--[[ Copyright (c) 2022, Vsevolod Stakhov Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ]]-- --[[[ -- @module lua_stat -- This module contains helper functions for supporting statistics --]] local logger = require "rspamd_logger" local sqlite3 = require "rspamd_sqlite3" local util = require "rspamd_util" local lua_redis = require "lua_redis" local lua_util = require "lua_util" local exports = {} local N = "stat_tools" -- luacheck: ignore (maybe unused) -- Performs synchronous conversion of redis schema local function convert_bayes_schema(redis_params, symbol_spam, symbol_ham, expire) -- Old schema is the following one: -- Keys are named [] -- Elements are placed within hash: -- BAYES_SPAM -> {: , : ...} -- In new schema it is changed to a more extensible schema: -- Keys are named RS[]_ -> {'H': , 'S': } -- So we can expire individual records, measure most popular elements by zranges, -- add new fields, such as tokens etc local res,conn = lua_redis.redis_connect_sync(redis_params, true) if not res then logger.errx("cannot connect to redis server") return false end -- KEYS[1]: key to check (e.g. 'BAYES_SPAM') -- KEYS[2]: hash key ('S' or 'H') -- KEYS[3]: expire local lua_script = [[ redis.replicate_commands() local keys = redis.call('SMEMBERS', KEYS[1]..'_keys') local nconverted = 0 for _,k in ipairs(keys) do local cursor = redis.call('HSCAN', k, 0) local neutral_prefix = string.gsub(k, KEYS[1], 'RS') local elts while cursor[1] ~= "0" do elts = cursor[2] cursor = redis.call('HSCAN', k, cursor[1]) local real_key for i,v in ipairs(elts) do if i % 2 ~= 0 then real_key = v else local nkey = string.format('%s_%s', neutral_prefix, real_key) redis.call('HSET', nkey, KEYS[2], v) if KEYS[3] and tonumber(KEYS[3]) > 0 then redis.call('EXPIRE', nkey, KEYS[3]) end nconverted = nconverted + 1 end end end end return nconverted ]] conn:add_cmd('EVAL', {lua_script, '3', symbol_spam, 'S', tostring(expire)}) local ret ret, res = conn:exec() if not ret then logger.errx('error converting symbol %s: %s', symbol_spam, res) return false else logger.messagex('converted %s elements from symbol %s', res, symbol_spam) end conn:add_cmd('EVAL', {lua_script, '3', symbol_ham, 'H', tostring(expire)}) ret, res = conn:exec() if not ret then logger.errx('error converting symbol %s: %s', symbol_ham, res) return false else logger.messagex('converted %s elements from symbol %s', res, symbol_ham) end -- We can now convert metadata: set + learned + version -- KEYS[1]: key to check (e.g. 'BAYES_SPAM') -- KEYS[2]: learn key (e.g. 'learns_spam' or 'learns_ham') lua_script = [[ local keys = redis.call('SMEMBERS', KEYS[1]..'_keys') for _,k in ipairs(keys) do local learns = redis.call('HGET', k, 'learns') or 0 local neutral_prefix = string.gsub(k, KEYS[1], 'RS') redis.call('HSET', neutral_prefix, KEYS[2], learns) redis.call('SADD', KEYS[1]..'_keys', neutral_prefix) redis.call('SREM', KEYS[1]..'_keys', k) redis.call('DEL', KEYS[1]) redis.call('SET', k ..'_version', '2') end ]] conn:add_cmd('EVAL', {lua_script, '2', symbol_spam, 'learns_spam'}) ret,res = conn:exec() if not ret then logger.errx('error converting metadata for symbol %s: %s', symbol_spam, res) return false end conn:add_cmd('EVAL', {lua_script, '2', symbol_ham, 'learns_ham'}) ret, res = conn:exec() if not ret then logger.errx('error converting metadata for symbol %s', symbol_ham, res) return false end return true end exports.convert_bayes_schema = convert_bayes_schema -- It now accepts both ham and spam databases -- parameters: -- redis_params - how do we connect to a redis server -- sqlite_db_spam - name for sqlite database with spam tokens -- sqlite_db_ham - name for sqlite database with ham tokens -- symbol_ham - name for symbol representing spam, e.g. BAYES_SPAM -- symbol_spam - name for symbol