aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Lewis <nerf@judo.za.org>2015-04-01 17:31:39 +0200
committerAndrew Lewis <nerf@judo.za.org>2015-04-01 17:31:39 +0200
commitcd9a587c39a197438453faff8a0a706f2b420191 (patch)
tree02efe074d4d232f80cbc5f2a6fbb293a46936984
parent4442c05a65fbba59822a99da0138409dc4351618 (diff)
downloadrspamd-cd9a587c39a197438453faff8a0a706f2b420191.tar.gz
rspamd-cd9a587c39a197438453faff8a0a706f2b420191.zip
RBL: change behaviour of whitelists
-rw-r--r--conf/metrics.conf20
-rw-r--r--conf/modules.conf34
-rw-r--r--doc/markdown/modules/rbl.md8
-rw-r--r--src/plugins/lua/rbl.lua27
4 files changed, 64 insertions, 25 deletions
diff --git a/conf/metrics.conf b/conf/metrics.conf
index 49266e7ae..2ebd20479 100644
--- a/conf/metrics.conf
+++ b/conf/metrics.conf
@@ -342,10 +342,10 @@ metric {
symbol { name = "RECEIVED_SPAMHAUS_XBL"; weight = 3.0; description = "Received address is listed in zen pbl"; one_shot = true; }
symbol { name = "RWL_SPAMHAUS_WL"; weight = 0.0; description = "Sender listed at Spamhaus whitelist"; }
- symbol { name = "RWL_SPAMHAUS_WL_IND"; weight = -0.7; description = "Sender listed at Spamhaus whitelist"; }
- symbol { name = "RWL_SPAMHAUS_WL_TRANS"; weight = -0.6; description = "Sender listed at Spamhaus whitelist"; }
- symbol { name = "RWL_SPAMHAUS_WL_IND_EXP"; weight = -0.3; description = "Sender listed at Spamhaus whitelist"; }
- symbol { name = "RWL_SPAMHAUS_WL_TRANS_EXP"; weight = -0.2; description = "Sender listed at Spamhaus whitelist"; }
+ symbol { name = "RWL_SPAMHAUS_WL_IND"; weight = 0.0; description = "Sender listed at Spamhaus whitelist"; }
+ symbol { name = "RWL_SPAMHAUS_WL_TRANS"; weight = 0.0; description = "Sender listed at Spamhaus whitelist"; }
+ symbol { name = "RWL_SPAMHAUS_WL_IND_EXP"; weight = 0.0; description = "Sender listed at Spamhaus whitelist"; }
+ symbol { name = "RWL_SPAMHAUS_WL_TRANS_EXP"; weight = 0.0; description = "Sender listed at Spamhaus whitelist"; }
symbol {
weight = 2.0;
@@ -363,16 +363,14 @@ metric {
name = "RBL_UCEPROTECT_LEVEL1";
}
- symbol { name = "RBL_MAILSPIKE"; weight = 0.0; description = "From address is listed in RBL"; }
+ symbol { name = "RBL_MAILSPIKE_ZOMBIE"; weight = 2.0; description = "From address is listed in RBL"; }
symbol { name = "RBL_MAILSPIKE_WORST"; weight = 2.0; description = "From address is listed in RBL"; }
symbol { name = "RBL_MAILSPIKE_VERYBAD"; weight = 1.5; description = "From address is listed in RBL"; }
symbol { name = "RBL_MAILSPIKE_BAD"; weight = 1.0; description = "From address is listed in RBL"; }
- symbol { name = "RBL_MAILSPIKE_SUSP"; weight = 0.5; description = "From address is listed in RBL"; }
- symbol { name = "RBL_MAILSPIKE_PROB"; weight = 0.3; description = "From address is listed in RBL"; }
- symbol { name = "RWL_MAILSPIKE_POSSIBLE"; weight = -0.2; description = "From address is listed in RWL"; }
