mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8222 Commits
29 Branches
Tree: b85e0176af
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b85e0176af'
${ noResults }
rspamd/utils/cgp_rspamd.pl

cgp_rspamd.pl 6.8KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297 
  1. #!/usr/bin/env perl

  2. 

  3. use warnings;

  4. use strict;

  5. use JSON::XS;

  6. use AnyEvent;

  7. use AnyEvent::HTTP;

  8. use AnyEvent::IO;

  9. use EV;

  10. use Pod::Usage;

  11. use Getopt::Long;

  12. use File::stat;

  13. 

  14. my $rspamd_host     = "localhost:11333";

  15. my $man             = 0;

  16. my $help            = 0;

  17. my $local           = 0;

  18. my $header          = "X-Spam: yes";

  19. my $max_size        = 10 * 1024 * 1024;          # 10 MB

  20. my $request_timeout = 15;                        # 15 seconds by default

  21. my $reject_message  = "Spam message rejected";

  22. 

  23. GetOptions(

  24.   "host=s"           => \$rspamd_host,

  25.   "header=s"         => \$header,

  26.   "reject-message=s" => \$reject_message,

  27.   "max-size=i"       => \$max_size,

  28.   "timeout=f"        => \$request_timeout,

  29.   "help|?"           => \$help,

  30.   "man"              => \$man

  31. ) or pod2usage(2);

  32. 

  33. pod2usage(1) if $help;

  34. pod2usage( -exitval => 0, -verbose => 2 ) if $man;

  35. 

  36. my $scanned = 0;

  37. 

  38. # Turn off bufferization as required by CGP

  39. $| = 1;

  40. 

  41. sub cgp_string {

  42.   my ($in) = @_;

  43. 

  44.   $in =~ s/\"/\\"/;

  45.   $in =~ s/\n/\\n/;

  46.   $in =~ s/\r/\\r/;

  47. 

  48.   return "\"$in\"";

  49. }

  50. 

  51. sub rspamd_scan {

  52.   my ( $tag, $file ) = @_;

  53. 

  54.   my $http_callback = sub {

  55.     my ( $body, $hdr ) = @_;

  56. 

  57.     if ( $hdr && $hdr->{Status} =~ /^2/ ) {

  58.       my $js = eval('decode_json($body)');

  59.       $scanned++;

  60. 

  61.       if ( !$js ) {

  62.         print "* Rspamd: Bad response for $file: invalid JSON: parse error\n";

  63.         print "$tag FAILURE\n";

  64.       }

  65.       else {

  66.         my $def = $js->{'default'};

  67. 

  68.         if ( !$def ) {

  69.           print

  70. "* Rspamd: Bad response for $file: invalid JSON: default is missing\n";

  71.           print "$tag FAILURE\n";

  72.         }

  73.         else {

  74.           my $action = $def->{'action'};

  75.           my $id     = $js->{'message-id'};

  76. 

  77.           my $symbols = "";

  78.           while ( my ( $k, $s ) = each( %{$def} ) ) {

  79.             if ( ref($s) eq "HASH" && $s->{'score'} ) {

  80.               $symbols .= sprintf "%s(%.2f);", $k, $s->{'score'};

  81.             }

  82.           }

  83. 

  84.           printf

  85. "* Rspamd: Scanned %s; id: <%s>; Score: %.2f / %.2f; Symbols: [%s]\n",

  86.             $file, $id, $def->{'score'}, $def->{'required_score'}, $symbols;

  87. 

  88.           if ( $action eq 'reject' ) {

  89.             print "$tag ERROR " . cgp_string($reject_message) . "\n";

  90.           }

  91.           elsif ( $action eq 'add header' || $action eq 'rewrite subject' ) {

  92.             print "$tag ADDHEADER " . cgp_string($header) . " OK\n";

  93.           }

  94.           elsif ( $action eq 'soft reject' ) {

  95.             print "$tag REJECT Try again later\n";

  96.           }

  97.           else {

  98.             print "$tag OK\n";

  99.           }

  100.         }

  101.       }

  102.     }

  103.     else {

  104.       if ($hdr) {

  105.         print

  106. "* Rspamd: Bad response for $file: HTTP error: $hdr->{Status} $hdr->{Reason}\n";

  107.       }

  108.       else {

  109.         print "* Rspamd: Bad response for $file: IO error: $!\n";

  110.       }

  111.       print "$tag FAILURE\n";

  112.     }

  113.   };

  114. 

  115.   if ($local) {

  116. 

  117.     # Use file scan

  118.     # XXX: not implemented now due to CGP queue format

  119.     http_get(

  120.       "http://$rspamd_host/symbols?file=$file",

  121.       timeout => $request_timeout,

  122.       $http_callback

  123.     );

  124.   }

  125.   else {

  126.     my $sb = stat($file);

  127. 

  128.     if ( !$sb || $sb->size > $max_size ) {

  129.       if ($sb) {

  130.         print "* File $file is too large: " . $sb->size . "\n$tag FAILURE\n";

  131. 

  132.       }

  133.       else {

  134.         print "* Cannot stat $file: $!\n$tag FAILURE\n";

  135.       }

  136.       return;

  137.     }

  138.     aio_load(

  139.       $file,

  140.       sub {

  141.         my ($data) = @_;

  142. 