representing ham, e.g. BAYES_HAM -- learn_cache_spam - name for sqlite database with spam learn cache -- learn_cache_ham - name for sqlite database with ham learn cache -- reset_previous - if true, then the old database is flushed (slow) local function convert_sqlite_to_redis(redis_params, sqlite_db_spam, sqlite_db_ham, symbol_spam, symbol_ham, learn_cache_db, expire, reset_previous) local nusers = 0 local lim = 1000 -- Update each 1000 tokens local users_map = {} local converted = 0 local db_spam = sqlite3.open(sqlite_db_spam) if not db_spam then logger.errx('Cannot open source db: %s', sqlite_db_spam) return false end local db_ham = sqlite3.open(sqlite_db_ham) if not db_ham then logger.errx('Cannot open source db: %s', sqlite_db_ham) return false end local res,conn = lua_redis.redis_connect_sync(redis_params, true) if not res then logger.errx("cannot connect to redis server") return false end if reset_previous then -- Do a more complicated cleanup -- execute a lua script that cleans up data local script = [[ local members = redis.call('SMEMBERS', KEYS[1]..'_keys') for _,prefix in ipairs(members) do local keys = redis.call('KEYS', prefix..'*') redis.call('DEL', keys) end ]] -- Common keys for _,sym in ipairs({symbol_spam, symbol_ham}) do logger.messagex('Cleaning up old data for %s', sym) conn:add_cmd('EVAL', {script, '1', sym}) conn:exec() conn:add_cmd('DEL', {sym .. "_version"}) conn:add_cmd('DEL', {sym .. "_keys"}) conn:exec() end if learn_cache_db then -- Cleanup learned_cache logger.messagex('Cleaning up old data learned cache') conn:add_cmd('DEL', {"learned_ids"}) conn:exec() end end local function convert_db(db, is_spam) -- Map users and languages local what = 'ham' if is_spam then what = 'spam' end local learns = {} db:sql('BEGIN;') -- Fill users mapping for row in db:rows('SELECT * FROM users;') do if row.id == '0' then users_map[row.id] = '' else users_map[row.id] = row.name end learns[row.id] = row.learns nusers = nusers + 1 end -- Workaround for old databases for row in db:rows('SELECT * FROM languages') do if learns['0'] then learns['0'] = learns['0'] + row.learns else learns['0'] = row.learns end end local function send_batch(tokens, prefix) -- We use the new schema: RS[user]_token -> H=ham count -- S=spam count local hash_key = 'H' if is_spam then hash_key = 'S' end for _,tok in ipairs(tokens) do -- tok schema: -- tok[1] = token_id (uint64 represented as a string) -- tok[2] = token value (number) -- tok[3] = user_map[user_id] or '' local rkey = string.format('%s%s_%s', prefix, tok[3], tok[1]) conn:add_cmd('HINCRBYFLOAT', {rkey, hash_key, tostring(tok[2])}) if expire and expire ~= 0 then conn:add_cmd('EXPIRE', {rkey, tostring(expire)}) end end return conn:exec() end -- Fill tokens, sending data to redis each `lim` records local ntokens = db:query('SELECT count(*) as c FROM tokens')['c'] local tokens = {} local num = 0 local total = 0 for row in db:rows('SELECT token,value,user FROM tokens;') do local user = '' if row.user ~= 0 and users_map[row.user] then user = users_map[row.user] end table.insert(tokens, {row.token, row.value, user}) num = num + 1 total = total + 1 if num > lim then -- TODO: we use the default 'RS' prefix, it can be false in case of -- classifiers with labels local ret,err_str = send_batch(tokens, 'RS') if not ret then logger.errx('Cannot send tokens to the redis server: ' .. err_str) db:sql('COMMIT;') return false end num = 0 tokens = {} end io.write(string.format('Processed batch %s: %s/%s\r', what, total, ntokens)) end -- Last batch if #tokens > 0 then local ret,err_str = send_batch(tokens, 'RS') if not ret then logger.errx('Cannot send tokens to the redis server: ' .. err_str) db:sql('COMMIT;') return false end io.write(string.format('Processed batch %s: %s/%s\r', what, total, ntokens)) end