diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-02-13 11:05:30 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-02-13 11:05:30 +0000 |
| commit | ec00c788c2bc8ca3216ee7dffa0b63a289a8d8d8 (patch) | |
| tree | 56e8ecd2214bfd30b74119338ef5130e92d537fc | |
| parent | 1d7e4cbd19287af3decfc8a0adb293120b802cab (diff) | |
| parent | fe036ff922b77477d74fb61b155ce2699be7ce9a (diff) | |
| download | rspamd-ec00c788c2bc8ca3216ee7dffa0b63a289a8d8d8.tar.gz rspamd-ec00c788c2bc8ca3216ee7dffa0b63a289a8d8d8.zip | |
Merge pull request #162 from fatalbanana/master
Exclusions for authenticated users etc
| -rw-r--r-- | conf/lua/hfilter.lua | 82 | ||||
| -rw-r--r-- | src/plugins/lua/once_received.lua | 193 | ||||
| -rw-r--r-- | src/plugins/lua/rbl.lua | 21 |
3 files changed, 160 insertions, 136 deletions
diff --git a/conf/lua/hfilter.lua b/conf/lua/hfilter.lua index e623a0d6b..26a043f30 100644 --- a/conf/lua/hfilter.lua +++ b/conf/lua/hfilter.lua @@ -176,6 +176,49 @@ end -- local function hfilter(task) + -- Links checks + if config['url_enabled'] then + local parts = task:get_text_parts() + if parts then + --One text part-- + local total_parts_len = 0 + local text_parts_count = 0 + local selected_text_part = nil + for _,p in ipairs(parts) do + total_parts_len = total_parts_len + p:get_length() + + if not p:is_html() then + text_parts_count = text_parts_count + 1 + selected_text_part = p + end + end + if total_parts_len > 0 then + local urls = task:get_urls() + if urls then + local total_url_len = 0 + for _,url in ipairs(urls) do + total_url_len = total_url_len + url:get_length() + end + if total_url_len > 0 then + if total_url_len + 7 > total_parts_len then + task:insert_result('HFILTER_URL_ONLY', 1.00) + elseif text_parts_count == 1 and selected_text_part and selected_text_part:get_length() < 1024 then + -- We got a single text part with the total length < 1024 symbols. + local part_text = selected_text_part:get_content() + if part_text and not string.find(trim1(part_text), "\n") then + task:insert_result('HFILTER_URL_ONELINE', 1.00) + end + end + end + end + end + end + end + + if task:get_user() ~= nil then + return + end + --IP-- local ip = false local rip = task:get_from_ip() @@ -276,45 +319,6 @@ local function hfilter(task) end end - -- Links checks - if config['url_enabled'] then - local parts = task:get_text_parts() - if parts then - --One text part-- - local total_parts_len = 0 - local text_parts_count = 0 - local selected_text_part = nil - for _,p in ipairs(parts) do - total_parts_len = total_parts_len + p:get_length() - - if not p:is_html() then - text_parts_count = text_parts_count + 1 - selected_text_part = p - end - end - if total_parts_len > 0 then - local urls = task:get_urls() - if urls then - local total_url_len = 0 - for _,url in ipairs(urls) do - total_url_len = total_url_len + url:get_length() - end - if total_url_len > 0 then - if total_url_len + 7 > total_parts_len then - task:insert_result('HFILTER_URL_ONLY', 1.00) - elseif text_parts_count == 1 and selected_text_part and selected_text_part:get_length() < 1024 then - -- We got a single text part with the total length < 1024 symbols. - local part_text = selected_text_part:get_content() - if part_text and not string.find(trim1(part_text), "\n") then - task:insert_result('HFILTER_URL_ONELINE', 1.00) - end - end - end - end - end - end - end - return false end diff --git a/src/plugins/lua/once_received.lua b/src/plugins/lua/once_received.lua index 46a3e1b09..6e1243545 100644 --- a/src/plugins/lua/once_received.lua +++ b/src/plugins/lua/once_received.lua @@ -8,88 +8,91 @@ local good_hosts = {} local rspamd_logger = require "rspamd_logger" local function check_quantity_received (task) - local function recv_dns_cb(resolver, to_resolve, results, err) - task:inc_dns_req() - if not results then - task:insert_result(symbol_strict, 1) - else - rspamd_logger.info(string.format('SMTP resolver failed to resolve: %s is %s', to_resolve, results[1])) - local i = true - for _,h in ipairs(bad_hosts) do - if string.find(results[1], h) then - -- Check for good hostname - if good_hosts then - for _,gh in ipairs(good_hosts) do - if string.find(results[1], gh) then - i = false - break - end - end - end - if i then - task:insert_result(symbol_strict, 1, h) - return - end - end - end - end - end + local function recv_dns_cb(resolver, to_resolve, results, err) + task:inc_dns_req() + if not results then + task:insert_result(symbol_strict, 1) + else + rspamd_logger.info(string.format('SMTP resolver failed to resolve: %s is %s', to_resolve, results[1])) + local i = true + for _,h in ipairs(bad_hosts) do + if string.find(results[1], h) then + -- Check for good hostname + if good_hosts then + for _,gh in ipairs(good_hosts) do + if string.find(results[1], gh) then + i = false + break + end + end + end + if i then + task:insert_result(symbol_strict, 1, h) + return + end + end + end + end + end - local recvh = task:get_received_headers() - if table.maxn(recvh) <= 1 then - task:insert_result(symbol, 1) - -- Strict checks - if symbol_strict then - local r = recvh[1] + if task:get_user() ~= nil then + return + end + local recvh = task:get_received_headers() + if table.maxn(recvh) <= 1 then + task:insert_result(symbol, 1) + -- Strict checks + if symbol_strict then + local r = recvh[1] if not r then return end - -- Unresolved host - if not r['real_hostname'] or string.lower(r['real_hostname']) == 'unknown' or - string.match(r['real_hostname'], '^%d+%.