mirrors
/
rspamd
mirror da https://github.com/vstakhov/rspamd.git
Segui 1
Vota 0
Forka 0
Codice Problemi 0 Rilasci 159 Wiki Attività
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20380 Commit
28 Rami (Branch)
Albero (Tree): d16171495f
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da 'd16171495f'
${ noResults }
rspamd/src/plugins/lua/external_relay.lua

external_relay.lua 7.8KB
Originale Blame Cronologia

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285 
  1. --[[

  2. Copyright (c) 2022, Vsevolod Stakhov <vsevolod@rspamd.com>

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. --[[

  18. external_relay plugin - sets IP/hostname from Received headers

  19. ]]--

  20. 

  21. if confighelp then

  22.   return

  23. end

  24. 

  25. local lua_maps = require "lua_maps"

  26. local lua_util = require "lua_util"

  27. local rspamd_logger = require "rspamd_logger"

  28. local ts = require("tableshape").types

  29. 

  30. local E = {}

  31. local N = "external_relay"

  32. 

  33. local settings = {

  34.   rules = {},

  35. }

  36. 

  37. local config_schema = ts.shape{

  38.   enabled = ts.boolean:is_optional(),

  39.   rules = ts.map_of(

  40.     ts.string, ts.one_of{

  41.       ts.shape{

  42.         priority = ts.number:is_optional(),

  43.         strategy = 'authenticated',

  44.         symbol = ts.string:is_optional(),

  45.         user_map = lua_maps.map_schema:is_optional(),

  46.       },

  47.       ts.shape{

  48.         count = ts.number,

  49.         priority = ts.number:is_optional(),

  50.         strategy = 'count',

  51.         symbol = ts.string:is_optional(),

  52.       },

  53.       ts.shape{

  54.         priority = ts.number:is_optional(),

  55.         strategy = 'local',

  56.         symbol = ts.string:is_optional(),

  57.       },

  58.       ts.shape{

  59.         hostname_map = lua_maps.map_schema,

  60.         priority = ts.number:is_optional(),

  61.         strategy = 'hostname_map',

  62.         symbol = ts.string:is_optional(),

  63.       },

  64.       ts.shape{

  65.         ip_map = lua_maps.map_schema,

  66.         priority = ts.number:is_optional(),

  67.         strategy = 'ip_map',

  68.         symbol = ts.string:is_optional(),

  69.       },

  70.     }

  71.   ),

  72. }

  73. 

  74. local function set_from_rcvd(task, rcvd)

  75.   local rcvd_ip = rcvd.real_ip

  76.   if not (rcvd_ip and rcvd_ip:is_valid()) then

  77.     rspamd_logger.errx(task, 'no IP in header: %s', rcvd)

  78.     return

  79.   end

  80.   task:set_from_ip(rcvd_ip)

  81.   if rcvd.from_hostname then

  82.     task:set_hostname(rcvd.from_hostname)

  83.     task:set_helo(rcvd.from_hostname) -- use fake value for HELO

  84.   else

  85.     rspamd_logger.warnx(task, "couldn't get hostname from headers")

  86.     local ipstr = string.format('[%s]', rcvd_ip)

  87.     task:set_hostname(ipstr) -- returns nil from task:get_hostname()

  88.     task:set_helo(ipstr)

  89.   end

  90.   return true

  91. end

  92. 

  93. local strategies = {}

  94. 

  95. strategies.authenticated = function(rule)

  96.   local user_map

  97.   if rule.user_map then

  98.     user_map = lua_maps.map_add_from_ucl(rule.user_map, 'set', 'external relay usernames')

  99.     if not user_map then

  100.       rspamd_logger.errx(rspamd_config, "couldn't add map %s; won't register symbol %s",

  101.           rule.user_map, rule.symbol)

  102.       return

  103.     end

  104.   end

  105. 

  106.   return function(task)

  107.     local user = task:get_user()

  108.     if not user then

  109.       lua_util.debugm(N, task, 'sender is unauthenticated')

  110.       return

  111.     end

  112.     if user_map then

  113.       if not user_map:get_key(user) then

  114.         lua_util.debugm(N, task, 'sender (%s) is not in user_map', user)

  115.         return

  116.       end

  117.     end

  118. 

  119.     local rcvd_hdrs = task:get_received_headers()

  120.     -- Try find end of authentication chain

  121.     for _, rcvd in ipairs(rcvd_hdrs) do

  122.       if not rcvd.flags.authenticated then

  123.         -- Found unauthenticated hop, use this header

  124.         return set_from_rcvd(task, rcvd)

  125.       end

  126.     end

  127. 

  128.     rspamd_logger.errx(task, 'found nothing useful in Received headers')

  129.   end

  130. end

  131. 

  132. strategies.count = function(rule)

  133.   return function(task)

  134.     local rcvd_hdrs = task:get_received_headers()

  135.     -- Reduce count by 1 if artificial header is present

  136.     local hdr_count

  137.     if ((rcvd_hdrs[1] or E).flags or E).artificial then

  138.       hdr_count = rule.count - 1

  139.     else

  140.       hdr_count = rule.count

  141.     end

  142. 

  143.     local rcvd = rcvd_hdrs[hdr_count]

  144.     if not rcvd then

  145.       rspamd_logger.errx(task, 'found no received header #%s', hdr_count)

  146.       return

  147.     end

  148. 