  143.         if ( !$data ) {

  144.           print "* Cannot open $file: $!\n$tag FAILURE\n";

  145.           return;

  146.         }

  147. 

  148.         # Parse CGP format

  149.         $data =~ s/^((?:[^\n]*\n)*?)\n(.*)$/$2/ms;

  150.         my @envelope = split /\n/, $1;

  151.         chomp(@envelope);

  152.         my $from;

  153.         my @rcpts;

  154.         my $ip;

  155. 

  156.         foreach my $elt (@envelope) {

  157.           if ( $elt =~ /^P\s[^<]*(<[^>]*>).*$/ ) {

  158.             $from = $1;

  159.           }

  160.           elsif ( $elt =~ /^R\s[^<]*(<[^>]*>).*$/ ) {

  161.             push @rcpts, $1;

  162.           }

  163.           elsif ( $elt =~ /^S .*\[(.+)\]/ ) {

  164.             $ip = $1;

  165.           }

  166.         }

  167. 

  168.         my $headers = {};

  169.         if ( $file =~ /\/([^\/.]+)\.msg$/ ) {

  170.           $headers->{'Queue-ID'} = $1;

  171.         }

  172.         if ($from) {

  173.           $headers->{From} = $from;

  174.         }

  175.         if ( scalar(@rcpts) > 0 ) {

  176. 

  177.           # XXX: Anyevent cannot parse headers with multiple values

  178.           foreach (@rcpts) {

  179.             $headers->{Rcpt} = $_;

  180.           }

  181.         }

  182.         if ($ip) {

  183.           $headers->{IP} = $ip;

  184.         }

  185. 

  186.         http_post(

  187.           "http://$rspamd_host/symbols", $data,

  188.           timeout => $request_timeout,

  189.           headers => $headers,

  190.           $http_callback

  191.         );

  192.       }

  193.     );

  194.   }

  195. }

  196. 

  197. # Show informational message

  198. print "* Rspamd CGP filter has been started\n";

  199. 

  200. my $w = AnyEvent->io(

  201.   fh   => \*STDIN,

  202.   poll => 'r',

  203.   cb   => sub {

  204.     chomp( my $input = <STDIN> );

  205. 

  206.     if ( $input =~ /^(\d+)\s+(\S+)(\s+(\S+)\s*)?$/ ) {

  207.       my $tag = $1;

  208.       my $cmd = $2;

  209. 

  210.       if ( $cmd eq "INTF" ) {

  211.         print "$input\n";

  212.       }

  213.       elsif ( $cmd eq "FILE" && $4 ) {

  214.         my $file = $4;

  215.         print "* Scanning file $file\n";

  216.         rspamd_scan $tag, $file;

  217.       }

  218.       elsif ( $cmd eq "QUIT" ) {

  219.         print "* Terminating after scanning of $scanned files\n";

  220.         print "$tag OK\n";

  221.         exit 0;

  222.       }

  223.       else {

  224.         print "* Unknown command $cmd\n";

  225.         print "$tag FAILURE\n";

  226.       }

  227.     }

  228.   }

  229. );

  230. 

  231. EV::run;

  232. 

  233. __END__

  234. 

  235. =head1 NAME

  236. 

  237. cgp_rspamd - implements Rspamd filter for CommunigatePro MTA

  238. 

  239. =head1 SYNOPSIS

  240. 

  241. cgp_rspamd [options]

  242. 

  243.  Options:

  244.    --host=hostport        Rspamd host to connect (localhost:11333 by default)

  245.    --header               Add specific header for a spam message ("X-Spam: yes" by default)

  246.    --reject-message       Rejection message for spam mail ("Spam message rejected" by default)

  247.    --timeout              Timeout to read response from Rspamd (15 seconds by default)

  248.    --max-size             Maximum size of message to scan (10 megabytes by default)

  249.    --help                 brief help message

  250.    --man                  full documentation

  251. 

  252. =head1 OPTIONS

  253. 

  254. =over 8

  255. 

  256. =item B<--host>

  257. 

  258. Specifies Rspamd host to use for scanning

  259. 

  260. =item B<--header>

  261. 

  262. Specifies the header that should be added when Rspamd action is B<add header>

  263. or B<rewrite subject>.

  264. 

  265. =item B<--reject-message>

  266. 

  267. Specifies the rejection message for spam.

  268. 

  269. =item B<--timeout>

  270. 

  271. Sets timeout in seconds for waiting Rspamd reply for a message.

  272. 

  273. =item B<--max-size>

  274. 

  275. Define the maximum messages size to be processed by Rspamd in bytes.

  276. 

  277. =item B<--help>

  278. 

  279. Print a brief help message and exits.

  280. 

  281. =item B<--man>

  282. 

  283. Prints the manual page and exits.

  284. 

  285. =back

  286. 

  287. =head1 DESCRIPTION

  288. 

  289. B<cgp_rspamd> is intended to scan messages processed with B<CommunigatePro> MTA

  290. on some Rspamd scanner. It reads standard input and parses CGP helpers

  291. protocol.  On scan requests, this filter can query Rspamd to process a message.

  292. B<cgp_rspamd> can tell CGP to add header or reject SPAM messages depending on

  293. Rspamd scan result.

  294. 

  295. =back

  296. 

  297. =cut