[Rspamd] Remove DKIM forced action, move ratelimit lua, add meta exporter
parent
c8f41cdae2
commit
873222d5f8
|
@ -1 +0,0 @@
|
||||||
1
|
|
|
@ -17,7 +17,7 @@ $opt = [
|
||||||
];
|
];
|
||||||
try {
|
try {
|
||||||
$pdo = new PDO($dsn, $database_user, $database_pass, $opt);
|
$pdo = new PDO($dsn, $database_user, $database_pass, $opt);
|
||||||
$stmt = $pdo->query("SELECT * FROM `filterconf`");
|
$stmt = $pdo->query("SELECT '1' FROM `filterconf`");
|
||||||
}
|
}
|
||||||
catch (PDOException $e) {
|
catch (PDOException $e) {
|
||||||
echo 'settings { }';
|
echo 'settings { }';
|
||||||
|
|
|
@ -1,4 +1,8 @@
|
||||||
MX_IMPLICIT {
|
MX_IMPLICIT {
|
||||||
expression = "MX_GOOD and MX_MISSING";
|
expression = "MX_GOOD and MX_MISSING";
|
||||||
score = -0.01;
|
score = -0.01;
|
||||||
|
}
|
||||||
|
VIRUS_FOUND {
|
||||||
|
expression = "CLAM_VIRUS & !MAILCOW_WHITE";
|
||||||
|
score = 2000;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,14 +1,4 @@
|
||||||
rules {
|
rules {
|
||||||
DKIM_FAIL {
|
|
||||||
action = "add header";
|
|
||||||
expression = "R_DKIM_REJECT & !MAILLIST & !MAILCOW_WHITE & !MAILCOW_BLACK";
|
|
||||||
require_action = ["no action", "greylist", "soft reject"];
|
|
||||||
}
|
|
||||||
VIRUS_FOUND {
|
|
||||||
action = "reject";
|
|
||||||
expression = "CLAM_VIRUS & !MAILCOW_WHITE";
|
|
||||||
honor_action = ["reject"];
|
|
||||||
}
|
|
||||||
WHITELIST_FORWARDING_HOST_NO_REJECT {
|
WHITELIST_FORWARDING_HOST_NO_REJECT {
|
||||||
action = "add header";
|
action = "add header";
|
||||||
expression = "WHITELISTED_FWD_HOST";
|
expression = "WHITELISTED_FWD_HOST";
|
||||||
|
@ -19,9 +9,4 @@ rules {
|
||||||
expression = "WHITELISTED_FWD_HOST";
|
expression = "WHITELISTED_FWD_HOST";
|
||||||
require_action = ["greylist", "soft reject"];
|
require_action = ["greylist", "soft reject"];
|
||||||
}
|
}
|
||||||
ADD_UNAUTH_SUBJ {
|
|
||||||
action = "rewrite subject";
|
|
||||||
subject = "[Unauth] %s";
|
|
||||||
expression = "SPOOFED_SENDER";
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,8 +7,7 @@ classifier "bayes" {
|
||||||
servers = "redis:6379";
|
servers = "redis:6379";
|
||||||
min_tokens = 11;
|
min_tokens = 11;
|
||||||
min_learns = 20;
|
min_learns = 20;
|
||||||
autolearn = true;
|
autolearn = [-20, 50];
|
||||||
|
|
||||||
per_user = <<EOD
|
per_user = <<EOD
|
||||||
return function(task)
|
return function(task)
|
||||||
local rcpt = task:get_recipients(1)
|
local rcpt = task:get_recipients(1)
|
||||||
|
|
|
@ -0,0 +1,155 @@
|
||||||
|
<?php
|
||||||
|
// File size is limited by Nginx site to 10M
|
||||||
|
// To speed things up, we do not include prerequisites
|
||||||
|
header('Content-Type: text/plain');
|
||||||
|
require_once "vars.inc.php";
|
||||||
|
// Do not show errors, we log to using error_log
|
||||||
|
ini_set('error_reporting', 0);
|
||||||
|
// Init database
|
||||||
|
$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
|
||||||
|
$opt = [
|
||||||
|
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
||||||
|
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
|
||||||
|
PDO::ATTR_EMULATE_PREPARES => false,
|
||||||
|
];
|
||||||
|
try {
|
||||||
|
$pdo = new PDO($dsn, $database_user, $database_pass, $opt);
|
||||||
|
}
|
||||||
|
catch (PDOException $e) {
|
||||||
|
http_response_code(501);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
// Init Redis
|
||||||
|
$redis = new Redis();
|
