diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-02-13 11:05:30 +0000 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-02-13 11:05:30 +0000 |
commit | ec00c788c2bc8ca3216ee7dffa0b63a289a8d8d8 (patch) | |
tree | 56e8ecd2214bfd30b74119338ef5130e92d537fc /src | |
parent | 1d7e4cbd19287af3decfc8a0adb293120b802cab (diff) | |
parent | fe036ff922b77477d74fb61b155ce2699be7ce9a (diff) | |
download | rspamd-ec00c788c2bc8ca3216ee7dffa0b63a289a8d8d8.tar.gz rspamd-ec00c788c2bc8ca3216ee7dffa0b63a289a8d8d8.zip |
Merge pull request #162 from fatalbanana/master
Exclusions for authenticated users etc
Diffstat (limited to 'src')
-rw-r--r-- | src/plugins/lua/once_received.lua | 193 | ||||
-rw-r--r-- | src/plugins/lua/rbl.lua | 21 |
2 files changed, 117 insertions, 97 deletions
diff --git a/src/plugins/lua/once_received.lua b/src/plugins/lua/once_received.lua index 46a3e1b09..6e1243545 100644 --- a/src/plugins/lua/once_received.lua +++ b/src/plugins/lua/once_received.lua @@ -8,88 +8,91 @@ local good_hosts = {} local rspamd_logger = require "rspamd_logger" local function check_quantity_received (task) - local function recv_dns_cb(resolver, to_resolve, results, err) - task:inc_dns_req() - if not results then - task:insert_result(symbol_strict, 1) - else - rspamd_logger.info(string.format('SMTP resolver failed to resolve: %s is %s', to_resolve, results[1])) - local i = true - for _,h in ipairs(bad_hosts) do - if string.find(results[1], h) then - -- Check for good hostname - if good_hosts then - for _,gh in ipairs(good_hosts) do - if string.find(results[1], gh) then - i = false - break - end - end - end - if i then - task:insert_result(symbol_strict, 1, h) - return - end - end - end - end - end + local function recv_dns_cb(resolver, to_resolve, results, err) + task:inc_dns_req() + if not results then + task:insert_result(symbol_strict, 1) + else + rspamd_logger.info(string.format('SMTP resolver failed to resolve: %s is %s', to_resolve, results[1])) + local i = true + for _,h in ipairs(bad_hosts) do + if string.find(results[1], h) then + -- Check for good hostname + if good_hosts then + for _,gh in ipairs(good_hosts) do + if string.find(results[1], gh) then + i = false + break + end + end + end + if i then + task:insert_result(symbol_strict, 1, h) + return + end + end + end + end + end - local recvh = task:get_received_headers() - if table.maxn(recvh) <= 1 then - task:insert_result(symbol, 1) - -- Strict checks - if symbol_strict then - local r = recvh[1] + if task:get_user() ~= nil then + return + end + local recvh = task:get_received_headers() + if table.maxn(recvh) <= 1 then + task:insert_result(symbol, 1) + -- Strict checks + if symbol_strict then + local r = recvh[1] if not r then return end - -- Unresolved host - if not r['real_hostname'] or string.lower(r['real_hostname']) == 'unknown' or - string.match(r['real_hostname'], '^%d+%.%d+%.%d+%.%d+$') then - - if r['real_ip'] and r['real_ip']:is_valid() then - -- Try to resolve it again - task:get_resolver():resolve_ptr(task:get_session(), task:get_mempool(), - r['real_ip']:to_string(), recv_dns_cb) - else - task:insert_result(symbol_strict, 1) - end - return - end + -- Unresolved host + if not r['real_hostname'] or string.lower(r['real_hostname']) == 'unknown' or + string.match(r['real_hostname'], '^%d+%.%d+%.%d+%.