2020-11-30 14:45:30 +08:00
-- Load sendgrid ID validator, thanks to https://github.com/fatalbanana
local rspamd_util = require ' rspamd_util '
local f = ' /etc/rspamd/lua/ivm-sg.lua '
if rspamd_util.file_exists ( f ) then
dofile ( f )
end
2016-12-10 03:39:02 +08:00
rspamd_config.MAILCOW_AUTH = {
callback = function ( task )
local uname = task : get_user ( )
if uname then
return 1
end
end
}
2020-03-04 18:53:07 +08:00
local monitoring_hosts = rspamd_config : add_map {
url = " /etc/rspamd/custom/monitoring_nolog.map " ,
description = " Monitoring hosts " ,
type = " regexp "
}
2020-02-10 02:08:28 +08:00
2020-09-23 17:21:28 +08:00
rspamd_config : register_symbol ( {
name = ' SMTP_ACCESS ' ,
type = ' postfilter ' ,
callback = function ( task )
local util = require ( " rspamd_util " )
local rspamd_logger = require " rspamd_logger "
local rspamd_ip = require ' rspamd_ip '
local uname = task : get_user ( )
local limited_access = task : get_symbol ( " SMTP_LIMITED_ACCESS " )
if not uname then
return false
end
if not limited_access then
return false
end
local hash_key = ' SMTP_ALLOW_NETS_ ' .. uname
local redis_params = rspamd_parse_redis_server ( ' smtp_access ' )
local ip = task : get_from_ip ( )
if ip == nil or not ip : is_valid ( ) then
return false
end
local from_ip_string = tostring ( ip )
smtp_access_table = { from_ip_string }
local maxbits = 128
local minbits = 32
if ip : get_version ( ) == 4 then
maxbits = 32
minbits = 8
end
for i = maxbits , minbits , - 1 do
local nip = ip : apply_mask ( i ) : to_string ( ) .. " / " .. i
table.insert ( smtp_access_table , nip )
end
local function smtp_access_cb ( err , data )
if err then
rspamd_logger.infox ( rspamd_config , " smtp_access query request for ip %s returned invalid or empty data ( \" %s \" ) or error ( \" %s \" ) " , ip , data , err )
return false
else
rspamd_logger.infox ( rspamd_config , " checking ip %s for smtp_access in %s " , from_ip_string , hash_key )
for k , v in pairs ( data ) do
if ( v and v ~= userdata and v == ' 1 ' ) then
rspamd_logger.infox ( rspamd_config , " found ip in smtp_access map " )
task : insert_result ( true , ' SMTP_ACCESS ' , 0.0 , from_ip_string )
return true
end
end
rspamd_logger.infox ( rspamd_config , " couldnt find ip in smtp_access map " )
task : insert_result ( true , ' SMTP_ACCESS ' , 999.0 , from_ip_string )
return true
end
end
table.insert ( smtp_access_table , 1 , hash_key )
local redis_ret_user = rspamd_redis_make_request ( task ,
redis_params , -- connect params
hash_key , -- hash key
false , -- is write
smtp_access_cb , --callback
' HMGET ' , -- command
smtp_access_table -- arguments
)
if not redis_ret_user then
rspamd_logger.infox ( rspamd_config , " cannot check smtp_access redis map " )
end
end ,
priority = 10
} )
2020-10-25 17:34:13 +08:00
rspamd_config : register_symbol ( {
name = ' POSTMASTER_HANDLER ' ,
type = ' prefilter ' ,
callback = function ( task )
local rcpts = task : get_recipients ( ' smtp ' )
local rspamd_logger = require " rspamd_logger "
local lua_util = require " lua_util "
local from = task : get_from ( 1 )
-- not applying to mails with more than one rcpt to avoid bypassing filters by addressing postmaster
if rcpts and # rcpts == 1 then
for _ , rcpt in ipairs ( rcpts ) do
local rcpt_split = rspamd_str_split ( rcpt [ ' addr ' ] , ' @ ' )
if # rcpt_split == 2 then
if rcpt_split [ 1 ] == ' postmaster ' then
task : set_pre_result ( ' accept ' , ' whitelisting postmaster smtp rcpt ' )
return
