mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19581 Commits
29 Branches
Tree: f7c44dea2e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f7c44dea2e'
${ noResults }
rspamd/src/plugins/lua/clustering.lua

clustering.lua 9.0KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310 
  1. --[[

  2. Copyright (c) 2018, Vsevolod Stakhov

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. if confighelp then

  18.   return

  19. end

  20. 

  21. -- Plugin for finding patterns in email flows

  22. 

  23. local N = 'clustering'

  24. 

  25. local rspamd_logger = require "rspamd_logger"

  26. local lua_util = require "lua_util"

  27. local lua_verdict = require "lua_verdict"

  28. local lua_redis = require "lua_redis"

  29. local lua_selectors = require "lua_selectors"

  30. local ts = require("tableshape").types

  31. 

  32. local redis_params

  33. 

  34. local rules = {} -- Rules placement

  35. 

  36. local default_rule = {

  37.   max_elts = 100, -- Maximum elements in a cluster

  38.   expire = 3600, -- Expire for a bucket when limit is not reached

  39.   expire_overflow = 36000, -- Expire for a bucket when limit is reached

  40.   spam_mult = 1.0, -- Increase on spam hit

  41.   junk_mult = 0.5, -- Increase on junk

  42.   ham_mult = -0.1, -- Increase on ham

  43.   size_mult = 0.01, -- Reaches 1.0 on `max_elts`

  44.   score_mult = 0.1,

  45. }

  46. 

  47. local rule_schema = ts.shape{

  48.   max_elts = ts.number + ts.string / tonumber,

  49.   expire = ts.number + ts.string / lua_util.parse_time_interval,

  50.   expire_overflow = ts.number + ts.string / lua_util.parse_time_interval,

  51.   spam_mult = ts.number,

  52.   junk_mult = ts.number,

  53.   ham_mult = ts.number,

  54.   size_mult = ts.number,

  55.   score_mult = ts.number,

  56.   source_selector = ts.string,

  57.   cluster_selector = ts.string,

  58.   symbol = ts.string:is_optional(),

  59.   prefix = ts.string:is_optional(),

  60. }

  61. 

  62. -- Redis scripts

  63. 

  64. -- Queries for a cluster's data

  65. -- Arguments:

  66. -- 1. Source selector (string)

  67. -- 2. Cluster selector (string)

  68. -- Returns: {cur_elts, total_score, element_score}

  69. local query_cluster_script = [[

  70. local sz = redis.call('HLEN', KEYS[1])

  71. 

  72. if not sz or not tonumber(sz) then

  73.   -- New bucket, will update on idempotent phase

  74.   return {0, '0', '0'}

  75. end

  76. 

  77. local total_score = redis.call('HGET', KEYS[1], '__s')

  78. total_score = tonumber(total_score) or 0

  79. local score = redis.call('HGET', KEYS[1], KEYS[2])

  80. if not score or not tonumber(score) then

  81.   return {sz, tostring(total_score), '0'}

  82. end

  83. return {sz, tostring(total_score), tostring(score)}

  84. ]]

  85. local query_cluster_id

  86. 

  87. -- Updates cluster's data

  88. -- Arguments:

  89. -- 1. Source selector (string)

  90. -- 2. Cluster selector (string)

  91. -- 3. Score (number)

  92. -- 4. Max buckets (number)

  93. -- 5. Expire (number)

  94. -- 6. Expire overflow (number)

  95. -- Returns: nothing

  96. local update_cluster_script = [[

  97. local sz = redis.call('HLEN', KEYS[1])

  98. 

  99. if not sz or not tonumber(sz) then

  100.   -- Create bucket

  101.   redis.call('HSET', KEYS[1], KEYS[2], math.abs(KEYS[3]))

  102.   redis.call('HSET', KEYS[1], '__s', KEYS[3])

  103.   redis.call('EXPIRE', KEYS[1], KEYS[5])

  104. 

  105.   return

  106. end

  107. 

