diff options
| -rw-r--r-- | rules/mid.lua | 66 | ||||
| -rw-r--r-- | rules/rspamd.lua | 1 | ||||
| -rw-r--r-- | src/plugins/lua/mid.lua | 49 |
3 files changed, 67 insertions, 49 deletions
diff --git a/rules/mid.lua b/rules/mid.lua new file mode 100644 index 000000000..0b68fa612 --- /dev/null +++ b/rules/mid.lua @@ -0,0 +1,66 @@ +--[[ +Copyright (c) 2016, Vsevolod Stakhov <vsevolod@highsecure.ru> +Copyright (c) 2016, Steve Freeguard + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +]]-- + +local function mid_check_func(task) + local mid = task:get_header('Message-ID') + if not mid then return false end + -- Check for 'bare' IP addresses in RHS + if mid:find("@%d+%.%d+%.%d+%.%d+>$") then + task:insert_result('MID_BARE_IP', 1.0) + end + -- Check for non-FQDN RHS + if mid:find("@[^%.]+>?$") then + task:insert_result('MID_RHS_NOT_FQDN', 1.0) + end + -- Check for missing <>'s + if not mid:find('^<[^>]+>$') then + task:insert_result('MID_MISSING_BRACKETS', 1.0) + end + -- Check for IP literal in RHS + if mid:find("@%[%d+%.%d+%.%d+%.%d+%]") then + task:insert_result('MID_RHS_IP_LITERAL', 1.0) + end + -- Check From address atrributes against MID + local from = task:get_from(2) + if (from and from[1] and from[1].domain) then + local fd = from[1].domain:lower() + local _,_,md = mid:find("@([^>]+)>?$") + -- See if all or part of the From address + -- can be found in the Message-ID + if (mid:lower():find(from[1].addr:lower(),1,true)) then + task:insert_result('MID_CONTAINS_FROM', 1.0) + elseif (md and fd == md:lower()) then + task:insert_result('MID_RHS_MATCH_FROM', 1.0) + end + end +end + +-- MID checks from Steve Freegard +local check_mid_id = rspamd_config:register_callback_symbol('CHECK_MID', 1.0, + mid_check_func) +rspamd_config:register_virtual_symbol('MID_BARE_IP', 1.0, check_mid_id) +rspamd_config:set_metric_symbol('MID_BARE_IP', 2.0, 'Message-ID RHS is a bare IP address') +rspamd_config:register_virtual_symbol('MID_RHS_NOT_FQDN', 1.0, check_mid_id) +rspamd_config:set_metric_symbol('MID_RHS_NOT_FQDN', 0.5, 'Message-ID RHS is not a fully-qualified domain name') +rspamd_config:register_virtual_symbol('MID_MISSING_BRACKETS', 1.0, check_mid_id) +rspamd_config:set_metric_symbol('MID_MISSING_BRACKETS', 0.5, 'Message-ID is missing <>\'s') +rspamd_config:register_virtual_symbol('MID_RHS_IP_LITERAL', 1.0, check_mid_id) +rspamd_config:set_metric_symbol('MID_RHS_IP_LITERAL', 0.5, 'Message-ID RHS is an IP-literal') +rspamd_config:register_virtual_symbol('MID_CONTAINS_FROM', 1.0, check_mid_id) +rspamd_config:set_metric_symbol('MID_CONTAINS_FROM', 1.0, 'Message-ID contains From address') +rspamd_config:register_virtual_symbol('MID_RHS_MATCH_FROM', 1.0, check_mid_id) +rspamd_config:set_metric_symbol('MID_RHS_MATCH_FROM', 1.0, 'Message-ID RHS matches From domain')
\ No newline at end of file diff --git a/rules/rspamd.lua b/rules/rspamd.lua index b02e6b1af..a9ead440d 100644 --- a/rules/rspamd.lua +++ b/rules/rspamd.lua @@ -32,6 +32,7 @@ dofile(local_rules .. '/html.lua') dofile(local_rules .. '/misc.lua') dofile(local_rules .. '/http_headers.lua') dofile(local_rules .. '/forwarding.lua') +dofile(local_rules .. '/mid.lua') local function file_exists(filename) local file = io.open(filename) diff --git a/src/plugins/lua/mid.lua b/src/plugins/lua/mid.lua index 7ff38bb9d..0ca26b91f 100644 --- a/src/plugins/lua/mid.lua +++ b/src/plugins/lua/mid.lua @@ -60,55 +60,6 @@ local function known_mid_cb(task) end end -local check_mid_id = rspamd_config:register_callback_symbol('CHECK_MID', 1.0, - function (task) - local mid = task:get_header('Message-ID') - if not mid then return false end - -- Check for 'bare' IP addresses in RHS - if mid:find("@%d+%.%d+%.%d+%.%d+>$") then - task:insert_result('MID_BARE_IP', 1.0) - end - -- Check for non-FQDN RHS - if mid:find("@[^%.]+>?$") then - task:insert_result('MID_RHS_NOT_FQDN', 1.0) - end - -- Check for missing <>'s - if not mid:find('^<[^>]+>$') then - task:insert_result('MID_MISSING_BRACKETS', 1.0) - end - -- Check for IP literal in RHS - if mid:find("@%[%d+%.%d+%.%d+%.%d+%]") then - task:insert_result('MID_RHS_IP_LITERAL', 1.0) - end - -- Check From address atrributes against MID - local from = task:get_from(2) - if (from and from[1] and from[1].domain) then - local fd = from[1].domain:lower() - local _,_,md = mid:find("@([^>]+)>?$") - -- See if all or part of the From address - -- can be found in the Message-ID - if (mid:lower():find(from[1].addr:lower(),1,true)) then - task:insert_result('MID_CONTAINS_FROM', 1.0) - elseif (md and fd == md:lower()) then - task:insert_result('MID_RHS_MATCH_FROM', 1.0) - end - end - end -) - -rspamd_config:register_virtual_symbol('MID_BARE_IP', 1.0, check_mid_id) -rspamd_config:set_metric_symbol('MID_BARE_IP', 2.0, 'Message-ID RHS is a bare IP address') -rspamd_config:register_virtual_symbol('MID_RHS_NOT_FQDN', 1.0, check_mid_id) -rspamd_config:set_metric_symbol('MID_RHS_NOT_FQDN', 0.5, 'Message-ID RHS is not a fully-qualified domain name') -rspamd_config:register_virtual_symbol('MID_MISSING_BRACKETS', 1.0, check_mid_id) -rspamd_config:set_metric_symbol('MID_MISSING_BRACKETS', 0.5, 'Message-ID is missing <>\'s') -rspamd_config:register_virtual_symbol('MID_RHS_IP_LITERAL', 1.0, check_mid_id) -rspamd_config:set_metric_symbol('MID_RHS_IP_LITERAL', 0.5, 'Message-ID RHS is an IP-literal') -rspamd_config:register_virtual_symbol('MID_CONTAINS_FROM', 1.0, check_mid_id) -rspamd_config:set_metric_symbol('MID_CONTAINS_FROM', 1.0, 'Message-ID contains From address') -rspamd_config:register_virtual_symbol('MID_RHS_MATCH_FROM', 1.0, check_mid_id) -rspamd_config:set_metric_symbol('MID_RHS_MATCH_FROM', 1.0, 'Message-ID RHS matches From domain') - local opts = rspamd_config:get_all_opt('mid') if opts then for k,v in pairs(opts) do |