io.write('\n') converted = converted + total -- Close DB db:sql('COMMIT;') local symbol = symbol_ham local learns_elt = "learns_ham" if is_spam then symbol = symbol_spam learns_elt = "learns_spam" end for id,learned in pairs(learns) do local user = users_map[id] if not conn:add_cmd('HSET', {'RS' .. user, learns_elt, learned}) then logger.errx('Cannot update learns for user: ' .. user) return false end if not conn:add_cmd('SADD', {symbol .. '_keys', 'RS' .. user}) then logger.errx('Cannot update learns for user: ' .. user) return false end end -- Set version conn:add_cmd('SET', {symbol..'_version', '2'}) return conn:exec() end logger.messagex('Convert spam tokens') if not convert_db(db_spam, true) then return false end logger.messagex('Convert ham tokens') if not convert_db(db_ham, false) then return false end if learn_cache_db then logger.messagex('Convert learned ids from %s', learn_cache_db) local db = sqlite3.open(learn_cache_db) local ret = true local total = 0 if not db then logger.errx('Cannot open cache database: ' .. learn_cache_db) return false end db:sql('BEGIN;') for row in db:rows('SELECT * FROM learns;') do local is_spam local digest = tostring(util.encode_base32(row.digest)) if row.flag == '0' then is_spam = '-1' else is_spam = '1' end if not conn:add_cmd('HSET', {'learned_ids', digest, is_spam}) then logger.errx('Cannot add hash: ' .. digest) ret = false else total = total + 1 end end db:sql('COMMIT;') if ret then conn:exec() end if ret then logger.messagex('Converted %s cached items from sqlite3 learned cache to redis', total) else logger.errx('Error occurred during sending data to redis') end end logger.messagex('Migrated %s tokens for %s users for symbols (%s, %s)', converted, nusers, symbol_spam, symbol_ham) return true end exports.convert_sqlite_to_redis = convert_sqlite_to_redis -- Loads sqlite3 based classifiers and output data in form of array of objects: -- [ -- { -- symbol_spam = XXX -- symbol_ham = YYY -- db_spam = XXX.sqlite -- db_ham = YYY.sqlite -- learn_cache = ZZZ.sqlite -- per_user = true/false -- label = str -- } -- ] local function load_sqlite_config(cfg) local result = {} local function parse_classifier(cls) local tbl = {} if cls.cache then local cache = cls.cache if cache.type == 'sqlite3' and (cache.file or cache.path) then tbl.learn_cache = (cache.file or cache.path) end end if cls.per_user then tbl.per_user = cls.per_user end if cls.label then tbl.label = cls.label end local statfiles = cls.statfile for _,stf in ipairs(statfiles) do local path = (stf.file or stf.path or stf.db or stf.dbname) local symbol = stf.symbol or 'undefined' if not path then logger.errx('no path defined for statfile %s', symbol) else local spam if stf.spam then spam = stf.spam else if string.match(symbol:upper(), 'SPAM') then spam = true else spam = false end end if spam then tbl.symbol_spam = symbol tbl.db_spam = path else tbl.symbol_ham = symbol tbl.db_ham = path end end end if tbl.symbol_spam and tbl.symbol_ham and tbl.db_ham and tbl.db_spam then table.insert(result, tbl) end end local classifier = cfg.classifier if classifier then if classifier[1] then for _,cls in ipairs(classifier) do if cls.bayes then cls = cls.bayes end if cls.backend and cls.backend == 'sqlite3' then parse_classifier(cls) end end else if classifier.bayes then classifier = classifier.bayes if classifier[1] then for _,cls in ipairs(classifier) do if cls.backend and cls.backend == 'sqlite3' then parse_classifier(cls) end end else if classifier.backend and classifier.backend == 'sqlite3' then parse_classifier(classifier) end end end end end return result end exports.load_sqlite_config = load_sqlite_config -- A helper method that suggests a user how to configure Redis based -- classifier based on the existing sqlite classifier