From 475f292a3687725996651351cd2439fae88fa357 Mon Sep 17 00:00:00 2001 From: Andrew Lewis Date: Sun, 15 Feb 2015 22:15:55 +0200 Subject: [PATCH] Support site-local IP address / subnet exclusions --- doc/markdown/modules/rbl.md | 6 ++++++ src/plugins/lua/rbl.lua | 18 ++++++++++++++++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/doc/markdown/modules/rbl.md b/doc/markdown/modules/rbl.md index 2c654c808..8748f4617 100644 --- a/doc/markdown/modules/rbl.md +++ b/doc/markdown/modules/rbl.md @@ -57,6 +57,12 @@ If set to true, do not use this RBL if the message sender is authenticated. If set to true, from/received RBL checks will ignore private IP address space. +Other parameters which can be set here are: + +- local_exclude_ip_map + +Can be set to a URL of a list of IPv4/IPv6 addresses & subnets not to be processed by from/received RBL checks. + RBL-specific subsection is structured as follows: ~~~nginx diff --git a/src/plugins/lua/rbl.lua b/src/plugins/lua/rbl.lua index ab226f1cb..f8018f550 100644 --- a/src/plugins/lua/rbl.lua +++ b/src/plugins/lua/rbl.lua @@ -30,6 +30,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- https://rspamd.com/doc/modules/rbl.html local rbls = {} +local local_exclusions = nil local rspamd_logger = require "rspamd_logger" local rspamd_ip = require "rspamd_ip" @@ -84,6 +85,13 @@ local function is_private_ip(rip) return false end +local function is_excluded_ip(rip) + if local_exclusions and local_exclusions:get_key(rip) then + return true + end + return false +end + local function ip_to_rbl(ip, rbl) return table.concat(ip:inversed_str_octets(), ".") .. '.' .. rbl end @@ -200,7 +208,8 @@ local function rbl_cb (task) if not havegot['from'] then havegot['from'] = task:get_from_ip() if not havegot['from']:is_valid() or - (rbl['exclude_private_ips'] and is_private_ip(havegot['from'])) then + (rbl['exclude_private_ips'] and is_private_ip(havegot['from'])) + or is_excluded_ip(havegot['from']) then notgot['from'] = true return end @@ -230,7 +239,7 @@ local function rbl_cb (task) if ((rh['real_ip']:get_version() == 6 and rbl['ipv6']) or (rh['real_ip']:get_version() == 4 and rbl['ipv4'])) and ((rbl['exclude_private_ips'] and not is_private_ip(rh['real_ip'])) or - not rbl['exclude_private_ips']) then + not rbl['exclude_private_ips']) and not is_excluded_ip(rh['real_ip']) then task:get_resolver():resolve_a(task:get_session(), task:get_mempool(), ip_to_rbl(rh['real_ip'], rbl['rbl']), rbl_dns_cb, k) end @@ -255,6 +264,7 @@ if type(rspamd_config.get_api_version) ~= 'nil' then rspamd_config:register_module_option('rbl', 'default_unknown', 'string') rspamd_config:register_module_option('rbl', 'default_exclude_users', 'string') rspamd_config:register_module_option('rbl', 'default_exclude_private_ips', 'string') + rspamd_config:register_module_option('rbl', 'local_exclude_ip_map', 'string') end end @@ -291,6 +301,10 @@ if(opts['default_exclude_private_ips'] == nil) then opts['default_exclude_private_ips'] = false end +if(opts['local_exclude_ip_map'] ~= nil) then + local_exclusions = rspamd_config:add_radix_map(opts['local_exclude_ip_map']) +end + for key,rbl in pairs(opts['rbls']) do local o = { "ipv4", "ipv6", "from", "received", "unknown", "rdns", "helo", "exclude_users", "exclude_private_ips" } for i=1,table.maxn(o) do -- 2.39.5