2016-12-09 21:39:02 +02:00
rspamd_config.MAILCOW_AUTH = {
callback = function ( task )
local uname = task : get_user ( )
if uname then
return 1
end
end
}
2020-03-04 12:53:07 +02:00
local monitoring_hosts = rspamd_config : add_map {
url = " /etc/rspamd/custom/monitoring_nolog.map " ,
description = " Monitoring hosts " ,
type = " regexp "
}
2020-02-09 20:08:28 +02:00
2020-09-23 11:21:28 +02:00
rspamd_config : register_symbol ( {
name = ' SMTP_ACCESS ' ,
type = ' postfilter ' ,
callback = function ( task )
local util = require ( " rspamd_util " )
local rspamd_logger = require " rspamd_logger "
local rspamd_ip = require ' rspamd_ip '
local uname = task : get_user ( )
local limited_access = task : get_symbol ( " SMTP_LIMITED_ACCESS " )
if not uname then
return false
end
if not limited_access then
return false
end
local hash_key = ' SMTP_ALLOW_NETS_ ' .. uname
local redis_params = rspamd_parse_redis_server ( ' smtp_access ' )
local ip = task : get_from_ip ( )
if ip == nil or not ip : is_valid ( ) then
return false
end
local from_ip_string = tostring ( ip )
smtp_access_table = { from_ip_string }
local maxbits = 128
local minbits = 32
if ip : get_version ( ) == 4 then
maxbits = 32
minbits = 8
end
for i = maxbits , minbits , - 1 do
local nip = ip : apply_mask ( i ) : to_string ( ) .. " / " .. i
table.insert ( smtp_access_table , nip )
end
local function smtp_access_cb ( err , data )
if err then
rspamd_logger.infox ( rspamd_config , " smtp_access query request for ip %s returned invalid or empty data ( \" %s \" ) or error ( \" %s \" ) " , ip , data , err )
return false
else
rspamd_logger.infox ( rspamd_config , " checking ip %s for smtp_access in %s " , from_ip_string , hash_key )
for k , v in pairs ( data ) do
if ( v and v ~= userdata and v == ' 1 ' ) then
rspamd_logger.infox ( rspamd_config , " found ip in smtp_access map " )
task : insert_result ( true , ' SMTP_ACCESS ' , 0.0 , from_ip_string )
return true
end
end
rspamd_logger.infox ( rspamd_config , " couldnt find ip in smtp_access map " )
task : insert_result ( true , ' SMTP_ACCESS ' , 999.0 , from_ip_string )
return true
end
end
table.insert ( smtp_access_table , 1 , hash_key )
local redis_ret_user = rspamd_redis_make_request ( task ,
redis_params , -- connect params
hash_key , -- hash key
false , -- is write
smtp_access_cb , --callback
' HMGET ' , -- command
smtp_access_table -- arguments
)
if not redis_ret_user then
rspamd_logger.infox ( rspamd_config , " cannot check smtp_access redis map " )
end
end ,
priority = 10
} )
2020-10-25 11:34:13 +02:00
rspamd_config : register_symbol ( {
name = ' POSTMASTER_HANDLER ' ,
type = ' prefilter ' ,
callback = function ( task )
local rcpts = task : get_recipients ( ' smtp ' )
local rspamd_logger = require " rspamd_logger "
local lua_util = require " lua_util "
local from = task : get_from ( 1 )
-- not applying to mails with more than one rcpt to avoid bypassing filters by addressing postmaster
if rcpts and # rcpts == 1 then
for _ , rcpt in ipairs ( rcpts ) do
local rcpt_split = rspamd_str_split ( rcpt [ ' addr ' ] , ' @ ' )
if # rcpt_split == 2 then
if rcpt_split [ 1 ] == ' postmaster ' then
task : set_pre_result ( ' accept ' , ' whitelisting postmaster smtp rcpt ' )
return
end
end
end
end
if from then
for _ , fr in ipairs ( from ) do
local fr_split = rspamd_str_split ( fr [ ' addr ' ] , ' @ ' )
if # fr_split == 2 then
2020-10-29 21:29:14 +02:00
