diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2016-08-26 17:21:14 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2016-08-26 17:21:14 +0100 |
| commit | 635da93b871193283b42dac854bb1c4c4dec67da (patch) | |
| tree | bdbb189b0127bc8fa96215e91d1486c48358aa06 /src/plugins/lua/rbl.lua | |
| parent | 47c9f9cbda0f55d9d625d6287b148c69868249b0 (diff) | |
| download | rspamd-635da93b871193283b42dac854bb1c4c4dec67da.tar.gz rspamd-635da93b871193283b42dac854bb1c4c4dec67da.zip | |
[Feature] Monitor RBL records
Diffstat (limited to 'src/plugins/lua/rbl.lua')
| -rw-r--r-- | src/plugins/lua/rbl.lua | 177 |
1 files changed, 93 insertions, 84 deletions
diff --git a/src/plugins/lua/rbl.lua b/src/plugins/lua/rbl.lua index 0ccfa4405..97274fad4 100644 --- a/src/plugins/lua/rbl.lua +++ b/src/plugins/lua/rbl.lua @@ -103,17 +103,22 @@ local function rbl_cb (task) local notgot = {} for k,rbl in pairs(rbls) do - (function() + if not rbl.monitored:alive() then + rspamd_logger.infox('rbl %s is offline for %s seconds', rbl['rbl'], + string.format('%.1f', rbl.monitored:offline())) + return + end + if rbl['exclude_users'] then if not havegot['user'] and not notgot['user'] then - havegot['user'] = task:get_user() - if havegot['user'] == nil then - notgot['user'] = true - end + havegot['user'] = task:get_user() + if havegot['user'] == nil then + notgot['user'] = true + end end if havegot['user'] ~= nil then - return + return end end @@ -132,24 +137,24 @@ local function rbl_cb (task) end if rbl['helo'] then - (function() - if notgot['helo'] then - return - end - if not havegot['helo'] then - havegot['helo'] = task:get_helo() - if havegot['helo'] == nil or + (function() + if notgot['helo'] then + return + end + if not havegot['helo'] then + havegot['helo'] = task:get_helo() + if havegot['helo'] == nil or not validate_dns(havegot['helo']) then - notgot['helo'] = true - return - end - end - task:get_resolver():resolve_a({task = task, - name = havegot['helo'] .. '.' .. rbl['rbl'], - callback = rbl_dns_cb, - option = k, - forced = true}) - end)() + notgot['helo'] = true + return + end + end + task:get_resolver():resolve_a({task = task, + name = havegot['helo'] .. '.' .. rbl['rbl'], + callback = rbl_dns_cb, + option = k, + forced = true}) + end)() end if rbl['dkim'] then @@ -232,78 +237,78 @@ local function rbl_cb (task) end if rbl['rdns'] then - (function() - if notgot['rdns'] then - return - end - if not havegot['rdns'] then - havegot['rdns'] = task:get_hostname() - if havegot['rdns'] == nil or havegot['rdns'] == 'unknown' then - notgot['rdns'] = true - return - end - end - task:get_resolver():resolve_a({task = task, - name = havegot['rdns'] .. '.' .. rbl['rbl'], - callback = rbl_dns_cb, - option = k, - forced = true}) - end)() + (function() + if notgot['rdns'] then + return + end + if not havegot['rdns'] then + havegot['rdns'] = task:get_hostname() + if havegot['rdns'] == nil or havegot['rdns'] == 'unknown' then + notgot['rdns'] = true + return + end + end + task:get_resolver():resolve_a({task = task, + name = havegot['rdns'] .. '.' .. rbl['rbl'], + callback = rbl_dns_cb, + option = k, + forced = true}) + end)() end if rbl['from'] then - (function() - if notgot['from'] then - return - end - if not havegot['from'] then - havegot['from'] = task:get_from_ip() - if not havegot['from']:is_valid() then - notgot['from'] = true - return - end - end - if (havegot['from']:get_version() == 6 and rbl['ipv6']) or - (havegot['from']:get_version() == 4 and rbl['ipv4']) then - task:get_resolver():resolve_a({task = task, - name = ip_to_rbl(havegot['from'], rbl['rbl']), - callback = rbl_dns_cb, - option = k, - forced = true}) - end - end)() + (function() + if notgot['from'] then + return + end + if not havegot['from'] then + havegot['from'] = task:get_from_ip() + if not havegot['from']:is_valid() then + notgot['from'] = true + return + end + end + if (havegot['from']:get_version() == 6 and rbl['ipv6']) or + (havegot['from']:get_version() == 4 and rbl['ipv4']) then + task:get_resolver():resolve_a({task = task, + name = ip_to_rbl(havegot['from'], rbl['rbl']), + callback = rbl_dns_cb, + option = k, + forced = true}) + end + end)() end if rbl['received'] then - (function() - if notgot['received'] then - return - end - if not havegot['received'] then - havegot['received'] = task:get_received_headers() - if next(havegot['received']) == nil then - notgot['received'] = true - return - end - end - for _,rh in ipairs(havegot['received']) do - if rh['real_ip'] and rh['real_ip']:is_valid() then + (function() + if notgot['received'] then + return + end + if not havegot['received'] then + havegot['received'] = task:get_received_headers() + if next(havegot['received']) == nil then + notgot['received'] = true + return + end + end + for _,rh in ipairs(havegot['received']) do + if rh['real_ip'] and rh['real_ip']:is_valid() then if ((rh['real_ip']:get_version() == 6 and rbl['ipv6']) or (rh['real_ip']:get_version() == 4 and rbl['ipv4'])) and ((rbl['exclude_private_ips'] and not rh['real_ip']:is_local()) or not rbl['exclude_private_ips']) and ((rbl['exclude_local_ips'] and not is_excluded_ip(rh['real_ip'])) or not rbl['exclude_local_ips']) then - -- Disable forced for received resolving, as we have no control on - -- those headers count - task:get_resolver():resolve_a({task = task, - name = ip_to_rbl(rh['real_ip'], rbl['rbl']), - callback = rbl_dns_cb, - option = k, - forced = false}) + -- Disable forced for received resolving, as we have no control on + -- those headers count + task:get_resolver():resolve_a({task = task, + name = ip_to_rbl(rh['real_ip'], rbl['rbl']), + callback = rbl_dns_cb, + option = k, + forced = false}) end - end - end - end)() + end + end + end)() end end)() end @@ -465,7 +470,11 @@ for key,rbl in pairs(opts['rbls']) do end end end - rbls[key] = rbl + if rbl['rbl'] then + rbl.monitored = rspamd_config:register_monitored(rbl['rbl'], 'dns', + {rcode = 'nxdomain', prefix = '1.0.0.127'}) + rbls[key] = rbl + end end)() end for _, w in pairs(white_symbols) do |