%d+%.%d+%.%d+$') then - - if r['real_ip'] and r['real_ip']:is_valid() then - -- Try to resolve it again - task:get_resolver():resolve_ptr(task:get_session(), task:get_mempool(), - r['real_ip']:to_string(), recv_dns_cb) - else - task:insert_result(symbol_strict, 1) - end - return - end + -- Unresolved host + if not r['real_hostname'] or string.lower(r['real_hostname']) == 'unknown' or + string.match(r['real_hostname'], '^%d+%.%d+%.%d+%.%d+$') then + + if r['real_ip'] and r['real_ip']:is_valid() then + -- Try to resolve it again + task:get_resolver():resolve_ptr(task:get_session(), task:get_mempool(), + r['real_ip']:to_string(), recv_dns_cb) + else + task:insert_result(symbol_strict, 1) + end + return + end - local i = true - local hn = string.lower(r['real_hostname']) + local i = true + local hn = string.lower(r['real_hostname']) - for _,h in ipairs(bad_hosts) do - if string.find(hn, h) then - -- Check for good hostname - if good_hosts then - for _,gh in ipairs(good_hosts) do - if string.find(hn, gh) then - i = false - break - end - end - end - if i then - task:insert_result(symbol_strict, 1, h) - return - end - end - end - end - end + for _,h in ipairs(bad_hosts) do + if string.find(hn, h) then + -- Check for good hostname + if good_hosts then + for _,gh in ipairs(good_hosts) do + if string.find(hn, gh) then + i = false + break + end + end + end + if i then + task:insert_result(symbol_strict, 1, h) + return + end + end + end + end + end end -- Registration if type(rspamd_config.get_api_version) ~= 'nil' then - if rspamd_config:get_api_version() >= 1 then - rspamd_config:register_module_option('once_received', 'symbol', 'string') - rspamd_config:register_module_option('once_received', 'symbol_strict', 'string') - rspamd_config:register_module_option('once_received', 'bad_host', 'string') - rspamd_config:register_module_option('once_received', 'good_host', 'string') - end + if rspamd_config:get_api_version() >= 1 then + rspamd_config:register_module_option('once_received', 'symbol', 'string') + rspamd_config:register_module_option('once_received', 'symbol_strict', 'string') + rspamd_config:register_module_option('once_received', 'bad_host', 'string') + rspamd_config:register_module_option('once_received', 'good_host', 'string') + end end -- Configuration @@ -98,28 +101,28 @@ if opts then if opts['symbol'] then local symbol = opts['symbol'] - for n,v in pairs(opts) do - if n == 'symbol_strict' then - symbol_strict = v - if type(rspamd_config.get_api_version) ~= 'nil' then - rspamd_config:register_virtual_symbol(symbol_strict, 1.0) - end - elseif n == 'bad_host' then - if type(v) == 'string' then - bad_hosts[1] = v - else - bad_hosts = v - end - elseif n == 'good_host' then - if type(v) == 'string' then - good_hosts[1] = v - else - good_hosts = v - end - end - end + for n,v in pairs(opts) do + if n == 'symbol_strict' then + symbol_strict = v + if type(rspamd_config.get_api_version) ~= 'nil' then + rspamd_config:register_virtual_symbol(symbol_strict, 1.0) + end + elseif n == 'bad_host' then + if type(v) == 'string' then + bad_hosts[1] = v + else + bad_hosts = v + end + elseif n == 'good_host' then + if type(v) == 'string' then + good_hosts[1] = v + else + good_hosts = v + end + end + end - -- Register symbol's callback - rspamd_config:register_symbol(symbol, 1.0, check_quantity_received) - end + -- Register symbol's callback + rspamd_config:register_symbol(symbol, 1.0, check_quantity_received) + end end diff --git a/src/plugins/lua/rbl.lua b/src/plugins/lua/rbl.lua index 9abac0067..0106e41f3 100644 --- a/src/plugins/lua/rbl.lua +++ b/src/plugins/lua/rbl.lua @@ -1,7 +1,23 @@ +-- This plugin implements various types of RBL checks +-- Documentation can be found here: +-- https://rspamd.com/doc/modules/rbl.html + local rbls = {} local rspamd_logger = require "rspamd_logger" -local rspamd_ip = require "rspamd_ip" + +local function validate_dns(lstr, rstr) + if (lstr:len() + rstr:len()) > 252 then + return false + end + for v in lstr:gmatch("[^%.]+") do + if not v:match("^[%w-]+$") or v:len() > 63 + or v:match("^-") or v:match("-$") then + return false + end + end + return true +end local function ip_to_rbl(ip, rbl) return table.concat(ip:inversed_str_octets(), ".") .. '.' .. rbl @@ -83,7 +99,8 @@ local function rbl_cb (task) end if not havegot['helo'] then havegot['helo'] = task:get_helo() - if not havegot['helo'] or string.sub(havegot['helo'],1,1) == '[' or rspamd_ip.from_string(havegot['helo']):is_valid() then + if havegot['helo'] == nil or + not validate_dns(havegot['helo'], rbl['rbl']) then notgot['helo'] = true return end |