From 5e84a82f8742ed2bcef65859759c0dd14aa9c4ca Mon Sep 17 00:00:00 2001 From: twesterhever <40121680+twesterhever@users.noreply.github.com> Date: Sun, 24 Mar 2024 16:29:22 +0000 Subject: [Enhancement] Implement Message-ID RHS checks against DNSBLs --- lualib/plugins/rbl.lua | 2 ++ src/plugins/lua/rbl.lua | 26 ++++++++++++++++++++++++-- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/lualib/plugins/rbl.lua b/lualib/plugins/rbl.lua index af5d6bd91..9dacbaa42 100644 --- a/lualib/plugins/rbl.lua +++ b/lualib/plugins/rbl.lua @@ -33,6 +33,7 @@ local check_types = { numeric_urls = {}, emails = {}, replyto = {}, + mid = {}, dkim = {}, rdns = { connfilter = true, @@ -118,6 +119,7 @@ local rule_schema_tbl = { received_min_pos = ts.number:is_optional(), received_nflags = ts.array_of(ts.string):is_optional(), replyto = ts.boolean:is_optional(), + mid = ts.boolean:is_optional(), requests_limit = (ts.integer + ts.string / tonumber):is_optional(), require_symbols = ( ts.array_of(ts.string) + (ts.string / function(s) diff --git a/src/plugins/lua/rbl.lua b/src/plugins/lua/rbl.lua index b2ccf8699..065a58fda 100644 --- a/src/plugins/lua/rbl.lua +++ b/src/plugins/lua/rbl.lua @@ -829,6 +829,24 @@ local function gen_rbl_callback(rule) return true end + local function check_mid(task, requests_table, whitelist) + local function get_raw_header(name) + return ((task:get_header_full(name) or {})[1] or {})['value'] + end + + local mid = get_raw_header('Message-ID') + if mid then + local md = rspamd_util.parse_mail_address(mid, task:get_mempool()) + lua_util.debugm(N, task, 'check message-id %s', md[1]) + + if md and md[1] and (md[1].addr and #md[1].addr > 0) then + check_email_table(task, md[1], requests_table, whitelist, 'mid') + end + end + + return true + end + -- Create function pipeline depending on rbl settings local pipeline = { is_alive, -- check monitored status @@ -866,6 +884,10 @@ local function gen_rbl_callback(rule) pipeline[#pipeline + 1] = check_replyto description[#description + 1] = 'replyto' end + if rule.mid then + pipeline[#pipeline + 1] = check_mid + description[#description + 1] = 'mid' + end if rule.urls or rule.content_urls or rule.images or rule.numeric_urls then pipeline[#pipeline + 1] = check_urls @@ -1028,7 +1050,7 @@ local function add_rbl(key, rbl, global_opts) end -- Check if rbl is available for empty tasks - if not (rbl.emails or rbl.urls or rbl.dkim or rbl.received or rbl.selector or rbl.replyto) or + if not (rbl.emails or rbl.urls or rbl.dkim or rbl.received or rbl.selector or rbl.replyto or rbl.mid) or rbl.is_empty then flags_tbl[#flags_tbl + 1] = 'empty' end @@ -1118,7 +1140,7 @@ local function add_rbl(key, rbl, global_opts) end if not rbl.whitelist and not rbl.ignore_url_whitelist and (global_opts.url_whitelist or rbl.url_whitelist) and - (rbl.urls or rbl.emails or rbl.dkim or rbl.replyto) and + (rbl.urls or rbl.emails or rbl.dkim or rbl.replyto or rbl.mid) and not (rbl.from or rbl.received) then local def_type = 'set' rbl.whitelist = lua_maps.map_add_from_ucl(rbl.url_whitelist or global_opts.url_whitelist, def_type, -- cgit v1.2.3 From c78c70c76bb7ae8e714ed773037ccce1012dd20f Mon Sep 17 00:00:00 2001 From: twesterhever <40121680+twesterhever@users.noreply.github.com> Date: Sun, 24 Mar 2024 16:29:47 +0000 Subject: [Enhancement] Check Message-ID RHS against popular DNSBLs by default --- conf/modules.d/rbl.