end
end
end
end
if from then
for _ , fr in ipairs ( from ) do
local fr_split = rspamd_str_split ( fr [ ' addr ' ] , ' @ ' )
if # fr_split == 2 then
2020-10-30 03:29:14 +08:00
if fr_split [ 1 ] == ' postmaster ' and task : get_user ( ) then
2020-10-25 17:34:13 +08:00
-- no whitelist, keep signatures
2020-10-30 03:29:14 +08:00
task : insert_result ( true , ' POSTMASTER_FROM ' , - 2500.0 )
2020-10-25 17:34:13 +08:00
return
end
end
end
end
end ,
2020-10-27 14:20:54 +08:00
priority = 10
2020-10-17 00:27:19 +08:00
} )
2018-09-09 15:47:47 +08:00
rspamd_config : register_symbol ( {
name = ' KEEP_SPAM ' ,
type = ' prefilter ' ,
callback = function ( task )
local util = require ( " rspamd_util " )
local rspamd_logger = require " rspamd_logger "
local rspamd_ip = require ' rspamd_ip '
local uname = task : get_user ( )
2018-09-12 01:35:21 +08:00
2018-09-09 15:47:47 +08:00
if uname then
return false
end
2018-09-12 01:35:21 +08:00
2018-09-09 15:47:47 +08:00
local redis_params = rspamd_parse_redis_server ( ' keep_spam ' )
local ip = task : get_from_ip ( )
2018-09-12 01:35:21 +08:00
2019-10-12 19:14:34 +08:00
if ip == nil or not ip : is_valid ( ) then
2018-09-12 01:35:21 +08:00
return false
end
2018-09-12 21:50:42 +08:00
local from_ip_string = tostring ( ip )
2018-09-09 15:47:47 +08:00
ip_check_table = { from_ip_string }
2018-09-12 01:35:21 +08:00
2018-09-09 15:47:47 +08:00
local maxbits = 128
local minbits = 32
if ip : get_version ( ) == 4 then
maxbits = 32
minbits = 8
end
for i = maxbits , minbits , - 1 do
local nip = ip : apply_mask ( i ) : to_string ( ) .. " / " .. i
table.insert ( ip_check_table , nip )
end
local function keep_spam_cb ( err , data )
if err then
rspamd_logger.infox ( rspamd_config , " keep_spam query request for ip %s returned invalid or empty data ( \" %s \" ) or error ( \" %s \" ) " , ip , data , err )
return false
else
for k , v in pairs ( data ) do
if ( v and v ~= userdata and v == ' 1 ' ) then
2020-09-23 17:21:28 +08:00
rspamd_logger.infox ( rspamd_config , " found ip in keep_spam map, setting pre-result " )
task : set_pre_result ( ' accept ' , ' ip matched with forward hosts ' )
2018-09-09 15:47:47 +08:00
end
end
end
end
table.insert ( ip_check_table , 1 , ' KEEP_SPAM ' )
local redis_ret_user = rspamd_redis_make_request ( task ,
redis_params , -- connect params
' KEEP_SPAM ' , -- hash key
false , -- is write
keep_spam_cb , --callback
' HMGET ' , -- command
ip_check_table -- arguments
)
if not redis_ret_user then
rspamd_logger.infox ( rspamd_config , " cannot check keep_spam redis map " )
end
end ,
priority = 19
} )
2020-02-10 02:08:28 +08:00
rspamd_config : register_symbol ( {
name = ' TLS_HEADER ' ,
type = ' postfilter ' ,
callback = function ( task )
local rspamd_logger = require " rspamd_logger "
local tls_tag = task : get_request_header ( ' TLS-Version ' )
if type ( tls_tag ) == ' nil ' then
task : set_milter_reply ( {
add_headers = { [ ' X-Last-TLS-Session-Version ' ] = ' None ' }
} )
else
task : set_milter_reply ( {
add_headers = { [ ' X-Last-TLS-Session-Version ' ] = tostring ( tls_tag ) }
} )
end
end ,
priority = 12
} )
2017-03-16 20:42:56 +08:00
rspamd_config : register_symbol ( {
name = ' TAG_MOO ' ,
type = ' postfilter ' ,
callback = function ( task )
local util = require ( " rspamd_util " )
local rspamd_logger = require " rspamd_logger "
2020-10-27 14:20:54 +08:00
local redis_params = rspamd_parse_redis_server ( ' taghandler ' )
local rspamd_http = require " rspamd_http "
