mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19322 Commits
28 Branches
Tree: 79417a5f81
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '79417a5f81'
${ noResults }
rspamd/src/plugins/lua/forged_recipients.lua

forged_recipients.lua 5.3KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178 
  1. --[[

  2. Copyright (c) 2022, Vsevolod Stakhov <vsevolod@rspamd.com>

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. -- Plugin for comparing smtp dialog recipients and sender with recipients and sender

  18. -- in mime headers

  19. 

  20. if confighelp then

  21.   rspamd_config:add_example(nil, 'forged_recipients',

  22.       "Check forged recipients and senders (e.g. mime and smtp recipients mismatch)",

  23.       [[

  24.   forged_recipients {

  25.     symbol_sender = "FORGED_SENDER"; # Symbol for a forged sender

  26.     symbol_rcpt = "FORGED_RECIPIENTS"; # Symbol for a forged recipients

  27.   }

  28.   ]])

  29. end

  30. 

  31. local symbol_rcpt = 'FORGED_RECIPIENTS'

  32. local symbol_sender = 'FORGED_SENDER'

  33. 

  34. local E = {}

  35. 

  36. local function check_forged_headers(task)

  37.   local auser = task:get_user()

  38.   local delivered_to = task:get_header('Delivered-To')

  39.   local smtp_rcpts = task:get_recipients(1)

  40.   local smtp_from = task:get_from(1)

  41. 

  42.   if not smtp_rcpts then return end

  43.   if #smtp_rcpts == 0 then return end

  44. 

  45.   local mime_rcpts = task:get_recipients({ 'mime', 'orig'})

  46. 

  47.   if not mime_rcpts then

  48.     return

  49.   elseif #mime_rcpts == 0 then

  50.     return

  51.   end

  52. 

  53.   -- Find pair for each smtp recipient in To or Cc headers

  54.   if #smtp_rcpts > 100 or #mime_rcpts > 100 then

  55.     -- Trim array, suggested by Anton Yuzhaninov

  56.     smtp_rcpts[100] = nil

  57.     mime_rcpts[100] = nil

  58.   end

  59. 

  60.   -- map smtp recipient domains to a list of addresses for this domain

  61.   local smtp_rcpt_domain_map = {}

  62.   local smtp_rcpt_map = {}

  63.   for _, smtp_rcpt in ipairs(smtp_rcpts) do

  64.     local addr = smtp_rcpt.addr

  65. 

  66.     if addr and addr ~= '' then

  67.       local dom = string.lower(smtp_rcpt.domain)

  68.       addr = addr:lower()

  69. 

  70.       local dom_map = smtp_rcpt_domain_map[dom]

  71.       if not dom_map then

  72.         dom_map = {}

  73.         smtp_rcpt_domain_map[dom] = dom_map

  74.       end

  75. 

  76.       dom_map[addr] = smtp_rcpt

  77.       smtp_rcpt_map[addr] = smtp_rcpt

  78. 

  79.       if auser and auser == addr then

  80.         smtp_rcpt.matched = true

  81.       end

  82.       if ((smtp_from or E)[1] or E).addr and

  83.           smtp_from[1]['addr'] == addr then

  84.         -- allow sender to BCC themselves

  85.         smtp_rcpt.matched = true

  86.       end

  87.     end

  88.   end

  89. 

  90.   for _,mime_rcpt in ipairs(mime_rcpts) do

  91.     if mime_rcpt.addr and mime_rcpt.addr ~= '' then

  92.       local addr = string.lower(mime_rcpt.addr)

  93.       local dom =  string.lower(mime_rcpt.domain)

  94.       local matched_smtp_addr = smtp_rcpt_map[addr]

  95.       if matched_smtp_addr then

  96.         -- Direct match, go forward

  97.         matched_smtp_addr.matched = true

  98.         mime_rcpt.matched = true

  99.       elseif delivered_to and delivered_to == addr then

  100.         mime_rcpt.matched = true

  101.       elseif auser and auser == addr then

  102.         -- allow user to BCC themselves

  103.         mime_rcpt.matched = true

  104.       else

  105.         local matched_smtp_domain = smtp_rcpt_domain_map[dom]

  106. 

  107.         if matched_smtp_domain then

  108.           -- Same domain but another user, it is likely okay due to aliases substitution

  109.           mime_rcpt.matched = true

  110.           -- Special field

  111.           matched_smtp_domain._seen_mime_domain = true

  112.         end

  113.       end

  114.     end

  115.   end

  116. 

  117.   -- Now go through all lists one more time and find unmatched stuff

  118.   local opts = {}

  119.   local seen_mime_unmatched = false

  120.   local seen_smtp_unmatched = false

  121.   for _,mime_rcpt in ipairs(mime_rcpts) do

  122.     if not mime_rcpt.matched then

  123.       seen_mime_unmatched = true

  124.       table.insert(opts, 'm:' .. mime_rcpt.addr)

  125.     end

  126.   end

  127.   for _,smtp_rcpt in ipairs(smtp_rcpts) do

  128.     if not smtp_rcpt.matched then

  129.       if not smtp_rcpt_domain_map[smtp_rcpt.domain:lower()]._seen_mime_domain then

  130.         seen_smtp_unmatched = true

  131.         table.insert(opts, 's:' .. smtp_rcpt.addr)

  132.       end

  133.     end

  134.   end

  135. 

  136.   if seen_smtp_unmatched and seen_mime_unmatched then

  137.     task:insert_result(symbol_rcpt, 1.0, opts)

  138.   end

  139. 

  140.   -- Check sender

  141.   if smtp_from and smtp_from[1] and smtp_from[1]['addr'] ~= '' then

  142.     local mime_from = task:get_from(2)

  143.     if not mime_from or not mime_from[1] or

  144.       not (string.lower(mime_from[1]['addr']) == string.lower(smtp_from[1]['addr'])) then

  145.       task:insert_result(symbol_sender, 1, ((mime_from or E)[1] or E).addr or '', smtp_from[1].addr)

  146.     end

  147.   end

  148. end

  149. 

  150. -- Configuration

  151. local opts =  rspamd_config:get_all_opt('forged_recipients')

  152. if opts then

  153.   if opts['symbol_rcpt'] or opts['symbol_sender'] then

  154.     local id = rspamd_config:register_symbol({

  155.       name = 'FORGED_CALLBACK',

  156.       callback = check_forged_headers,

  157.       type = 'callback',

  158.       group = 'headers',

  159.       score = 0.0,

  160.     })

  161.     if opts['symbol_rcpt'] then

  162.       symbol_rcpt = opts['symbol_rcpt']

  163.       rspamd_config:register_symbol({

  164.         name = symbol_rcpt,

  165.         type = 'virtual',

  166.         parent = id,

  167.       })

  168.     end

  169.     if opts['symbol_sender'] then

  170.       symbol_sender = opts['symbol_sender']

  171.        rspamd_config:register_symbol({

  172.         name = symbol_sender,

  173.         type = 'virtual',

  174.         parent = id,

  175.       })

  176.     end

  177.   end

  178. end