[Rspamd] Update bad asn, move KEEP_SPAM to a custom lua function

2018-09-09 09:47:47 +02:00 · 2018-09-09 09:47:47 +02:00 · afc18fd469
parent 8a88514dfd
commit afc18fd469
3 changed files with 62 additions and 22 deletions
--- a/data/conf/rspamd/custom/bad_asn.map
+++ b/data/conf/rspamd/custom/bad_asn.map
@ -1,11 +1,10 @@
 # High spam networks, disabled by default
 #201942:5 #Soltia Consulting SL - ipinfo.io
-#16276:5 #OVH
-#12876:5 #ONLINE S.A.S
-#31034:5
-#12874:5
-#30823:5
-#197071:5
+#16276:2 #OVH
+#12876:2 #ONLINE S.A.S
+#31034:5 #ARUBA-ASN, IT
+#12874:5 #FASTWEB, IT
+#30823:3 #PKV spam
 #42831:5 #UK Dedicated Servers Ltd
 #29119:5 #Aire Networks del Mediterraneo S.L.U.
 #13335:5 #Cloudflare
@ -17,7 +16,7 @@
 #14061:4 #Digitalocean
 #55293:4 #A2 Hosting
 #63018:4 #US Dedicated
-#197518:2
+#197518:2 #RACKMARKT
 #44493:2
 #46606:2
 #49505:2
@ -25,3 +24,5 @@
 #197695:2
 #198068:2
 #43146:2
+#49100:4
+#39364:4
--- a/data/conf/rspamd/local.d/multimap.conf
+++ b/data/conf/rspamd/local.d/multimap.conf
@ -25,13 +25,6 @@ WHITELISTED_FWD_HOST {
  symbols_set = ["WHITELISTED_FWD_HOST"];
 }

-KEEP_SPAM {
-  type = "ip";
-  map = "redis://KEEP_SPAM";
-  action = "accept";
-  symbols_set = ["KEEP_SPAM"];
-}
-
 LOCAL_BL_ASN {
  require_symbols = "!MAILCOW_WHITE";
  type = "asn";
@ -40,11 +33,3 @@ LOCAL_BL_ASN {
  description = "Sender's ASN is on the local blacklist";
  symbols_set = ["LOCAL_BL_ASN"];
 }
-
-#SPOOFED_SENDER {
-#  type = "rcpt";
-#  filter = "email:domain:tld";
-#  map = "redis://DOMAIN_MAP";
-#  require_symbols = "AUTH_NA | !RCVD_VIA_SMTP_AUTH";
-#  symbols_set = ["SPOOFED_SENDER"];
-#}
--- a/data/conf/rspamd/lua/rspamd.local.lua
+++ b/data/conf/rspamd/lua/rspamd.local.lua
@ -7,6 +7,60 @@ rspamd_config.MAILCOW_AUTH = {
 	end
 }

+rspamd_config:register_symbol({
+  name = 'KEEP_SPAM',
+  type = 'prefilter',
+  callback = function(task)
+    local util = require("rspamd_util")
+    local rspamd_logger = require "rspamd_logger"
+    local rspamd_ip = require 'rspamd_ip'
+    local uname = task:get_user()
+    if uname then
+      return false
+    end
+    local redis_params = rspamd_parse_redis_server('keep_spam')
+    local ip = task:get_from_ip()
+    local from_ip_string = ip:to_string()
+    ip_check_table = {from_ip_string}
+    local maxbits = 128
+    local minbits = 32
+    if ip:get_version() == 4 then
+        maxbits = 32
+        minbits = 8
+    end
+    for i=maxbits,minbits,-1 do
+      local nip = ip:apply_mask(i):to_string() .. "/" .. i
+      table.insert(ip_check_table, nip)
+    end
+    local function keep_spam_cb(err, data)
+      if err then
+        rspamd_logger.infox(rspamd_config, "keep_spam query request for ip %s returned invalid or empty data (\"%s\") or error (\"%s\")", ip, data, err)
+        return false
+      else
+        for k,v in pairs(data) do
+          if (v and v ~= userdata and v == '1') then
+            rspamd_logger.infox(rspamd_config, "found ip in keep_spam map, setting pre-result", v)
+            task:set_pre_result('accept', 'IP matched with forward hosts')
+          end
+        end
+      end
+    end
+    table.insert(ip_check_table, 1, 'KEEP_SPAM')
+    local redis_ret_user = rspamd_redis_make_request(task,
+      redis_params, -- connect params
+      'KEEP_SPAM', -- hash key
+      false, -- is write
+      keep_spam_cb, --callback
+      'HMGET', -- command
+      ip_check_table -- arguments
+    )
+    if not redis_ret_user then
+      rspamd_logger.infox(rspamd_config, "cannot check keep_spam redis map")
+    end
+  end,
+  priority = 19
+})
+
 rspamd_config:register_symbol({
  name = 'TAG_MOO',
  type = 'postfilter',