aboutsummaryrefslogtreecommitdiffstats
path: root/rules/mid.lua
blob: 14c701cf648af107772874251f5653d38c5f063b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
--[[
Copyright (c) 2022, Vsevolod Stakhov <vsevolod@rspamd.com>
Copyright (c) 2016, Steve Freegard <steve@freegard.name>

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
]]--
local rspamd_util = require "rspamd_util"
local function mid_check_func(task)
  local mid = task:get_header('Message-ID')
  if not mid then return false end
  -- Check for 'bare' IP addresses in RHS
  if mid:find("@%d+%.%d+%.%d+%.%d+>$") then
    task:insert_result('MID_BARE_IP', 1.0)
  end
  -- Check for non-FQDN RHS
  if mid:find("@[^%.]+>?$") then
    task:insert_result('MID_RHS_NOT_FQDN', 1.0)
  end
  -- Check for missing <>'s
  if not mid:find('^<[^>]+>$') then
    task:insert_result('MID_MISSING_BRACKETS', 1.0)
  end
  -- Check for IP literal in RHS
  if mid:find("@%[%d+%.%d+%.%d+%.%d+%]") then
    task:insert_result('MID_RHS_IP_LITERAL', 1.0)
  end
  -- Check From address attributes against MID
  local from = task:get_from(2)
  local fd
  if (from and from[1] and from[1].domain and from[1].domain ~= '') then
    fd = from[1].domain:lower()
    local _,_,md = mid:find("@([^>]+)>?$")
    -- See if all or part of the From address
    -- can be found in the Message-ID
    -- extract tld
    local fdtld = nil
    local mdtld = nil
    if md then
      fdtld = rspamd_util.get_tld(fd)
      mdtld = rspamd_util.get_tld(md)
    end
    if (mid:lower():find(from[1].addr:lower(),1,true)) then
      task:insert_result('MID_CONTAINS_FROM', 1.0)
    elseif (md and fd == md:lower()) then
      task:insert_result('MID_RHS_MATCH_FROM', 1.0)
    elseif (mdtld ~= nil and fdtld ~= nil and mdtld:lower() == fdtld) then
      task:insert_result('MID_RHS_MATCH_FROMTLD', 1.0)
    end
  end
  -- Check To address attributes against MID
  local to = task:get_recipients(2)
  if (to and to[1] and to[1].domain and to[1].domain ~= '') then
    local td = to[1].domain:lower()
    local _,_,md = mid:find("@([^>]+)>?$")
    -- Skip if from domain == to domain
    if ((fd and fd ~= td) or not fd) then
      -- See if all or part of the To address
      -- can be found in the Message-ID
      if (mid:lower():find(to[1].addr:lower(),1,true)) then
        task:insert_result('MID_CONTAINS_TO', 1.0)
      elseif (md and td == md:lower()) then
        task:insert_result('MID_RHS_MATCH_TO', 1.0)
      end
    end
  end
end

-- MID checks from Steve Freegard
local check_mid_id = rspamd_config:register_symbol({
  name = 'CHECK_MID',
  score = 0.0,
  group = 'mid',
  type = 'callback,mime',
  callback = mid_check_func
})
rspamd_config:register_virtual_symbol('MID_BARE_IP', 1.0, check_mid_id)
rspamd_config:set_metric_symbol('MID_BARE_IP', 2.0, 'Message-ID RHS is a bare IP address', 'default', 'Message ID')
rspamd_config:register_virtual_symbol('MID_RHS_NOT_FQDN', 1.0, check_mid_id)
rspamd_config:set_metric_symbol('MID_RHS_NOT_FQDN', 0.5,
    'Message-ID RHS is not a fully-qualified domain name', 'default', 'Message ID')
rspamd_config:register_virtual_symbol('MID_MISSING_BRACKETS', 1.0, check_mid_id)
rspamd_config:set_metric_symbol('MID_MISSING_BRACKETS', 0.5, 'Message-ID is missing <>\'s', 'default', 'Message ID')
rspamd_config:register_virtual_symbol('MID_RHS_IP_LITERAL', 1.0, check_mid_id)
rspamd_config:set_metric_symbol('MID_RHS_IP_LITERAL', 0.5, 'Message-ID RHS is an IP-literal', 'default', 'Message ID')
rspamd_config:register_virtual_symbol('MID_CONTAINS_FROM', 1.0, check_mid_id)
rspamd_config:set_metric_symbol('MID_CONTAINS_FROM', 1.0, 'Message-ID contains From address', 'default', 'Message ID')
rspamd_config:register_virtual_symbol('MID_RHS_MATCH_FROM', 1.0, check_mid_id)
rspamd_config:set_metric_symbol('MID_RHS_MATCH_FROM', 0.0,
    'Message-ID RHS matches From domain', 'default', 'Message ID')
rspamd_config:register_virtual_symbol('MID_RHS_MATCH_FROMTLD', 1.0, check_mid_id)
rspamd_config:set_metric_symbol('MID_RHS_MATCH_FROMTLD', 0.0,
    'Message-ID RHS matches From domain tld', 'default', 'Message ID')
rspamd_config:register_virtual_symbol('MID_CONTAINS_TO', 1.0, check_mid_id)
rspamd_config:set_metric_symbol('MID_CONTAINS_TO', 1.0, 'Message-ID contains To address', 'default', 'Message ID')
rspamd_config:register_virtual_symbol('MID_RHS_MATCH_TO', 1.0, check_mid_id)
rspamd_config:set_metric_symbol('MID_RHS_MATCH_TO', 1.0, 'Message-ID RHS matches To domain', 'default', 'Message ID')

-- Another check from https://github.com/rspamd/rspamd/issues/4299
rspamd_config:register_symbol {
  type = 'normal,mime',
  group = 'mid',
  name = 'MID_END_EQ_FROM_USER_PART',
  description = 'Message-ID RHS (after @) and MIME from local part are the same',
  score = 4.0,

  callback = function(task)
    local mid = task:get_header('Message-ID')
    if not mid then return end
    local mime_from = task:get_from('mime')
    local _,_,mid_realm = mid:find("@([a-z]+)>?$")
    if mid_realm and mime_from and mime_from[1] and mime_from[1].user then
      if (mid_realm == mime_from[1].user) then
        return true
      end
    end
  end
}