2016-12-09 21:39:02 +02:00
rspamd_config.MAILCOW_AUTH = {
callback = function ( task )
local uname = task : get_user ( )
if uname then
return 1
end
end
}
2020-03-04 12:53:07 +02:00
local monitoring_hosts = rspamd_config : add_map {
url = " /etc/rspamd/custom/monitoring_nolog.map " ,
description = " Monitoring hosts " ,
type = " regexp "
}
2020-02-09 20:08:28 +02:00
2020-09-23 11:21:28 +02:00
rspamd_config : register_symbol ( {
name = ' SMTP_ACCESS ' ,
type = ' postfilter ' ,
callback = function ( task )
local util = require ( " rspamd_util " )
local rspamd_logger = require " rspamd_logger "
local rspamd_ip = require ' rspamd_ip '
local uname = task : get_user ( )
local limited_access = task : get_symbol ( " SMTP_LIMITED_ACCESS " )
if not uname then
return false
end
if not limited_access then
return false
end
local hash_key = ' SMTP_ALLOW_NETS_ ' .. uname
local redis_params = rspamd_parse_redis_server ( ' smtp_access ' )
local ip = task : get_from_ip ( )
if ip == nil or not ip : is_valid ( ) then
return false
end
local from_ip_string = tostring ( ip )
smtp_access_table = { from_ip_string }
local maxbits = 128
local minbits = 32
if ip : get_version ( ) == 4 then
maxbits = 32
minbits = 8
end
for i = maxbits , minbits , - 1 do
local nip = ip : apply_mask ( i ) : to_string ( ) .. " / " .. i
table.insert ( smtp_access_table , nip )
end
local function smtp_access_cb ( err , data )
if err then
rspamd_logger.infox ( rspamd_config , " smtp_access query request for ip %s returned invalid or empty data ( \" %s \" ) or error ( \" %s \" ) " , ip , data , err )
return false
else
rspamd_logger.infox ( rspamd_config , " checking ip %s for smtp_access in %s " , from_ip_string , hash_key )
for k , v in pairs ( data ) do
if ( v and v ~= userdata and v == ' 1 ' ) then
rspamd_logger.infox ( rspamd_config , " found ip in smtp_access map " )
task : insert_result ( true , ' SMTP_ACCESS ' , 0.0 , from_ip_string )
return true
end
end
rspamd_logger.infox ( rspamd_config , " couldnt find ip in smtp_access map " )
task : insert_result ( true , ' SMTP_ACCESS ' , 999.0 , from_ip_string )
return true
end
end
table.insert ( smtp_access_table , 1 , hash_key )
local redis_ret_user = rspamd_redis_make_request ( task ,
redis_params , -- connect params
hash_key , -- hash key
false , -- is write
smtp_access_cb , --callback
' HMGET ' , -- command
smtp_access_table -- arguments
)
if not redis_ret_user then
rspamd_logger.infox ( rspamd_config , " cannot check smtp_access redis map " )
end
end ,
priority = 10
} )
2020-10-16 18:27:19 +02:00
rspamd_config : register_symbol ( {
name = ' DIRECT_ALIAS_EXPANDER ' ,
type = ' prefilter ' ,
callback = function ( task )
local rspamd_http = require " rspamd_http "
local rcpts = task : get_recipients ( ' smtp ' )
local rspamd_logger = require " rspamd_logger "
local function http_callback ( err_message , code , body , headers )
if body ~= nil and body ~= " " then
rspamd_logger.infox ( rspamd_config , " expanding alias to \" %s \" " , body )
local final = { }
local rcpt = { }
final.addr = body
table.insert ( rcpt , final )
task : set_recipients ( ' smtp ' , rcpt )
end
end
if rcpts and # rcpts == 1 then
for _ , rcpt in ipairs ( rcpts ) do
rspamd_http.request ( {
task = task ,
url = ' http://nginx:8081/aliasexp.php ' ,
body = task : get_content ( ) ,
callback = http_callback ,
headers = { Rcpt = rcpt [ ' addr ' ] } ,
} )
end
end
end ,
2020-10-16 18:39:22 +02:00
priority = 19
2020-10-16 18:27:19 +02:00
} )
2018-09-09 09:47:47 +02:00
rspamd_config : register_symbol ( {
name = ' KEEP_SPAM ' ,
type = ' prefilter ' ,
callback = function ( task )
local util = require ( " rspamd_util " )
local rspamd_logger = require " rspamd_logger "
local rspamd_ip = require ' rspamd_ip '
local uname = task : get_user ( )
2018-09-11 19:35:21 +02:00
2018-09-09 09:47:47 +02:00
if uname then
return false
end
