mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21175 Commits
28 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
rspamd/rules/mid.lua

mid.lua 5.3KB
Raw Permalink Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131 
  1. --[[

  2. Copyright (c) 2022, Vsevolod Stakhov <vsevolod@rspamd.com>

  3. Copyright (c) 2016, Steve Freegard <steve@freegard.name>

  4. 

  5. Licensed under the Apache License, Version 2.0 (the "License");

  6. you may not use this file except in compliance with the License.

  7. You may obtain a copy of the License at

  8. 

  9.     http://www.apache.org/licenses/LICENSE-2.0

  10. 

  11. Unless required by applicable law or agreed to in writing, software

  12. distributed under the License is distributed on an "AS IS" BASIS,

  13. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  14. See the License for the specific language governing permissions and

  15. limitations under the License.

  16. ]]--

  17. local rspamd_util = require "rspamd_util"

  18. local function mid_check_func(task)

  19.   local mid = task:get_header('Message-ID')

  20.   if not mid then

  21.     return false

  22.   end

  23.   -- Check for 'bare' IP addresses in RHS

  24.   if mid:find("@%d+%.%d+%.%d+%.%d+>$") then

  25.     task:insert_result('MID_BARE_IP', 1.0)

  26.   end

  27.   -- Check for non-FQDN RHS

  28.   if mid:find("@[^%.]+>?$") then

  29.     task:insert_result('MID_RHS_NOT_FQDN', 1.0)

  30.   end

  31.   -- Check for missing <>'s

  32.   if not mid:find('^<[^>]+>$') then

  33.     task:insert_result('MID_MISSING_BRACKETS', 1.0)

  34.   end

  35.   -- Check for IP literal in RHS

  36.   if mid:find("@%[%d+%.%d+%.%d+%.%d+%]") then

  37.     task:insert_result('MID_RHS_IP_LITERAL', 1.0)

  38.   end

  39.   -- Check From address attributes against MID

  40.   local from = task:get_from(2)

  41.   local fd

  42.   if (from and from[1] and from[1].domain and from[1].domain ~= '') then

  43.     fd = from[1].domain:lower()

  44.     local _, _, md = mid:find("@([^>]+)>?$")

  45.     -- See if all or part of the From address

  46.     -- can be found in the Message-ID

  47.     -- extract tld

  48.     local fdtld = nil

  49.     local mdtld = nil

  50.     if md then

  51.       fdtld = rspamd_util.get_tld(fd)

  52.       mdtld = rspamd_util.get_tld(md)

  53.     end

  54.     if (mid:lower():find(from[1].addr:lower(), 1, true)) then

  55.       task:insert_result('MID_CONTAINS_FROM', 1.0)

  56.     elseif (md and fd == md:lower()) then

  57.       task:insert_result('MID_RHS_MATCH_FROM', 1.0)

  58.     elseif (mdtld ~= nil and fdtld ~= nil and mdtld:lower() == fdtld) then

  59.       task:insert_result('MID_RHS_MATCH_FROMTLD', 1.0)

  60.     end

  61.   end

  62.   -- Check To address attributes against MID

  63.   local to = task:get_recipients(2)

  64.   if (to and to[1] and to[1].domain and to[1].domain ~= '') then

  65.     local td = to[1].domain:lower()

  66.     local _, _, md = mid:find("@([^>]+)>?$")

  67.     -- Skip if from domain == to domain

  68.     if ((fd and fd ~= td) or not fd) then

  69.       -- See if all or part of the To address

  70.       -- can be found in the Message-ID

  71.       if (mid:lower():find(to[1].addr:lower(), 1, true)) then

  72.         task:insert_result('MID_CONTAINS_TO', 1.0)

  73.       elseif (md and td == md:lower()) then

  74.         task:insert_result('MID_RHS_MATCH_TO', 1.0)

  75.       end

  76.     end

  77.   end

  78. end

  79. 

  80. -- MID checks from Steve Freegard

  81. local check_mid_id = rspamd_config:register_symbol({

  82.   name = 'CHECK_MID',

  83.   score = 0.0,

  84.   group = 'mid',

  85.   type = 'callback,mime',

  86.   callback = mid_check_func

  87. })

  88. rspamd_config:register_virtual_symbol('MID_BARE_IP', 1.0, check_mid_id)

  89. rspamd_config:set_metric_symbol('MID_BARE_IP', 2.0, 'Message-ID RHS is a bare IP address', 'default', 'Message ID')

  90. rspamd_config:register_virtual_symbol('MID_RHS_NOT_FQDN', 1.0, check_mid_id)

  91. rspamd_config:set_metric_symbol('MID_RHS_NOT_FQDN', 0.5,

  92.     'Message-ID RHS is not a fully-qualified domain name', 'default', 'Message ID')

  93. rspamd_config:register_virtual_symbol('MID_MISSING_BRACKETS', 1.0, check_mid_id)

  94. rspamd_config:set_metric_symbol('MID_MISSING_BRACKETS', 0.5, 'Message-ID is missing <>\'s', 'default', 'Message ID')

  95. rspamd_config:register_virtual_symbol('MID_RHS_IP_LITERAL', 1.0, check_mid_id)

  96. rspamd_config:set_metric_symbol('MID_RHS_IP_LITERAL', 0.5, 'Message-ID RHS is an IP-literal', 'default', 'Message ID')

  97. rspamd_config:register_virtual_symbol('MID_CONTAINS_FROM', 1.0, check_mid_id)

  98. rspamd_config:set_metric_symbol('MID_CONTAINS_FROM', 1.0, 'Message-ID contains From address', 'default', 'Message ID')

  99. rspamd_config:register_virtual_symbol('MID_RHS_MATCH_FROM', 1.0, check_mid_id)

  100. rspamd_config:set_metric_symbol('MID_RHS_MATCH_FROM', 0.0,

  101.     'Message-ID RHS matches From domain', 'default', 'Message ID')

  102. rspamd_config:register_virtual_symbol('MID_RHS_MATCH_FROMTLD', 1.0, check_mid_id)

  103. rspamd_config:set_metric_symbol('MID_RHS_MATCH_FROMTLD', 0.0,

  104.     'Message-ID RHS matches From domain tld', 'default', 'Message ID')

  105. rspamd_config:register_virtual_symbol('MID_CONTAINS_TO', 1.0, check_mid_id)

  106. rspamd_config:set_metric_symbol('MID_CONTAINS_TO', 1.0, 'Message-ID contains To address', 'default', 'Message ID')

  107. rspamd_config:register_virtual_symbol('MID_RHS_MATCH_TO', 1.0, check_mid_id)

  108. rspamd_config:set_metric_symbol('MID_RHS_MATCH_TO', 1.0, 'Message-ID RHS matches To domain', 'default', 'Message ID')

  109. 

  110. -- Another check from https://github.com/rspamd/rspamd/issues/4299

  111. rspamd_config:register_symbol {

  112.   type = 'normal,mime',

  113.   group = 'mid',

  114.   name = 'MID_END_EQ_FROM_USER_PART',

  115.   description = 'Message-ID RHS (after @) and MIME from local part are the same',

  116.   score = 4.0,

  117. 

  118.   callback = function(task)

  119.     local mid = task:get_header('Message-ID')

  120.     if not mid then

  121.       return

  122.     end

  123.     local mime_from = task:get_from('mime')

  124.     local _, _, mid_realm = mid:find("@([a-z]+)>?$")

  125.     if mid_realm and mime_from and mime_from[1] and mime_from[1].user then

  126.       if (mid_realm == mime_from[1].user) then

  127.         return true

  128.       end

  129.     end

  130.   end

  131. }