diff options
| author | Alexey <AlexeySa@users.noreply.github.com> | 2014-05-21 11:11:28 -0700 |
|---|---|---|
| committer | Alexey <AlexeySa@users.noreply.github.com> | 2014-05-21 11:11:28 -0700 |
| commit | 232dd5ed740c636e4b3e717740be90493eea1e67 (patch) | |
| tree | 66da48d40ae89c24f38ec7e6b49f8bad205d5870 | |
| parent | 3ca562b763ec54c49fbbb15f71a4d82f85d4e26e (diff) | |
| parent | 7a9a2d423d459814e89303e589ca4089b9c0b1d6 (diff) | |
| download | rspamd-232dd5ed740c636e4b3e717740be90493eea1e67.tar.gz rspamd-232dd5ed740c636e4b3e717740be90493eea1e67.zip | |
Merge pull request #1 from vstakhov/master
compare
| -rw-r--r-- | conf/metrics.conf | 6 | ||||
| -rw-r--r-- | conf/modules.conf | 19 | ||||
| -rw-r--r-- | src/plugins/lua/ratelimit.lua | 18 | ||||
| -rw-r--r-- | src/plugins/lua/rbl.lua | 4 | ||||
| m--------- | src/ucl | 0 |
5 files changed, 40 insertions, 7 deletions
diff --git a/conf/metrics.conf b/conf/metrics.conf index 3d23fe606..ba6669ff4 100644 --- a/conf/metrics.conf +++ b/conf/metrics.conf @@ -322,6 +322,12 @@ metric { description = "One received header with 'bad' patterns inside"; name = "ONCE_RECEIVED_STRICT"; } + + symbol { name = "RCVD_IN_DNSWL"; weight = 0.0; description = "Sender listed at http://www.dnswl.org"; } + symbol { name = "RCVD_IN_DNSWL_LOW"; weight = -0.1; description = "Sender listed at http://www.dnswl.org, low trust"; } + symbol { name = "RCVD_IN_DNSWL_MED"; weight = -1.0; description = "Sender listed at http://www.dnswl.org, medium trust"; } + symbol { name = "RCVD_IN_DNSWL_HI"; weight = -5.0; description = "Sender listed at http://www.dnswl.org, high trust"; } + symbol { name = "RBL_SPAMHAUS"; weight = 0.0; description = "From address is listed in zen"; } symbol { name = "RBL_SPAMHAUS_SBL"; weight = 2.0; description = "From address is listed in zen sbl"; } symbol { name = "RBL_SPAMHAUS_CSS"; weight = 2.0; description = "From address is listed in zen css"; } diff --git a/conf/modules.conf b/conf/modules.conf index 4ad8fc88c..6cc0c7d15 100644 --- a/conf/modules.conf +++ b/conf/modules.conf @@ -83,8 +83,7 @@ surbl { } } rbl { - - rbls { + rbls { spamhaus { symbol = "RBL_SPAMHAUS"; @@ -145,6 +144,21 @@ rbl { RBL_SEM = "127.0.0.2"; } } + + dnswl { + symbol = "RCVD_IN_DNSWL"; + rbl = "list.dnswl.org"; + ipv4 = true; + ipv6 = false; + received = false; + unknown = true; + returncodes { + RCVD_IN_DNSWL_LOW = "127.0.%d+.1"; + RCVD_IN_DNSWL_MED = "127.0.%d+.2"; + RCVD_IN_DNSWL_HI = "127.0.%d+.3"; + } + } + } } @@ -195,6 +209,7 @@ ratelimit { limit = "to_ip_from:20:0.01666666667"; limit = "bounce_to:10:0.000555556"; limit = "bounce_to_ip:5:0.000277778"; + limit = "user:20:0.01666666667"; whitelisted_rcpts = "postmaster,mailer-daemon"; max_rcpt = 5; } diff --git a/src/plugins/lua/ratelimit.lua b/src/plugins/lua/ratelimit.lua index 4e6a7e353..fc838dd9a 100644 --- a/src/plugins/lua/ratelimit.lua +++ b/src/plugins/lua/ratelimit.lua @@ -14,10 +14,14 @@ local settings = { -- Limit for all bounce mail (burst 10, rate 2 per hour) bounce_to = {[1] = 10, [2] = 0.000555556, [3] = 4}, -- Limit for bounce mail per one source ip (burst 5, rate 1 per hour) - bounce_to_ip = {[1] = 5 , [2] = 0.000277778, [3] = 5} + bounce_to_ip = {[1] = 5 , [2] = 0.000277778, [3] = 5}, + + -- Limit for all mail per user (authuser) (burst 20, rate 1 per minute) + user = {[1] = 20, [2] = 0.01666666667, [3] = 6} + } -- Senders that are considered as bounce -local bounce_senders = {'postmaster', 'mailer-daemon', '', 'null', 'fetchmail-daemon'} +local bounce_senders = {'postmaster', 'mailer-daemon', '', 'null', 'fetchmail-daemon', 'mdaemon'} -- Do not check ratelimits for these senders local whitelisted_rcpts = {'postmaster', 'mailer-daemon'} local whitelisted_ip = nil @@ -61,7 +65,8 @@ local function check_specific_limit (task, limit, key) rspamd_redis.make_request(task, upstream:get_ip_string(), upstream:get_port(), rate_set_key_cb, 'SET %b %b', key, lstr) if bucket > limit[1] then - task:set_pre_result(rspamd_actions['soft reject'], 'Ratelimit exceeded') + rspamd_logger.info(string.format('[%s]:soft_reject - Ratelimit exceeded', key)) + task:set_pre_result(rspamd_actions['soft_reject'], 'Ratelimit exceeded') end else rspamd_redis.make_request(task, upstream:get_ip_string(), upstream:get_port(), rate_set_key_cb, @@ -186,6 +191,11 @@ local function rate_test_set(task, func) if from then from_user = get_local_part(from[1]['addr']) end + -- Get user (authuser) + local auser = task:get_user() + if auser then + func(task, settings['user'], make_rate_key (auser, '<auth>', nil)) + end if not from_user or not rcpts_user[1] then -- Nothing to check @@ -270,6 +280,8 @@ local function parse_limit(str) set_limit(settings['bounce_to'], params[2], params[3]) elseif params[1] == 'bounce_to_ip' then set_limit(settings['bounce_to_ip'], params[2], params[3]) + elseif params[1] == 'user' then + set_limit(settings['user'], params[2], params[3]) else rspamd_logger.err('invalid limit type: ' .. params[1]) end diff --git a/src/plugins/lua/rbl.lua b/src/plugins/lua/rbl.lua index bf043e19e..cef48f8b6 100644 --- a/src/plugins/lua/rbl.lua +++ b/src/plugins/lua/rbl.lua @@ -25,14 +25,14 @@ local function rbl_cb (task) local foundrc = false for s,i in pairs(thisrbl['returncodes']) do if type(i) == 'string' then - if i == ipstr then + if string.find(ipstr, "^" .. v .. "$") then foundrc = true task:insert_result(s, 1) break end elseif type(i) == 'table' then for _,v in pairs(i) do - if v == ipstr then + if string.find(ipstr, "^" .. v .. "$") then foundrc = true task:insert_result(s, 1) break diff --git a/src/ucl b/src/ucl -Subproject 0375252cb9ca2e0095ff49139170a2d35475779 +Subproject d84b73bb28b0bd762c3a5cd3183e6ba5e86b4a1 |