2018-09-11 19:35:21 +02:00
2018-09-09 09:47:47 +02:00
local redis_params = rspamd_parse_redis_server ( ' keep_spam ' )
local ip = task : get_from_ip ( )
2018-09-11 19:35:21 +02:00
2019-10-12 13:14:34 +02:00
if ip == nil or not ip : is_valid ( ) then
2018-09-11 19:35:21 +02:00
return false
end
2018-09-12 15:50:42 +02:00
local from_ip_string = tostring ( ip )
2018-09-09 09:47:47 +02:00
ip_check_table = { from_ip_string }
2018-09-11 19:35:21 +02:00
2018-09-09 09:47:47 +02:00
local maxbits = 128
local minbits = 32
if ip : get_version ( ) == 4 then
maxbits = 32
minbits = 8
end
for i = maxbits , minbits , - 1 do
local nip = ip : apply_mask ( i ) : to_string ( ) .. " / " .. i
table.insert ( ip_check_table , nip )
end
local function keep_spam_cb ( err , data )
if err then
rspamd_logger.infox ( rspamd_config , " keep_spam query request for ip %s returned invalid or empty data ( \" %s \" ) or error ( \" %s \" ) " , ip , data , err )
return false
else
for k , v in pairs ( data ) do
if ( v and v ~= userdata and v == ' 1 ' ) then
2020-09-23 11:21:28 +02:00
rspamd_logger.infox ( rspamd_config , " found ip in keep_spam map, setting pre-result " )
task : set_pre_result ( ' accept ' , ' ip matched with forward hosts ' )
2018-09-09 09:47:47 +02:00
end
end
end
end
table.insert ( ip_check_table , 1 , ' KEEP_SPAM ' )
local redis_ret_user = rspamd_redis_make_request ( task ,
redis_params , -- connect params
' KEEP_SPAM ' , -- hash key
false , -- is write
keep_spam_cb , --callback
' HMGET ' , -- command
ip_check_table -- arguments
)
if not redis_ret_user then
rspamd_logger.infox ( rspamd_config , " cannot check keep_spam redis map " )
end
end ,
priority = 19
} )
2020-02-09 20:08:28 +02:00
rspamd_config : register_symbol ( {
name = ' TLS_HEADER ' ,
type = ' postfilter ' ,
callback = function ( task )
local rspamd_logger = require " rspamd_logger "
local tls_tag = task : get_request_header ( ' TLS-Version ' )
if type ( tls_tag ) == ' nil ' then
task : set_milter_reply ( {
add_headers = { [ ' X-Last-TLS-Session-Version ' ] = ' None ' }
} )
else
task : set_milter_reply ( {
add_headers = { [ ' X-Last-TLS-Session-Version ' ] = tostring ( tls_tag ) }
} )
end
end ,
priority = 12
} )
2017-03-16 14:42:56 +02:00
rspamd_config : register_symbol ( {
name = ' TAG_MOO ' ,
type = ' postfilter ' ,
callback = function ( task )
local util = require ( " rspamd_util " )
local rspamd_logger = require " rspamd_logger "
2017-03-12 15:38:20 +02:00
2017-03-16 14:42:56 +02:00
local tagged_rcpt = task : get_symbol ( " TAGGED_RCPT " )
2017-05-08 15:39:33 +02:00
local mailcow_domain = task : get_symbol ( " RCPT_MAILCOW_DOMAIN " )
2017-10-26 12:51:30 +02:00
if tagged_rcpt and tagged_rcpt [ 1 ] . options and mailcow_domain then
2017-03-16 14:42:56 +02:00
local tag = tagged_rcpt [ 1 ] . options [ 1 ]
rspamd_logger.infox ( " found tag: %s " , tag )
local action = task : get_metric_action ( ' default ' )
rspamd_logger.infox ( " metric action now: %s " , action )
2017-03-12 15:38:20 +02:00
2017-03-16 14:42:56 +02:00
if action ~= ' no action ' and action ~= ' greylist ' then
rspamd_logger.infox ( " skipping tag handler for action: %s " , action )
task : set_metric_action ( ' default ' , action )
2017-03-17 20:23:25 +02:00
return true
2017-03-16 14:42:56 +02:00
end
2017-03-12 15:38:20 +02:00
2017-05-08 15:39:33 +02:00
local wants_subject_tag = task : get_symbol ( " RCPT_WANTS_SUBJECT_TAG " )
2018-01-16 17:31:37 +02:00
local wants_subfolder_tag = task : get_symbol ( " RCPT_WANTS_SUBFOLDER_TAG " )
2017-01-09 12:05:33 +02:00
2018-01-16 17:31:37 +02:00
if wants_subject_tag then
2017-05-08 15:39:33 +02:00
rspamd_logger.infox ( " user wants subject modified for tagged mail " )
local sbj = task : get_header ( ' Subject ' )
new_sbj = ' =?UTF-8?B? ' .. tostring ( util.encode_base64 ( ' [ ' .. tag .. ' ] ' .. sbj ) ) .. ' ?= '
2017-06-06 22:00:34 +02:00
task : set_milter_reply ( {