  108. sz = tonumber(sz)

  109. local lim = tonumber(KEYS[4])

  110. 

  111. if sz > lim then

  112. 

  113.   if k then

  114.     -- Existing key

  115.     redis.call('HINCRBYFLOAT', KEYS[1], KEYS[2], math.abs(KEYS[3]))

  116.   end

  117. else

  118.   redis.call('HINCRBYFLOAT', KEYS[1], KEYS[2], math.abs(KEYS[3]))

  119.   redis.call('EXPIRE', KEYS[1], KEYS[6])

  120. end

  121. 

  122. redis.call('HINCRBYFLOAT', KEYS[1], '__s', KEYS[3])

  123. redis.call('EXPIRE', KEYS[1], KEYS[5])

  124. ]]

  125. local update_cluster_id

  126. 

  127. -- Callbacks and logic

  128. 

  129. local function clusterting_filter_cb(task, rule)

  130.   local source_selector = rule.source_selector(task)

  131.   local cluster_selector

  132. 

  133.   if source_selector then

  134.     cluster_selector = rule.cluster_selector(task)

  135.   end

  136. 

  137.   if not cluster_selector or not source_selector then

  138.     rspamd_logger.debugm(N, task, 'skip rule %s, selectors: source="%s", cluster="%s"',

  139.         rule.name, source_selector, cluster_selector)

  140.     return

  141.   end

  142. 

  143.   local function combine_scores(cur_elts, total_score, element_score)

  144.     local final_score

  145. 

  146.     local size_score = cur_elts * rule.size_mult

  147.     local cluster_score = total_score * rule.score_mult

  148. 

  149.     if element_score > 0 then

  150.       -- We have seen this element mostly in junk/spam

  151.       final_score = math.min(1.0, size_score + cluster_score)

  152.     else

  153.       -- We have seen this element in ham mostly, so subtract average it from the size score

  154.       final_score = math.min(1.0, size_score - cluster_score / cur_elts)

  155.     end

  156.     rspamd_logger.debugm(N, task,

  157.         'processed rule %s, selectors: source="%s", cluster="%s"; data: %s elts, %s score, %s elt score',

  158.         rule.name, source_selector, cluster_selector, cur_elts, total_score, element_score)

  159.     if final_score > 0.1 then

  160.       task:insert_result(rule.symbol, final_score, {source_selector,

  161.                                                     tostring(size_score),

  162.                                                     tostring(cluster_score)})

  163.     end

  164.   end

  165. 

  166.   local function redis_get_cb(err, data)

  167.     if data then

  168.       if type(data) == 'table' then

  169.         combine_scores(tonumber(data[1]), tonumber(data[2]), tonumber(data[3]))

  170.       else

  171.         rspamd_logger.errx(task, 'invalid type while getting clustering keys %s: %s',

  172.             source_selector, type(data))

  173.       end

  174. 

  175.     elseif err then

  176.       rspamd_logger.errx(task, 'got error while getting clustering keys %s: %s',

  177.           source_selector, err)

  178.     else

  179.       rspamd_logger.errx(task, 'got error while getting clustering keys %s: %s',

  180.           source_selector, "unknown error")

  181.     end

  182.   end

  183. 

  184.   lua_redis.exec_redis_script(query_cluster_id,

  185.       {task = task, is_write = false, key = source_selector},

  186.       redis_get_cb,

  187.       {source_selector, cluster_selector})

  188. end

  189. 

  190. local function clusterting_idempotent_cb(task, rule)

  191.   if task:has_flag('skip') then return end

  192.   if not rule.allow_local and lua_util.is_rspamc_or_controller(task) then return end

  193. 

  194.   local verdict = lua_verdict.get_specific_verdict(N, task)

  195.   local score

  196. 

  197.   if verdict == 'ham' then

  198.     score = rule.ham_mult

  199.   elseif verdict == 'spam' then

  200.     score = rule.spam_mult

  201.   elseif verdict == 'junk' then

  202.     score = rule.junk_mult

  203.   else

  204.     rspamd_logger.debugm(N, task, 'skip rule %s, verdict=%s',

  205.         rule.name, verdict)

  206.     return

  207.   end

  208. 