local function redis_classifier_from_sqlite(sqlite_classifier, expire) local result = { new_schema = true, backend = 'redis', cache = { backend = 'redis' }, statfile = { [sqlite_classifier.symbol_spam] = { spam = true }, [sqlite_classifier.symbol_ham] = { spam = false } } } if expire then result.expire = expire end return {classifier = {bayes = result}} end exports.redis_classifier_from_sqlite = redis_classifier_from_sqlite -- Reads statistics config and return preprocessed table local function process_stat_config(cfg) local opts_section = cfg:get_all_opt('options') or {} -- Check if we have a dedicated section for statistics if opts_section.statistics then opts_section = opts_section.statistics end -- Default local res_config = { classify_headers = { "User-Agent", "X-Mailer", "Content-Type", "X-MimeOLE", "Organization", "Organisation" }, classify_images = true, classify_mime_info = true, classify_urls = true, classify_meta = true, classify_max_tlds = 10, } res_config = lua_util.override_defaults(res_config, opts_section) -- Postprocess classify_headers local classify_headers_parsed = {} for _,v in ipairs(res_config.classify_headers) do local s1, s2 = v:match("^([A-Z])[^%-]+%-([A-Z]).*$") local hname if s1 and s2 then hname = string.format('%s-%s', s1, s2) else s1 = v:match("^X%-([A-Z].*)$") if s1 then hname = string.format('x%s', s1:sub(1, 3):lower()) else hname = string.format('%s', v:sub(1, 3):lower()) end end if classify_headers_parsed[hname] then table.insert(classify_headers_parsed[hname], v) else classify_headers_parsed[hname] = {v} end end res_config.classify_headers_parsed = classify_headers_parsed return res_config end local function get_mime_stat_tokens(task, res, i) local parts = task:get_parts() or {} local seen_multipart = false local seen_plain = false local seen_html = false local empty_plain = false local empty_html = false local online_text = false for _,part in ipairs(parts) do local fname = part:get_filename() local sz = part:get_length() if sz > 0 then rawset(res, i, string.format("#ps:%d", math.floor(math.log(sz)))) lua_util.debugm("bayes", task, "part size: %s", res[i]) i = i + 1 end if fname then rawset(res, i, "#f:" .. fname) i = i + 1 lua_util.debugm("bayes", task, "added attachment: #f:%s", fname) end if part:is_text() then local tp = part:get_text() if tp:is_html() then seen_html = true if tp:get_length() == 0 then empty_html = true end else seen_plain = true if tp:get_length() == 0 then empty_plain = true end end if tp:get_lines_count() < 2 then online_text = true end rawset(res, i, "#lang:" .. (tp:get_language() or 'unk')) lua_util.debugm("bayes", task, "added language: %s", res[i]) i = i + 1 rawset(res, i, "#cs:" .. (tp:get_charset() or 'unk')) lua_util.debugm("bayes", task, "added charset: %s", res[i]) i = i + 1 elseif part:is_multipart() then seen_multipart = true; end end -- Create a special token depending on parts structure local st_tok = "#unk" if seen_multipart and seen_html and seen_plain then st_tok = '#mpth' end if seen_html and not seen_plain then st_tok = "#ho" end if seen_plain and not seen_html then st_tok = "#to" end local spec_tok = "" if online_text then spec_tok = "#ot" end if empty_plain then spec_tok = spec_tok .. "#ep" end if empty_html then spec_tok = spec_tok .. "#eh" end rawset(res, i, string.format("#m:%s%s", st_tok, spec_tok)) lua_util.debugm("bayes", task, "added mime token: %s", res[i]) i = i + 1 return i end local function get_headers_stat_tokens(task, cf, res, i) --[[ -- As discussed with Alexander Moisseev, this feature can skew statistics -- especially when learning is separated from scanning, so learning -- has a different set of tokens where this token can have too high weight local hdrs_cksum = task:get_mempool():get_variable("headers_hash") if hdrs_cksum