diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-12-02 17:37:49 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-12-02 17:37:49 +0000 |
| commit | e2dfcf15cc37650eee23ff00150bee9348ff11bb (patch) | |
| tree | f98e4d37d208f81bafb7e0b3b1bc741350cdb778 | |
| parent | f90cb298025f4ebf08b541b65b157d464e056d63 (diff) | |
| download | rspamd-e2dfcf15cc37650eee23ff00150bee9348ff11bb.tar.gz rspamd-e2dfcf15cc37650eee23ff00150bee9348ff11bb.zip | |
[Feature] Spf: Add external_relay option
| -rw-r--r-- | lualib/lua_util.lua | 2 | ||||
| -rw-r--r-- | src/plugins/lua/spf.lua | 38 |
2 files changed, 37 insertions, 3 deletions
diff --git a/lualib/lua_util.lua b/lualib/lua_util.lua index b9334a1b3..89a4016b2 100644 --- a/lualib/lua_util.lua +++ b/lualib/lua_util.lua @@ -1344,7 +1344,7 @@ exports.is_skip_local_or_authed = function(task, conf, ip) conf = {false, false} end if ((not conf[2] and task:get_user()) or - (not conf[1] and ip and ip:is_local())) then + (not conf[1] and type(ip) == 'userdata' and ip:is_local())) then return true end diff --git a/src/plugins/lua/spf.lua b/src/plugins/lua/spf.lua index e48c8e9ce..f664661f9 100644 --- a/src/plugins/lua/spf.lua +++ b/src/plugins/lua/spf.lua @@ -41,6 +41,8 @@ spf { min_cache_ttl = 5m; # Disable all IPv6 lookups disable_ipv6 = false; + # Use IP address from a received header produced by this relay (using by attribute) + external_relay = "192.168.1.1"; } ]]) return @@ -63,7 +65,8 @@ local default_config = { whitelist = nil, min_cache_ttl = 60 * 5, disable_ipv6 = false, - symbols = symbols + symbols = symbols, + external_relay = nil, } local local_config = rspamd_config:get_all_opt('spf') @@ -78,7 +81,38 @@ end local function spf_check_callback(task) - local ip = task:get_from_ip() + local ip + + if local_config.external_relay then + -- Search received headers to get header produced by an external relay + local rh = task:get_received_headers() or {} + local found = false + + for i,hdr in ipairs(rh) do + if hdr.real_ip and hdr.real_ip == local_config.external_relay then + -- We can use the next header as a source of IP address + if rh[i + 1] then + local nhdr = rh[i + 1] + lua_util.debugm(N, task, 'found external relay %s at received header %s -> %s', + local_config.external_relay, hdr, nhdr.real_ip) + + if nhdr.real_ip then + ip = nhdr.real_ip + found = true + end + end + + break + end + end + if not found then + rspamd_logger.warnx(task, "cannot find external relay with IP %s", + local_config.external_relay) + ip = task:get_from_ip() + end + else + ip = task:get_from_ip() + end local function flag_to_symbol(fl) if bit.band(fl, rspamd_spf.flags.temp_fail) ~= 0 then |