  209.   local source_selector = rule.source_selector(task)

  210.   local cluster_selector

  211. 

  212.   if source_selector then

  213.     cluster_selector = rule.cluster_selector(task)

  214.   end

  215. 

  216.   if not cluster_selector or not source_selector then

  217.     rspamd_logger.debugm(N, task, 'skip rule %s, selectors: source="%s", cluster="%s"',

  218.         rule.name, source_selector, cluster_selector)

  219.     return

  220.   end

  221. 

  222.   local function redis_set_cb(err, data)

  223.     if err then

  224.       rspamd_logger.errx(task, 'got error while getting clustering keys %s: %s',

  225.           source_selector, err)

  226.     else

  227.       rspamd_logger.debugm(N, task, 'set clustering key for %s: %s{%s} = %s',

  228.           source_selector, "unknown error")

  229.     end

  230.   end

  231. 

  232.   lua_redis.exec_redis_script(update_cluster_id,

  233.       {task = task, is_write = true, key = source_selector},

  234.       redis_set_cb,

  235.       {

  236.         source_selector,

  237.         cluster_selector,

  238.         tostring(score),

  239.         tostring(rule.max_elts),

  240.         tostring(rule.expire),

  241.         tostring(rule.expire_overflow)

  242.       }

  243.   )

  244. end

  245. -- Init part

  246. redis_params = lua_redis.parse_redis_server('clustering')

  247. local opts = rspamd_config:get_all_opt("clustering")

  248. 

  249. -- Initialization part

  250. if not (opts and type(opts) == 'table') then

  251.   lua_util.disable_module(N, "config")

  252.   return

  253. end

  254. 

  255. if not redis_params then

  256.   lua_util.disable_module(N, "redis")

  257.   return

  258. end

  259. 

  260. if opts['rules'] then

  261.   for k,v in pairs(opts['rules']) do

  262.     local raw_rule = lua_util.override_defaults(default_rule, v)

  263. 

  264.     local rule,err = rule_schema:transform(raw_rule)

  265. 

  266.     if not rule then

  267.       rspamd_logger.errx(rspamd_config, 'invalid clustering rule %s: %s',

  268.           k, err)

  269.     else

  270. 

  271.       if not rule.symbol then rule.symbol = k end

  272.       if not rule.prefix then rule.prefix = k .. "_" end

  273. 

  274.       rule.source_selector = lua_selectors.create_selector_closure(rspamd_config,

  275.           rule.source_selector, '')

  276.       rule.cluster_selector =  lua_selectors.create_selector_closure(rspamd_config,

  277.           rule.cluster_selector, '')

  278.       if rule.source_selector and rule.cluster_selector then

  279.         rule.name = k

  280.         table.insert(rules, rule)

  281.       end

  282.     end

  283.   end

  284. 

  285.   if #rules > 0 then

  286. 

  287.     query_cluster_id = lua_redis.add_redis_script(query_cluster_script, redis_params)

  288.     update_cluster_id = lua_redis.add_redis_script(update_cluster_script, redis_params)

  289.     local function callback_gen(f, rule)

  290.       return function(task) return f(task, rule) end

  291.     end

  292. 

  293.     for _,rule in ipairs(rules) do

  294.       rspamd_config:register_symbol{

  295.         name = rule.symbol,

  296.         type = 'normal',

  297.         callback = callback_gen(clusterting_filter_cb, rule),

  298.       }

  299.       rspamd_config:register_symbol{

  300.         name = rule.symbol .. '_STORE',

  301.         type = 'idempotent',

  302.         callback = callback_gen(clusterting_idempotent_cb, rule),

  303.       }

  304.     end

  305.   else

  306.     lua_util.disable_module(N, "config")

  307.   end

  308. else

  309.   lua_util.disable_module(N, "config")

  310. end