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=18baf37ddeb1561d16b3c77bd5fdddfd7f56dfae;p=rspamd.git Use radix for private IP exclusions in rbl.lua --- diff --git a/conf/modules.conf b/conf/modules.conf index 2f291de79..1a4185c97 100644 --- a/conf/modules.conf +++ b/conf/modules.conf @@ -89,6 +89,8 @@ rbl { default_exclude_users = true; default_exclude_private_ips = true; + private_ips = "127.0.0.0/8 10.0.0.0/8 192.168.0.0/16 169.254.0.0/16 172.16.0.0/12 100.64.0.0/10 fc00::/7 fe80::/10 fec0::/10 ::1"; + rbls { spamhaus { diff --git a/doc/markdown/modules/rbl.md b/doc/markdown/modules/rbl.md index 7798f0069..bff67e31d 100644 --- a/doc/markdown/modules/rbl.md +++ b/doc/markdown/modules/rbl.md @@ -55,7 +55,7 @@ If set to true, do not use this RBL if the message sender is authenticated. - default_exclude_private_ips (false) -If set to true, from/received RBL checks will ignore private IP address space. +If true & private_ips is set appropriately, from/received RBL checks will ignore private IP address space. - default_exclude_local (true) @@ -67,6 +67,10 @@ Other parameters which can be set here are: Can be set to a URL of a list of IPv4/IPv6 addresses & subnets not to be processed by from/received RBL checks. +- private_ips + +Should be set to a space/comma/semicolon-delimited list of addresses & subnets to be considered private by exclude_private_ips checks. + RBL-specific subsection is structured as follows: ~~~nginx diff --git a/src/plugins/lua/rbl.lua b/src/plugins/lua/rbl.lua index 2870e38ee..ab00ade64 100644 --- a/src/plugins/lua/rbl.lua +++ b/src/plugins/lua/rbl.lua @@ -31,6 +31,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. local rbls = {} local local_exclusions = nil +local private_ips = nil local rspamd_logger = require "rspamd_logger" local rspamd_ip = require "rspamd_ip" @@ -48,39 +49,9 @@ local function validate_dns(lstr, rstr) return true end -local private_ranges_v4 = { - {[1] = rspamd_ip.from_string("127.0.0.0"), [2] = 8}, - {[1] = rspamd_ip.from_string("10.0.0.0"), [2] = 8}, - {[1] = rspamd_ip.from_string("192.168.0.0"), [2] = 16}, - {[1] = rspamd_ip.from_string("169.254.0.0"), [2] = 16}, - {[1] = rspamd_ip.from_string("172.16.0.0"), [2] = 12}, - {[1] = rspamd_ip.from_string("100.64.0.0"), [2] = 10}, -} - -local private_ranges_v6 = { - {[1] = rspamd_ip.from_string("fc00::"), [2] = 7}, - {[1] = rspamd_ip.from_string("fe80::"), [2] = 10}, - {[1] = rspamd_ip.from_string("fec0::"), [2] = 10}, -} - -local ipv6_loopback = rspamd_ip.from_string("::1") - local function is_private_ip(rip) - if rip:get_version() == 4 then - for _, r in pairs(private_ranges_v4) do - if r[1] == rip:apply_mask(r[2]) then - return true - end - end - else - if rip == ipv6_loopback then - return true - end - for _, r in pairs(private_ranges_v6) do - if r[1] == rip:apply_mask(r[2]) then - return true - end - end + if private_ips and private_ips:get_key(rip) then + return true end return false end @@ -240,7 +211,7 @@ local function rbl_cb (task) (rh['real_ip']:get_version() == 4 and rbl['ipv4'])) and ((rbl['exclude_private_ips'] and not is_private_ip(rh['real_ip'])) or not rbl['exclude_private_ips']) and not (is_excluded_ip(rh['real_ip']) - and rbl['exclude_local']) then + or not rbl['exclude_local']) then task:get_resolver():resolve_a(task:get_session(), task:get_mempool(), ip_to_rbl(rh['real_ip'], rbl['rbl']), rbl_dns_cb, k) end @@ -267,6 +238,7 @@ if type(rspamd_config.get_api_version) ~= 'nil' then rspamd_config:register_module_option('rbl', 'default_exclude_private_ips', 'string') rspamd_config:register_module_option('rbl', 'local_exclude_ip_map', 'string') rspamd_config:register_module_option('rbl', 'default_exclude_local', 'string') + rspamd_config:register_module_option('rbl', 'private_ips', 'string') end end @@ -308,6 +280,9 @@ end if(opts['local_exclude_ip_map'] ~= nil) then local_exclusions = rspamd_config:add_radix_map(opts['local_exclude_ip_map']) end +if(opts['private_ips'] ~= nil) then + private_ips = rspamd_config:radix_from_config('rbl', 'private_ips') +end for key,rbl in pairs(opts['rbls']) do local o = {