@@ -298,6 +298,8 @@ struct rspamd_config { | |||
gboolean vectorized_hyperscan; /**< use vectorized hyperscan matching */ | |||
gboolean enable_shutdown_workaround; /**< enable workaround for legacy SA clients (exim) */ | |||
gboolean ignore_received; /**< Ignore data from the first received header */ | |||
gboolean check_local; /** Don't disable any checks for local networks */ | |||
gboolean check_authed; /** Don't disable any checks for authenticated users */ | |||
gsize max_diff; /**< maximum diff size for text parts */ | |||
gsize max_cores_size; /**< maximum size occupied by rspamd core files */ |
@@ -1836,6 +1836,18 @@ rspamd_rcl_config_init (struct rspamd_config *cfg) | |||
G_STRUCT_OFFSET (struct rspamd_config, strict_protocol_headers), | |||
0, | |||
"Emit errors if there are unknown HTTP headers in a request"); | |||
rspamd_rcl_add_default_handler (sub, | |||
"check_local", | |||
rspamd_rcl_parse_struct_boolean, | |||
G_STRUCT_OFFSET (struct rspamd_config, check_local), | |||
0, | |||
"Don't disable any checks for local networks"); | |||
rspamd_rcl_add_default_handler (sub, | |||
"check_authed", | |||
rspamd_rcl_parse_struct_boolean, | |||
G_STRUCT_OFFSET (struct rspamd_config, check_authed), | |||
0, | |||
"Don't disable any checks for authenticated users"); | |||
rspamd_rcl_add_default_handler (sub, | |||
"check_all_filters", | |||
rspamd_rcl_parse_struct_boolean, |
@@ -69,6 +69,8 @@ struct dkim_ctx { | |||
guint max_sigs; | |||
gboolean trusted_only; | |||
gboolean skip_multi; | |||
gboolean check_local; | |||
gboolean check_authed; | |||
}; | |||
struct dkim_check_result { | |||
@@ -286,6 +288,20 @@ dkim_module_config (struct rspamd_config *cfg) | |||
dkim_module_ctx->whitelist_ip = radix_create_compressed (); | |||
if ((value = | |||
rspamd_config_get_module_opt (cfg, "options", "check_local")) != NULL) { | |||
dkim_module_ctx->check_local = ucl_obj_toboolean (value); | |||
} | |||
else { | |||
dkim_module_ctx->check_local = FALSE; | |||
} | |||
if ((value = | |||
rspamd_config_get_module_opt (cfg, "options", "check_authed")) != NULL) { | |||
dkim_module_ctx->check_authed = ucl_obj_toboolean (value); | |||
} | |||
else { | |||
dkim_module_ctx->check_authed = FALSE; | |||
} | |||
if ((value = | |||
rspamd_config_get_module_opt (cfg, "dkim", "symbol_reject")) != NULL) { | |||
dkim_module_ctx->symbol_reject = ucl_obj_tostring (value); | |||
@@ -693,7 +709,8 @@ dkim_symbol_callback (struct rspamd_task *task, void *unused) | |||
guint checked = 0, i; | |||
/* First check if plugin should be enabled */ | |||
if (task->user != NULL || rspamd_inet_address_is_local (task->from_addr)) { | |||
if ((!dkim_module_ctx->check_authed && task->user != NULL) | |||
|| (!dkim_module_ctx->check_local && rspamd_inet_address_is_local (task->from_addr))) { | |||
msg_info_task ("skip DKIM checks for local networks and authorized users"); | |||
return; | |||
} |
@@ -22,6 +22,8 @@ local rspamd_logger = require "rspamd_logger" | |||
local rspamd_redis = require "rspamd_redis" | |||
local upstream_list = require "rspamd_upstream_list" | |||
local rspamd_util = require "rspamd_util" | |||
local check_local = false | |||
local check_authed = false | |||
local symbols = { | |||
spf_allow_symbol = 'R_SPF_ALLOW', | |||
@@ -78,7 +80,8 @@ local function dmarc_callback(task) | |||
local dmarc_domain | |||
local ip_addr = task:get_ip() | |||
if task:get_user() or (ip_addr and ip_addr:is_local()) then | |||
if ((not check_user and task:get_user()) or | |||
(not check_local and ip_addr and ip_addr:is_local())) then | |||
rspamd_logger.infox(task, "skip DMARC checks for local networks and authorized users"); | |||
return | |||
end | |||
@@ -345,6 +348,16 @@ local function dmarc_callback(task) | |||
forced = true}) | |||
end | |||
local opts = rspamd_config:get_all_opt('options') | |||
if opts and type(opts) ~= 'table' then | |||
if type(opts['check_local']) == 'boolean' then | |||
check_local = opts['check_local'] | |||
end | |||
if type(opts['check_authed']) == 'boolean' then | |||
check_authed = opts['check_authed'] | |||
end | |||
end | |||
local opts = rspamd_config:get_all_opt('dmarc') | |||
if not opts or type(opts) ~= 'table' then | |||
return |
@@ -113,6 +113,9 @@ local config = { | |||
['url_enabled'] = false | |||
} | |||
local check_local = false | |||
local check_authed = false | |||
local function check_regexp(str, regexp_text) | |||
if not compiled_regexp[regexp_text] then | |||
compiled_regexp[regexp_text] = rspamd_regexp.create(regexp_text, 'i') | |||
@@ -296,7 +299,8 @@ local function hfilter(task) | |||
--No more checks for auth user or local network | |||
local rip = task:get_from_ip() | |||
if task:get_user() or (rip and rip:is_local()) then | |||
if ((not check_user and task:get_user()) or | |||