- symbol { name = "RWL_MAILSPIKE_GOOD"; weight = -0.5; description = "From address is listed in RWL"; }
- symbol { name = "RWL_MAILSPIKE_VERYGOOD"; weight = -0.6; description = "From address is listed in RWL"; }
- symbol { name = "RWL_MAILSPIKE_EXCELLENT"; weight = -0.7; description = "From address is listed in RWL"; }
+ symbol { name = "RWL_MAILSPIKE_POSSIBLE"; weight = 0.0; description = "From address is listed in RWL"; }
+ symbol { name = "RWL_MAILSPIKE_GOOD"; weight = 0.0; description = "From address is listed in RWL"; }
+ symbol { name = "RWL_MAILSPIKE_VERYGOOD"; weight = 0.0; description = "From address is listed in RWL"; }
+ symbol { name = "RWL_MAILSPIKE_EXCELLENT"; weight = 0.0; description = "From address is listed in RWL"; }
symbol {
weight = 1.0;
diff --git a/conf/modules.conf b/conf/modules.conf
index 413e7e00b..6d2822cca 100644
--- a/conf/modules.conf
+++ b/conf/modules.conf
@@ -120,6 +120,7 @@ rbl {
symbol = "RWL_SPAMHAUS_WL";
rbl = "swl.spamhaus.org";
ipv6 = true;
+ is_whitelist = true;
returncodes {
RWL_SPAMHAUS_WL_IND = "127.0.2.2";
RWL_SPAMHAUS_WL_TRANS = "127.0.2.3";
@@ -128,20 +129,23 @@ rbl {
}
}
- mailspike {
- symbol = "RBL_MAILSPIKE";
- rbl = "rep.mailspike.net";
- returncodes {
- #http://mailspike.net/usage.html
- RBL_MAILSPIKE_WORST = "127.0.0.10"
- RBL_MAILSPIKE_VERYBAD = "127.0.0.11"
- RBL_MAILSPIKE_BAD = "127.0.0.12"
- RBL_MAILSPIKE_SUSP = "127.0.0.13"
- RBL_MAILSPIKE_PROB = "127.0.0.14"
- RWL_MAILSPIKE_POSSIBLE = "127.0.0.17"
- RWL_MAILSPIKE_GOOD = "127.0.0.18"
- RWL_MAILSPIKE_VERYGOOD = "127.0.0.19"
- RWL_MAILSPIKE_EXCELLENT = "127.0.0.20"
+ mailspike_bl {
+ rbl = "bl.mailspike.net";
+ returncodes {
+ RBL_MAILSPIKE_ZOMBIE = "127.0.0.2";
+ RBL_MAILSPIKE_WORST = "127.0.0.10";
+ RBL_MAILSPIKE_VERYBAD = "127.0.0.11";
+ RBL_MAILSPIKE_BAD = "127.0.0.12";
+ }
+ }
+
+ mailspike_wl {
+ rbl = "wl.mailspike.net";
+ returncodes {
+ RWL_MAILSPIKE_POSSIBLE = "127.0.0.17";
+ RWL_MAILSPIKE_GOOD = "127.0.0.18";
+ RWL_MAILSPIKE_VERYGOOD = "127.0.0.19";
+ RWL_MAILSPIKE_EXCELLENT = "127.0.0.20";
}
}
@@ -193,6 +197,7 @@ rbl {
symbol = "RCVD_IN_DNSWL";
rbl = "list.dnswl.org";
ipv6 = true;
+ is_whitelist = true;
returncodes {
RCVD_IN_DNSWL_NONE = "127.0.%d+.0";
RCVD_IN_DNSWL_LOW = "127.0.%d+.1";
@@ -210,6 +215,7 @@ rbl {
exclude_users = false;
exclude_private_ips = false;
exclude_local = false;
+ ignore_whitelists = true;
}
}
diff --git a/doc/markdown/modules/rbl.md b/doc/markdown/modules/rbl.md
index 6ffb46cda..cffeca044 100644
--- a/doc/markdown/modules/rbl.md
+++ b/doc/markdown/modules/rbl.md
@@ -65,6 +65,14 @@ If true & private_ips is set appropriately, do not use the RBL if the sending ho
If true & local_exclude_ip_map has been set - do not use the RBL if the sending host address is in the local IP list & do not check received headers baring these addresses.
