From 6ec0f7ee2a708df13863c938c1918a62c6f3ebb0 Mon Sep 17 00:00:00 2001 From: eneq123 Date: Wed, 7 May 2014 15:43:43 +0400 Subject: DNSWL support (via RBL) added --- src/plugins/lua/rbl.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/plugins/lua/rbl.lua b/src/plugins/lua/rbl.lua index bf043e19e..da52c0fba 100644 --- a/src/plugins/lua/rbl.lua +++ b/src/plugins/lua/rbl.lua @@ -25,14 +25,14 @@ local function rbl_cb (task) local foundrc = false for s,i in pairs(thisrbl['returncodes']) do if type(i) == 'string' then - if i == ipstr then + if (string.find(ipstr, i)) then foundrc = true task:insert_result(s, 1) break end elseif type(i) == 'table' then for _,v in pairs(i) do - if v == ipstr then + if (string.find(ipstr, v)) then foundrc = true task:insert_result(s, 1) break -- cgit v1.2.3 From 444b45d955b6072ab4940f29430f669859934e05 Mon Sep 17 00:00:00 2001 From: eneq123 Date: Wed, 7 May 2014 16:31:04 +0400 Subject: * use the "User:" rspamc proto param for ratelimit * fix rspamd_actions typo * rspamd_logger added for 'Ratelimit exceeded' case --- conf/modules.conf | 1 + src/plugins/lua/ratelimit.lua | 18 +++++++++++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/conf/modules.conf b/conf/modules.conf index 0640def55..e01575803 100644 --- a/conf/modules.conf +++ b/conf/modules.conf @@ -209,6 +209,7 @@ ratelimit { limit = "to_ip_from:20:0.01666666667"; limit = "bounce_to:10:0.000555556"; limit = "bounce_to_ip:5:0.000277778"; + limit = "user:20:0.01666666667"; whitelisted_rcpts = "postmaster,mailer-daemon"; max_rcpt = 5; } diff --git a/src/plugins/lua/ratelimit.lua b/src/plugins/lua/ratelimit.lua index 4e6a7e353..fc838dd9a 100644 --- a/src/plugins/lua/ratelimit.lua +++ b/src/plugins/lua/ratelimit.lua @@ -14,10 +14,14 @@ local settings = { -- Limit for all bounce mail (burst 10, rate 2 per hour) bounce_to = {[1] = 10, [2] = 0.000555556, [3] = 4}, -- Limit for bounce mail per one source ip (burst 5, rate 1 per hour) - bounce_to_ip = {[1] = 5 , [2] = 0.000277778, [3] = 5} + bounce_to_ip = {[1] = 5 , [2] = 0.000277778, [3] = 5}, + + -- Limit for all mail per user (authuser) (burst 20, rate 1 per minute) + user = {[1] = 20, [2] = 0.01666666667, [3] = 6} + } -- Senders that are considered as bounce -local bounce_senders = {'postmaster', 'mailer-daemon', '', 'null', 'fetchmail-daemon'} +local bounce_senders = {'postmaster', 'mailer-daemon', '', 'null', 'fetchmail-daemon', 'mdaemon'} -- Do not check ratelimits for these senders local whitelisted_rcpts = {'postmaster', 'mailer-daemon'} local whitelisted_ip = nil @@ -61,7 +65,8 @@ local function check_specific_limit (task, limit, key) rspamd_redis.make_request(task, upstream:get_ip_string(), upstream:get_port(), rate_set_key_cb, 'SET %b %b', key, lstr) if bucket > limit[1] then - task:set_pre_result(rspamd_actions['soft reject'], 'Ratelimit exceeded') + rspamd_logger.info(string.format('[%s]:soft_reject - Ratelimit exceeded', key)) + task:set_pre_result(rspamd_actions['soft_reject'], 'Ratelimit exceeded') end else rspamd_redis.make_request(task, upstream:get_ip_string(), upstream:get_port(), rate_set_key_cb, @@ -186,6 +191,11 @@ local function rate_test_set(task, func) if from then from_user = get_local_part(from[1]['addr']) end + -- Get user (authuser) + local auser = task:get_user() + if auser then + func(task, settings['user'], make_rate_key (auser, '', nil)) + end if not from_user or not rcpts_user[1] then -- Nothing to check @@ -270,6 +280,8 @@ local function parse_limit(str) set_limit(settings['bounce_to'], params[2], params[3]) elseif params[1] == 'bounce_to_ip' then set_limit(settings['bounce_to_ip'], params[2], params[3]) + elseif params[1] == 'user' then + set_limit(settings['user'], params[2], params[3]) else rspamd_logger.err('invalid limit type: ' .. params[1]) end -- cgit v1.2.3