||||||
|
$redis->connect('redis-mailcow', 6379);
|
||||||
|
|
||||||
|
// Functions
|
||||||
|
function parse_email($email) {
|
||||||
|
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) return false;
|
||||||
|
$a = strrpos($email, '@');
|
||||||
|
return array('local' => substr($email, 0, $a), 'domain' => substr(substr($email, $a), 1));
|
||||||
|
}
|
||||||
|
if (!function_exists('getallheaders')) {
|
||||||
|
function getallheaders() {
|
||||||
|
if (!is_array($_SERVER)) {
|
||||||
|
return array();
|
||||||
|
}
|
||||||
|
$headers = array();
|
||||||
|
foreach ($_SERVER as $name => $value) {
|
||||||
|
if (substr($name, 0, 5) == 'HTTP_') {
|
||||||
|
$headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $headers;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$raw_data = file_get_contents('php://input');
|
||||||
|
$headers = getallheaders();
|
||||||
|
|
||||||
|
$qid = $headers['X-Rspamd-Qid'];
|
||||||
|
$score = $headers['X-Rspamd-Score'];
|
||||||
|
$rcpts = $headers['X-Rspamd-Rcpt'];
|
||||||
|
$user = $headers['X-Rspamd-User'];
|
||||||
|
$ip = $headers['X-Rspamd-Ip'];
|
||||||
|
$action = $headers['X-Rspamd-Action'];
|
||||||
|
$sender = $headers['X-Rspamd-From'];
|
||||||
|
$symbols = $headers['X-Rspamd-Symbols'];
|
||||||
|
|
||||||
|
$raw_size = (int)$_SERVER['CONTENT_LENGTH'];
|
||||||
|
|
||||||
|
try {
|
||||||
|
if ($max_size = $redis->Get('Q_MAX_SIZE')) {
|
||||||
|
if (!empty($max_size) && ($max_size * 1048576) < $raw_size) {
|
||||||
|
error_log(sprintf("Message too large: %d exceeds %d", $raw_size, ($max_size * 1048576)));
|
||||||
|
http_response_code(505);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($exclude_domains = $redis->Get('Q_EXCLUDE_DOMAINS')) {
|
||||||
|
$exclude_domains = json_decode($exclude_domains, true);
|
||||||
|
}
|
||||||
|
$retention_size = (int)$redis->Get('Q_RETENTION_SIZE');
|
||||||
|
}
|
||||||
|
catch (RedisException $e) {
|
||||||
|
error_log($e);
|
||||||
|
http_response_code(504);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
$filtered_rcpts = array();
|
||||||
|
foreach (json_decode($rcpts, true) as $rcpt) {
|
||||||
|
$parsed_mail = parse_email($rcpt);
|
||||||
|
if (in_array($parsed_mail['domain'], $exclude_domains)) {
|
||||||
|
error_log(sprintf("Skipped domain %s", $parsed_mail['domain']));
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
$stmt = $pdo->prepare("SELECT `goto` FROM `alias`
|
||||||
|
WHERE
|
||||||
|
(
|
||||||
|
`address` = :rcpt
|
||||||
|
OR
|
||||||
|
`address` IN (
|
||||||
|
SELECT username FROM mailbox, alias_domain
|
||||||
|
WHERE (alias_domain.alias_domain = :domain_part
|
||||||
|
AND mailbox.username = CONCAT(:local_part, '@', alias_domain.target_domain)
|
||||||
|
AND mailbox.active = '1'
|
||||||
|
AND alias_domain.active='1')
|
||||||
|
)
|
||||||
|
)
|
||||||
|
AND `active`= '1';");
|
||||||
|
$stmt->execute(array(
|
||||||
|
':rcpt' => $rcpt,
|
||||||
|
':local_part' => $parsed_mail['local'],
|
||||||
|
':domain_part' => $parsed_mail['domain']
|
||||||
|
));
|
||||||
|
$gotos = $stmt->fetch(PDO::FETCH_ASSOC)['goto'];
|
||||||
|
if (!empty($gotos)) {
|
||||||
|
$filtered_rcpts = array_unique(array_merge($filtered_rcpts, explode(',', $gotos)));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
catch (PDOException $e) {
|
||||||
|
error_log($e->getMessage());
|
||||||
|
http_response_code(502);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
