summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2017-06-05 14:54:43 +0100
committerVsevolod Stakhov <vsevolod@highsecure.ru>2017-06-05 14:54:43 +0100
commit2ba967dda3650992aaf2c57eb48a64ad0601b439 (patch)
treeb86a7fda5ab1548f0c9754bcaf370674565d781e
parenta7b93b3828a859f09b35fcec29a2553e73b41942 (diff)
downloadrspamd-2ba967dda3650992aaf2c57eb48a64ad0601b439.tar.gz
rspamd-2ba967dda3650992aaf2c57eb48a64ad0601b439.zip
[Feature] Fix surbl monitored for IP lists, add `monitored_domain` option
-rw-r--r--src/plugins/surbl.c108
-rw-r--r--src/plugins/surbl.h4
2 files changed, 51 insertions, 61 deletions
diff --git a/src/plugins/surbl.c b/src/plugins/surbl.c
index 426ff996e..9fef4d128 100644
--- a/src/plugins/surbl.c
+++ b/src/plugins/surbl.c
@@ -65,6 +65,7 @@
static struct surbl_ctx *surbl_module_ctx = NULL;
static const guint64 rspamd_surbl_cb_magic = 0xe09b8536f80de0d1ULL;
+static const gchar *rspamd_surbl_default_monitored = "facebook.com";
static void surbl_test_url (struct rspamd_task *task, void *user_data);
static void surbl_test_redirector (struct rspamd_task *task, void *user_data);
@@ -494,25 +495,25 @@ register_bit_symbols (struct rspamd_config *cfg, struct suffix_item *suffix,
}
static gint
-surbl_module_parse_rule (const ucl_object_t* value, struct rspamd_config* cfg,
- ucl_object_t* monitored_opts)
+surbl_module_parse_rule (const ucl_object_t* value, struct rspamd_config* cfg)
{
const ucl_object_t* cur_rule;
const ucl_object_t* cur;
gint cb_id;
gint nrules = 0;
struct suffix_item* new_suffix;
- const gchar* ip_val;
+ const gchar* ip_val, *monitored_domain = NULL;
struct surbl_bit_item* new_bit;
- ucl_object_t *ropts = monitored_opts;
+ ucl_object_t *ropts;
LL_FOREACH(value, cur_rule) {
cur = ucl_object_lookup (cur_rule, "enabled");
if (cur != NULL && cur->type == UCL_BOOLEAN) {
- if (!ucl_object_toboolean(cur)) {
+ if (!ucl_object_toboolean (cur)) {
continue;
}
}
+
cur = ucl_object_lookup (cur_rule, "suffix");
if (cur == NULL) {
msg_err_config("surbl rule must have explicit symbol "
@@ -521,13 +522,13 @@ surbl_module_parse_rule (const ucl_object_t* value, struct rspamd_config* cfg,
}
new_suffix = rspamd_mempool_alloc0 (surbl_module_ctx->surbl_pool,
- sizeof(struct suffix_item));
+ sizeof (struct suffix_item));
new_suffix->magic = rspamd_surbl_cb_magic;
new_suffix->suffix = rspamd_mempool_strdup (
surbl_module_ctx->surbl_pool, ucl_obj_tostring (cur));
new_suffix->options = 0;
new_suffix->bits = g_array_new (FALSE, FALSE,
- sizeof(struct surbl_bit_item));
+ sizeof (struct surbl_bit_item));
rspamd_mempool_add_destructor (surbl_module_ctx->surbl_pool,
(rspamd_mempool_destruct_t )rspamd_array_free_hard,
new_suffix->bits);
@@ -554,37 +555,50 @@ surbl_module_parse_rule (const ucl_object_t* value, struct rspamd_config* cfg,
cur = ucl_object_lookup (cur_rule, "options");
if (cur != NULL && cur->type == UCL_STRING) {
- if (strstr(ucl_obj_tostring(cur), "noip") != NULL) {
+ if (strstr(ucl_obj_tostring (cur), "noip") != NULL) {
new_suffix->options |= SURBL_OPTION_NOIP;
}
}
cur = ucl_object_lookup (cur_rule, "no_ip");
if (cur != NULL && cur->type == UCL_BOOLEAN) {
- if (ucl_object_toboolean(cur)) {
+ if (ucl_object_toboolean (cur)) {
new_suffix->options |= SURBL_OPTION_NOIP;
}
}
+ cur = ucl_object_lookup (cur_rule, "monitored_domain");
+ if (cur != NULL && cur->type == UCL_STRING) {
+ monitored_domain = ucl_object_tostring (cur);
