3 files changed, 86 insertions, 22 deletions

diff --git a/conf/modules.conf b/conf/modules.conf
index 9cb26fa5a..582ca5204 100644
--- a/conf/modules.conf
+++ b/conf/modules.conf
@@ -87,7 +87,6 @@ rbl {
  default_from = true;
  default_received = false;
  default_exclude_users = true;
- default_exclude_private_ips = true;
 
  private_ips = "127.0.0.0/8 10.0.0.0/8 192.168.0.0/16 169.254.0.0/16 172.16.0.0/12 100.64.0.0/10 fc00::/7 fe80::/10 fec0::/10 ::1";
 
@@ -201,6 +200,16 @@ rbl {
         }
     }
 
+    rambleremails {
+        symbol = RAMBLER_EMAILBL;
+        rbl = email-bl.rambler.ru;
+        from = false;
+        emails = true;
+        exclude_users = false;
+        exclude_private_ips = false;
+        exclude_local = false;
+    }
+
  }
 }
 
@@ -222,13 +231,8 @@ once_received {
 phishing {
     symbol = "PHISHING";
 }
-emails {
-    rule { 
-        symbol = RAMBLER_EMAILBL;
-        dnsbl = email-bl.rambler.ru;
-        domain_only = false;
-    }
-}
+#emails {
+#}
 spf {
     spf_cache_size = 2k;
     spf_cache_expire = 1d;
diff --git a/doc/markdown/modules/rbl.md b/doc/markdown/modules/rbl.md
index bff67e31d..6ffb46cda 100644
--- a/doc/markdown/modules/rbl.md
+++ b/doc/markdown/modules/rbl.md
@@ -45,6 +45,10 @@ Use this RBL to test reverse DNS names of message senders (hostnames passed to r
 
 Use this RBL to test parameters sent for HELO/EHLO at SMTP time.
 
+- default_emails (false)
+
+Use this RBL to test email addresses in form [localpart].[domainpart].[rbl] or if set to "domain_only" uses [domainpart].[rbl].
+
 - default_unknown (false)
 
 If set to false, do not yield a result unless the response received from the RBL is defined in its related returncodes {} subsection, else return the default symbol for the RBL.
@@ -53,13 +57,13 @@ If set to false, do not yield a result unless the response received from the RBL
 
 If set to true, do not use this RBL if the message sender is authenticated.
 
-- default_exclude_private_ips (false)
+- default_exclude_private_ips (true)
 
-If true & private_ips is set appropriately, from/received RBL checks will ignore private IP address space.
+If true & private_ips is set appropriately, do not use the RBL if the sending host address is in the private IP list & do not check received headers baring these addresses.
 
 - default_exclude_local (true)
 
-If true, and local_exclude_ip_map has been set - exclude specified addresses/subnets from received/from RBL checks.
+If true & local_exclude_ip_map has been set - do not use the RBL if the sending host address is in the local IP list & do not check received headers baring these addresses.
 
 Other parameters which can be set here are:
 
diff --git a/src/plugins/lua/rbl.lua b/src/plugins/lua/rbl.lua
index 82955f13c..792c92569 100644
--- a/src/plugins/lua/rbl.lua
+++ b/src/plugins/lua/rbl.lua
@@ -36,10 +36,7 @@ local private_ips = nil
 local rspamd_logger = require "rspamd_logger"
 local rspamd_ip = require "rspamd_ip"
 
-local function validate_dns(lstr, rstr)
-  if (lstr:len() + rstr:len()) > 252 then
-    return false
-  end
+local function validate_dns(lstr)
   for v in lstr:gmatch("[^%.]+") do
     if not v:match("^[%w-]+$") or v:len() > 63
       or v:match("^-") or v:match("-$") then
@@ -136,6 +133,20 @@ local function rbl_cb (task)
         end
       end
 