+- default_is_whitelist (false)
+
+If true matches on this list should neutralise any listings where this setting is false, or ignore_whitelists has been set.
+
+- default_ignore_whitelists (false)
+
+If true this list should not be neutralised by whitelists.
+
Other parameters which can be set here are:
- local_exclude_ip_map
diff --git a/src/plugins/lua/rbl.lua b/src/plugins/lua/rbl.lua
index ce43e54a2..1651d626b 100644
--- a/src/plugins/lua/rbl.lua
+++ b/src/plugins/lua/rbl.lua
@@ -297,6 +297,8 @@ if type(rspamd_config.get_api_version) ~= 'nil' then
rspamd_config:register_module_option('rbl', 'default_exclude_local', 'string')
rspamd_config:register_module_option('rbl', 'private_ips', 'string')
rspamd_config:register_module_option('rbl', 'default_emails', 'string')
+ rspamd_config:register_module_option('rbl', 'default_is_whitelist', 'string')
+ rspamd_config:register_module_option('rbl', 'default_ignore_whitelists', 'string')
end
end
@@ -321,6 +323,8 @@ default_defaults = {
['default_exclude_private_ips'] = {[1] = true, [2] = 'exclude_private_ips'},
['default_exclude_users'] = {[1] = false, [2] = 'exclude_users'},
['default_exclude_local'] = {[1] = true, [2] = 'exclude_local'},
+ ['default_is_whitelist'] = {[1] = false, [2] = 'is_whitelist'},
+ ['default_ignore_whitelist'] = {[1] = false, [2] = 'ignore_whitelists'},
}
for default, default_v in pairs(default_defaults) do
if opts[default] == nil then
@@ -335,6 +339,9 @@ if(opts['private_ips'] ~= nil) then
private_ips = rspamd_config:radix_from_config('rbl', 'private_ips')
end
+local white_symbols = {}
+local black_symbols = {}
+
for key,rbl in pairs(opts['rbls']) do
for default, default_v in pairs(default_defaults) do
if(rbl[default_v[2]] == nil) then
@@ -345,6 +352,11 @@ for key,rbl in pairs(opts['rbls']) do
for s,_ in pairs(rbl['returncodes']) do
if type(rspamd_config.get_api_version) ~= 'nil' then
rspamd_config:register_virtual_symbol(s, 1)
+ if(rbl['is_whitelist']) then
+ table.insert(white_symbols, s)
+ else
+ table.insert(black_symbols, s)
+ end
end
end
end
@@ -353,7 +365,22 @@ for key,rbl in pairs(opts['rbls']) do
end
if type(rspamd_config.get_api_version) ~= 'nil' and rbl['symbol'] then
rspamd_config:register_virtual_symbol(rbl['symbol'], 1)
+ if(rbl['is_whitelist']) then
+ table.insert(white_symbols, rbl['symbol'])
+ else
+ if rbl['ignore_whitelists'] == false then
+ table.insert(black_symbols, rbl['symbol'])
+ end
+ end
end
rbls[key] = rbl
end
+for _, w in pairs(white_symbols) do
+ for _, b in pairs(black_symbols) do
+ csymbol = 'RBL_COMPOSITE_' .. w .. '_' .. b
+ rspamd_config:register_virtual_symbol(csymbol, 1)
+ rspamd_config:add_composite(csymbol, w .. ' & ' .. b)
+ rspamd_config:set_metric_symbol(csymbol, 0, 'Autogenerated composite')
+ end
+end
rspamd_config:register_callback_symbol_priority('RBL', 1.0, 0, rbl_cb)