diff options
author | Andrew Lewis <nerf@judo.za.org> | 2023-10-25 14:34:47 +0200 |
---|---|---|
committer | Andrew Lewis <nerf@judo.za.org> | 2023-10-25 14:34:47 +0200 |
commit | 3d17d2d857bb2d719b6e32e1b85e81dd1431d5bd (patch) | |
tree | 04bcf60893924539ea1d692c4b5bed369368c8a4 | |
parent | 06618f8a52242c8678eed659b56cebb23a34ed38 (diff) | |
download | rspamd-3d17d2d857bb2d719b6e32e1b85e81dd1431d5bd.tar.gz rspamd-3d17d2d857bb2d719b6e32e1b85e81dd1431d5bd.zip |
[Feature] rbl: support checking returncodes by CIDR
-rw-r--r-- | lualib/plugins/rbl.lua | 2 | ||||
-rw-r--r-- | src/plugins/lua/rbl.lua | 60 | ||||
-rw-r--r-- | test/functional/configs/merged-override.conf | 3 |
3 files changed, 44 insertions, 21 deletions
diff --git a/lualib/plugins/rbl.lua b/lualib/plugins/rbl.lua index bc5fbe278..4eb7b987d 100644 --- a/lualib/plugins/rbl.lua +++ b/lualib/plugins/rbl.lua @@ -107,7 +107,7 @@ local rule_schema_tbl = { ipv6 = ts.boolean:is_optional(), is_whitelist = ts.boolean:is_optional(), local_exclude_ip_map = ts.string:is_optional(), - matcher = ts.one_of { "equality", "luapattern", "regexp" }:is_optional(), + matcher = ts.one_of { "equality", "luapattern", "radix", "regexp" }:is_optional(), monitored_address = ts.string:is_optional(), no_ip = ts.boolean:is_optional(), process_script = ts.string:is_optional(), diff --git a/src/plugins/lua/rbl.lua b/src/plugins/lua/rbl.lua index a36131b1b..4365d245f 100644 --- a/src/plugins/lua/rbl.lua +++ b/src/plugins/lua/rbl.lua @@ -21,7 +21,6 @@ end local hash = require 'rspamd_cryptobox_hash' local rspamd_logger = require 'rspamd_logger' -local rspamd_regexp = require 'rspamd_regexp' local rspamd_util = require 'rspamd_util' local rspamd_ip = require "rspamd_ip" local fun = require 'fun' @@ -218,24 +217,34 @@ end local matchers = {} -matchers.equality = function(to_match, pattern) - return to_match == pattern +matchers.radix = function(_, _, real_ip, map) + return map and map:get_key(real_ip) or false end -matchers.luapattern = function(to_match, pattern) - return string.find(to_match, '^' .. pattern .. '$') and true or false +matchers.equality = function(codes, to_match) + if type(codes) ~= 'table' then return codes == to_match end + for _, ip in ipairs(codes) do + if to_match == ip then + return true + end + end + return false end -matchers.regexp = function(to_match, pattern) - local re = rspamd_regexp.get_cached(pattern) - if not re then - re = rspamd_regexp.create_cached(pattern) - if not re then - rspamd_logger.errx('regexp did not compile: %s', pattern) - return false +matchers.luapattern = function(codes, to_match) + if type(codes) ~= 'table' then + return string.find(to_match, '^' .. codes .. '$') and true or false + end + for _, pattern in ipairs(codes) do + if string.find(to_match, '^' .. pattern .. '$') then + return true end end - return re:match(to_match) + return false +end + +matchers.regexp = function(_, to_match, _, map) + return map and map:get_key(to_match) or false end local function rbl_dns_process(task, rbl, to_resolve, results, err, resolve_table_elt, match) @@ -297,6 +306,8 @@ local function rbl_dns_process(task, rbl, to_resolve, results, err, resolve_tabl return end + local returncodes_maps = rbl.returncodes_maps or {} + for _, result in ipairs(results) do local ipstr = result:to_string() lua_util.debugm(N, task, '%s DNS result %s', to_resolve, ipstr) @@ -315,12 +326,10 @@ local function rbl_dns_process(task, rbl, to_resolve, results, err, resolve_tabl end elseif rbl.returncodes then for s, codes in pairs(rbl.returncodes) do - for _, v in ipairs(codes) do - if match(ipstr, v) then - foundrc = true - insert_results(s) - break - end + local res = match(codes, ipstr, result, returncodes_maps[s]) + if res then + foundrc = true + insert_results(s) end end end @@ -1077,6 +1086,19 @@ local function add_rbl(key, rbl, global_opts) def_type, rbl.symbol) end + local match_type = rbl.matcher + if match_type and rbl.returncodes and (match_type == 'radix' or match_type == 'regexp') then + if not rbl.returncodes_maps then + rbl.returncodes_maps = {} + end + for label, v in pairs(rbl.returncodes) do + if type(v) ~= 'table' then + v = {v} + end + rbl.returncodes_maps[label] = lua_maps.map_add_from_ucl(v, match_type, string.format('%s_%s RBL returncodes', label, rbl.symbol)) + end + end + if rbl.url_compose_map then local lua_urls_compose = require "lua_urls_compose" rbl.url_compose_map = lua_urls_compose.add_composition_map(rspamd_config, rbl.url_compose_map) diff --git a/test/functional/configs/merged-override.conf b/test/functional/configs/merged-override.conf index 0c9b7a3e2..9ba31b7a1 100644 --- a/test/functional/configs/merged-override.conf +++ b/test/functional/configs/merged-override.conf @@ -296,8 +296,9 @@ rbl { ignore_defaults = true; emails = true; emails_domainonly = true + matcher = "radix"; returncodes = { - RSPAMD_EMAILBL = "127.0.0.2"; + RSPAMD_EMAILBL = "127.0.0.2/32"; } } URIBL_NUMERIC { |