  149.     return set_from_rcvd(task, rcvd)

  150.   end

  151. end

  152. 

  153. strategies.hostname_map = function(rule)

  154.   local hostname_map = lua_maps.map_add_from_ucl(rule.hostname_map, 'map', 'external relay hostnames')

  155.   if not hostname_map then

  156.     rspamd_logger.errx(rspamd_config, "couldn't add map %s; won't register symbol %s",

  157.         rule.hostname_map, rule.symbol)

  158.     return

  159.   end

  160. 

  161.   return function(task)

  162.     local from_hn = task:get_hostname()

  163.     if not from_hn then

  164.       lua_util.debugm(N, task, 'sending hostname is missing')

  165.       return

  166.     end

  167. 

  168.     if not hostname_map:get_key(from_hn) then

  169.       lua_util.debugm(N, task, 'sender\'s hostname (%s) is not a relay', from_hn)

  170.       return

  171.     end

  172. 

  173.     local rcvd_hdrs = task:get_received_headers()

  174.     -- Try find sending hostname in Received headers

  175.     for _, rcvd in ipairs(rcvd_hdrs) do

  176.       if rcvd.by_hostname == from_hn and rcvd.real_ip then

  177.         if not hostname_map:get_key(rcvd.from_hostname) then

  178.           -- Remote hostname is not another relay, use this header

  179.           return set_from_rcvd(task, rcvd)

  180.         else

  181.           -- Keep checking with new hostname

  182.           from_hn = rcvd.from_hostname

  183.         end

  184.       end

  185.     end

  186. 

  187.     rspamd_logger.errx(task, 'found nothing useful in Received headers')

  188.   end

  189. end

  190. 

  191. strategies.ip_map = function(rule)

  192.   local ip_map = lua_maps.map_add_from_ucl(rule.ip_map, 'radix', 'external relay IPs')

  193.   if not ip_map then

  194.     rspamd_logger.errx(rspamd_config, "couldn't add map %s; won't register symbol %s",

  195.         rule.ip_map, rule.symbol)

  196.     return

  197.   end

  198. 

  199.   return function(task)

  200.     local from_ip = task:get_from_ip()

  201.     if not (from_ip and from_ip:is_valid()) then

  202.       lua_util.debugm(N, task, 'sender\'s IP is missing')

  203.       return

  204.     end

  205. 

  206.     if not ip_map:get_key(from_ip) then

  207.       lua_util.debugm(N, task, 'sender\'s ip (%s) is not a relay', from_ip)

  208.       return

  209.     end

  210. 

  211.     local rcvd_hdrs = task:get_received_headers()

  212.     local num_rcvd = #rcvd_hdrs

  213.     -- Try find sending IP in Received headers

  214.     for i, rcvd in ipairs(rcvd_hdrs) do

  215.       if rcvd.real_ip then

  216.         local rcvd_ip = rcvd.real_ip

  217.         if rcvd_ip:is_valid() and (not ip_map:get_key(rcvd_ip) or i == num_rcvd) then

  218.           return set_from_rcvd(task, rcvd)

  219.         end

  220.       end

  221.     end

  222. 

  223.     rspamd_logger.errx(task, 'found nothing useful in Received headers')

  224.   end

  225. end

  226. 

  227. strategies['local'] = function(rule)

  228.   return function(task)

  229.     local from_ip = task:get_from_ip()

  230.     if not from_ip then

  231.       lua_util.debugm(N, task, 'sending IP is missing')

  232.       return

  233.     end

  234. 

  235.     if not from_ip:is_local() then

  236.       lua_util.debugm(N, task, 'sending IP (%s) is non-local', from_ip)

  237.       return

  238.     end

  239. 

  240.     local rcvd_hdrs = task:get_received_headers()

  241.     local num_rcvd = #rcvd_hdrs

  242.     -- Try find first non-local IP in Received headers

  243.     for i, rcvd in ipairs(rcvd_hdrs) do

  244.       if rcvd.real_ip then

  245.         local rcvd_ip = rcvd.real_ip

  246.         if rcvd_ip and rcvd_ip:is_valid() and (not rcvd_ip:is_local() or i == num_rcvd) then

  247.           return set_from_rcvd(task, rcvd)

  248.         end

  249.       end

  250.     end

  251. 

  252.     rspamd_logger.errx(task, 'found nothing useful in Received headers')

  253.   end

  254. end

  255. 

  256. local opts = rspamd_config:get_all_opt(N)

  257. if opts then

  258.   settings = lua_util.override_defaults(settings, opts)

  259. 

  260.   local ok, schema_err = config_schema:transform(settings)

  261.   if not ok then

  262.     rspamd_logger.errx(rspamd_config, 'config schema error: %s', schema_err)

  263.     lua_util.disable_module(N, "config")

  264.     return

  265.   end

  266. 

  267.   for k, rule in pairs(settings.rules) do

  268. 

  269.     if not rule.symbol then

  270.       rule.symbol = k

  271.     end

  272. 

  273.     local cb = strategies[rule.strategy](rule)

  274. 

  275.     if cb then

  276.       rspamd_config:register_symbol({

  277.         name = rule.symbol,

  278.         type = 'prefilter',

  279.         priority = rule.priority or lua_util.symbols_priorities.top + 1,

  280.         group = N,

  281.         callback = cb,

  282.       })

  283.     end

  284.   end

  285. end