if fr_split [ 1 ] == ' postmaster ' and task : get_user ( ) then
2020-10-25 11:34:13 +02:00
-- no whitelist, keep signatures
2020-10-29 21:29:14 +02:00
task : insert_result ( true , ' POSTMASTER_FROM ' , - 2500.0 )
2020-10-25 11:34:13 +02:00
return
end
end
end
end
end ,
2020-10-27 08:20:54 +02:00
priority = 10
2020-10-16 18:27:19 +02:00
} )
2018-09-09 09:47:47 +02:00
rspamd_config : register_symbol ( {
name = ' KEEP_SPAM ' ,
type = ' prefilter ' ,
callback = function ( task )
local util = require ( " rspamd_util " )
local rspamd_logger = require " rspamd_logger "
local rspamd_ip = require ' rspamd_ip '
local uname = task : get_user ( )
2018-09-11 19:35:21 +02:00
2018-09-09 09:47:47 +02:00
if uname then
return false
end
2018-09-11 19:35:21 +02:00
2018-09-09 09:47:47 +02:00
local redis_params = rspamd_parse_redis_server ( ' keep_spam ' )
local ip = task : get_from_ip ( )
2018-09-11 19:35:21 +02:00
2019-10-12 13:14:34 +02:00
if ip == nil or not ip : is_valid ( ) then
2018-09-11 19:35:21 +02:00
return false
end
2018-09-12 15:50:42 +02:00
local from_ip_string = tostring ( ip )
2018-09-09 09:47:47 +02:00
ip_check_table = { from_ip_string }
2018-09-11 19:35:21 +02:00
2018-09-09 09:47:47 +02:00
local maxbits = 128
local minbits = 32
if ip : get_version ( ) == 4 then
maxbits = 32
minbits = 8
end
for i = maxbits , minbits , - 1 do
local nip = ip : apply_mask ( i ) : to_string ( ) .. " / " .. i
table.insert ( ip_check_table , nip )
end
local function keep_spam_cb ( err , data )
if err then
rspamd_logger.infox ( rspamd_config , " keep_spam query request for ip %s returned invalid or empty data ( \" %s \" ) or error ( \" %s \" ) " , ip , data , err )
return false
else
for k , v in pairs ( data ) do
if ( v and v ~= userdata and v == ' 1 ' ) then
2020-09-23 11:21:28 +02:00
rspamd_logger.infox ( rspamd_config , " found ip in keep_spam map, setting pre-result " )
task : set_pre_result ( ' accept ' , ' ip matched with forward hosts ' )
2018-09-09 09:47:47 +02:00
end
end
end
end
table.insert ( ip_check_table , 1 , ' KEEP_SPAM ' )
local redis_ret_user = rspamd_redis_make_request ( task ,
redis_params , -- connect params
' KEEP_SPAM ' , -- hash key
false , -- is write
keep_spam_cb , --callback
' HMGET ' , -- command
ip_check_table -- arguments
)
if not redis_ret_user then
rspamd_logger.infox ( rspamd_config , " cannot check keep_spam redis map " )
end
end ,
priority = 19
} )
2020-02-09 20:08:28 +02:00
rspamd_config : register_symbol ( {
name = ' TLS_HEADER ' ,
type = ' postfilter ' ,
callback = function ( task )
local rspamd_logger = require " rspamd_logger "
local tls_tag = task : get_request_header ( ' TLS-Version ' )
if type ( tls_tag ) == ' nil ' then
task : set_milter_reply ( {
add_headers = { [ ' X-Last-TLS-Session-Version ' ] = ' None ' }
} )
else
task : set_milter_reply ( {
add_headers = { [ ' X-Last-TLS-Session-Version ' ] = tostring ( tls_tag ) }
} )
end
end ,
priority = 12
} )
2017-03-16 14:42:56 +02:00
rspamd_config : register_symbol ( {
name = ' TAG_MOO ' ,
type = ' postfilter ' ,
callback = function ( task )
local util = require ( " rspamd_util " )
local rspamd_logger = require " rspamd_logger "
2020-10-27 08:20:54 +02:00
local redis_params = rspamd_parse_redis_server ( ' taghandler ' )
local rspamd_http = require " rspamd_http "
local rcpts = task : get_recipients ( ' smtp ' )
local lua_util = require " lua_util "
2017-03-12 15:38:20 +02:00
2017-03-16 14:42:56 +02:00
