1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
|
--[[
Copyright (c) 2011-2015, Vsevolod Stakhov <vsevolod@highsecure.ru>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
]]--
if confighelp then
return
end
-- 0 or 1 received: = spam
local symbol = 'ONCE_RECEIVED'
local symbol_rdns = 'RDNS_NONE'
local symbol_rdns_dnsfail = 'RDNS_DNSFAIL'
local symbol_mx = 'DIRECT_TO_MX'
-- Symbol for strict checks
local symbol_strict = nil
local bad_hosts = {}
local good_hosts = {}
local whitelist = nil
local rspamd_logger = require "rspamd_logger"
local fun = require "fun"
local N = 'once_received'
local check_local = false
local check_authed = false
local function check_quantity_received (task)
local recvh = task:get_received_headers()
local nreceived = fun.reduce(function(acc, rcvd)
return acc + 1
end, 0, fun.filter(function(h)
return not h['artificial']
end, recvh))
local function recv_dns_cb(_, to_resolve, results, err)
if err and (err ~= 'requested record is not found' and err ~= 'no records with this name') then
rspamd_logger.errx(task, 'error looking up %s: %s', to_resolve, err)
task:insert_result(symbol_rdns_dnsfail, 1.0)
end
if not results then
if nreceived <= 1 then
task:insert_result(symbol, 1)
task:insert_result(symbol_strict, 1)
-- Check for MUAs
local ua = task:get_header('User-Agent')
local xm = task:get_header('X-Mailer')
if (ua or xm) then
task:insert_result(symbol_mx, 1, (ua or xm))
end
end
task:insert_result(symbol_rdns, 1)
else
rspamd_logger.infox(task, 'source hostname has not been passed to Rspamd from MTA, ' ..
' but we could resolve source IP address PTR %s as "%s"',
to_resolve, results[1])
task:set_hostname(results[1])
if good_hosts then
for _,gh in ipairs(good_hosts) do
if string.find(results[1], gh) then
return
end
end
end
if nreceived <= 1 then
task:insert_result(symbol, 1)
for _,h in ipairs(bad_hosts) do
if string.find(results[1], h) then
task:insert_result(symbol_strict, 1, h)
return
end
end
end
end
end
local task_ip = task:get_ip()
if ((not check_authed and task:get_user()) or
(not check_local and task_ip and task_ip:is_local())) then
rspamd_logger.infox(task, 'Skipping once_received for authenticated user or local network')
return
end
if whitelist and task_ip and whitelist:get_key(task_ip) then
rspamd_logger.infox(task, 'whitelisted mail from %s',
task_ip:to_string())
return
end
local hn = task:get_hostname()
-- Here we don't care about received
if (not hn) and task_ip and task_ip:is_valid() then
task:get_resolver():resolve_ptr({task = task,
name = task_ip:to_string(),
callback = recv_dns_cb,
forced = true
})
return
end
if nreceived <= 1 then
local ret = true
local r = recvh[1]
if not r then
return
end
if r['real_hostname'] then
local rhn = string.lower(r['real_hostname'])
-- Check for good hostname
if rhn and good_hosts then
for _,gh in ipairs(good_hosts) do
if string.find(rhn, gh) then
ret = false
break
end
end
end
end
if ret then
-- Strict checks
if symbol_strict then
-- Unresolved host
task:insert_result(symbol, 1)
if not hn then return end
for _,h in ipairs(bad_hosts) do
if string.find(hn, h) then
task:insert_result(symbol_strict, 1, h)
return
end
end
else
task:insert_result(symbol, 1)
end
end
end
end
local function try_opts(where)
local ret = false
local opts = rspamd_config:get_all_opt(where)
if type(opts) == 'table' then
if type(opts['check_local']) == 'boolean' then
check_local = opts['check_local']
ret = true
end
if type(opts['check_authed']) == 'boolean' then
check_authed = opts['check_authed']
ret = true
end
end
return ret
end
if not try_opts(N) then try_opts('options') end
-- Configuration
local opts = rspamd_config:get_all_opt(N)
if opts then
if opts['symbol'] then
symbol = opts['symbol']
local id = rspamd_config:register_symbol({
name = symbol,
callback = check_quantity_received,
})
for n,v in pairs(opts) do
if n == 'symbol_strict' then
symbol_strict = v
elseif n == 'symbol_rdns' then
symbol_rdns = v
elseif n == 'symbol_rdns_dnsfail' then
symbol_rdns_dnsfail = v
elseif n == 'bad_host' then
if type(v) == 'string' then
bad_hosts[1] = v
else
bad_hosts = v
end
elseif n == 'good_host' then
if type(v) == 'string' then
good_hosts[1] = v
else
good_hosts = v
end
elseif n == 'whitelist' then
whitelist = rspamd_map_add('once_received', 'whitelist', 'radix',
'once received whitelist')
elseif n == 'symbol_mx' then
symbol_mx = v
end
end
rspamd_config:register_symbol({
name = symbol_rdns,
type = 'virtual',
parent = id
})
rspamd_config:register_symbol({
name = symbol_rdns_dnsfail,
type = 'virtual',
parent = id
})
rspamd_config:register_symbol({
name = symbol_strict,
type = 'virtual',
parent = id
})
rspamd_config:register_symbol({
name = symbol_mx,
type = 'virtual',
parent = id
})
end
end
|