then rawset(res, i, string.format("#hh:%s", hdrs_cksum:sub(1, 7))) lua_util.debugm("bayes", task, "added hdrs hash token: %s", res[i]) i = i + 1 end ]]-- for k,hdrs in pairs(cf.classify_headers_parsed) do for _,hname in ipairs(hdrs) do local value = task:get_header(hname) if value then rawset(res, i, string.format("#h:%s:%s", k, value)) lua_util.debugm("bayes", task, "added hdrs token: %s", res[i]) i = i + 1 end end end local from = (task:get_from('mime') or {})[1] if from and from.name then rawset(res, i, string.format("#F:%s", from.name)) lua_util.debugm("bayes", task, "added from name token: %s", res[i]) i = i + 1 end return i end local function get_meta_stat_tokens(task, res, i) local day_and_hour = os.date('%u:%H', task:get_date{format = 'message', gmt = true}) rawset(res, i, string.format("#dt:%s", day_and_hour)) lua_util.debugm("bayes", task, "added day_of_week token: %s", res[i]) i = i + 1 local pol = {} -- Authentication results if task:has_symbol('DKIM_TRACE') then -- Autolearn or scan if task:has_symbol('R_SPF_ALLOW') then table.insert(pol, 's=pass') end local trace = task:get_symbol('DKIM_TRACE') local dkim_opts = trace[1]['options'] if dkim_opts then for _,o in ipairs(dkim_opts) do local check_res = string.sub(o, -1) local domain = string.sub(o, 1, -3) if check_res == '+' then table.insert(pol, string.format('d=%s:%s', "pass", domain)) end end end else -- Offline learn local aur = task:get_header('Authentication-Results') if aur then local spf = aur:match('spf=([a-z]+)') local dkim,dkim_domain = aur:match('dkim=([a-z]+) header.d=([a-z.%-]+)') if spf then table.insert(pol, 's=' .. spf) end if dkim and dkim_domain then table.insert(pol, string.format('d=%s:%s', dkim, dkim_domain)) end end end if #pol > 0 then rawset(res, i, string.format("#aur:%s", table.concat(pol, ','))) lua_util.debugm("bayes", task, "added policies token: %s", res[i]) i = i + 1 end --[[ -- Disabled. -- 1. Depending on the source the message has a different set of Received -- headers as the receiving MTA adds another Received header. -- 2. The usefulness of the Received tokens is questionable. local rh = task:get_received_headers() if rh and #rh > 0 then local lim = math.min(5, #rh) for j =1,lim do local rcvd = rh[j] local ip = rcvd.real_ip if ip and ip:is_valid() and ip:get_version() == 4 then local masked = ip:apply_mask(24) rawset(res, i, string.format("#rcv:%s:%s", tostring(masked), rcvd.proto)) lua_util.debugm("bayes", task, "added received token: %s", res[i]) i = i + 1 end end end ]]-- return i end local function get_stat_tokens(task, cf) local res = {} local E = {} local i = 1 if cf.classify_images then local images = task:get_images() or E for _,img in ipairs(images) do rawset(res, i, "image") i = i + 1 rawset(res, i, tostring(img:get_height())) i = i + 1 rawset(res, i, tostring(img:get_width())) i = i + 1 rawset(res, i, tostring(img:get_type())) i = i + 1 local fname = img:get_filename() if fname then rawset(res, i, tostring(img:get_filename())) i = i + 1 end lua_util.debugm("bayes", task, "added image: %s", fname) end end if cf.classify_mime_info then i = get_mime_stat_tokens(task, res, i) end if cf.classify_headers and #cf.classify_headers > 0 then i = get_headers_stat_tokens(task, cf, res, i) end if cf.classify_urls then local urls = lua_util.extract_specific_urls{task = task, limit = 5, esld_limit = 1} if urls then for _,u in ipairs(urls) do rawset(res, i, string.format("#u:%s", u:get_tld())) lua_util.debugm("bayes", task, "added url token: %s", res[i]) i = i + 1 end end end if cf.classify_meta then i = get_meta_stat_tokens(task, res, i) end return res end exports.gen_stat_tokens = function(cfg) local stat_config = process_stat_config(cfg) return function(task) return get_stat_tokens(task, stat_config) end end return exports