mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14569 Commits
28 Branches
Tree: e6e72472ad
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e6e72472ad'
${ noResults }
rspamd/rules/forwarding.lua

forwarding.lua 4.8KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160 
  1. --[[

  2. Copyright (c) 2011-2016, Vsevolod Stakhov <vsevolod@highsecure.ru>

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. -- Rules to detect forwarding

  18. 

  19. local rspamd_util = require "rspamd_util"

  20. 

  21. rspamd_config.FWD_GOOGLE = {

  22.   callback = function (task)

  23.     if not (task:has_from(1) and task:has_recipients(1)) then

  24.       return false

  25.     end

  26.     local envfrom = task:get_from(1)

  27.     local envrcpts = task:get_recipients(1)

  28.     -- Forwarding will only be to a single recipient

  29.     if #envrcpts > 1 then return false end

  30.     -- Get recipient and compute VERP address

  31.     local rcpt = envrcpts[1].addr:lower()

  32.     local verp = rcpt:gsub('@','=')

  33.     -- Get the user portion of the envfrom

  34.     local ef_user = envfrom[1].user:lower()

  35.     -- Check for a match

  36.     if ef_user:find('+caf_=' .. verp, 1, true) then

  37.       local _,_,user = ef_user:find('^(.+)+caf_=')

  38.       if user then

  39.         user = user .. '@' .. envfrom[1].domain

  40.         return true, user

  41.       end

  42.     end

  43.     return false

  44.   end,

  45.   score = 0.0,

  46.   description = "Message was forwarded by Google",

  47.   group = "forwarding"

  48. }

  49. 

  50. rspamd_config.FWD_YANDEX = {

  51.   callback = function (task)

  52.     if not (task:has_from(1) and task:has_recipients(1)) then

  53.       return false

  54.     end

  55.     local hostname = task:get_hostname()

  56.     if hostname and hostname:lower():find('%.yandex%.[a-z]+$') then

  57.       if task:get_header_raw('X-Yandex-Forward') then

  58.         return true

  59.       end

  60.     end

  61.     return false

  62.   end,

  63.   score = 0.0,

  64.   description = "Message was forwarded by Yandex",

  65.   group = "forwarding"

  66. }

  67. 

  68. rspamd_config.FWD_MAILRU = {

  69.   callback = function (task)

  70.     if not (task:has_from(1) and task:has_recipients(1)) then

  71.       return false

  72.     end

  73.     local hostname = task:get_hostname()

  74.     if hostname and hostname:lower():find('%.mail%.ru$') then

  75.       if task:get_header_raw('X-MailRu-Forward') then

  76.         return true

  77.       end

  78.     end

  79.     return false

  80.   end,

  81.   score = 0.0,

  82.   description = "Message was forwarded by Mail.ru",

  83.   group = "forwarding"

  84. }

  85. 

  86. rspamd_config.FWD_SRS = {

  87.   callback = function (task)

  88.     if not (task:has_from(1) and task:has_recipients(1)) then

  89.       return false

  90.     end

  91.     local envfrom = task:get_from(1)

  92.     local envrcpts = task:get_recipients(1)

  93.     -- Forwarding is only to a single recipient

  94.     if #envrcpts > 1 then return false end

  95.     -- Get recipient and compute rewritten SRS address

  96.     local srs = '=' .. envrcpts[1].domain:lower() ..

  97.         '=' .. envrcpts[1].user:lower()

  98.     if envfrom[1].user:lower():find('^srs[01]=') and

  99.         envfrom[1].user:lower():find(srs, 1, false)

  100.     then

  101.       return true

  102.     end

  103.     return false

  104.   end,

  105.   score = 0.0,

  106.   description = "Message was forwarded using Sender Rewriting Scheme (SRS)",

  107.   group = "forwarding"

  108. }

  109. 

  110. rspamd_config.FORWARDED = {

  111.   callback = function (task)

  112.     local function normalize_addr(addr)

  113.       addr = string.match(addr, '^<?([^>]*)>?$') or addr

  114.       local cap, _,domain = string.match(addr, '^([^%+][^%+]*)(%+[^@]*)@(.*)$')

  115.       if cap then

  116.         addr = string.format('%s@%s', cap, domain)

  117.       end

  118. 

  119.       return addr

  120.     end

  121. 

  122.     if not task:has_recipients(1) then return false end

  123.     local envrcpts = task:get_recipients(1)

  124.     -- Forwarding will only be for single recipient messages

  125.     if #envrcpts > 1 then return false end

  126.     -- Get any other headers we might need

  127.     local lu = task:get_header('List-Unsubscribe')

  128.     local to = task:get_recipients(2)

  129.     local matches = 0

  130.     -- Retrieve and loop through all Received headers

  131.     local rcvds = task:get_received_headers()

  132. 

  133.     if rcvds then

  134.       for _, rcvd in ipairs(rcvds) do

  135.         local addr = rcvd['for']

  136.         if addr then

  137.           addr = normalize_addr(addr)

  138.           matches = matches + 1

  139.           -- Check that it doesn't match the envrcpt

  140.           if not rspamd_util.strequal_caseless(addr, envrcpts[1].addr) then

  141.             -- Check for mailing-lists as they will have the same signature

  142.             if matches < 2 and lu and to and rspamd_util.strequal_caseless(to[1].addr, addr) then

  143.               return false

  144.             else

  145.               return true, 1.0, addr

  146.             end

  147.           end

  148.           -- Prevent any other iterations as we only want

  149.           -- process the first matching Received header

  150.           return false

  151.         end

  152.       end

  153.     end

  154.     return false

  155.   end,

  156.   score = 0.0,

  157.   description = "Message was forwarded",

  158.   group = "forwarding"

  159. }