aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
authorMikhail Galanin <mgalanin@mimecast.com>2018-08-15 15:30:47 +0100
committerMikhail Galanin <mgalanin@mimecast.com>2018-08-15 15:30:47 +0100
commitb29e8792c6be01be944223a0eea7ba373b151327 (patch)
tree184a9317512ff81855b03af909e90ce42504dba9 /src/plugins
parentcfe8fb280d2795d5929f8b2088e9b1f141f465cd (diff)
parentf01c0800f7a9caf1b2b4e9c58b044d5def09e76a (diff)
downloadrspamd-b29e8792c6be01be944223a0eea7ba373b151327.tar.gz
rspamd-b29e8792c6be01be944223a0eea7ba373b151327.zip
Merge branch 'master' into lua-coroutine-model
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/lua/arc.lua24
-rw-r--r--src/plugins/lua/dkim_signing.lua30
-rw-r--r--src/plugins/lua/ratelimit.lua96
3 files changed, 106 insertions, 44 deletions
diff --git a/src/plugins/lua/arc.lua b/src/plugins/lua/arc.lua
index ef6a11e71..30ae0cd19 100644
--- a/src/plugins/lua/arc.lua
+++ b/src/plugins/lua/arc.lua
@@ -549,16 +549,22 @@ local function arc_signing_cb(task)
try_redis_key(p.selector)
end
else
- if (p.key and p.selector) then
- p.key = lua_util.template(p.key, {domain = p.domain, selector = p.selector})
- local exists,err = rspamd_util.file_exists(p.key)
- if not exists then
- if err and err == 'No such file or directory' then
- lua_util.debugm(N, task, 'cannot read key from %s: %s', p.key, err)
- else
- rspamd_logger.warnx(N, task, 'cannot read key from %s: %s', p.key, err)
+ if ((p.key or p.rawkey) and p.selector) then
+ if p.key then
+ p.key = lua_util.template(p.key, {
+ domain = p.domain,
+ selector = p.selector
+ })
+
+ local exists,err = rspamd_util.file_exists(p.key)
+ if not exists then
+ if err and err == 'No such file or directory' then
+ lua_util.debugm(N, task, 'cannot read key from %s: %s', p.key, err)
+ else
+ rspamd_logger.warnx(N, task, 'cannot read key from %s: %s', p.key, err)
+ end
+ return false
end
- return false
end
local dret, hdr = dkim_sign(task, p)
diff --git a/src/plugins/lua/dkim_signing.lua b/src/plugins/lua/dkim_signing.lua
index 343fb8a84..99e1fca68 100644
--- a/src/plugins/lua/dkim_signing.lua
+++ b/src/plugins/lua/dkim_signing.lua
@@ -152,20 +152,26 @@ local function dkim_signing_cb(task)
try_redis_key(p.selector)
end
else
- if (p.key and p.selector) then
- p.key = lua_util.template(p.key, { domain = p.domain, selector = p.selector})
- local exists,err = rspamd_util.file_exists(p.key)
- if not exists then
- if err and err == 'No such file or directory' then
- lua_util.debugm(N, task, 'cannot read key from "%s": %s', p.key, err)
- else
- rspamd_logger.warnx(N, task, 'cannot read key from "%s": %s', p.key, err)
+ if ((p.key or p.rawkey) and p.selector) then
+ if p.key then
+ -- templates
+ p.key = lua_util.template(p.key, {
+ domain = p.domain,
+ selector = p.selector
+ })
+ local exists,err = rspamd_util.file_exists(p.key)
+ if not exists then
+ if err and err == 'No such file or directory' then
+ lua_util.debugm(N, task, 'cannot read key from "%s": %s', p.key, err)
+ else
+ rspamd_logger.warnx(N, task, 'cannot read key from "%s": %s', p.key, err)
+ end
+ return false
end
- return false
- end
- lua_util.debugm(N, task, 'key found at "%s", use selector "%s" for domain "%s"',
- p.key, p.selector, p.domain)
+ lua_util.debugm(N, task, 'key found at "%s", use selector "%s" for domain "%s"',
+ p.key, p.selector, p.domain)
+ end
do_sign()
else
diff --git a/src/plugins/lua/ratelimit.lua b/src/plugins/lua/ratelimit.lua
index acf5b9a8e..59f3c0522 100644
--- a/src/plugins/lua/ratelimit.lua
+++ b/src/plugins/lua/ratelimit.lua
@@ -65,7 +65,7 @@ local settings = {
local bucket_check_script = [[
local last = redis.call('HGET', KEYS[1], 'l')
local now = tonumber(KEYS[2])
- local dynr, dynb = 0, 0
+ local dynr, dynb, leaked = 0, 0, 0
if not last then
-- New bucket
redis.call('HSET', KEYS[1], 'l', KEYS[2])
@@ -73,7 +73,7 @@ local bucket_check_script = [[