+ }
+
cur = ucl_object_lookup (cur_rule, "resolve_ip");
if (cur != NULL && cur->type == UCL_BOOLEAN) {
- if (ucl_object_toboolean(cur)) {
+ if (ucl_object_toboolean (cur)) {
new_suffix->options |= SURBL_OPTION_RESOLVEIP;
- /* We need to adjust monitored config */
- ropts = ucl_object_typed_new (UCL_OBJECT);
- ucl_object_insert_key (monitored_opts,
- ucl_object_fromstring ("1.0.0.127"),
- "prefix", 0, false);
- ucl_object_insert_key (monitored_opts,
- ucl_object_fromstring ("nxdomain"),
- "rcode", 0, false);
- rspamd_mempool_add_destructor (surbl_module_ctx->surbl_pool,
- (rspamd_mempool_destruct_t )ucl_object_unref,
- ropts);
+ if (!monitored_domain) {
+ monitored_domain = "1.0.0.127";
+ }
+ }
+ else {
+ if (!monitored_domain) {
+ monitored_domain = rspamd_surbl_default_monitored;
+ }
}
}
+ ropts = ucl_object_typed_new (UCL_OBJECT);
+ ucl_object_insert_key (ropts,
+ ucl_object_fromstring (monitored_domain),
+ "prefix", 0, false);
+ ucl_object_insert_key (ropts,
+ ucl_object_fromstring ("nxdomain"),
+ "rcode", 0, false);
+ rspamd_mempool_add_destructor (surbl_module_ctx->surbl_pool,
+ (rspamd_mempool_destruct_t )ucl_object_unref,
+ ropts);
+
cur = ucl_object_lookup (cur_rule, "images");
if (cur != NULL && cur->type == UCL_BOOLEAN) {
if (ucl_object_toboolean (cur)) {
@@ -595,8 +609,11 @@ surbl_module_parse_rule (const ucl_object_t* value, struct rspamd_config* cfg,
if ((new_suffix->options & (SURBL_OPTION_RESOLVEIP | SURBL_OPTION_NOIP))
== (SURBL_OPTION_NOIP | SURBL_OPTION_RESOLVEIP)) {
/* Mutually exclusive options */
- msg_err_config("options noip and resolve_ip are "
+ msg_err_config ("options noip and resolve_ip are "
"mutually exclusive for suffix %s", new_suffix->suffix);
+ ucl_object_unref (ropts);
+
+ continue;
}
cb_id = rspamd_symbols_cache_add_symbol (cfg->cache, "SURBL_CALLBACK",
@@ -626,12 +643,14 @@ surbl_module_parse_rule (const ucl_object_t* value, struct rspamd_config* cfg,
ucl_object_key (cur_bit));
/* Convert to uppercase */
p = new_bit->symbol;
+
while (*p) {
*p = g_ascii_toupper (*p);
p++;
}
+
msg_debug_config("add new bit suffix: %d with symbol: %s",
- (gint )new_bit->bit, new_bit->symbol);
+ (gint)new_bit->bit, new_bit->symbol);
g_array_append_val(new_suffix->bits, *new_bit);
}
}
@@ -656,7 +675,7 @@ surbl_module_parse_rule (const ucl_object_t* value, struct rspamd_config* cfg,
surbl_module_ctx->surbl_pool,
sizeof(struct surbl_bit_item));
if (inet_pton (AF_INET, ip_val, &bit) != 1) {
- msg_err_config("cannot parse ip %s: %s", ip_val,
+ msg_err_config ("cannot parse ip %s: %s", ip_val,
strerror (errno));
continue;
}
@@ -671,7 +690,7 @@ surbl_module_parse_rule (const ucl_object_t* value, struct rspamd_config* cfg,
p++;
}
msg_debug_config ("add new IP suffix: %d with symbol: %s",
- (gint )new_bit->bit, new_bit->symbol);
+ (gint)new_bit->bit, new_bit->symbol);
g_hash_table_insert (new_suffix->ips, &new_bit->bit,
new_bit);
}
@@ -691,6 +710,8 @@ surbl_module_parse_rule (const ucl_object_t* value, struct rspamd_config* cfg,
RSPAMD_MONITORED_DEFAULT, ropts);
surbl_module_ctx->suffixes = g_list_prepend (surbl_module_ctx->suffixes,
new_suffix);
+
+ ucl_object_unref (ropts);
}
return nrules;
@@ -704,7 +725,6 @@ surbl_module_config (struct rspamd_config *cfg)
const ucl_object_t *value, *cur;
const gchar *redir_val;
gint nrules = 0;
- ucl_object_t *monitored_opts;
lua_State *L;
