From 481cb3a240ef1dc447beeccc43855ebc41bfff7e Mon Sep 17 00:00:00 2001 From: Andrew Lewis Date: Sat, 14 Feb 2015 10:37:53 +0200 Subject: [PATCH] Make ignoring private IP space configurable; avoid changing plugin default behaviour --- conf/modules.conf | 1 + doc/markdown/modules/rbl.md | 4 ++++ src/plugins/lua/rbl.lua | 19 +++++++++++++------ 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/conf/modules.conf b/conf/modules.conf index de125866a..2f291de79 100644 --- a/conf/modules.conf +++ b/conf/modules.conf @@ -87,6 +87,7 @@ rbl { default_from = true; default_received = false; default_exclude_users = true; + default_exclude_private_ips = true; rbls { diff --git a/doc/markdown/modules/rbl.md b/doc/markdown/modules/rbl.md index 41854c542..2c654c808 100644 --- a/doc/markdown/modules/rbl.md +++ b/doc/markdown/modules/rbl.md @@ -53,6 +53,10 @@ If set to false, do not yield a result unless the response received from the RBL If set to true, do not use this RBL if the message sender is authenticated. +- default_exclude_private_ips (false) + +If set to true, from/received RBL checks will ignore private IP address space. + RBL-specific subsection is structured as follows: ~~~nginx diff --git a/src/plugins/lua/rbl.lua b/src/plugins/lua/rbl.lua index ef48428b3..6950ab7cb 100644 --- a/src/plugins/lua/rbl.lua +++ b/src/plugins/lua/rbl.lua @@ -199,7 +199,8 @@ local function rbl_cb (task) end if not havegot['from'] then havegot['from'] = task:get_from_ip() - if not havegot['from']:is_valid() or is_private_ip(havegot['from']) then + if not havegot['from']:is_valid() or + (rbl['exclude_private_ips'] and is_private_ip(havegot['from'])) then notgot['from'] = true return end @@ -227,10 +228,11 @@ local function rbl_cb (task) for _,rh in ipairs(havegot['received']) do if rh['real_ip'] and rh['real_ip']:is_valid() then if ((rh['real_ip']:get_version() == 6 and rbl['ipv6']) or - (rh['real_ip']:get_version() == 4 and rbl['ipv4'])) - and not is_private_ip(rh['real_ip']) then - task:get_resolver():resolve_a(task:get_session(), task:get_mempool(), - ip_to_rbl(rh['real_ip'], rbl['rbl']), rbl_dns_cb, k) + (rh['real_ip']:get_version() == 4 and rbl['ipv4'])) and + ((rbl['exclude_private_ips'] and not is_private_ip(rh['real_ip'])) or + not rbl['exclude_private_ips']) then + task:get_resolver():resolve_a(task:get_session(), task:get_mempool(), + ip_to_rbl(rh['real_ip'], rbl['rbl']), rbl_dns_cb, k) end end end @@ -252,6 +254,7 @@ if type(rspamd_config.get_api_version) ~= 'nil' then rspamd_config:register_module_option('rbl', 'default_helo', 'string') rspamd_config:register_module_option('rbl', 'default_unknown', 'string') rspamd_config:register_module_option('rbl', 'default_exclude_users', 'string') + rspamd_config:register_module_option('rbl', 'default_exclude_private_ips', 'string') end end @@ -284,8 +287,12 @@ end if(opts['default_exclude_users'] == nil) then opts['default_exclude_users'] = false end +if(opts['default_exclude_private_ips'] == nil) then + opts['default_exclude_private_ips'] = false +end + for key,rbl in pairs(opts['rbls']) do - local o = { "ipv4", "ipv6", "from", "received", "unknown", "rdns", "helo", "exclude_users" } + local o = { "ipv4", "ipv6", "from", "received", "unknown", "rdns", "helo", "exclude_users", "exclude_private_ips" } for i=1,table.maxn(o) do if(rbl[o[i]] == nil) then rbl[o[i]] = opts['default_' .. o[i]] -- 2.39.5