diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-08-28 08:33:17 +0100 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-08-28 08:33:17 +0100 |
commit | 00547ef4b06e2873c2cd3d955c199f302e86d06d (patch) | |
tree | cc844281a2ec4295bcffb28e32223196a2e188e2 | |
parent | 740a249ac32ba14ffec5f80f976120e3dd31bb4d (diff) | |
download | rspamd-00547ef4b06e2873c2cd3d955c199f302e86d06d.tar.gz rspamd-00547ef4b06e2873c2cd3d955c199f302e86d06d.zip |
[Minor] Rbl: More fixes
-rw-r--r-- | src/plugins/lua/rbl.lua | 157 |
1 files changed, 86 insertions, 71 deletions
diff --git a/src/plugins/lua/rbl.lua b/src/plugins/lua/rbl.lua index b03bcaf6d..3b612be40 100644 --- a/src/plugins/lua/rbl.lua +++ b/src/plugins/lua/rbl.lua @@ -335,7 +335,7 @@ local function gen_rbl_callback(rule) forced = forced, n = to_resolve, orig = orign, - is_ip = resolve_ip, + resolve_ip = resolve_ip, what = what, } requests_table[req] = nreq @@ -394,7 +394,6 @@ local function gen_rbl_callback(rule) local function check_dkim(task, requests_table, whitelist) local das = task:get_symbol('DKIM_TRACE') local mime_from_domain - local ret = false if das and das[1] and das[1].options then @@ -423,24 +422,21 @@ local function gen_rbl_callback(rule) if mime_from_domain and mime_from_domain == domain_tld then add_dns_request(task, domain_tld, true, false, requests_table, 'dkim', whitelist) - ret = true end else if rule.dkim_domainonly then add_dns_request(task, rspamd_util.get_tld(domain), false, false, requests_table, 'dkim', whitelist) - ret = true else add_dns_request(task, domain, false, false, requests_table, 'dkim', whitelist) - ret = true end end end end end - return ret + return true end local function check_emails(task, requests_table, whitelist) @@ -458,9 +454,6 @@ local function gen_rbl_callback(rule) end local emails = lua_util.extract_specific_urls(ex_params) - if not emails or #emails == 0 then - return false - end for _,email in ipairs(emails) do if rule.emails_domainonly then @@ -496,9 +489,6 @@ local function gen_rbl_callback(rule) } local urls = lua_util.extract_specific_urls(ex_params) - if not urls or #urls == 0 then - return false - end for _,u in ipairs(urls) do add_dns_request(task, u:get_tld(), false, @@ -564,54 +554,69 @@ local function gen_rbl_callback(rule) 'sel' .. rule.selector_id, whitelist) end end + + return true end -- Create function pipeline depending on rbl settings local pipeline = { is_alive, -- generic for all } + local description = { + 'alive', + } if rule.exclude_users then pipeline[#pipeline + 1] = check_user + description[#description + 1] = 'user' end if rule.exclude_local or rule.exclude_private_ips then pipeline[#pipeline + 1] = check_local + description[#description + 1] = 'local' end if rule.helo then pipeline[#pipeline + 1] = check_helo + description[#description + 1] = 'helo' end if rule.dkim then pipeline[#pipeline + 1] = check_dkim + description[#description + 1] = 'dkim' end if rule.emails then pipeline[#pipeline + 1] = check_emails + description[#description + 1] = 'emails' end if rule.urls then pipeline[#pipeline + 1] = check_urls + description[#description + 1] = 'urls' end if rule.from then pipeline[#pipeline + 1] = check_from + description[#description + 1] = 'ip' end if rule.received then pipeline[#pipeline + 1] = check_received + description[#description + 1] = 'received' end if rule.rdns then pipeline[#pipeline + 1] = check_rdns + description[#description + 1] = 'rdns' end if rule.selector then pipeline[#pipeline + 1] = check_selector + description[#description + 1] = 'selector' end - return function(task) + local callback_f = function(task) -- DNS requests to issue (might be hashed afterwards) local dns_req = {} local whitelist = task:cache_get('rbl_whitelisted') or {} @@ -623,11 +628,11 @@ local function gen_rbl_callback(rule) end -- Execute functions pipeline - for _,f in ipairs(pipeline) do + for i,f in ipairs(pipeline) do if not f(task, dns_req, whitelist) then lua_util.debugm(N, task, - "skip rbl check: %s; pipeline condition returned false", - rule.symbol) + "skip rbl check: %s; pipeline condition %s returned false", + rule.symbol, i) return end end @@ -714,6 +719,8 @@ local function gen_rbl_callback(rule) end end end + + return callback_f,string.format('checks: %s', table.concat(description, ',')) end local function add_rbl(key, rbl) @@ -778,79 +785,87 @@ local function add_rbl(key, rbl) 'RBL whitelist for ' .. rbl.symbol) end - local id = rspamd_config:register_symbol{ - type = 'callback', - callback = gen_rbl_callback(rbl), - name = rbl.symbol, - flags = table.concat(flags_tbl, ',') - } + local callback,description = gen_rbl_callback(rbl) - if rbl.dkim then - rspamd_config:register_dependency(rbl.symbol, 'DKIM_CHECK') - end + if callback then + local id = rspamd_config:register_symbol{ + type = 'callback', + callback = callback, + name = rbl.symbol, + flags = table.concat(flags_tbl, ',') + } - -- Failure symbol - rspamd_config:register_symbol{ - type = 'virtual,nostat', - name = rbl.symbol .. '_FAIL', - parent = id, - score = 0.0, - } + rspamd_logger.infox(rspamd_config, 'added rbl rule %s: %s', + rbl.symbol, description) + + if rbl.dkim then + rspamd_config:register_dependency(rbl.symbol, 'DKIM_CHECK') + end - local function process_return_code(s) - rspamd_config:register_symbol({ - name = s, + -- Failure symbol + rspamd_config:register_symbol{ + type = 'virtual,nostat', + name = rbl.symbol .. '_FAIL', parent = id, - type = 'virtual' - }) - - if rbl.is_whitelist then - if rbl.whitelist_exception then - local found_exception = false - for _, e in ipairs(rbl.whitelist_exception) do - if e == s then - found_exception = true - break + score = 0.0, + } + + local function process_return_code(s) + rspamd_config:register_symbol({ + name = s, + parent = id, + type = 'virtual' + }) + + if rbl.is_whitelist then + if rbl.whitelist_exception then + local found_exception = false + for _, e in ipairs(rbl.whitelist_exception) do + if e == s then + found_exception = true + break + end end - end - if not found_exception then + if not found_exception then + table.insert(white_symbols, s) + end + else table.insert(white_symbols, s) end else - table.insert(white_symbols, s) - end - else - if rbl.ignore_whitelist == false then - table.insert(black_symbols, s) + if rbl.ignore_whitelist == false then + table.insert(black_symbols, s) + end end end - end - if rbl.returncodes then - for s,_ in pairs(rbl.returncodes) do - process_return_code(s) + if rbl.returncodes then + for s,_ in pairs(rbl.returncodes) do + process_return_code(s) + end end - end - if rbl.returnbits then - for s,_ in pairs(rbl.returnbits) do - process_return_code(s) + if rbl.returnbits then + for s,_ in pairs(rbl.returnbits) do + process_return_code(s) + end end - end - if not rbl.is_whitelist and rbl.ignore_whitelist == false then - table.insert(black_symbols, rbl.symbol) - end - -- Process monitored - if not rbl.disable_monitoring then - if not monitored_addresses[rbl.rbl] then - monitored_addresses[rbl.rbl] = true - rbl.monitored = rspamd_config:register_monitored(rbl.rbl, 'dns', - get_monitored(rbl)) + if not rbl.is_whitelist and rbl.ignore_whitelist == false then + table.insert(black_symbols, rbl.symbol) end + -- Process monitored + if not rbl.disable_monitoring then + if not monitored_addresses[rbl.rbl] then + monitored_addresses[rbl.rbl] = true + rbl.monitored = rspamd_config:register_monitored(rbl.rbl, 'dns', + get_monitored(rbl)) + end + end + return true end - return true + return false end -- Configuration |