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/conf/modules.d/rbl.conf b/conf/modules.d/rbl.conf index ef87c4c5a..3d980acbe 100644 --- a/conf/modules.d/rbl.conf +++ b/conf/modules.d/rbl.conf @@ -205,7 +205,7 @@ rbl { "SURBL_MULTI" { ignore_defaults = true; rbl = "multi.surbl.org"; - checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls']; + checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'mid', 'urls']; emails_domainonly = true; exclude_users = false; @@ -241,7 +241,7 @@ rbl { "URIBL_MULTI" { ignore_defaults = true; rbl = "multi.uribl.com"; - checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls']; + checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'mid', 'urls']; emails_domainonly = true; exclude_users = false; @@ -274,7 +274,7 @@ rbl { ignore_defaults = true; rbl = "dbl.spamhaus.org"; no_ip = true; - checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls']; + checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'mid', 'urls']; emails_domainonly = true; exclude_users = false; -- cgit v1.2.3 From 60499c0563dccc65ebf08adf33b9909f0941d0db Mon Sep 17 00:00:00 2001 From: twesterhever <40121680+twesterhever@users.noreply.github.com> Date: Sun, 28 Apr 2024 08:29:23 +0000 Subject: Revert "[Enhancement] Implement Message-ID RHS checks against DNSBLs" This reverts commit 5e84a82f8742ed2bcef65859759c0dd14aa9c4ca. --- lualib/plugins/rbl.lua | 2 -- src/plugins/lua/rbl.lua | 26 ++------------------------ 2 files changed, 2 insertions(+), 26 deletions(-) diff --git a/lualib/plugins/rbl.lua b/lualib/plugins/rbl.lua index 9dacbaa42..af5d6bd91 100644 --- a/lualib/plugins/rbl.lua +++ b/lualib/plugins/rbl.lua @@ -33,7 +33,6 @@ local check_types = { numeric_urls = {}, emails = {}, replyto = {}, - mid = {}, dkim = {}, rdns = { connfilter = true, @@ -119,7 +118,6 @@ local rule_schema_tbl = { received_min_pos = ts.number:is_optional(), received_nflags = ts.array_of(ts.string):is_optional(), replyto = ts.boolean:is_optional(), - mid = ts.boolean:is_optional(), requests_limit = (ts.integer + ts.string / tonumber):is_optional(), require_symbols = ( ts.array_of(ts.string) + (ts.string / function(s) diff --git a/src/plugins/lua/rbl.lua b/src/plugins/lua/rbl.lua index 065a58fda..b2ccf8699 100644 --- a/src/plugins/lua/rbl.lua +++ b/src/plugins/lua/rbl.lua @@ -829,24 +829,6 @@ local function gen_rbl_callback(rule) return true end - local function check_mid(task, requests_table, whitelist) - local function get_raw_header(name) - return ((task:get_header_full(name) or {})[1] or {})['value'] - end - - local mid = get_raw_header('Message-ID') - if mid then - local md = rspamd_util.parse_mail_address(mid, task:get_mempool()) - lua_util.debugm(N, task, 'check message-id %s', md[1]) - - if md and md[1] and (md[1].addr and #md[1].addr > 0) then - check_email_table(task, md[1], requests_table, whitelist, 'mid') - end - end - - return true - end - -- Create function pipeline depending on rbl settings local pipeline = { is_alive, -- check monitored status @@ -884,10 +866,6 @@ local function gen_rbl_callback(rule) pipeline[#pipeline + 1] = check_replyto description[#description + 1] = 'replyto' end - if rule.mid then - pipeline[#pipeline + 1] = check_mid - description[#description + 1] = 'mid' - end if rule.urls or rule.content_urls or rule.images or rule.numeric_urls then pipeline[#pipeline + 1] = check_urls @@ -1050,7 +1028,7 @@ local function add_rbl(key, rbl, global_opts) end -- Check if rbl is available for