local tagged_rcpt = task : get_symbol ( " TAGGED_RCPT " )
2017-05-08 15:39:33 +02:00
local mailcow_domain = task : get_symbol ( " RCPT_MAILCOW_DOMAIN " )
2017-10-26 12:51:30 +02:00
if tagged_rcpt and tagged_rcpt [ 1 ] . options and mailcow_domain then
2017-03-16 14:42:56 +02:00
local tag = tagged_rcpt [ 1 ] . options [ 1 ]
rspamd_logger.infox ( " found tag: %s " , tag )
local action = task : get_metric_action ( ' default ' )
rspamd_logger.infox ( " metric action now: %s " , action )
2017-03-12 15:38:20 +02:00
2017-03-16 14:42:56 +02:00
if action ~= ' no action ' and action ~= ' greylist ' then
rspamd_logger.infox ( " skipping tag handler for action: %s " , action )
2017-03-17 20:23:25 +02:00
return true
2017-03-16 14:42:56 +02:00
end
2017-03-12 15:38:20 +02:00
2020-10-27 08:20:54 +02:00
local function http_callback ( err_message , code , body , headers )
if body ~= nil and body ~= " " then
2020-10-28 12:06:33 +02:00
rspamd_logger.infox ( rspamd_config , " expanding rcpt to \" %s \" " , body )
2020-10-27 08:20:54 +02:00
local function tag_callback_subject ( err , data )
if err or type ( data ) ~= ' string ' then
rspamd_logger.infox ( rspamd_config , " subject tag handler rcpt %s returned invalid or empty data ( \" %s \" ) or error ( \" %s \" ) - trying subfolder tag handler... " , body , data , err )
local function tag_callback_subfolder ( err , data )
if err or type ( data ) ~= ' string ' then
rspamd_logger.infox ( rspamd_config , " subfolder tag handler for rcpt %s returned invalid or empty data ( \" %s \" ) or error ( \" %s \" ) " , body , data , err )
else
rspamd_logger.infox ( " Add X-Moo-Tag header " )
task : set_milter_reply ( {
add_headers = { [ ' X-Moo-Tag ' ] = ' YES ' }
} )
end
end
local redis_ret_subfolder = rspamd_redis_make_request ( task ,
redis_params , -- connect params
body , -- hash key
false , -- is write
tag_callback_subfolder , --callback
' HGET ' , -- command
{ ' RCPT_WANTS_SUBFOLDER_TAG ' , body } -- arguments
)
if not redis_ret_subfolder then
rspamd_logger.infox ( rspamd_config , " cannot make request to load tag handler for rcpt " )
end
else
rspamd_logger.infox ( " user wants subject modified for tagged mail " )
local sbj = task : get_header ( ' Subject ' )
new_sbj = ' =?UTF-8?B? ' .. tostring ( util.encode_base64 ( ' [ ' .. tag .. ' ] ' .. sbj ) ) .. ' ?= '
task : set_milter_reply ( {
remove_headers = { [ ' Subject ' ] = 1 } ,
add_headers = { [ ' Subject ' ] = new_sbj }
} )
end
end
local redis_ret_subject = rspamd_redis_make_request ( task ,
redis_params , -- connect params
body , -- hash key
false , -- is write
tag_callback_subject , --callback
' HGET ' , -- command
{ ' RCPT_WANTS_SUBJECT_TAG ' , body } -- arguments
)
if not redis_ret_subject then
rspamd_logger.infox ( rspamd_config , " cannot make request to load tag handler for rcpt " )
end
end
end
if rcpts and # rcpts == 1 then
for _ , rcpt in ipairs ( rcpts ) do
local rcpt_split = rspamd_str_split ( rcpt [ ' addr ' ] , ' @ ' )
if # rcpt_split == 2 then
if rcpt_split [ 1 ] == ' postmaster ' then
rspamd_logger.infox ( rspamd_config , " not expanding postmaster alias " )
else
rspamd_http.request ( {
task = task ,
url = ' http://nginx:8081/aliasexp.php ' ,
body = ' ' ,
callback = http_callback ,
headers = { Rcpt = rcpt [ ' addr ' ] } ,
} )
end
end
end
2017-03-12 15:38:20 +02:00
end
2020-10-27 08:20:54 +02:00
2017-01-09 12:05:33 +02:00
end
2017-03-16 14:42:56 +02:00
end ,
2020-10-27 08:20:54 +02:00
priority = 19
