From da92ec30057ab81808905397fe8942416f31a661 Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Thu, 7 Feb 2019 13:07:16 +0000 Subject: [Project] Add more details to received parser --- src/libmime/email_addr.c | 16 +++-- src/libmime/mime_headers.c | 173 ++++++++++++++++++++++++++++++++------------- src/libmime/mime_headers.h | 3 + 3 files changed, 136 insertions(+), 56 deletions(-) (limited to 'src/libmime') diff --git a/src/libmime/email_addr.c b/src/libmime/email_addr.c index 38de7b4f7..24b1d0111 100644 --- a/src/libmime/email_addr.c +++ b/src/libmime/email_addr.c @@ -87,15 +87,17 @@ rspamd_email_address_from_smtp (const gchar *str, guint len) void rspamd_email_address_free (struct rspamd_email_address *addr) { - if (addr->flags & RSPAMD_EMAIL_ADDR_ADDR_ALLOCATED) { - g_free ((void *)addr->addr); - } + if (addr) { + if (addr->flags & RSPAMD_EMAIL_ADDR_ADDR_ALLOCATED) { + g_free ((void *) addr->addr); + } - if (addr->flags & RSPAMD_EMAIL_ADDR_USER_ALLOCATED) { - g_free ((void *)addr->user); - } + if (addr->flags & RSPAMD_EMAIL_ADDR_USER_ALLOCATED) { + g_free ((void *) addr->user); + } - g_free (addr); + g_free (addr); + } } static inline void diff --git a/src/libmime/mime_headers.c b/src/libmime/mime_headers.c index cb87bc46e..a9ebbdb3a 100644 --- a/src/libmime/mime_headers.c +++ b/src/libmime/mime_headers.c @@ -41,16 +41,6 @@ rspamd_mime_header_check_special (struct rspamd_task *task, if (rspamd_smtp_received_parse (task, rh->decoded, strlen (rh->decoded), recv) != -1) { - /* Set flags */ - if (recv->type == RSPAMD_RECEIVED_ESMTPA || - recv->type == RSPAMD_RECEIVED_ESMTPSA) { - recv->flags |= RSPAMD_RECEIVED_FLAG_AUTHENTICATED; - } - if (recv->type == RSPAMD_RECEIVED_ESMTPS || - recv->type == RSPAMD_RECEIVED_ESMTPSA) { - recv->flags |= RSPAMD_RECEIVED_FLAG_SSL; - } - g_ptr_array_add (task->received, recv); } @@ -1177,8 +1167,7 @@ static gboolean rspamd_smtp_received_process_rdns (struct rspamd_task *task, const gchar *begin, gsize len, - struct received_header *rh, - gboolean is_real) + const gchar **pdest) { const gchar *p, *end; gsize hlen = 0; @@ -1202,13 +1191,7 @@ rspamd_smtp_received_process_rdns (struct rspamd_task *task, dest = rspamd_mempool_alloc (task->task_pool, hlen + 1); rspamd_strlcpy (dest, begin, hlen + 1); - - if (is_real) { - rh->real_hostname = dest; - } - else { - rh->from_hostname = dest; - } + *pdest = dest; return TRUE; } @@ -1232,7 +1215,7 @@ rspamd_smtp_received_process_from_comment (struct rspamd_task *task, if (brace_pos) { addr = rspamd_parse_smtp_ip (comment->data, - brace_pos - comment->data, + brace_pos - comment->data + 1, task->task_pool); if (addr) { @@ -1263,7 +1246,8 @@ rspamd_smtp_received_process_from_comment (struct rspamd_task *task, if (ebrace_pos) { addr = rspamd_parse_smtp_ip (obrace_pos, - ebrace_pos - obrace_pos + 1, task->task_pool); + ebrace_pos - obrace_pos + 1, + task->task_pool); if (addr) { rh->addr = addr; @@ -1274,8 +1258,7 @@ rspamd_smtp_received_process_from_comment (struct rspamd_task *task, if (rspamd_smtp_received_process_rdns (task, comment->data, obrace_pos - comment->data, - rh, - TRUE)) { + &rh->real_hostname)) { ret = TRUE; } } @@ -1286,8 +1269,7 @@ rspamd_smtp_received_process_from_comment (struct rspamd_task *task, if (rspamd_smtp_received_process_rdns (task, comment->data, comment->dlen, - rh, - TRUE)) { + &rh->real_hostname)) { ret = TRUE; } } @@ -1317,15 +1299,30 @@ rspamd_smtp_received_process_from (struct rspamd_task *task, seen_rdns_in_comment = rspamd_smtp_received_process_from_comment ( task, rh, rpart->head_comment); } - else if (rpart->data[0] == '[') { - /* No comment, just something that looks like SMTP IP */ - const gchar *brace_pos = memchr (rpart->data, ']', rpart->dlen); - rspamd_inet_addr_t *addr; - - if (brace_pos) { - addr = rspamd_parse_smtp_ip (rpart->data, brace_pos - - rpart->data, task->task_pool); + if (!rh->real_ip) { + if (rpart->data[0] == '[') { + /* No comment, just something that looks like SMTP IP */ + const gchar *brace_pos = memchr (rpart->data, ']', rpart->dlen); + rspamd_inet_addr_t *addr; + + if (brace_pos) { + addr = rspamd_parse_smtp_ip (rpart->data, + brace_pos - rpart->data + 1, + task->task_pool); + + if (addr) { + seen_ip_in_data = TRUE; + rh->addr = addr; + rh->real_ip = rspamd_inet_address_to_string (addr); + rh->from_ip = rh->real_ip; + } + } + } else if (g_ascii_isxdigit (rpart->data[0])) { + /* Try to parse IP address */ + rspamd_inet_addr_t *addr; + addr = rspamd_parse_inet_address_pool (rpart->data, + rpart->dlen, task->task_pool); if (addr) { seen_ip_in_data = TRUE; rh->addr = addr; @@ -1334,26 +1331,13 @@ rspamd_smtp_received_process_from (struct rspamd_task *task, } } } - else if (g_ascii_isxdigit (rpart->data[0])) { - /* Try to parse IP address */ - rspamd_inet_addr_t *addr; - addr = rspamd_parse_inet_address_pool (rpart->data, - rpart->dlen, task->task_pool); - if (addr) { - seen_ip_in_data = TRUE; - rh->addr = addr; - rh->real_ip = rspamd_inet_address_to_string (addr); - rh->from_ip = rh->real_ip; - } - } - if (!seen_ip_in_data && !seen_rdns_in_comment) { - /* Get rDNS */ + if (!seen_ip_in_data) { + /* Get anounced hostname (usually helo) */ rspamd_smtp_received_process_rdns (task, rpart->data, rpart->dlen, - rh, - FALSE); + &rh->from_hostname); } } else { @@ -1374,6 +1358,7 @@ rspamd_smtp_received_parse (struct rspamd_task *task, { goffset date_pos = 0; struct rspamd_received_part *head, *cur; + rspamd_ftok_t t1, t2; head = rspamd_smtp_received_spill (task, data, len, &date_pos); @@ -1381,13 +1366,103 @@ rspamd_smtp_received_parse (struct rspamd_task *task, return -1; } + rh->type = RSPAMD_RECEIVED_UNKNOWN; + DL_FOREACH (head, cur) { switch (cur->type) { case RSPAMD_RECEIVED_PART_FROM: rspamd_smtp_received_process_from (task, cur, rh); + break; + case RSPAMD_RECEIVED_PART_BY: + rspamd_smtp_received_process_rdns (task, + cur->data, + cur->dlen, + &rh->by_hostname); + break; + case RSPAMD_RECEIVED_PART_WITH: + t1.begin = cur->data; + t1.len = cur->dlen; + + if (t1.len > 0) { + RSPAMD_FTOK_ASSIGN (&t2, "smtp"); + + if (rspamd_ftok_cmp (&t1, &t2) == 0) { + rh->type = RSPAMD_RECEIVED_SMTP; + } + + RSPAMD_FTOK_ASSIGN (&t2, "esmtp"); + + if (rspamd_ftok_starts_with (&t1, &t2) == 0) { + /* + * esmtp, esmtps, esmtpsa + */ + if (t1.len == t2.len + 1) { + if (t1.begin[t2.len] == 'a') { + rh->type = RSPAMD_RECEIVED_ESMTPA; + rh->flags |= RSPAMD_RECEIVED_FLAG_AUTHENTICATED; + } + else if (t1.begin[t2.len] == 's') { + rh->type = RSPAMD_RECEIVED_ESMTPS; + rh->flags |= RSPAMD_RECEIVED_FLAG_SSL; + } + } + else if (t1.len == t2.len + 2) { + if (t1.begin[t2.len - 1] == 's' && + t1.begin[t2.len] == 'a') { + rh->type = RSPAMD_RECEIVED_ESMTPSA; + rh->flags |= RSPAMD_RECEIVED_FLAG_AUTHENTICATED; + rh->flags |= RSPAMD_RECEIVED_FLAG_SSL; + } + } + else if (t1.len == t2.len) { + rh->type = RSPAMD_RECEIVED_ESMTP; + } + } + + RSPAMD_FTOK_ASSIGN (&t2, "lmtp"); + + if (rspamd_ftok_cmp (&t1, &t2) == 0) { + rh->type = RSPAMD_RECEIVED_LMTP; + } + + RSPAMD_FTOK_ASSIGN (&t2, "imap"); + + if (rspamd_ftok_cmp (&t1, &t2) == 0) { + rh->type = RSPAMD_RECEIVED_IMAP; + } + + RSPAMD_FTOK_ASSIGN (&t2, "local"); + + if (rspamd_ftok_cmp (&t1, &t2) == 0) { + rh->type = RSPAMD_RECEIVED_LOCAL; + } + + RSPAMD_FTOK_ASSIGN (&t2, "http"); + + if (rspamd_ftok_starts_with (&t1, &t2) == 0) { + if (t1.len == t2.len + 1) { + if (t1.begin[t2.len] == 's') { + rh->type = RSPAMD_RECEIVED_HTTP; + rh->flags |= RSPAMD_RECEIVED_FLAG_SSL; + } + } + else if (t1.len == t2.len) { + rh->type = RSPAMD_RECEIVED_HTTP; + } + } + } + break; } } + if (rh->real_ip && !rh->from_ip) { + rh->from_ip = rh->real_ip; + } + + if (rh->real_hostname && !rh->from_hostname) { + rh->from_hostname = rh->real_hostname; + } + return 0; } \ No newline at end of file diff --git a/src/libmime/mime_headers.h b/src/libmime/mime_headers.h index cd21b79d5..81fff96a2 100644 --- a/src/libmime/mime_headers.h +++ b/src/libmime/mime_headers.h @@ -64,6 +64,9 @@ enum rspamd_received_type { RSPAMD_RECEIVED_ESMTPSA, RSPAMD_RECEIVED_LMTP, RSPAMD_RECEIVED_IMAP, + RSPAMD_RECEIVED_LOCAL, + RSPAMD_RECEIVED_HTTP, + RSPAMD_RECEIVED_MAPI, RSPAMD_RECEIVED_UNKNOWN }; -- cgit v1.2.3