2017-05-08 15:39:33 +02:00
remove_headers = { [ ' Subject ' ] = 1 } ,
add_headers = { [ ' Subject ' ] = new_sbj }
} )
2018-01-16 17:31:37 +02:00
elseif wants_subfolder_tag then
2017-05-08 15:39:33 +02:00
rspamd_logger.infox ( " Add X-Moo-Tag header " )
2017-06-06 22:00:34 +02:00
task : set_milter_reply ( {
2017-05-08 15:39:33 +02:00
add_headers = { [ ' X-Moo-Tag ' ] = ' YES ' }
} )
2017-03-12 15:38:20 +02:00
end
2017-01-09 12:05:33 +02:00
end
2017-03-16 14:42:56 +02:00
end ,
2017-05-29 21:53:47 +02:00
priority = 11
2017-03-16 14:42:56 +02:00
} )
2017-06-26 23:17:46 +02:00
2017-08-30 21:42:39 +02:00
rspamd_config : register_symbol ( {
name = ' DYN_RL_CHECK ' ,
type = ' prefilter ' ,
callback = function ( task )
local util = require ( " rspamd_util " )
local redis_params = rspamd_parse_redis_server ( ' dyn_rl ' )
local rspamd_logger = require " rspamd_logger "
local envfrom = task : get_from ( 1 )
2018-05-01 22:44:03 +02:00
local uname = task : get_user ( )
2018-04-26 13:51:55 +02:00
if not envfrom or not uname then
2017-10-04 23:16:39 +02:00
return false
end
2018-05-01 22:44:03 +02:00
local uname = uname : lower ( )
2017-08-30 21:42:39 +02:00
local env_from_domain = envfrom [ 1 ] . domain : lower ( ) -- get smtp from domain in lower case
local function redis_cb_user ( err , data )
if err or type ( data ) ~= ' string ' then
2018-04-26 13:51:55 +02:00
rspamd_logger.infox ( rspamd_config , " dynamic ratelimit request for user %s returned invalid or empty data ( \" %s \" ) or error ( \" %s \" ) - trying dynamic ratelimit for domain... " , uname , data , err )
2017-08-30 21:42:39 +02:00
local function redis_key_cb_domain ( err , data )
if err or type ( data ) ~= ' string ' then
rspamd_logger.infox ( rspamd_config , " dynamic ratelimit request for domain %s returned invalid or empty data ( \" %s \" ) or error ( \" %s \" ) " , env_from_domain , data , err )
else
rspamd_logger.infox ( rspamd_config , " found dynamic ratelimit in redis for domain %s with value %s " , env_from_domain , data )
2018-07-15 12:01:28 +02:00
task : insert_result ( ' DYN_RL ' , 0.0 , data , env_from_domain )
2017-08-30 21:42:39 +02:00
end
end
2017-03-08 18:58:00 +02:00
2017-08-30 21:42:39 +02:00
local redis_ret_domain = rspamd_redis_make_request ( task ,
redis_params , -- connect params
env_from_domain , -- hash key
false , -- is write
redis_key_cb_domain , --callback
' HGET ' , -- command
{ ' RL_VALUE ' , env_from_domain } -- arguments
)
if not redis_ret_domain then
rspamd_logger.infox ( rspamd_config , " cannot make request to load ratelimit for domain " )
end
else
2018-04-26 13:51:55 +02:00
rspamd_logger.infox ( rspamd_config , " found dynamic ratelimit in redis for user %s with value %s " , uname , data )
2018-07-15 12:01:28 +02:00
task : insert_result ( ' DYN_RL ' , 0.0 , data , uname )
2017-08-30 21:42:39 +02:00
end
end
local redis_ret_user = rspamd_redis_make_request ( task ,
redis_params , -- connect params
2018-04-26 13:51:55 +02:00
uname , -- hash key
2017-08-30 21:42:39 +02:00
false , -- is write
redis_cb_user , --callback
' HGET ' , -- command
2018-04-26 13:51:55 +02:00
{ ' RL_VALUE ' , uname } -- arguments
2017-08-30 21:42:39 +02:00
)
if not redis_ret_user then
rspamd_logger.infox ( rspamd_config , " cannot make request to load ratelimit for user " )
end
return true
end ,
2019-10-12 13:14:34 +02:00
flags = ' empty ' ,
2017-08-30 21:42:39 +02:00
priority = 20
2017-09-20 15:19:43 +02:00
} )
rspamd_config : register_symbol ( {
2017-09-21 19:25:17 +02:00
name = ' NO_LOG_STAT ' ,
2017-09-20 15:19:43 +02:00
type = ' postfilter ' ,
callback = function ( task )
2017-09-21 19:25:17 +02:00
local from = task : get_header ( ' From ' )
2020-03-04 12:53:07 +02:00
if from and monitoring_hosts : get_key ( from ) then
2017-09-20 15:19:43 +02:00
task : set_flag ( ' no_log ' )
task : set_flag ( ' no_stat ' )
end
end
} )