2017-03-16 14:42:56 +02:00
} )
2017-06-26 23:17:46 +02:00
2021-06-03 08:02:03 +02:00
rspamd_config : register_symbol ( {
name = ' BCC ' ,
type = ' postfilter ' ,
callback = function ( task )
local util = require ( " rspamd_util " )
local rspamd_http = require " rspamd_http "
local rspamd_logger = require " rspamd_logger "
local from_table = { }
local rcpt_table = { }
2021-07-09 09:19:06 +02:00
if task : has_symbol ( ' ENCRYPTED_CHAT ' ) then
return -- stop
end
2021-06-03 08:02:03 +02:00
local send_mail = function ( task , bcc_dest )
local lua_smtp = require " lua_smtp "
local function sendmail_cb ( ret , err )
if not ret then
rspamd_logger.errx ( task , ' BCC SMTP ERROR: %s ' , err )
else
rspamd_logger.infox ( rspamd_config , " BCC SMTP SUCCESS TO %s " , bcc_dest )
end
end
if not bcc_dest then
return -- stop
end
lua_smtp.sendmail ( {
task = task ,
2021-06-21 22:02:36 +02:00
host = os.getenv ( " IPV4_NETWORK " ) .. ' .253 ' ,
2021-06-03 08:02:03 +02:00
port = 591 ,
from = task : get_from ( stp ) [ 1 ] . addr ,
recipients = bcc_dest ,
helo = ' bcc ' ,
timeout = 10 ,
} , task : get_content ( ) , sendmail_cb )
end
-- determine from
local from = task : get_from ( ' smtp ' )
if from then
for _ , a in ipairs ( from ) do
table.insert ( from_table , a [ ' addr ' ] ) -- add this rcpt to table
table.insert ( from_table , ' @ ' .. a [ ' domain ' ] ) -- add this rcpts domain to table
end
else
return -- stop
end
-- determine rcpts
local rcpts = task : get_recipients ( ' smtp ' )
if rcpts then
for _ , a in ipairs ( rcpts ) do
table.insert ( rcpt_table , a [ ' addr ' ] ) -- add this rcpt to table
table.insert ( rcpt_table , ' @ ' .. a [ ' domain ' ] ) -- add this rcpts domain to table
end
else
return -- stop
end
local action = task : get_metric_action ( ' default ' )
rspamd_logger.infox ( " metric action now: %s " , action )
local function rcpt_callback ( err_message , code , body , headers )
if err_message == nil and code == 201 and body ~= nil then
if action == ' no action ' or action == ' add header ' or action == ' rewrite subject ' then
send_mail ( task , body )
end
end
end
local function from_callback ( err_message , code , body , headers )
if err_message == nil and code == 201 and body ~= nil then
if action == ' no action ' or action == ' add header ' or action == ' rewrite subject ' then
send_mail ( task , body )
end
end
end
if rcpt_table then
for _ , e in ipairs ( rcpt_table ) do
rspamd_logger.infox ( rspamd_config , " checking bcc for rcpt address %s " , e )
rspamd_http.request ( {
task = task ,
url = ' http://nginx:8081/bcc.php ' ,
body = ' ' ,
callback = rcpt_callback ,
headers = { Rcpt = e }
} )
end
end
if from_table then
for _ , e in ipairs ( from_table ) do
rspamd_logger.infox ( rspamd_config , " checking bcc for from address %s " , e )
rspamd_http.request ( {
task = task ,
url = ' http://nginx:8081/bcc.php ' ,
body = ' ' ,
callback = from_callback ,
headers = { From = e }
} )
end
end
return true
end ,
priority = 20
} )
2017-08-30 21:42:39 +02:00
rspamd_config : register_symbol ( {
name = ' DYN_RL_CHECK ' ,
type = ' prefilter ' ,
callback = function ( task )
local util = require ( " rspamd_util " )
local redis_params = rspamd_parse_redis_server ( ' dyn_rl ' )
local rspamd_logger = require " rspamd_logger "
local envfrom = task : get_from ( 1 )
2018-05-01 22:44:03 +02:00
local uname = task : get_user ( )
2018-04-26 13:51:55 +02:00
if not envfrom or not uname then
