diff options
Diffstat (limited to 'src/plugins')
| -rw-r--r-- | src/plugins/dkim_check.c | 23 | ||||
| -rw-r--r-- | src/plugins/fuzzy_check.c | 23 | ||||
| -rw-r--r-- | src/plugins/lua/arc.lua | 4 | ||||
| -rw-r--r-- | src/plugins/lua/dkim_signing.lua | 15 | ||||
| -rw-r--r-- | src/plugins/lua/mime_types.lua | 3 | ||||
| -rw-r--r-- | src/plugins/lua/multimap.lua | 81 | ||||
| -rw-r--r-- | src/plugins/lua/reputation.lua | 60 | ||||
| -rw-r--r-- | src/plugins/lua/rspamd_update.lua | 28 | ||||
| -rw-r--r-- | src/plugins/lua/settings.lua | 4 | ||||
| -rw-r--r-- | src/plugins/surbl.c | 29 |
10 files changed, 165 insertions, 105 deletions
diff --git a/src/plugins/dkim_check.c b/src/plugins/dkim_check.c index bb66e5ccc..f7600552b 100644 --- a/src/plugins/dkim_check.c +++ b/src/plugins/dkim_check.c @@ -669,13 +669,18 @@ dkim_module_load_key_format (struct rspamd_task *task, * This fails for paths that are also valid base64. * Maybe the caller should have specified a format. */ - if (key_format == RSPAMD_DKIM_KEY_UNKNOWN && - (key[0] == '.' || key[0] == '/')) { - if (!rspamd_cryptobox_base64_is_valid (key, keylen)) { - key_format = RSPAMD_DKIM_KEY_FILE; + if (key_format == RSPAMD_DKIM_KEY_UNKNOWN) { + if (key[0] == '.' || key[0] == '/') { + if (!rspamd_cryptobox_base64_is_valid (key, keylen)) { + key_format = RSPAMD_DKIM_KEY_FILE; + } + } + else if (rspamd_cryptobox_base64_is_valid (key, keylen)) { + key_format = RSPAMD_DKIM_KEY_BASE64; } } + if (ret != NULL && key_format == RSPAMD_DKIM_KEY_FILE) { msg_debug_task("checking for stale file key"); @@ -770,7 +775,7 @@ lua_dkim_sign_handler (lua_State *L) dkim_key = dkim_module_load_key_format (task, dkim_module_ctx, key, keylen, RSPAMD_DKIM_KEY_UNKNOWN); } - else if(rawkey) { + else if (rawkey) { dkim_key = dkim_module_load_key_format (task, dkim_module_ctx, rawkey, rawlen, RSPAMD_DKIM_KEY_UNKNOWN); } @@ -1540,7 +1545,13 @@ dkim_module_lua_push_verify_result (struct rspamd_dkim_lua_verify_cbdata *cbd, ptask = lua_newuserdata (cbd->L, sizeof (*ptask)); *ptask = task; lua_pushboolean (cbd->L, success); - lua_pushstring (cbd->L, error_str); + + if (error_str) { + lua_pushstring (cbd->L, error_str); + } + else { + lua_pushnil (cbd->L); + } if (cbd->ctx) { if (res->domain) { diff --git a/src/plugins/fuzzy_check.c b/src/plugins/fuzzy_check.c index 7edb0168d..467a67ed7 100644 --- a/src/plugins/fuzzy_check.c +++ b/src/plugins/fuzzy_check.c @@ -43,6 +43,7 @@ #include "lua/lua_common.h" #include "unix-std.h" #include "libutil/http_private.h" +#include "libutil/http_router.h" #include "libstat/stat_api.h" #include <math.h> #include <src/libmime/message.h> @@ -2208,15 +2209,16 @@ fuzzy_check_io_callback (gint fd, short what, void *arg) msg_err_task ("got error on IO with server %s(%s), on %s, %d, %s", rspamd_upstream_name (session->server), rspamd_inet_address_to_string_pretty ( - rspamd_upstream_addr (session->server)), + rspamd_upstream_addr_cur (session->server)), session->state == 1 ? "read" : "write", errno, strerror (errno)); - rspamd_upstream_fail (session->server, FALSE); + rspamd_upstream_fail (session->server, TRUE); if (session->item) { rspamd_symcache_item_async_dec_check (session->task, session->item, M); } + rspamd_session_remove_event (session->task->s, fuzzy_io_fin, session); } else { @@ -2254,9 +2256,10 @@ fuzzy_check_timer_callback (gint fd, short what, void *arg) msg_err_task ("got IO timeout with server %s(%s), after %d retransmits", rspamd_upstream_name (session->server), rspamd_inet_address_to_string_pretty ( - rspamd_upstream_addr (session->server)), + rspamd_upstream_addr_cur (session->server)), session->retransmits); - rspamd_upstream_fail (session->server, FALSE); + rspamd_upstream_fail (session->server, TRUE); + if (session->item) { rspamd_symcache_item_async_dec_check (session->task, session->item, M); } @@ -2463,7 +2466,7 @@ fuzzy_controller_io_callback (gint fd, short what, void *arg) msg_err_task ("got error in IO with server %s(%s), %d, %s", rspamd_upstream_name (session->server), rspamd_inet_address_to_string_pretty ( - rspamd_upstream_addr (session->server)), + rspamd_upstream_addr_cur (session->server)), errno, strerror (errno)); rspamd_upstream_fail (session->server, FALSE); } @@ -2562,12 +2565,12 @@ fuzzy_controller_timer_callback (gint fd, short what, void *arg) task = session->task; if (session->retransmits >= session->rule->ctx->retransmits) { - rspamd_upstream_fail (session->server, FALSE); + rspamd_upstream_fail (session->server, TRUE); msg_err_task_check ("got IO timeout with server %s(%s), " "after %d retransmits", rspamd_upstream_name (session->server), rspamd_inet_address_to_string_pretty ( - rspamd_upstream_addr (session->server)), + rspamd_upstream_addr_cur (session->server)), session->retransmits); if (session->session) { @@ -2724,7 +2727,7 @@ register_fuzzy_client_call (struct rspamd_task *task, selected = rspamd_upstream_get (rule->servers, RSPAMD_UPSTREAM_ROUND_ROBIN, NULL, 0); if (selected) { - addr = rspamd_upstream_addr (selected); + addr = rspamd_upstream_addr_next (selected); if ((sock = rspamd_inet_address_connect (addr, SOCK_DGRAM, TRUE)) == -1) { msg_warn_task ("cannot connect to %s(%s), %d, %s", rspamd_upstream_name (selected), @@ -2852,7 +2855,7 @@ register_fuzzy_controller_call (struct rspamd_http_connection_entry *entry, while ((selected = rspamd_upstream_get (rule->servers, RSPAMD_UPSTREAM_SEQUENTIAL, NULL, 0))) { /* Create UDP socket */ - addr = rspamd_upstream_addr (selected); + addr = rspamd_upstream_addr_next (selected); if ((sock = rspamd_inet_address_connect (addr, SOCK_DGRAM, TRUE)) == -1) { @@ -3215,7 +3218,7 @@ fuzzy_check_send_lua_learn (struct fuzzy_rule *rule, while ((selected = rspamd_upstream_get (rule->servers, RSPAMD_UPSTREAM_SEQUENTIAL, NULL, 0))) { /* Create UDP socket */ - addr = rspamd_upstream_addr (selected); + addr = rspamd_upstream_addr_next (selected); if ((sock = rspamd_inet_address_connect (addr, SOCK_DGRAM, TRUE)) == -1) { diff --git a/src/plugins/lua/arc.lua b/src/plugins/lua/arc.lua index 302861755..59d97fcd4 100644 --- a/src/plugins/lua/arc.lua +++ b/src/plugins/lua/arc.lua @@ -91,6 +91,7 @@ local settings = { } local function parse_arc_header(hdr, target) + -- Split elements by ';' and trim spaces local arr = fun.totable(fun.map( function(val) return fun.totable(fun.map(lua_util.rspamd_str_trim, @@ -102,8 +103,9 @@ local function parse_arc_header(hdr, target) -- Now we have two tables in format: -- [sigs] -> [{sig1_elts}, {sig2_elts}...] for i,elts in ipairs(arr) do + if not target[i] then target[i] = {} end + -- Split by kv pair, like k=v fun.each(function(v) - if not target[i] then target[i] = {} end if v[1] and v[2] then target[i][v[1]] = v[2] end diff --git a/src/plugins/lua/dkim_signing.lua b/src/plugins/lua/dkim_signing.lua index 4bc002548..9b1bfef32 100644 --- a/src/plugins/lua/dkim_signing.lua +++ b/src/plugins/lua/dkim_signing.lua @@ -151,12 +151,15 @@ local function dkim_signing_cb(task) if #selectors > 0 then for _, k in ipairs(selectors) do -- templates - k.key = lua_util.template(k.key, { - domain = k.domain, - selector = k.selector - }) - lua_util.debugm(N, task, 'using key "%s", use selector "%s" for domain "%s"', - k.key, k.selector, k.domain) + if k.key then + k.key = lua_util.template(k.key, { + domain = k.domain, + selector = k.selector + }) + lua_util.debugm(N, task, 'using key "%s", use selector "%s" for domain "%s"', + k.key, k.selector, k.domain) + end + do_sign(k) end else diff --git a/src/plugins/lua/mime_types.lua b/src/plugins/lua/mime_types.lua index ab2484c34..98acd463f 100644 --- a/src/plugins/lua/mime_types.lua +++ b/src/plugins/lua/mime_types.lua @@ -142,7 +142,6 @@ local settings = { scf = 2, shs = 2, theme = 2, - tmp = 2, url = 2, vbp = 2, vsmacros = 2, @@ -335,7 +334,7 @@ local full_extensions_map = { {"etl", "application/etl"}, {"etx", "text/x-setext"}, {"evy", "application/envoy"}, - {"exe", "application/x-dosexec"}, + {"exe", {"application/x-dosexec", "application/x-msdownload"}}, {"exe.config", "text/xml"}, {"fdf", "application/vnd.fdf"}, {"fif", "application/fractals"}, diff --git a/src/plugins/lua/multimap.lua b/src/plugins/lua/multimap.lua index 1e348690f..aa3e4d04a 100644 --- a/src/plugins/lua/multimap.lua +++ b/src/plugins/lua/multimap.lua @@ -28,7 +28,6 @@ local regexp = require "rspamd_regexp" local rspamd_expression = require "rspamd_expression" local rspamd_ip = require "rspamd_ip" local lua_util = require "lua_util" -local rspamd_dns = require "rspamd_dns" local lua_selectors = require "lua_selectors" local redis_params local fun = require "fun" @@ -260,9 +259,15 @@ local function apply_addr_filter(task, filter, input, rule) if addr and addr[1] then return addr[1]['name'] end + elseif filter == 'ip_addr' then + local ip_addr = rspamd_ip.from_string(input) + + if ip_addr and ip_addr:is_valid() then + return ip_addr + end else -- regexp case - if not rule['re_filter'] then + if not rule['re_filter'] then local type,pat = string.match(filter, '(regexp:)(.+)') if type and pat then rule['re_filter'] = regexp.create(pat) @@ -397,16 +402,17 @@ local function multimap_callback(task, rule) if r['cdb'] then local srch = value - if r['type'] == 'ip' then - srch = value:to_string() + if type(value) == 'userdata' then + if value.class == 'rspamd{ip}' then + srch = value:tostring() + end end ret = r['cdb']:lookup(srch) elseif r['redis_key'] then local srch = {value} local cmd = 'HGET' - if r['type'] == 'ip' or (r['type'] == 'received' and - (r['filter'] == 'real_ip' or r['filter'] == 'from_ip' or not r['filter'])) then - srch = {value:to_string()} + if type(value) == 'userdata' and value.class == 'rspamd{ip}' then + srch = {value:tostring()} cmd = 'HMGET' local maxbits = 128 local minbits = 32 @@ -415,7 +421,7 @@ local function multimap_callback(task, rule) minbits = 8 end for i=maxbits,minbits,-1 do - local nip = value:apply_mask(i):to_string() .. "/" .. i + local nip = value:apply_mask(i):tostring() .. "/" .. i table.insert(srch, nip) end end @@ -434,6 +440,11 @@ local function multimap_callback(task, rule) elseif r['radix'] then ret = r['radix']:get_key(value) elseif r['hash'] then + if type(value) == 'userdata' then + if value.class == 'rspamd{ip}' then + value = value:tostring() + end + end ret = r['hash']:get_key(value) end @@ -721,26 +732,30 @@ local function multimap_callback(task, rule) local ip = task:get_from_ip() if ip:is_valid() then local to_resolve = ip_to_rbl(ip, rule['map']) + local function dns_cb(_, _, results, err) + lua_util.debugm(N, rspamd_config, + 'resolve() finished: results=%1, err=%2, to_resolve=%3', + results, err, to_resolve) + + if err and + (err ~= 'requested record is not found' and + err ~= 'no records with this name') then + rspamd_logger.errx(task, 'error looking up %s: %s', to_resolve, results) + elseif results then + task:insert_result(rule['symbol'], 1, rule['map']) + if pre_filter then + task:set_pre_result(rule['action'], + 'Matched map: ' .. rule['symbol'], N) + end + end + end - local is_ok, results = rspamd_dns.request({ - type = "a", - task = task, + task:get_resolver():resolve_a({ + task= task, name = to_resolve, + callback = dns_cb, + forced = true }) - - lua_util.debugm(N, rspamd_config, - 'resolve() finished: results=%1, is_ok=%2, to_resolve=%3', - results, is_ok, to_resolve) - - if not is_ok and - (results ~= 'requested record is not found' and results ~= 'no records with this name') then - rspamd_logger.errx(task, 'error looking up %s: %s', to_resolve, results) - elseif is_ok then - task:insert_result(rule['symbol'], 1, rule['map']) - if pre_filter then - task:set_pre_result(rule['action'], 'Matched map: ' .. rule['symbol'], N) - end - end end end, header = function() @@ -990,7 +1005,7 @@ local function add_multimap_rule(key, newrule) local map = urls[newrule['map']] if map and map['regexp'] == newrule['regexp'] and map['glob'] == newrule['glob'] then - if newrule['type'] == 'ip' then + if newrule['type'] == 'ip' or newrule['filter'] == 'ip_addr' then newrule['radix'] = map['map'] else newrule['hash'] = map['map'] @@ -1072,14 +1087,22 @@ local function add_multimap_rule(key, newrule) or newrule['type'] == 'mempool' or newrule['type'] == 'selector'then - multimap_load_hash(newrule) + if newrule.filter == 'ip_addr' then + newrule['radix'] = rspamd_config:add_map ({ + url = newrule['map'], + description = newrule['description'], + type = 'radix' + }) + else + multimap_load_hash(newrule) + end - if newrule['hash'] then + if newrule.hash or newrule.radix then ret = true if type(newrule['map']) == 'string' then urls[newrule['map']] = { type = newrule['type'], - map = newrule['hash'], + map = newrule.hash or newrule.radix, regexp = newrule['regexp'] } end diff --git a/src/plugins/lua/reputation.lua b/src/plugins/lua/reputation.lua index 374771c9b..e91c6ebb7 100644 --- a/src/plugins/lua/reputation.lua +++ b/src/plugins/lua/reputation.lua @@ -25,7 +25,6 @@ local N = 'reputation' local rspamd_logger = require "rspamd_logger" local rspamd_util = require "rspamd_util" -local rspamd_dns = require "rspamd_dns" local lua_util = require "lua_util" local lua_maps = require "lua_maps" local hash = require 'rspamd_cryptobox_hash' @@ -857,39 +856,42 @@ local function reputation_dns_get_token(task, rule, token, continuation_cb) local key = gen_token_key(token, rule) local dns_name = key .. '.' .. rule.backend.config.list - local is_ok, results = rspamd_dns.request({ - type = 'a', - task = task, - name = dns_name, - forced = true, - }) - - if not is_ok and (results ~= 'requested record is not found' and results ~= 'no records with this name') then - rspamd_logger.errx(task, 'error looking up %s: %s', dns_name, results) - end + local function dns_cb(_, _, results, err) + if err and (err ~= 'requested record is not found' and + err ~= 'no records with this name') then + rspamd_logger.errx(task, 'error looking up %s: %s', dns_name, err) + end - lua_util.debugm(N, task, 'DNS RESPONSE: label=%1 results=%2 is_ok=%3 list=%4', - dns_name, results, is_ok, rule.backend.config.list) + lua_util.debugm(N, task, 'DNS RESPONSE: label=%1 results=%2 err=%3 list=%4', + dns_name, results, err, rule.backend.config.list) - -- Now split tokens to list of values - if is_ok then - local values = {} - -- Format: key1=num1;key2=num2...keyn=numn - fun.each(function(e) - local vals = lua_util.rspamd_str_split(e, "=") - if vals and #vals == 2 then - local nv = tonumber(vals[2]) - if nv then - values[vals[1]] = nv + -- Now split tokens to list of values + if results then + local values = {} + -- Format: key1=num1;key2=num2...keyn=numn + fun.each(function(e) + local vals = lua_util.rspamd_str_split(e, "=") + if vals and #vals == 2 then + local nv = tonumber(vals[2]) + if nv then + values[vals[1]] = nv + end end - end - end, - lua_util.rspamd_str_split(results[1], ";")) + end, + lua_util.rspamd_str_split(results[1], ";")) - continuation_cb(nil, dns_name, values) - else - continuation_cb(results, dns_name, nil) + continuation_cb(nil, dns_name, values) + else + continuation_cb(results, dns_name, nil) + end end + + task:get_resolver():resolve_a({ + task = task, + name = dns_name, + callback = dns_cb, + forced = true, + }) end local function reputation_redis_init(rule, cfg, ev_base, worker) diff --git a/src/plugins/lua/rspamd_update.lua b/src/plugins/lua/rspamd_update.lua index 51cb5db02..d53d02112 100644 --- a/src/plugins/lua/rspamd_update.lua +++ b/src/plugins/lua/rspamd_update.lua @@ -124,21 +124,25 @@ end -- Configuration part local section = rspamd_config:get_all_opt("rspamd_update") -if