%d+$') then + + if r['real_ip'] and r['real_ip']:is_valid() then + -- Try to resolve it again + task:get_resolver():resolve_ptr(task:get_session(), task:get_mempool(), + r['real_ip']:to_string(), recv_dns_cb) + else + task:insert_result(symbol_strict, 1) + end + return + end - local i = true - local hn = string.lower(r['real_hostname']) + local i = true + local hn = string.lower(r['real_hostname']) - for _,h in ipairs(bad_hosts) do - if string.find(hn, h) then - -- Check for good hostname - if good_hosts then - for _,gh in ipairs(good_hosts) do - if string.find(hn, gh) then - i = false - break - end - end - end - if i then - task:insert_result(symbol_strict, 1, h) - return - end - end - end - end - end + for _,h in ipairs(bad_hosts) do + if string.find(hn, h) then + -- Check for good hostname + if good_hosts then + for _,gh in ipairs(good_hosts) do + if string.find(hn, gh) then + i = false + break + end + end + end + if i then + task:insert_result(symbol_strict, 1, h) + return + end + end + end + end + end end -- Registration if type(rspamd_config.get_api_version) ~= 'nil' then - if rspamd_config:get_api_version() >= 1 then - rspamd_config:register_module_option('once_received', 'symbol', 'string') - rspamd_config:register_module_option('once_received', 'symbol_strict', 'string') - rspamd_config:register_module_option('once_received', 'bad_host', 'string') - rspamd_config:register_module_option('once_received', 'good_host', 'string') - end + if rspamd_config:get_api_version() >= 1 then + rspamd_config:register_module_option('once_received', 'symbol', 'string') + rspamd_config:register_module_option('once_received', 'symbol_strict', 'string') + rspamd_config:register_module_option('once_received', 'bad_host', 'string') + rspamd_config:register_module_option('once_received', 'good_host', 'string') + end end -- Configuration @@ -98,28 +101,28 @@ if opts then if opts['symbol'] then local symbol = opts['symbol'] - for n,v in pairs(opts) do - if n == 'symbol_strict' then - symbol_strict = v - if type(rspamd_config.get_api_version) ~= 'nil' then - rspamd_config:register_virtual_symbol(symbol_strict, 1.0) - end - elseif n == 'bad_host' then - if type(v) == 'string' then - bad_hosts[1] = v - else - bad_hosts = v - end - elseif n == 'good_host' then - if type(v) == 'string' then - good_hosts[1] = v - else - good_hosts = v - end - end - end + for n,v in pairs(opts) do + if n == 'symbol_strict' then + symbol_strict = v + if type(rspamd_config.get_api_version) ~= 'nil' then + rspamd_config:register_virtual_symbol(symbol_strict, 1.0) + end + elseif n == 'bad_host' then + if type(v) == 'string' then + bad_hosts[1] = v + else + bad_hosts = v + end + elseif n == 'good_host' then + if type(v) == 'string' then + good_hosts[1] = v + else + good_hosts = v + end + end + end - -- Register symbol's callback - rspamd_config:register_symbol(symbol, 1.0, check_quantity_received) - end + -- Register symbol's callback + rspamd_config:register_symbol(symbol, 1.0, check_quantity_received) + end end diff --git a/src/plugins/lua/rbl.lua b/src/plugins/lua/rbl.lua index 9abac0067..0106e41f3 100644 --- a/src/plugins/lua/rbl.lua +++ b/src/plugins/lua/rbl.lua @@ -1,7 +1,23 @@ +-- This plugin implements various types of RBL checks +-- Documentation can be found here: +-- https://rspamd.com/doc/modules/rbl.html + local rbls = {} local rspamd_logger = require "rspamd_logger" -local rspamd_ip = require "rspamd_ip" + +local function validate_dns(lstr, rstr) + if (lstr:len() + rstr:len()) > 252 then + return false + end + for v in lstr:gmatch("[^%.]+") do + if not v:match("^[%w-]+$") or v:len() > 63 + or v:match("^-") or v:match("-$") then + return false + end + end + return true +end local function ip_to_rbl(ip, rbl) return table.concat(ip:inversed_str_octets(), ".") .. '.' .. rbl @@ -83,7 +99,8 @@ local function rbl_cb (task) end if not havegot['helo'] then havegot['helo'] = task:get_helo() - if not havegot['helo'] or string.sub(havegot['helo'],1,1) == '[' or rspamd_ip.from_string(havegot['helo']):is_valid() then + if havegot['helo'] == nil or + not validate_dns(havegot['helo'], rbl['rbl']) then notgot['helo'] = true return end |