foreach ($filtered_rcpts as $rcpt) {
|
||||||
|
|
||||||
|
try {
|
||||||
|
$stmt = $pdo->prepare("INSERT INTO `quarantaine` (`qid`, `score`, `sender`, `rcpt`, `symbols`, `user`, `ip`, `msg`, `action`)
|
||||||
|
VALUES (:qid, :score, :sender, :rcpt, :symbols, :user, :ip, :msg, :action)");
|
||||||
|
$stmt->execute(array(
|
||||||
|
':qid' => $qid,
|
||||||
|
':score' => $score,
|
||||||
|
':sender' => $sender,
|
||||||
|
':rcpt' => $rcpt,
|
||||||
|
':symbols' => $symbols,
|
||||||
|
':user' => $user,
|
||||||
|
':ip' => $ip,
|
||||||
|
':msg' => $raw_data,
|
||||||
|
':action' => $action
|
||||||
|
));
|
||||||
|
$stmt = $pdo->prepare('DELETE FROM `quarantaine` WHERE `id` NOT IN (
|
||||||
|
SELECT `id`
|
||||||
|
FROM (
|
||||||
|
SELECT `id`
|
||||||
|
FROM `quarantaine`
|
||||||
|
WHERE `rcpt` = :rcpt
|
||||||
|
ORDER BY id DESC
|
||||||
|
LIMIT :retention_size
|
||||||
|
) x
|
||||||
|
);');
|
||||||
|
$stmt->execute(array(
|
||||||
|
':rcpt' => $rcpt,
|
||||||
|
':retention_size' => $retention_size
|
||||||
|
));
|
||||||
|
}
|
||||||
|
catch (PDOException $e) {
|
||||||
|
error_log($e->getMessage());
|
||||||
|
http_response_code(503);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
<?php
|
||||||
|
require_once('../../../web/inc/vars.inc.php');
|
||||||
|
?>
|
|
@ -1,3 +1,4 @@
|
||||||
type = "console";
|
type = "console";
|
||||||
systemd = false;
|
systemd = false;
|
||||||
.include "$CONFDIR/logging.inc"
|
.include "$CONFDIR/logging.inc"
|
||||||
|
.include(try=true; priority=20) "$CONFDIR/override.d/logging.custom.inc"
|
||||||
|
|
|
@ -9,6 +9,6 @@ rates {
|
||||||
}
|
}
|
||||||
whitelisted_rcpts = "postmaster,mailer-daemon";
|
whitelisted_rcpts = "postmaster,mailer-daemon";
|
||||||
max_rcpt = 5;
|
max_rcpt = 5;
|
||||||
custom_keywords = "/etc/rspamd/custom/ratelimit.lua";
|
custom_keywords = "/etc/rspamd/lua/ratelimit.lua";
|
||||||
user_keywords = ["user", "customrl"];
|
user_keywords = ["user", "customrl"];
|
||||||
dynamic_rates = { customrl = "customrl"}
|
dynamic_rates = { customrl = "customrl"}
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
bind_socket = "*:11334";
|
bind_socket = "*:11334";
|
||||||
enable_password = "$2$pppq86q9uns51zd5ekfxecj7bxwaefo3$p7f9xdhamydjhtypcr639it3kqeiknx3dk9on7skjypyi8uwwcmy";
|
|
||||||
secure_ip = "192.168.0.0/16";
|
secure_ip = "192.168.0.0/16";
|
||||||
secure_ip = "172.16.0.0/12";
|
secure_ip = "172.16.0.0/12";
|
||||||
secure_ip = "10.0.0.0/8";
|
secure_ip = "10.0.0.0/8";
|
||||||
secure_ip = "127.0.0.1";
|
secure_ip = "127.0.0.1";
|
||||||
secure_ip = "::1";
|
secure_ip = "::1";
|
||||||
secure_ip = "fd4d:6169:6c63:6f77::/64"
|
secure_ip = "fd4d:6169:6c63:6f77::/64"
|
||||||
|
.include(try=true; priority=10) "$CONFDIR/override.d/worker-controller-password.inc"
|
||||||
|
.include(try=true; priority=20) "$CONFDIR/override.d/worker-controller.custom.inc"
|
||||||
|
|
|
@ -1,2 +1,3 @@
|
||||||
bind_socket = "*:11333";
|
bind_socket = "*:11333";
|
||||||
task_timeout = 12s;
|
task_timeout = 12s;
|
||||||
|
.include(try=true; priority=20) "$CONFDIR/override.d/worker-normal.custom.inc"
|
||||||
|
|
|
@ -5,3 +5,4 @@ upstream {
|
||||||
default = true;
|
default = true;
|
||||||
hosts = "rspamd:11333"
|
hosts = "rspamd:11333"
|
||||||
}
|
}
|
||||||
|
.include(try=true; priority=20) "$CONFDIR/override.d/worker-proxy.custom.inc"
|
||||||
|
|
Loading…
Reference in New Issue