section then +if section and section.rules then local trusted_key - fun.each(function(k, elt) - if k == 'key' then - trusted_key = elt + if section.key then + trusted_key = section.key + end + + if type(section.rules) ~= 'table' then + section.rules = {section.rules} + end + + fun.each(function(elt) + local map = rspamd_config:add_map(elt, "rspamd updates map", nil, "callback") + if not map then + rspamd_logger.errx(rspamd_config, 'cannot load updates from %1', elt) else - local map = rspamd_config:add_map(elt, "rspamd updates map", nil, "callback") - if not map then - rspamd_logger.errx(rspamd_config, 'cannot load updates from %1', elt) - else - map:set_callback(gen_callback(map)) - maps['elt'] = map - end + map:set_callback(gen_callback(map)) + maps['elt'] = map end - end, section) + end, section.rules) fun.each(function(k, map) -- Check sanity for maps diff --git a/src/plugins/lua/settings.lua b/src/plugins/lua/settings.lua index 8d2122868..4e7afbf84 100644 --- a/src/plugins/lua/settings.lua +++ b/src/plugins/lua/settings.lua @@ -78,6 +78,10 @@ local function apply_settings(task, to_apply) to_apply.symbols)) end end + + if to_apply.subject then + task:set_metric_subject(to_apply.subject) + end end -- Checks for overridden settings within query params and returns 'true' if diff --git a/src/plugins/surbl.c b/src/plugins/surbl.c index 94d88334e..26af1210c 100644 --- a/src/plugins/surbl.c +++ b/src/plugins/surbl.c @@ -270,11 +270,15 @@ read_exceptions_list (gchar * chunk, } static void -fin_exceptions_list (struct map_cb_data *data) +fin_exceptions_list (struct map_cb_data *data, void **target) { GHashTable **t; gint i; + if (target) { + *target = data->cur_data; + } + if (data->prev_data) { t = data->prev_data; for (i = 0; i < MAX_LEVELS; i++) { @@ -385,11 +389,15 @@ read_redirectors_list (gchar * chunk, final); } -void -fin_redirectors_list (struct map_cb_data *data) +static void +fin_redirectors_list (struct map_cb_data *data, void **target) { GHashTable *tld_hash; + if (target) { + *target = data->cur_data; + } + if (data->prev_data) { tld_hash = data->prev_data; @@ -397,7 +405,7 @@ fin_redirectors_list (struct map_cb_data *data) } } -void +static void dtor_redirectors_list (struct map_cb_data *data) { GHashTable *tld_hash; @@ -1624,7 +1632,8 @@ surbl_redirector_error (struct rspamd_http_connection *conn, task = param->task; msg_err_surbl ("connection with http server %s terminated incorrectly: %e", - rspamd_inet_address_to_string (rspamd_upstream_addr (param->redirector)), + rspamd_inet_address_to_string ( + rspamd_upstream_addr_cur (param->redirector)), err); rspamd_upstream_fail (param->redirector, FALSE); rspamd_session_remove_event (param->task->s, free_redirector_session, @@ -1715,7 +1724,7 @@ register_redirector_call (struct rspamd_url *url, struct rspamd_task *task, RSPAMD_UPSTREAM_ROUND_ROBIN, url->host, url->hostlen); if (selected) { - s = rspamd_inet_address_connect (rspamd_upstream_addr (selected), + s = rspamd_inet_address_connect (rspamd_upstream_addr_next (selected), SOCK_STREAM, TRUE); } @@ -1733,12 +1742,12 @@ register_redirector_call (struct rspamd_url *url, struct rspamd_task *task, param->url = url; param->task = task; param->conn = rspamd_http_connection_new (NULL, + s, + NULL, surbl_redirector_error, surbl_redirector_finish, RSPAMD_HTTP_CLIENT_SIMPLE, - RSPAMD_HTTP_CLIENT, - NULL, - NULL); + RSPAMD_HTTP_CLIENT); param->ctx = surbl_module_ctx; msg = rspamd_http_new_message (HTTP_REQUEST); msg->url = rspamd_fstring_assign (msg->url, url->string, url->urllen); @@ -1757,7 +1766,7 @@ register_redirector_call (struct rspamd_url *url, struct rspamd_task *task, } rspamd_http_connection_write_message (param->conn, msg, NULL, - NULL, param, s, timeout, task->ev_base); + NULL, param, timeout); msg_info_surbl ( "<%s> registered redirector call for %*s to %s, according to rule: %s", |