mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19741 Commits
28 Branches
Tree: 05fd471df5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '05fd471df5'
${ noResults }
rspamd/src/plugins/lua/external_relay.lua

external_relay.lua 6.4KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238 
  1. --[[

  2. Copyright (c) 2022, Vsevolod Stakhov <vsevolod@rspamd.com>

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. --[[

  18. external_relay plugin - sets IP/hostname from Received headers

  19. ]]--

  20. 

  21. if confighelp then

  22.   return

  23. end

  24. 

  25. local lua_maps = require "lua_maps"

  26. local lua_util = require "lua_util"

  27. local rspamd_logger = require "rspamd_logger"

  28. local ts = require("tableshape").types

  29. 

  30. local E = {}

  31. local N = "external_relay"

  32. 

  33. local settings = {

  34.   rules = {},

  35. }

  36. 

  37. local config_schema = ts.shape{

  38.   enabled = ts.boolean:is_optional(),

  39.   rules = ts.map_of(

  40.     ts.string, ts.one_of{

  41.       ts.shape{

  42.         priority = ts.number:is_optional(),

  43.         strategy = 'authenticated',

  44.         symbol = ts.string:is_optional(),

  45.         user_map = lua_maps.map_schema:is_optional(),

  46.       },

  47.       ts.shape{

  48.         count = ts.number,

  49.         priority = ts.number:is_optional(),

  50.         strategy = 'count',

  51.         symbol = ts.string:is_optional(),

  52.       },

  53.       ts.shape{

  54.         priority = ts.number:is_optional(),

  55.         strategy = 'local',

  56.         symbol = ts.string:is_optional(),

  57.       },

  58.       ts.shape{

  59.         hostname_map = lua_maps.map_schema,

  60.         priority = ts.number:is_optional(),

  61.         strategy = 'hostname_map',

  62.         symbol = ts.string:is_optional(),

  63.       },

  64.     }

  65.   ),

  66. }

  67. 

  68. local function set_from_rcvd(task, rcvd)

  69.   local rcvd_ip = rcvd.real_ip

  70.   if not (rcvd_ip and rcvd_ip:is_valid()) then

  71.     rspamd_logger.errx(task, 'no IP in header: %s', rcvd)

  72.     return

  73.   end

  74.   task:set_from_ip(rcvd_ip)

  75.   if rcvd.from_hostname then

  76.     task:set_hostname(rcvd.from_hostname)

  77.     task:set_helo(rcvd.from_hostname) -- use fake value for HELO

  78.   else

  79.     rspamd_logger.warnx(task, "couldn't get hostname from headers")

  80.     local ipstr = string.format('[%s]', rcvd_ip)

  81.     task:set_hostname(ipstr) -- returns nil from task:get_hostname()

  82.     task:set_helo(ipstr)

  83.   end

  84.   return true

  85. end

  86. 

  87. local strategies = {}

  88. 

  89. strategies.authenticated = function(rule)

  90.   local user_map

  91.   if rule.user_map then

  92.     user_map = lua_maps.map_add_from_ucl(rule.user_map, 'set', 'external relay usernames')

  93.     if not user_map then

  94.       rspamd_logger.errx(rspamd_config, "couldn't add map %s; won't register symbol %s",

  95.           rule.user_map, rule.symbol)

  96.       return

  97.     end

  98.   end

  99. 

  100.   return function(task)

  101.     local user = task:get_user()

  102.     if not user then

  103.       lua_util.debugm(N, task, 'sender is unauthenticated')

  104.       return

  105.     end

  106.     if user_map then

  107.       if not user_map:get_key(user) then

  108.         lua_util.debugm(N, task, 'sender (%s) is not in user_map', user)

  109.         return

  110.       end

  111.     end

  112. 

  113.     local rcvd_hdrs = task:get_received_headers()

  114.     -- Try find end of authentication chain

  115.     for _, rcvd in ipairs(rcvd_hdrs) do

  116.       if not rcvd.flags.authenticated then

  117.         -- Found unauthenticated hop, use this header

  118.         return set_from_rcvd(task, rcvd)

  119.       end

  120.     end

  121. 

  122.     rspamd_logger.errx(task, 'found nothing useful in Received headers')

  123.   end

  124. end

  125. 