+      if (rbl['exclude_local'] or rbl['exclude_private_ips']) and not notgot['from'] then
+        if not havegot['from'] then
+          havegot['from'] = task:get_from_ip()
+          if not havegot['from']:is_valid() then
+            notgot['from'] = true
+          end
+        end
+        if havegot['from'] and not notgot['from'] and ((rbl['exclude_local'] and
+          is_excluded_ip(havegot['from'])) or (rbl['exclude_private_ips'] and
+          is_private_ip(havegot['from']))) then
+          return
+        end
+      end
+
       if rbl['helo'] then
 	(function()
 	  if notgot['helo'] then
@@ -144,7 +155,7 @@ local function rbl_cb (task)
 	  if not havegot['helo'] then
 	    havegot['helo'] = task:get_helo()
 	    if havegot['helo'] == nil or
-              not validate_dns(havegot['helo'], rbl['rbl']) then
+              not validate_dns(havegot['helo']) then
 	      notgot['helo'] = true
 	      return
 	    end
@@ -154,6 +165,51 @@ local function rbl_cb (task)
 	end)()
       end
 
+      if rbl['emails'] then
+        (function()
+          if notgot['emails'] then
+            return
+          end
+          if not havegot['emails'] then
+            havegot['emails'] = task:get_emails()
+            if havegot['emails'] == nil then
+              notgot['emails'] = true
+              return
+            end
+            local cleanList = {}
+            for _, e in pairs(havegot['emails']) do
+              local localpart = e:get_user()
+              local domainpart = e:get_host()
+              if rbl['emails'] == 'domain_only' then
+                if not cleanList[domainpart] and validate_dns(domainpart) then
+                  cleanList[domainpart] = true
+                end
+              else
+                if validate_dns(localpart) and validate_dns(domainpart) then
+                  table.insert(cleanList, localpart .. '.' .. domainpart)
+                end
+              end 
+            end
+            havegot['emails'] = cleanList
+            if not next(havegot['emails']) then
+              notgot['emails'] = true
+              return
+            end
+          end
+          if rbl['emails'] == 'domain_only' then
+            for domain, _ in pairs(havegot['emails']) do
+              task:get_resolver():resolve_a(task:get_session(), task:get_mempool(),
+                domain .. '.' .. rbl['rbl'], rbl_dns_cb, k)
+            end
+          else
+            for _, email in pairs(havegot['emails']) do
+              task:get_resolver():resolve_a(task:get_session(), task:get_mempool(),
+                email .. '.' .. rbl['rbl'], rbl_dns_cb, k)
+            end
+          end
+        end)()
+      end
+
       if rbl['rdns'] then
 	(function()
 	  if notgot['rdns'] then
@@ -183,10 +239,6 @@ local function rbl_cb (task)
 	      return
 	    end
 	  end
-          if (rbl['exclude_private_ips'] and is_private_ip(havegot['from']))
-            or (is_excluded_ip(havegot['from']) and rbl['exclude_local']) then
-            return
-          end
 	  if (havegot['from']:get_version() == 6 and rbl['ipv6']) or
 	    (havegot['from']:get_version() == 4 and rbl['ipv4']) then
 	    task:get_resolver():resolve_a(task:get_session(), task:get_mempool(),
@@ -241,6 +293,7 @@ if type(rspamd_config.get_api_version) ~= 'nil' then
     rspamd_config:register_module_option('rbl', 'local_exclude_ip_map', 'string')
     rspamd_config:register_module_option('rbl', 'default_exclude_local', 'string')
     rspamd_config:register_module_option('rbl', 'private_ips', 'string')
+    rspamd_config:register_module_option('rbl', 'default_emails', 'string')
   end
 end
 
@@ -274,11 +327,14 @@ if(opts['default_exclude_users'] == nil) then
   opts['default_exclude_users'] = false
 end
 if(opts['default_exclude_private_ips'] == nil) then
-  opts['default_exclude_private_ips'] = false
+  opts['default_exclude_private_ips'] = true
 end
 if(opts['default_exclude_local'] == nil) then
   opts['default_exclude_local'] = true
 end
+if(opts['default_emails'] == nil) then
+  opts['default_emails'] = false
+end
 if(opts['local_exclude_ip_map'] ~= nil) then
   local_exclusions = rspamd_config:add_radix_map(opts['local_exclude_ip_map'])
 end
@@ -289,7 +345,7 @@ end
 for key,rbl in pairs(opts['rbls']) do
   local o = {
     "ipv4", "ipv6", "from", "received", "unknown", "rdns", "helo", "exclude_users",
-    "exclude_private_ips", "exclude_local"
+    "exclude_private_ips", "exclude_local", "emails"
   }
   for i=1,table.maxn(o) do
     if(rbl[o[i]] == nil) then