redis.call('HSET', KEYS[1], 'dr', '10000')
redis.call('HSET', KEYS[1], 'db', '10000')
redis.call('EXPIRE', KEYS[1], KEYS[5])
- return {0, 0, 1, 1}
+ return {0, '0', '1', '1', '0'}
end
last = tonumber(last)
@@ -84,9 +84,10 @@ local bucket_check_script = [[
local rate = tonumber(KEYS[3])
dynr = tonumber(redis.call('HGET', KEYS[1], 'dr')) / 10000.0
rate = rate * dynr
- local leaked = ((now - last) * rate)
+ leaked = ((now - last) * rate)
burst = burst - leaked
redis.call('HINCRBYFLOAT', KEYS[1], 'b', -(leaked))
+ redis.call('HSET', KEYS[1], 'l', KEYS[2])
end
else
burst = 0
@@ -95,11 +96,11 @@ local bucket_check_script = [[
dynb = tonumber(redis.call('HGET', KEYS[1], 'db')) / 10000.0
- if (burst + 1) * dynb > tonumber(KEYS[4]) then
- return {1, tostring(burst), tostring(dynr), tostring(dynb)}
+ if (burst + 1) > tonumber(KEYS[4]) * dynb then
+ return {1, tostring(burst), tostring(dynr), tostring(dynb), tostring(leaked)}
end
- return {0, tostring(burst), tostring(dynr), tostring(dynb)}
+ return {0, tostring(burst), tostring(dynr), tostring(dynb), tostring(leaked)}
]]
local bucket_check_id
@@ -334,6 +335,48 @@ local keywords = {
return task:get_principal_recipient()
end,
},
+ ['digest'] = {
+ ['get_value'] = function(task)
+ return task:get_digest()
+ end,
+ },
+ ['attachments'] = {
+ ['get_value'] = function(task)
+ local parts = task:get_parts() or E
+ local digests = {}
+
+ for _,p in ipairs(parts) do
+ if p:get_filename() then
+ table.insert(digests, p:get_digest())
+ end
+ end
+
+ if #digests > 0 then
+ return table.concat(digests, '')
+ end
+
+ return nil
+ end,
+ },
+ ['files'] = {
+ ['get_value'] = function(task)
+ local parts = task:get_parts() or E
+ local files = {}
+
+ for _,p in ipairs(parts) do
+ local fname = p:get_filename()
+ if fname then
+ table.insert(files, fname)
+ end
+ end
+
+ if #files > 0 then
+ return table.concat(files, ':')
+ end
+
+ return nil
+ end,
+ },
}
local function gen_rate_key(task, rtype, bucket)
@@ -461,28 +504,35 @@ local function ratelimit_cb(task)
return function(err, data)
if err then
rspamd_logger.errx('cannot check limit %s: %s %s', prefix, err, data)
- elseif type(data) == 'table' and data[1] and data[1] == 1 then
- -- set symbol only and do NOT soft reject
- if settings.symbol then
- task:insert_result(settings.symbol, 0.0, lim_name .. "(" .. prefix .. ")")
+ elseif type(data) == 'table' and data[1] then
+ lua_util.debugm(N, task,
+ "got reply for limit %s (%s / %s); %s burst, %s:%s dyn, %s leaked",
+ prefix, bucket.burst, bucket.rate,
+ data[2], data[3], data[4], data[5])
+
+ if data[1] == 1 then
+ -- set symbol only and do NOT soft reject
+ if settings.symbol then
+ task:insert_result(settings.symbol, 0.0, lim_name .. "(" .. prefix .. ")")
+ rspamd_logger.infox(task,
+ 'set_symbol_only: ratelimit "%s(%s)" exceeded, (%s / %s): %s (%s:%s dyn)',
+ lim_name, prefix,
+ bucket.burst, bucket.rate,
+ data[2], data[3], data[4])
+ return
+ -- set INFO symbol and soft reject
+ elseif settings.info_symbol then
+ task:insert_result(settings.info_symbol, 1.0,
+ lim_name .. "(" .. prefix .. ")")
+ end
rspamd_logger.infox(task,
- 'set_symbol_only: ratelimit "%s(%s)" exceeded, (%s / %s): %s (%s:%s dyn)',
+ 'ratelimit "%s(%s)" exceeded, (%s / %s): %s (%s:%s dyn)',
lim_name, prefix,
bucket.burst, bucket.rate,
data[2], data[3], data[4])
- return
- -- set INFO symbol and soft reject
- elseif settings.info_symbol then
- task:insert_result(settings.info_symbol, 1.0,
- lim_name .. "(" .. prefix .. ")")
+ task:set_pre_result('soft reject',
+ message_func(task, lim_name, prefix, bucket))
end
- rspamd_logger.infox(task,
- 'ratelimit "%s(%s)" exceeded, (%s / %s): %s (%s:%s dyn)',
- lim_name, prefix,
- bucket.burst, bucket.rate,
- data[2], data[3], data[4])
- task:set_pre_result('soft reject',
- message_func(task, lim_name, prefix, bucket))
end
end
end