local rcpts = task : get_recipients ( ' smtp ' )
local lua_util = require " lua_util "
2017-03-12 21:38:20 +08:00
2017-03-16 20:42:56 +08:00
local tagged_rcpt = task : get_symbol ( " TAGGED_RCPT " )
2017-05-08 21:39:33 +08:00
local mailcow_domain = task : get_symbol ( " RCPT_MAILCOW_DOMAIN " )
2017-10-26 18:51:30 +08:00
if tagged_rcpt and tagged_rcpt [ 1 ] . options and mailcow_domain then
2017-03-16 20:42:56 +08:00
local tag = tagged_rcpt [ 1 ] . options [ 1 ]
rspamd_logger.infox ( " found tag: %s " , tag )
local action = task : get_metric_action ( ' default ' )
rspamd_logger.infox ( " metric action now: %s " , action )
2017-03-12 21:38:20 +08:00
2017-03-16 20:42:56 +08:00
if action ~= ' no action ' and action ~= ' greylist ' then
rspamd_logger.infox ( " skipping tag handler for action: %s " , action )
2017-03-18 02:23:25 +08:00
return true
2017-03-16 20:42:56 +08:00
end
2017-03-12 21:38:20 +08:00
2020-10-27 14:20:54 +08:00
local function http_callback ( err_message , code , body , headers )
if body ~= nil and body ~= " " then
2020-10-28 18:06:33 +08:00
rspamd_logger.infox ( rspamd_config , " expanding rcpt to \" %s \" " , body )
2020-10-27 14:20:54 +08:00
local function tag_callback_subject ( err , data )
if err or type ( data ) ~= ' string ' then
rspamd_logger.infox ( rspamd_config , " subject tag handler rcpt %s returned invalid or empty data ( \" %s \" ) or error ( \" %s \" ) - trying subfolder tag handler... " , body , data , err )
local function tag_callback_subfolder ( err , data )
if err or type ( data ) ~= ' string ' then
rspamd_logger.infox ( rspamd_config , " subfolder tag handler for rcpt %s returned invalid or empty data ( \" %s \" ) or error ( \" %s \" ) " , body , data , err )
else
rspamd_logger.infox ( " Add X-Moo-Tag header " )
task : set_milter_reply ( {
add_headers = { [ ' X-Moo-Tag ' ] = ' YES ' }
} )
end
end
local redis_ret_subfolder = rspamd_redis_make_request ( task ,
redis_params , -- connect params
body , -- hash key
false , -- is write
tag_callback_subfolder , --callback
' HGET ' , -- command
{ ' RCPT_WANTS_SUBFOLDER_TAG ' , body } -- arguments
)
if not redis_ret_subfolder then
rspamd_logger.infox ( rspamd_config , " cannot make request to load tag handler for rcpt " )
end
else
rspamd_logger.infox ( " user wants subject modified for tagged mail " )
local sbj = task : get_header ( ' Subject ' )
new_sbj = ' =?UTF-8?B? ' .. tostring ( util.encode_base64 ( ' [ ' .. tag .. ' ] ' .. sbj ) ) .. ' ?= '
task : set_milter_reply ( {
remove_headers = { [ ' Subject ' ] = 1 } ,
add_headers = { [ ' Subject ' ] = new_sbj }
} )
end
end
local redis_ret_subject = rspamd_redis_make_request ( task ,
redis_params , -- connect params
body , -- hash key
false , -- is write
tag_callback_subject , --callback
' HGET ' , -- command
{ ' RCPT_WANTS_SUBJECT_TAG ' , body } -- arguments
)
if not redis_ret_subject then
rspamd_logger.infox ( rspamd_config , " cannot make request to load tag handler for rcpt " )
end
end
end
if rcpts and # rcpts == 1 then
for _ , rcpt in ipairs ( rcpts ) do
local rcpt_split = rspamd_str_split ( rcpt [ ' addr ' ] , ' @ ' )
if # rcpt_split == 2 then
if rcpt_split [ 1 ] == ' postmaster ' then
rspamd_logger.infox ( rspamd_config , " not expanding postmaster alias " )
else
rspamd_http.request ( {
task = task ,
url = ' http://nginx:8081/aliasexp.php ' ,
body = ' ' ,
callback = http_callback ,
headers = { Rcpt = rcpt [ ' addr ' ] } ,
} )
end
end
end
2017-03-12 21:38:20 +08:00
end
