diff options
author | Mikhail Galanin <mgalanin@mimecast.com> | 2018-08-15 15:30:47 +0100 |
---|---|---|
committer | Mikhail Galanin <mgalanin@mimecast.com> | 2018-08-15 15:30:47 +0100 |
commit | b29e8792c6be01be944223a0eea7ba373b151327 (patch) | |
tree | 184a9317512ff81855b03af909e90ce42504dba9 /src/plugins | |
parent | cfe8fb280d2795d5929f8b2088e9b1f141f465cd (diff) | |
parent | f01c0800f7a9caf1b2b4e9c58b044d5def09e76a (diff) | |
download | rspamd-b29e8792c6be01be944223a0eea7ba373b151327.tar.gz rspamd-b29e8792c6be01be944223a0eea7ba373b151327.zip |
Merge branch 'master' into lua-coroutine-model
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/lua/arc.lua | 24 | ||||
-rw-r--r-- | src/plugins/lua/dkim_signing.lua | 30 | ||||
-rw-r--r-- | src/plugins/lua/ratelimit.lua | 96 |
3 files changed, 106 insertions, 44 deletions
diff --git a/src/plugins/lua/arc.lua b/src/plugins/lua/arc.lua index ef6a11e71..30ae0cd19 100644 --- a/src/plugins/lua/arc.lua +++ b/src/plugins/lua/arc.lua @@ -549,16 +549,22 @@ local function arc_signing_cb(task) try_redis_key(p.selector) end else - if (p.key and p.selector) then - p.key = lua_util.template(p.key, {domain = p.domain, selector = p.selector}) - local exists,err = rspamd_util.file_exists(p.key) - if not exists then - if err and err == 'No such file or directory' then - lua_util.debugm(N, task, 'cannot read key from %s: %s', p.key, err) - else - rspamd_logger.warnx(N, task, 'cannot read key from %s: %s', p.key, err) + if ((p.key or p.rawkey) and p.selector) then + if p.key then + p.key = lua_util.template(p.key, { + domain = p.domain, + selector = p.selector + }) + + local exists,err = rspamd_util.file_exists(p.key) + if not exists then + if err and err == 'No such file or directory' then + lua_util.debugm(N, task, 'cannot read key from %s: %s', p.key, err) + else + rspamd_logger.warnx(N, task, 'cannot read key from %s: %s', p.key, err) + end + return false end - return false end local dret, hdr = dkim_sign(task, p) diff --git a/src/plugins/lua/dkim_signing.lua b/src/plugins/lua/dkim_signing.lua index 343fb8a84..99e1fca68 100644 --- a/src/plugins/lua/dkim_signing.lua +++ b/src/plugins/lua/dkim_signing.lua @@ -152,20 +152,26 @@ local function dkim_signing_cb(task) try_redis_key(p.selector) end else - if (p.key and p.selector) then - p.key = lua_util.template(p.key, { domain = p.domain, selector = p.selector}) - local exists,err = rspamd_util.file_exists(p.key) - if not exists then - if err and err == 'No such file or directory' then - lua_util.debugm(N, task, 'cannot read key from "%s": %s', p.key, err) - else - rspamd_logger.warnx(N, task, 'cannot read key from "%s": %s', p.key, err) + if ((p.key or p.rawkey) and p.selector) then + if p.key then + -- templates + p.key = lua_util.template(p.key, { + domain = p.domain, + selector = p.selector + }) + local exists,err = rspamd_util.file_exists(p.key) + if not exists then + if err and err == 'No such file or directory' then + lua_util.debugm(N, task, 'cannot read key from "%s": %s', p.key, err) + else + rspamd_logger.warnx(N, task, 'cannot read key from "%s": %s', p.key, err) + end + return false end - return false - end - lua_util.debugm(N, task, 'key found at "%s", use selector "%s" for domain "%s"', - p.key, p.selector, p.domain) + lua_util.debugm(N, task, 'key found at "%s", use selector "%s" for domain "%s"', + p.key, p.selector, p.domain) + end do_sign() else diff --git a/src/plugins/lua/ratelimit.lua b/src/plugins/lua/ratelimit.lua index acf5b9a8e..59f3c0522 100644 --- a/src/plugins/lua/ratelimit.lua +++ b/src/plugins/lua/ratelimit.lua @@ -65,7 +65,7 @@ local settings = { local bucket_check_script = [[ local last = redis.call('HGET', KEYS[1], 'l') local now = tonumber(KEYS[2]) - local dynr, dynb = 0, 0 + local dynr, dynb, leaked = 0, 0, 0 if not last then -- New bucket redis.call('HSET', KEYS[1], 'l', KEYS[2]) @@ -73,7 +73,7 @@ local bucket_check_script = [[ redis.call('HSET', KEYS[1], 'dr', '10000') redis.call('HSET', KEYS[1], 'db', '10000') redis.call('EXPIRE', KEYS[1], KEYS[5]) - return {0, 0, 1, 1} + return {0, '0', '1', '1', '0'} end last = tonumber(last) @@ -84,9 +84,10 @@ local bucket_check_script = [[ local rate = tonumber(KEYS[3]) dynr = tonumber(redis.call('HGET', KEYS[1], 'dr')) / 10000.0 rate = rate * dynr - local leaked = ((now - last) * rate) + leaked = ((now - last) * rate) burst = burst - leaked redis.call('HINCRBYFLOAT', KEYS[1], 'b', -(leaked)) + redis.call('HSET', KEYS[1], 'l', KEYS[2]) end else burst = 0 @@ -95,11 +96,11 @@ local bucket_check_script = [[ dynb = tonumber(redis.call('HGET', KEYS[1], 'db')) / 10000.0 - if (burst + 1) * dynb > tonumber(KEYS[4]) then - return {1, tostring(burst), tostring(dynr), tostring(dynb)} + if (burst + 1) > tonumber(KEYS[4]) * dynb then + return {1, tostring(burst), tostring(dynr), tostring(dynb), tostring(leaked)} end - return {0, tostring(burst), tostring(dynr), tostring(dynb)} + return {0, tostring(burst), tostring(dynr), tostring(dynb), tostring(leaked)} ]] local bucket_check_id @@ -334,6 +335,48 @@ local keywords = { return task:get_principal_recipient() end, }, + ['digest'] = { + ['get_value'] = function(task) + return task:get_digest() + end, + }, + ['attachments'] = { + ['get_value'] = function(task) + local parts = task:get_parts() or E + local digests = {} + + for _,p in ipairs(parts) do + if p:get_filename() then + table.insert(digests, p:get_digest()) + end + end + + if #digests > 0 then + return table.concat(digests, '') + end + + return nil + end, + }, + ['files'] = { + ['get_value'] = function(task) + local parts = task:get_parts() or E + local files = {} + + for _,p in ipairs(parts) do + local fname = p:get_filename() + if fname then + table.insert(files, fname) + end + end + + if #files > 0 then + return table.concat(files, ':') + end + + return nil + end, + }, } local function gen_rate_key(task, rtype, bucket) @@ -461,28 +504,35 @@ local function ratelimit_cb(task) return function(err, data) if err then rspamd_logger.errx('cannot check limit %s: %s %s', prefix, err, data) - elseif type(data) == 'table' and data[1] and data[1] == 1 then - -- set symbol only and do NOT soft reject - if settings.symbol then - task:insert_result(settings.symbol, 0.0, lim_name .. "(" .. prefix .. ")") + elseif type(data) == 'table' and data[1] then + lua_util.debugm(N, task, + "got reply for limit %s (%s / %s); %s burst, %s:%s dyn, %s leaked", + prefix, bucket.burst, bucket.rate, + data[2], data[3], data[4], data[5]) + + if data[1] == 1 then + -- set symbol only and do NOT soft reject + if settings.symbol then + task:insert_result(settings.symbol, 0.0, lim_name .. "(" .. prefix .. ")") + rspamd_logger.infox(task, + 'set_symbol_only: ratelimit "%s(%s)" exceeded, (%s / %s): %s (%s:%s dyn)', + lim_name, prefix, + bucket.burst, bucket.rate, + data[2], data[3], data[4]) + return + -- set INFO symbol and soft reject + elseif settings.info_symbol then + task:insert_result(settings.info_symbol, 1.0, + lim_name .. "(" .. prefix .. ")") + end rspamd_logger.infox(task, - 'set_symbol_only: ratelimit "%s(%s)" exceeded, (%s / %s): %s (%s:%s dyn)', + 'ratelimit "%s(%s)" exceeded, (%s / %s): %s (%s:%s dyn)', lim_name, prefix, bucket.burst, bucket.rate, data[2], data[3], data[4]) - return - -- set INFO symbol and soft reject - elseif settings.info_symbol then - task:insert_result(settings.info_symbol, 1.0, - lim_name .. "(" .. prefix .. ")") + task:set_pre_result('soft reject', + message_func(task, lim_name, prefix, bucket)) end - rspamd_logger.infox(task, - 'ratelimit "%s(%s)" exceeded, (%s / %s): %s (%s:%s dyn)', - lim_name, prefix, - bucket.burst, bucket.rate, - data[2], data[3], data[4]) - task:set_pre_result('soft reject', - message_func(task, lim_name, prefix, bucket)) end end end |