2017-10-04 23:16:39 +02:00
return false
end
2018-05-01 22:44:03 +02:00
local uname = uname : lower ( )
2017-08-30 21:42:39 +02:00
local env_from_domain = envfrom [ 1 ] . domain : lower ( ) -- get smtp from domain in lower case
local function redis_cb_user ( err , data )
if err or type ( data ) ~= ' string ' then
2018-04-26 13:51:55 +02:00
rspamd_logger.infox ( rspamd_config , " dynamic ratelimit request for user %s returned invalid or empty data ( \" %s \" ) or error ( \" %s \" ) - trying dynamic ratelimit for domain... " , uname , data , err )
2017-08-30 21:42:39 +02:00
local function redis_key_cb_domain ( err , data )
if err or type ( data ) ~= ' string ' then
rspamd_logger.infox ( rspamd_config , " dynamic ratelimit request for domain %s returned invalid or empty data ( \" %s \" ) or error ( \" %s \" ) " , env_from_domain , data , err )
else
rspamd_logger.infox ( rspamd_config , " found dynamic ratelimit in redis for domain %s with value %s " , env_from_domain , data )
2018-07-15 12:01:28 +02:00
task : insert_result ( ' DYN_RL ' , 0.0 , data , env_from_domain )
2017-08-30 21:42:39 +02:00
end
end
2017-03-08 18:58:00 +02:00
2017-08-30 21:42:39 +02:00
local redis_ret_domain = rspamd_redis_make_request ( task ,
redis_params , -- connect params
env_from_domain , -- hash key
false , -- is write
redis_key_cb_domain , --callback
' HGET ' , -- command
{ ' RL_VALUE ' , env_from_domain } -- arguments
)
if not redis_ret_domain then
rspamd_logger.infox ( rspamd_config , " cannot make request to load ratelimit for domain " )
end
else
2018-04-26 13:51:55 +02:00
rspamd_logger.infox ( rspamd_config , " found dynamic ratelimit in redis for user %s with value %s " , uname , data )
2018-07-15 12:01:28 +02:00
task : insert_result ( ' DYN_RL ' , 0.0 , data , uname )
2017-08-30 21:42:39 +02:00
end
end
local redis_ret_user = rspamd_redis_make_request ( task ,
redis_params , -- connect params
2018-04-26 13:51:55 +02:00
uname , -- hash key
2017-08-30 21:42:39 +02:00
false , -- is write
redis_cb_user , --callback
' HGET ' , -- command
2018-04-26 13:51:55 +02:00
{ ' RL_VALUE ' , uname } -- arguments
2017-08-30 21:42:39 +02:00
)
if not redis_ret_user then
rspamd_logger.infox ( rspamd_config , " cannot make request to load ratelimit for user " )
end
return true
end ,
2019-10-12 13:14:34 +02:00
flags = ' empty ' ,
2017-08-30 21:42:39 +02:00
priority = 20
2017-09-20 15:19:43 +02:00
} )
rspamd_config : register_symbol ( {
2017-09-21 19:25:17 +02:00
name = ' NO_LOG_STAT ' ,
2017-09-20 15:19:43 +02:00
type = ' postfilter ' ,
callback = function ( task )
2017-09-21 19:25:17 +02:00
local from = task : get_header ( ' From ' )
2021-09-07 17:56:20 +02:00
if from and ( monitoring_hosts : get_key ( from ) or from == " watchdog@localhost " ) then
2017-09-20 15:19:43 +02:00
task : set_flag ( ' no_log ' )
task : set_flag ( ' no_stat ' )
end
end
} )
2023-05-08 12:55:38 +02:00
rspamd_config : register_symbol ( {
name = ' MOO_FOOTER ' ,
type = ' prefilter ' ,
callback = function ( task )
local lua_mime = require " lua_mime "
2023-09-12 12:19:46 +02:00
local lua_util = require " lua_util "
2023-05-08 12:55:38 +02:00
local rspamd_logger = require " rspamd_logger "
local rspamd_redis = require " rspamd_redis "
local ucl = require " ucl "
local redis_params = rspamd_parse_redis_server ( ' footer ' )
local envfrom = task : get_from ( 1 )
local uname = task : get_user ( )
if not envfrom or not uname then
