mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21175 Commits
28 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
rspamd/rules/forwarding.lua

forwarding.lua 4.8KB
Raw Permalink Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163 
  1. --[[

  2. Copyright (c) 2022, Vsevolod Stakhov <vsevolod@rspamd.com>

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. -- Rules to detect forwarding

  18. 

  19. local rspamd_util = require "rspamd_util"

  20. 

  21. rspamd_config.FWD_GOOGLE = {

  22.   callback = function(task)

  23.     if not (task:has_from(1) and task:has_recipients(1)) then

  24.       return false

  25.     end

  26.     local envfrom = task:get_from { 'smtp', 'orig' }

  27.     local envrcpts = task:get_recipients(1)

  28.     -- Forwarding will only be to a single recipient

  29.     if #envrcpts > 1 then

  30.       return false

  31.     end

  32.     -- Get recipient and compute VERP address

  33.     local rcpt = envrcpts[1].addr:lower()

  34.     local verp = rcpt:gsub('@', '=')

  35.     -- Get the user portion of the envfrom

  36.     local ef_user = envfrom[1].user:lower()

  37.     -- Check for a match

  38.     if ef_user:find('+caf_=' .. verp, 1, true) then

  39.       local _, _, user = ef_user:find('^(.+)+caf_=')

  40.       if user then

  41.         user = user .. '@' .. envfrom[1].domain

  42.         return true, user

  43.       end

  44.     end

  45.     return false

  46.   end,

  47.   score = 0.0,

  48.   description = "Message was forwarded by Google",

  49.   group = "forwarding"

  50. }

  51. 

  52. rspamd_config.FWD_YANDEX = {

  53.   callback = function(task)

  54.     if not (task:has_from(1) and task:has_recipients(1)) then

  55.       return false

  56.     end

  57.     local hostname = task:get_hostname()

  58.     if hostname and hostname:lower():find('%.yandex%.[a-z]+$') then

  59.       return task:has_header('X-Yandex-Forward')

  60.     end

  61.     return false

  62.   end,

  63.   score = 0.0,

  64.   description = "Message was forwarded by Yandex",

  65.   group = "forwarding"

  66. }

  67. 

  68. rspamd_config.FWD_MAILRU = {

  69.   callback = function(task)

  70.     if not (task:has_from(1) and task:has_recipients(1)) then

  71.       return false

  72.     end

  73.     local hostname = task:get_hostname()

  74.     if hostname and hostname:lower():find('%.mail%.ru$') then

  75.       return task:has_header('X-MailRu-Forward')

  76.     end

  77.     return false

  78.   end,

  79.   score = 0.0,

  80.   description = "Message was forwarded by Mail.ru",

  81.   group = "forwarding"

  82. }

  83. 

  84. rspamd_config.FWD_SRS = {

  85.   callback = function(task)

  86.     if not (task:has_from(1) and task:has_recipients(1)) then

  87.       return false

  88.     end

  89.     local envfrom = task:get_from(1)

  90.     local envrcpts = task:get_recipients(1)

  91.     -- Forwarding is only to a single recipient

  92.     if #envrcpts > 1 then

  93.       return false

  94.     end

  95.     -- Get recipient and compute rewritten SRS address

  96.     local srs = '=' .. envrcpts[1].domain:lower() ..

  97.         '=' .. envrcpts[1].user:lower()

  98.     if envfrom[1].user:lower():find('^srs[01]=') and

  99.         envfrom[1].user:lower():find(srs, 1, false)

  100.     then

  101.       return true

  102.     end

  103.     return false

  104.   end,

  105.   score = 0.0,

  106.   description = "Message was forwarded using Sender Rewriting Scheme (SRS)",

  107.   group = "forwarding"

  108. }

  109. 

  110. rspamd_config.FORWARDED = {

  111.   callback = function(task)

  112.     local function normalize_addr(addr)

  113.       addr = string.match(addr, '^<?([^>]*)>?$') or addr

  114.       local cap, _, domain = string.match(addr, '^([^%+][^%+]*)(%+[^@]*)@(.*)$')

  115.       if cap then

  116.         addr = string.format('%s@%s', cap, domain)

  117.       end

  118. 

  119.       return addr

  120.     end

  121. 

  122.     if not task:has_recipients(1) or not task:has_recipients(2) then

  123.       return false

  124.     end

  125.     local envrcpts = task:get_recipients(1)

  126.     -- Forwarding will only be for single recipient messages

  127.     if #envrcpts > 1 then

  128.       return false

  129.     end

  130.     -- Get any other headers we might need

  131.     local has_list_unsub = task:has_header('List-Unsubscribe')

  132.     local to = task:get_recipients(2)

  133.     local matches = 0

  134.     -- Retrieve and loop through all Received headers

  135.     local rcvds = task:get_received_headers()

  136. 

  137.     if rcvds then

  138.       for _, rcvd in ipairs(rcvds) do

  139.         local addr = rcvd['for']

  140.         if addr then

  141.           addr = normalize_addr(addr)

  142.           matches = matches + 1

  143.           -- Check that it doesn't match the envrcpt

  144.           if not rspamd_util.strequal_caseless(addr, envrcpts[1].addr) then

  145.             -- Check for mailing-lists as they will have the same signature

  146.             if matches < 2 and has_list_unsub and to and rspamd_util.strequal_caseless(to[1].addr, addr) then

  147.               return false

  148.             else

  149.               return true, 1.0, addr

  150.             end

  151.           end

  152.           -- Prevent any other iterations as we only want

  153.           -- process the first matching Received header

  154.           return false

  155.         end

  156.       end

  157.     end

  158.     return false

  159.   end,

  160.   score = 0.0,

  161.   description = "Message was forwarded",

  162.   group = "forwarding"

  163. }