(not check_local and rip and rip:is_local())) then | |||
return false | |||
end | |||
@@ -479,6 +483,16 @@ local symbols_from = { | |||
"HFILTER_FROM_BOUNCE" | |||
} | |||
local opts = rspamd_config:get_all_opt('options') | |||
if opts and type(opts) ~= 'table' then | |||
if type(opts['check_local']) == 'boolean' then | |||
check_local = opts['check_local'] | |||
end | |||
if type(opts['check_authed']) == 'boolean' then | |||
check_authed = opts['check_authed'] | |||
end | |||
end | |||
local opts = rspamd_config:get_all_opt('hfilter') | |||
if opts then | |||
for k,v in pairs(opts) do |
@@ -26,6 +26,7 @@ local _ = require "fun" | |||
local redis_params = nil | |||
local whitelist = nil | |||
local asn_cc_whitelist = nil | |||
local check_authed = false | |||
local options = { | |||
actions = { -- how each action is treated in scoring | |||
@@ -315,7 +316,13 @@ end | |||
-- Configuration options | |||
local configure_ip_score_module = function() | |||
local opts = rspamd_config:get_all_opt('ip_score') | |||
local opts = rspamd_config:get_all_opt('options') | |||
if opts and type(opts) ~= 'table' then | |||
if type(opts['check_authed']) == 'boolean' then | |||
check_authed = opts['check_authed'] | |||
end | |||
end | |||
opts = rspamd_config:get_all_opt('ip_score') | |||
if opts then | |||
for k,v in pairs(opts) do | |||
options[k] = v | |||
@@ -324,6 +331,8 @@ local configure_ip_score_module = function() | |||
if not redis_params then | |||
rspamd_logger.infox(rspamd_config, 'no servers are specified') | |||
end | |||
else | |||
return false | |||
end | |||
if options['whitelist'] then | |||
whitelist = rspamd_config:add_radix_map(opts['whitelist']) | |||
@@ -334,7 +343,7 @@ local configure_ip_score_module = function() | |||
end | |||
configure_ip_score_module() | |||
if not configure_ip_score_module() then return end | |||
if redis_params then | |||
-- Register ip_score module | |||
rspamd_config:register_symbol({ |
@@ -24,6 +24,8 @@ local bad_hosts = {} | |||
local good_hosts = {} | |||
local whitelist = nil | |||
local rspamd_logger = require "rspamd_logger" | |||
local check_local = false | |||
local check_authed = false | |||
local function check_quantity_received (task) | |||
local recvh = task:get_received_headers() | |||
@@ -61,7 +63,9 @@ local function check_quantity_received (task) | |||
local task_ip = task:get_ip() | |||
if task:get_user() or (task_ip and task_ip:is_local()) then | |||
if ((not check_user and task:get_user()) or | |||
(not check_local and ip_addr and ip_addr:is_local())) then | |||
rspamd_logger.infox(task, 'Skipping once_received for authenticated user or local network') | |||
return | |||
end | |||
if whitelist and task_ip and whitelist:get_key(task_ip) then | |||
@@ -134,6 +138,15 @@ if type(rspamd_config.get_api_version) ~= 'nil' then | |||
end | |||
end | |||
local opts = rspamd_config:get_all_opt('options') | |||
if opts and type(opts) ~= 'table' then | |||
if type(opts['check_local']) == 'boolean' then | |||
check_local = opts['check_local'] | |||
end | |||
if type(opts['check_authed']) == 'boolean' then | |||
check_authed = opts['check_authed'] | |||
end | |||
end | |||
-- Configuration | |||
local opts = rspamd_config:get_all_opt('once_received') | |||
if opts then |
@@ -57,6 +57,9 @@ struct spf_ctx { | |||
rspamd_mempool_t *spf_pool; | |||
radix_compressed_t *whitelist_ip; | |||
rspamd_lru_hash_t *spf_hash; | |||
gboolean check_local; | |||
gboolean check_authed; | |||
}; | |||
static struct spf_ctx *spf_module_ctx = NULL; | |||
@@ -195,6 +198,20 @@ spf_module_config (struct rspamd_config *cfg) | |||
spf_module_ctx->whitelist_ip = radix_create_compressed (); | |||
if ((value = | |||
rspamd_config_get_module_opt (cfg, "options", "check_local")) != NULL) { | |||
spf_module_ctx->check_local = ucl_obj_toboolean (value); | |||
} | |||
else { | |||
spf_module_ctx->check_local = FALSE; | |||
} | |||
if ((value = | |||
rspamd_config_get_module_opt (cfg, "options", "check_authed")) != NULL) { | |||
spf_module_ctx->check_authed = ucl_obj_toboolean (value); | |||
} | |||
else { | |||
spf_module_ctx->check_authed = FALSE; | |||
} | |||
if ((value = | |||
rspamd_config_get_module_opt (cfg, "spf", "symbol_fail")) != NULL) { | |||
spf_module_ctx->symbol_fail = ucl_obj_tostring (value); | |||
@@ -525,7 +542,8 @@ spf_symbol_callback (struct rspamd_task *task, void *unused) | |||
return; | |||
} | |||
if (task->user != NULL || rspamd_inet_address_is_local (task->from_addr)) { | |||
if ((!spf_module_ctx->check_authed && task->user != NULL) | |||
|| (!spf_module_ctx->check_local && rspamd_inet_address_is_local (task->from_addr))) { | |||
msg_info_task ("skip SPF checks for local networks and authorized users"); | |||
return; | |||
} |