return false
end
local uname = uname : lower ( )
local env_from_domain = envfrom [ 1 ] . domain : lower ( ) -- get smtp from domain in lower case
local function newline ( task )
local t = task : get_newlines_type ( )
if t == ' cr ' then
return ' \r '
elseif t == ' lf ' then
return ' \n '
end
return ' \r \n '
end
local function redis_cb_footer ( err , data )
if err or type ( data ) ~= ' string ' then
rspamd_logger.infox ( rspamd_config , " domain wide footer request for user %s returned invalid or empty data ( \" %s \" ) or error ( \" %s \" ) " , uname , data , err )
else
-- parse json string
local parser = ucl.parser ( )
local res , err = parser : parse_string ( data )
if not res then
rspamd_logger.infox ( rspamd_config , " parsing domain wide footer for user %s returned invalid or empty data ( \" %s \" ) or error ( \" %s \" ) " , uname , data , err )
else
local footer = parser : get_object ( )
if footer and type ( footer ) == " table " and ( footer.html or footer.plain ) then
rspamd_logger.infox ( rspamd_config , " found domain wide footer for user %s: html=%s, plain=%s " , uname , footer.html , footer.plain )
2023-09-12 12:19:46 +02:00
local replacements = {
email = uname
}
if footer.html then
footer.html = lua_util.jinja_template ( footer.html , replacements , true )
end
if footer.plain then
footer.plain = lua_util.jinja_template ( footer.plain , replacements , true )
end
2023-05-08 12:55:38 +02:00
-- add footer
local out = { }
local rewrite = lua_mime.add_text_footer ( task , footer.html , footer.plain ) or { }
local seen_cte
local newline_s = newline ( task )
local function rewrite_ct_cb ( name , hdr )
if rewrite.need_rewrite_ct then
if name : lower ( ) == ' content-type ' then
local nct = string.format ( ' %s: %s/%s; charset=utf-8 ' ,
' Content-Type ' , rewrite.new_ct . type , rewrite.new_ct . subtype )
out [ # out + 1 ] = nct
return
elseif name : lower ( ) == ' content-transfer-encoding ' then
out [ # out + 1 ] = string.format ( ' %s: %s ' ,
' Content-Transfer-Encoding ' , ' quoted-printable ' )
seen_cte = true
return
end
end
out [ # out + 1 ] = hdr.raw : gsub ( ' \r ? \n ?$ ' , ' ' )
end
task : headers_foreach ( rewrite_ct_cb , { full = true } )
if not seen_cte and rewrite.need_rewrite_ct then
out [ # out + 1 ] = string.format ( ' %s: %s ' , ' Content-Transfer-Encoding ' , ' quoted-printable ' )
end
-- End of headers
out [ # out + 1 ] = newline_s
if rewrite.out then
for _ , o in ipairs ( rewrite.out ) do
out [ # out + 1 ] = o
end
else
out [ # out + 1 ] = task : get_rawbody ( )
end
local out_parts = { }
for _ , o in ipairs ( out ) do
if type ( o ) ~= ' table ' then
out_parts [ # out_parts + 1 ] = o
out_parts [ # out_parts + 1 ] = newline_s
else
out_parts [ # out_parts + 1 ] = o [ 1 ]
if o [ 2 ] then
out_parts [ # out_parts + 1 ] = newline_s
end
end
end
task : set_message ( out_parts )
else
rspamd_logger.infox ( rspamd_config , " domain wide footer request for user %s returned invalid or empty data ( \" %s \" ) " , uname , data )
end
end
end
end
local redis_ret_footer = rspamd_redis_make_request ( task ,
redis_params , -- connect params
env_from_domain , -- hash key
false , -- is write
redis_cb_footer , --callback
' HGET ' , -- command
{ " DOMAIN_WIDE_FOOTER " , env_from_domain } -- arguments
)
if not redis_ret_footer then
rspamd_logger.infox ( rspamd_config , " cannot make request to load footer for domain " )
end
return true
end ,
priority = 1
} )