2020-10-27 14:20:54 +08:00
2017-01-09 18:05:33 +08:00
end
2017-03-16 20:42:56 +08:00
end ,
2020-10-27 14:20:54 +08:00
priority = 19
2017-03-16 20:42:56 +08:00
} )
2017-06-27 05:17:46 +08:00
2017-08-31 03:42:39 +08:00
rspamd_config : register_symbol ( {
name = ' DYN_RL_CHECK ' ,
type = ' prefilter ' ,
callback = function ( task )
local util = require ( " rspamd_util " )
local redis_params = rspamd_parse_redis_server ( ' dyn_rl ' )
local rspamd_logger = require " rspamd_logger "
local envfrom = task : get_from ( 1 )
2018-05-02 04:44:03 +08:00
local uname = task : get_user ( )
2018-04-26 19:51:55 +08:00
if not envfrom or not uname then
2017-10-05 05:16:39 +08:00
return false
end
2018-05-02 04:44:03 +08:00
local uname = uname : lower ( )
2017-08-31 03:42:39 +08:00
local env_from_domain = envfrom [ 1 ] . domain : lower ( ) -- get smtp from domain in lower case
local function redis_cb_user ( err , data )
if err or type ( data ) ~= ' string ' then
2018-04-26 19:51:55 +08:00
rspamd_logger.infox ( rspamd_config , " dynamic ratelimit request for user %s returned invalid or empty data ( \" %s \" ) or error ( \" %s \" ) - trying dynamic ratelimit for domain... " , uname , data , err )
2017-08-31 03:42:39 +08:00
local function redis_key_cb_domain ( err , data )
if err or type ( data ) ~= ' string ' then
rspamd_logger.infox ( rspamd_config , " dynamic ratelimit request for domain %s returned invalid or empty data ( \" %s \" ) or error ( \" %s \" ) " , env_from_domain , data , err )
else
rspamd_logger.infox ( rspamd_config , " found dynamic ratelimit in redis for domain %s with value %s " , env_from_domain , data )
2018-07-15 18:01:28 +08:00
task : insert_result ( ' DYN_RL ' , 0.0 , data , env_from_domain )
2017-08-31 03:42:39 +08:00
end
end
2017-03-09 00:58:00 +08:00
2017-08-31 03:42:39 +08:00
local redis_ret_domain = rspamd_redis_make_request ( task ,
redis_params , -- connect params
env_from_domain , -- hash key
false , -- is write
redis_key_cb_domain , --callback
' HGET ' , -- command
{ ' RL_VALUE ' , env_from_domain } -- arguments
)
if not redis_ret_domain then
rspamd_logger.infox ( rspamd_config , " cannot make request to load ratelimit for domain " )
end
else
2018-04-26 19:51:55 +08:00
rspamd_logger.infox ( rspamd_config , " found dynamic ratelimit in redis for user %s with value %s " , uname , data )
2018-07-15 18:01:28 +08:00
task : insert_result ( ' DYN_RL ' , 0.0 , data , uname )
2017-08-31 03:42:39 +08:00
end
end
local redis_ret_user = rspamd_redis_make_request ( task ,
redis_params , -- connect params
2018-04-26 19:51:55 +08:00
uname , -- hash key
2017-08-31 03:42:39 +08:00
false , -- is write
redis_cb_user , --callback
' HGET ' , -- command
2018-04-26 19:51:55 +08:00
{ ' RL_VALUE ' , uname } -- arguments
2017-08-31 03:42:39 +08:00
)
if not redis_ret_user then
rspamd_logger.infox ( rspamd_config , " cannot make request to load ratelimit for user " )
end
return true
end ,
2019-10-12 19:14:34 +08:00
flags = ' empty ' ,
2017-08-31 03:42:39 +08:00
priority = 20
2017-09-20 21:19:43 +08:00
} )
rspamd_config : register_symbol ( {
2017-09-22 01:25:17 +08:00
name = ' NO_LOG_STAT ' ,
2017-09-20 21:19:43 +08:00
type = ' postfilter ' ,
callback = function ( task )
2017-09-22 01:25:17 +08:00
local from = task : get_header ( ' From ' )
2020-03-04 18:53:07 +08:00
if from and monitoring_hosts : get_key ( from ) then
2017-09-20 21:19:43 +08:00
task : set_flag ( ' no_log ' )
task : set_flag ( ' no_stat ' )
end
end
} )
