[Rspamd] Handle Postmaster in and outbound as trusted

2020-10-25 10:34:13 +01:00 · 2020-10-25 10:34:13 +01:00 · 7bcb9414ab
parent 988c21657b
commit 7bcb9414ab
3 changed files with 56 additions and 19 deletions
--- a/data/conf/rspamd/lua/rspamd.local.lua
+++ b/data/conf/rspamd/lua/rspamd.local.lua
@ -87,6 +87,45 @@ rspamd_config:register_symbol({
  priority = 10
 })

+rspamd_config:register_symbol({
+  name = 'POSTMASTER_HANDLER',
+  type = 'prefilter',
+  callback = function(task)
+  local rcpts = task:get_recipients('smtp')
+  local rspamd_logger = require "rspamd_logger"
+  local lua_util = require "lua_util"
+  local from = task:get_from(1)
+
+  -- not applying to mails with more than one rcpt to avoid bypassing filters by addressing postmaster
+  if rcpts and #rcpts == 1 then
+    for _,rcpt in ipairs(rcpts) do
+      local rcpt_split = rspamd_str_split(rcpt['addr'], '@')
+      if #rcpt_split == 2 then
+        if rcpt_split[1] == 'postmaster' then
+          task:set_pre_result('accept', 'whitelisting postmaster smtp rcpt')
+          return
+        end
+      end
+    end
+  end
+
+  if from then
+    for _,fr in ipairs(from) do
+      local fr_split = rspamd_str_split(fr['addr'], '@')
+      if #fr_split == 2 then
+        if fr_split[1] == 'postmaster' then
+          -- no whitelist, keep signatures
+          task:insert_result(true, 'POSTMASTER_FROM', -2500.0, from_ip_string)
+          return
+        end
+      end
+    end
+  end
+
+  end,
+  priority = 19
+})
+
 rspamd_config:register_symbol({
  name = 'DIRECT_ALIAS_EXPANDER',
  type = 'prefilter',
@ -94,6 +133,7 @@ rspamd_config:register_symbol({
  local rspamd_http = require "rspamd_http"
  local rcpts = task:get_recipients('smtp')
  local rspamd_logger = require "rspamd_logger"
+  local lua_util = require "lua_util"

  local function http_callback(err_message, code, body, headers)
    if body ~= nil and body ~= "" then
@ -108,18 +148,25 @@ rspamd_config:register_symbol({

  if rcpts and #rcpts == 1 then
  for _,rcpt in ipairs(rcpts) do
-    rspamd_http.request({
-      task=task,
-      url='http://nginx:8081/aliasexp.php',
-      body='',
-      callback=http_callback,
-      headers={Rcpt=rcpt['addr']},
-    })
+    local rcpt_split = rspamd_str_split(rcpt['addr'], '@')
+    if #rcpt_split == 2 then
+      if rcpt_split[1] == 'postmaster' then
+        rspamd_logger.infox(rspamd_config, "not expanding postmaster alias")
+      end
+    else
+      rspamd_http.request({
+        task=task,
+        url='http://nginx:8081/aliasexp.php',
+        body='',
+        callback=http_callback,
+        headers={Rcpt=rcpt['addr']},
+      })
+    end
  end
  end

  end,
-  priority = 19
+  priority = 18
 })

 rspamd_config:register_symbol({
--- a/data/conf/rspamd/override.d/logging.inc
+++ b/data/conf/rspamd/override.d/logging.inc
@ -1,4 +1,4 @@
-level = "silent";
+level = "info";
 type = "console";
 systemd = false;
 .include "$CONFDIR/logging.inc"
--- a/data/web/inc/presets/rspamd/preset_2.yml
+++ b/data/web/inc/presets/rspamd/preset_2.yml
@ -1,10 +0,0 @@
-headline: lang.rsettings_preset_2
-content: |
-  priority = 10;
-  rcpt = "/postmaster@.*/";
-  apply {
-    symbols_enabled = ["DKIM_SIGNED", "HISTORY_SAVE", "MILTER_HEADERS", "ARC_SIGNED"];
-  actions {
-      greylist = null;
-    }
-  }