From 6ec0f7ee2a708df13863c938c1918a62c6f3ebb0 Mon Sep 17 00:00:00 2001
From: eneq123 <you@example.com>
Date: Wed, 7 May 2014 15:43:43 +0400
Subject: DNSWL support (via RBL) added

---
 conf/metrics.conf |  6 ++++++
 conf/modules.conf | 18 ++++++++++++++++--
 2 files changed, 22 insertions(+), 2 deletions(-)

(limited to 'conf')

diff --git a/conf/metrics.conf b/conf/metrics.conf
index 088d6aaca..520f05a74 100644
--- a/conf/metrics.conf
+++ b/conf/metrics.conf
@@ -322,6 +322,12 @@ metric {
         description = "One received header with 'bad' patterns inside";
         name = "ONCE_RECEIVED_STRICT";
     }
+
+    symbol { name = "RCVD_IN_DNSWL"; weight = 0.0; description = "Sender listed at http://www.dnswl.org"; }
+    symbol { name = "RCVD_IN_DNSWL_LOW"; weight = -0.1; description = "Sender listed at http://www.dnswl.org, low trust"; }
+    symbol { name = "RCVD_IN_DNSWL_MED"; weight = -1.0; description = "Sender listed at http://www.dnswl.org, medium trust"; }
+    symbol { name = "RCVD_IN_DNSWL_HI"; weight = -5.0; description = "Sender listed at http://www.dnswl.org, high trust"; }
+
     symbol { name = "RBL_SPAMHAUS"; weight = 0.0; description = "From address is listed in zen"; }
     symbol { name = "RBL_SPAMHAUS_SBL"; weight = 2.0; description = "From address is listed in zen sbl"; }
     symbol { name = "RBL_SPAMHAUS_CSS"; weight = 2.0; description = "From address is listed in zen css"; }
diff --git a/conf/modules.conf b/conf/modules.conf
index 4ad8fc88c..0640def55 100644
--- a/conf/modules.conf
+++ b/conf/modules.conf
@@ -83,8 +83,7 @@ surbl {
     }
 }
 rbl {
-
-    rbls {
+ rbls {
 	
 	spamhaus {
 		symbol = "RBL_SPAMHAUS";
@@ -145,6 +144,21 @@ rbl {
             RBL_SEM = "127.0.0.2";
         }
     }
+
+    dnswl {
+        symbol = "RCVD_IN_DNSWL";
+        rbl = "list.dnswl.org";
+        ipv4 = true;
+        ipv6 = false;
+        received = false;
+        unknown = true;
+        returncodes {
+            RCVD_IN_DNSWL_LOW = "127.0.*.1";
+            RCVD_IN_DNSWL_MED = "127.0.*.2";
+            RCVD_IN_DNSWL_HI  = "127.0.*.3";
+        }
+    }
+
  }
 }
 
-- 
cgit v1.2.3


From 444b45d955b6072ab4940f29430f669859934e05 Mon Sep 17 00:00:00 2001
From: eneq123 <you@example.com>
Date: Wed, 7 May 2014 16:31:04 +0400
Subject: * use the "User:" rspamc proto param for ratelimit * fix
 rspamd_actions typo * rspamd_logger added for 'Ratelimit exceeded' case

---
 conf/modules.conf             |  1 +
 src/plugins/lua/ratelimit.lua | 18 +++++++++++++++---
 2 files changed, 16 insertions(+), 3 deletions(-)

(limited to 'conf')

diff --git a/conf/modules.conf b/conf/modules.conf
index 0640def55..e01575803 100644
--- a/conf/modules.conf
+++ b/conf/modules.conf
@@ -209,6 +209,7 @@ ratelimit {
     limit = "to_ip_from:20:0.01666666667";
     limit = "bounce_to:10:0.000555556";
     limit = "bounce_to_ip:5:0.000277778";
+    limit = "user:20:0.01666666667";
     whitelisted_rcpts = "postmaster,mailer-daemon";
     max_rcpt = 5;
 }
diff --git a/src/plugins/lua/ratelimit.lua b/src/plugins/lua/ratelimit.lua
index 4e6a7e353..fc838dd9a 100644
--- a/src/plugins/lua/ratelimit.lua
+++ b/src/plugins/lua/ratelimit.lua
@@ -14,10 +14,14 @@ local settings = {
 	-- Limit for all bounce mail (burst 10, rate 2 per hour)
 	bounce_to = {[1] = 10, [2] = 0.000555556, [3] = 4}, 
 	-- Limit for bounce mail per one source ip (burst 5, rate 1 per hour)
-	bounce_to_ip = {[1] = 5 , [2] = 0.000277778, [3] = 5} 
+	bounce_to_ip = {[1] = 5 , [2] = 0.000277778, [3] = 5},
+ 
+        -- Limit for all mail per user (authuser) (burst 20, rate 1 per minute)
+	user = {[1] = 20, [2] = 0.01666666667, [3] = 6}
+
 }
 -- Senders that are considered as bounce
-local bounce_senders = {'postmaster', 'mailer-daemon', '', 'null', 'fetchmail-daemon'}
+local bounce_senders = {'postmaster', 'mailer-daemon', '', 'null', 'fetchmail-daemon', 'mdaemon'}
 -- Do not check ratelimits for these senders
 local whitelisted_rcpts = {'postmaster', 'mailer-daemon'}
 local whitelisted_ip = nil
@@ -61,7 +65,8 @@ local function check_specific_limit (task, limit, key)
 				rspamd_redis.make_request(task, upstream:get_ip_string(), upstream:get_port(), rate_set_key_cb, 
 							'SET %b %b', key, lstr)
 				if bucket > limit[1] then
-					task:set_pre_result(rspamd_actions['soft reject'], 'Ratelimit exceeded')
+					rspamd_logger.info(string.format('[%s]:soft_reject - Ratelimit exceeded', key))
+					task:set_pre_result(rspamd_actions['soft_reject'], 'Ratelimit exceeded')
 				end
 			else
 				rspamd_redis.make_request(task, upstream:get_ip_string(), upstream:get_port(), rate_set_key_cb, 
@@ -186,6 +191,11 @@ local function rate_test_set(task, func)
 	if from then
 		from_user = get_local_part(from[1]['addr'])
 	end
+	-- Get user (authuser)
+	local auser = task:get_user()
+	if auser then
+		func(task, settings['user'], make_rate_key (auser, '<auth>', nil))
+	end
 	
 	if not from_user or not rcpts_user[1] then
 		-- Nothing to check
@@ -270,6 +280,8 @@ local function parse_limit(str)
 		set_limit(settings['bounce_to'], params[2], params[3])
 	elseif params[1] == 'bounce_to_ip' then
 		set_limit(settings['bounce_to_ip'], params[2], params[3])
+        elseif params[1] == 'user' then
+                set_limit(settings['user'], params[2], params[3])
 	else
 		rspamd_logger.err('invalid limit type: ' .. params[1])
 	end
-- 
cgit v1.2.3