  126. strategies.count = function(rule)

  127.   return function(task)

  128.     local rcvd_hdrs = task:get_received_headers()

  129.     -- Reduce count by 1 if artificial header is present

  130.     local hdr_count

  131.     if ((rcvd_hdrs[1] or E).flags or E).artificial then

  132.       hdr_count = rule.count - 1

  133.     else

  134.       hdr_count = rule.count

  135.     end

  136. 

  137.     local rcvd = rcvd_hdrs[hdr_count]

  138.     if not rcvd then

  139.       rspamd_logger.errx(task, 'found no received header #%s', hdr_count)

  140.       return

  141.     end

  142. 

  143.     return set_from_rcvd(task, rcvd)

  144.   end

  145. end

  146. 

  147. strategies.hostname_map = function(rule)

  148.   local hostname_map = lua_maps.map_add_from_ucl(rule.hostname_map, 'map', 'external relay hostnames')

  149.   if not hostname_map then

  150.     rspamd_logger.errx(rspamd_config, "couldn't add map %s; won't register symbol %s",

  151.         rule.hostname_map, rule.symbol)

  152.     return

  153.   end

  154. 

  155.   return function(task)

  156.     local from_hn = task:get_hostname()

  157.     if not from_hn then

  158.       lua_util.debugm(N, task, 'sending hostname is missing')

  159.       return

  160.     end

  161. 

  162.     local rcvd_hdrs = task:get_received_headers()

  163.     -- Try find sending hostname in Received headers

  164.     for _, rcvd in ipairs(rcvd_hdrs) do

  165.       if rcvd.by_hostname == from_hn and rcvd.real_ip then

  166.         if not hostname_map:get_key(rcvd.from_hostname) then

  167.           -- Remote hostname is not another relay, use this header

  168.           return set_from_rcvd(task, rcvd)

  169.         else

  170.           -- Keep checking with new hostname

  171.           from_hn = rcvd.from_hostname

  172.         end

  173.       end

  174.     end

  175. 

  176.     rspamd_logger.errx(task, 'found nothing useful in Received headers')

  177.   end

  178. end

  179. 

  180. strategies['local'] = function(rule)

  181.   return function(task)

  182.     local from_ip = task:get_from_ip()

  183.     if not from_ip then

  184.       lua_util.debugm(N, task, 'sending IP is missing')

  185.       return

  186.     end

  187. 

  188.     if not from_ip:is_local() then

  189.       lua_util.debugm(N, task, 'sending IP (%s) is non-local', from_ip)

  190.       return

  191.     end

  192. 

  193.     local rcvd_hdrs = task:get_received_headers()

  194.     local num_rcvd = #rcvd_hdrs

  195.     -- Try find first non-local IP in Received headers

  196.     for i, rcvd in ipairs(rcvd_hdrs) do

  197.       if rcvd.real_ip then

  198.         local rcvd_ip = rcvd.real_ip

  199.         if rcvd_ip and rcvd_ip:is_valid() and (not rcvd_ip:is_local() or i == num_rcvd) then

  200.           return set_from_rcvd(task, rcvd)

  201.         end

  202.       end

  203.     end

  204. 

  205.     rspamd_logger.errx(task, 'found nothing useful in Received headers')

  206.   end

  207. end

  208. 

  209. local opts = rspamd_config:get_all_opt(N)

  210. if opts then

  211.   settings = lua_util.override_defaults(settings, opts)

  212. 

  213.   local ok, schema_err = config_schema:transform(settings)

  214.   if not ok then

  215.     rspamd_logger.errx(rspamd_config, 'config schema error: %s', schema_err)

  216.     lua_util.disable_module(N, "config")

  217.     return

  218.   end

  219. 

  220.   for k, rule in pairs(settings.rules) do

  221. 

  222.     if not rule.symbol then

  223.       rule.symbol = k

  224.     end

  225. 

  226.     local cb = strategies[rule.strategy](rule)

  227. 

  228.     if cb then

  229.       rspamd_config:register_symbol({

  230.         name = rule.symbol,

  231.         type = 'prefilter',

  232.         priority = rule.priority or lua_util.symbols_priorities.top + 1,

  233.         group = N,

  234.         callback = cb,

  235.       })

  236.     end

  237.   end

  238. end