empty tasks - if not (rbl.emails or rbl.urls or rbl.dkim or rbl.received or rbl.selector or rbl.replyto or rbl.mid) or + if not (rbl.emails or rbl.urls or rbl.dkim or rbl.received or rbl.selector or rbl.replyto) or rbl.is_empty then flags_tbl[#flags_tbl + 1] = 'empty' end @@ -1140,7 +1118,7 @@ local function add_rbl(key, rbl, global_opts) end if not rbl.whitelist and not rbl.ignore_url_whitelist and (global_opts.url_whitelist or rbl.url_whitelist) and - (rbl.urls or rbl.emails or rbl.dkim or rbl.replyto or rbl.mid) and + (rbl.urls or rbl.emails or rbl.dkim or rbl.replyto) and not (rbl.from or rbl.received) then local def_type = 'set' rbl.whitelist = lua_maps.map_add_from_ucl(rbl.url_whitelist or global_opts.url_whitelist, def_type, -- cgit v1.2.3 From 1e47b6a63efe82c87968542d61ddcf129ee99095 Mon Sep 17 00:00:00 2001 From: twesterhever <40121680+twesterhever@users.noreply.github.com> Date: Sun, 28 Apr 2024 08:29:32 +0000 Subject: Revert "[Enhancement] Check Message-ID RHS against popular DNSBLs by default" This reverts commit c78c70c76bb7ae8e714ed773037ccce1012dd20f. --- conf/modules.d/rbl.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/conf/modules.d/rbl.conf b/conf/modules.d/rbl.conf index 3d980acbe..ef87c4c5a 100644 --- a/conf/modules.d/rbl.conf +++ b/conf/modules.d/rbl.conf @@ -205,7 +205,7 @@ rbl { "SURBL_MULTI" { ignore_defaults = true; rbl = "multi.surbl.org"; - checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'mid', 'urls']; + checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls']; emails_domainonly = true; exclude_users = false; @@ -241,7 +241,7 @@ rbl { "URIBL_MULTI" { ignore_defaults = true; rbl = "multi.uribl.com"; - checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'mid', 'urls']; + checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls']; emails_domainonly = true; exclude_users = false; @@ -274,7 +274,7 @@ rbl { ignore_defaults = true; rbl = "dbl.spamhaus.org"; no_ip = true; - checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'mid', 'urls']; + checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls']; emails_domainonly = true; exclude_users = false; -- cgit v1.2.3 From 0f5c55e846afe1507bd9fe5a5f04ff252989af30 Mon Sep 17 00:00:00 2001 From: twesterhever <40121680+twesterhever@users.noreply.github.com> Date: Sun, 28 Apr 2024 08:43:32 +0000 Subject: [Minor] Query MID RHS FQDNs against popular DNSBL using selectors See https://github.com/rspamd/rspamd/pull/4888 for the related discussion. --- conf/modules.d/rbl.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/conf/modules.d/rbl.conf b/conf/modules.d/rbl.conf index ef87c4c5a..fc093eedc 100644 --- a/conf/modules.d/rbl.conf +++ b/conf/modules.d/rbl.conf @@ -208,6 +208,7 @@ rbl { checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls']; emails_domainonly = true; exclude_users = false; + selector = 'header(Message-Id).regexp("@([^\.]+\.[^>]+)").last'; returnbits = { CRACKED_SURBL = 128; @@ -244,6 +245,7 @@ rbl { checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls']; emails_domainonly = true; exclude_users = false; + selector = 'header(Message-Id).regexp("@([^\.]+\.[^>]+)").last'; returnbits { URIBL_BLOCKED = 1; @@ -277,6 +279,7 @@ rbl { checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls']; emails_domainonly = true; exclude_users = false; + selector = 'header(Message-Id).regexp("@([^\.]+\.[^>]+)").last'; returncodes = { # spam domain -- cgit v1.2.3