/* Register global methods */
@@ -734,12 +754,6 @@ surbl_module_config (struct rspamd_config *cfg)
return TRUE;
}
- monitored_opts = ucl_object_typed_new (UCL_OBJECT);
- ucl_object_insert_key (monitored_opts, ucl_object_fromstring ("facebook.com"),
- "prefix", 0, false);
- ucl_object_insert_key (monitored_opts, ucl_object_fromstring ("nxdomain"),
- "rcode", 0, false);
-
(void)rspamd_symbols_cache_add_symbol (cfg->cache, SURBL_REDIRECTOR_CALLBACK,
0, surbl_test_redirector, NULL,
SYMBOL_TYPE_CALLBACK, -1);
@@ -777,13 +791,7 @@ surbl_module_config (struct rspamd_config *cfg)
else {
surbl_module_ctx->weight = DEFAULT_SURBL_WEIGHT;
}
- if ((value =
- rspamd_config_get_module_opt (cfg, "surbl", "url_expire")) != NULL) {
- surbl_module_ctx->url_expire = ucl_obj_todouble (value);
- }
- else {
- surbl_module_ctx->url_expire = DEFAULT_SURBL_URL_EXPIRE;
- }
+
if ((value =
rspamd_config_get_module_opt (cfg, "surbl", "use_tags")) != NULL) {
@@ -795,14 +803,6 @@ surbl_module_config (struct rspamd_config *cfg)
if ((value =
rspamd_config_get_module_opt (cfg, "surbl",
- "redirector_connect_timeout")) != NULL) {
- surbl_module_ctx->connect_timeout = ucl_obj_todouble (value);
- }
- else {
- surbl_module_ctx->connect_timeout = DEFAULT_REDIRECTOR_CONNECT_TIMEOUT;
- }
- if ((value =
- rspamd_config_get_module_opt (cfg, "surbl",
"redirector_read_timeout")) != NULL) {
surbl_module_ctx->read_timeout = ucl_obj_todouble (value);
}
@@ -822,13 +822,6 @@ surbl_module_config (struct rspamd_config *cfg)
}
if ((value =
- rspamd_config_get_module_opt (cfg, "surbl", "max_urls")) != NULL) {
- surbl_module_ctx->max_urls = ucl_obj_toint (value);
- }
- else {
- surbl_module_ctx->max_urls = DEFAULT_SURBL_MAX_URLS;
- }
- if ((value =
rspamd_config_get_module_opt (cfg, "surbl", "exceptions")) != NULL) {
rspamd_map_add_from_ucl (cfg, value,
"SURBL exceptions list",
@@ -849,12 +842,12 @@ surbl_module_config (struct rspamd_config *cfg)
if (ucl_object_lookup (value, "symbol") != NULL) {
/* Old style */
- nrules += surbl_module_parse_rule (value, cfg, monitored_opts);
+ nrules += surbl_module_parse_rule (value, cfg);
}
else {
/* New style */
while ((cur_value = ucl_object_iterate (value, &it, true)) != NULL) {
- nrules += surbl_module_parse_rule (cur_value, cfg, monitored_opts);
+ nrules += surbl_module_parse_rule (cur_value, cfg);
}
}
}
@@ -866,7 +859,7 @@ surbl_module_config (struct rspamd_config *cfg)
/* New style only */
while ((cur_value = ucl_object_iterate (value, &it, true)) != NULL) {
- nrules += surbl_module_parse_rule (cur_value, cfg, monitored_opts);
+ nrules += surbl_module_parse_rule (cur_value, cfg);
}
}
@@ -894,7 +887,6 @@ surbl_module_config (struct rspamd_config *cfg)
msg_info_config ("init internal surbls module, %d uribl rules loaded",
nrules);
- ucl_object_unref (monitored_opts);
return TRUE;
}
diff --git a/src/plugins/surbl.h b/src/plugins/surbl.h
index 884cb6d0d..ea31ef9cc 100644
--- a/src/plugins/surbl.h
+++ b/src/plugins/surbl.h
@@ -21,11 +21,8 @@
struct surbl_ctx {
struct module_ctx ctx;
guint16 weight;
- gdouble connect_timeout;
gdouble read_timeout;
gboolean use_tags;
- guint max_urls;
- guint url_expire;
GList *suffixes;
gchar *metric;
const gchar *redirector_symbol;
@@ -41,6 +38,7 @@ struct surbl_ctx {
struct suffix_item {
guint64 magic;
+ const gchar *monitored_domain;
const gchar *suffix;
const gchar *symbol;
guint32 options;