Add multimap and forced actions for forwarded_hosts, removed from settings

data/conf/rspamd/dynmaps/forwardinghosts.php

@@ -1,56 +1,44 @@
 <?php
 header('Content-Type: text/plain');
-require_once "vars.inc.php";
-
 ini_set('error_reporting', 0);
 
-function in_net($addr, $net)
-{
-	$net = explode('/', $net);
-	if (count($net) > 1)
-		$mask = $net[1];
-	$net = inet_pton($net[0]);
-	$addr = inet_pton($addr);
-
-	$length = strlen($net); // 4 for IPv4, 16 for IPv6
-	if (strlen($net) != strlen($addr))
-		return FALSE;
-	if (!isset($mask))
-		$mask = $length * 8;
+$redis = new Redis();
+$redis->connect('redis-mailcow', 6379);
 
-	$addr_bin = '';
-	$net_bin = '';
-	for ($i = 0; $i < $length; ++$i)
-	{
-		$addr_bin .= str_pad(decbin(ord(substr($addr, $i, $i+1))), 8, '0', STR_PAD_LEFT);
-		$net_bin .= str_pad(decbin(ord(substr($net, $i, $i+1))), 8, '0', STR_PAD_LEFT);
-	}
-
-	return substr($addr_bin, 0, $mask) == substr($net_bin, 0, $mask);
+function in_net($addr, $net) {
+  $net = explode('/', $net);
+  if (count($net) > 1) {
+    $mask = $net[1];
+  }
+  $net = inet_pton($net[0]);
+  $addr = inet_pton($addr);
+  $length = strlen($net); // 4 for IPv4, 16 for IPv6
+  if (strlen($net) != strlen($addr)) {
+    return false;
+  }
+  if (!isset($mask)) {
+    $mask = $length * 8;
+  }
+  $addr_bin = '';
+  $net_bin = '';
+  for ($i = 0; $i < $length; ++$i) {
+    $addr_bin .= str_pad(decbin(ord(substr($addr, $i, $i+1))), 8, '0', STR_PAD_LEFT);
+    $net_bin .= str_pad(decbin(ord(substr($net, $i, $i+1))), 8, '0', STR_PAD_LEFT);
+  }
+  return substr($addr_bin, 0, $mask) == substr($net_bin, 0, $mask);
 }
 
-$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
-$opt = [
-    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
-    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
-    PDO::ATTR_EMULATE_PREPARES   => false,
-];
 try {
-  $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
-  $stmt = $pdo->query("SELECT host FROM `forwarding_hosts`");
-  $networks = $stmt->fetchAll(PDO::FETCH_COLUMN);
-  foreach ($networks as $network)
-  {
-    if (in_net($_GET['host'], $network))
-    {
-      echo '200 permit';
+  foreach ($redis->hGetAll('WHITELISTED_FWD_HOST') as $host => $source) {
+    if (in_net($_GET['host'], $host)) {
+      echo '200 PERMIT';
       exit;
     }
   }
-  echo '200 dunno';
+  echo '200 DUNNO';
 }
-catch (PDOException $e) {
-  echo '200 dunno';
+catch (RedisException $e) {
+  echo '200 DUNNO';
   exit;
 }
 ?>

data/conf/rspamd/dynmaps/settings.php

@@ -31,67 +31,7 @@ catch (PDOException $e) {
 
 ?>
 settings {
-
-/*
-// Start whitelist for forwarding hosts
-*/
-
-<?php
-try {
-	$stmt = $pdo->query("SELECT `host` FROM `forwarding_hosts` WHERE `filter_spam` = 1");
-	$rows = $stmt->fetchAll(PDO::FETCH_COLUMN);
-}
-catch (PDOException $e) {
-	$rows = array();
-}
-
-if (!empty($rows)) {
-?>
-	whitelist_forwarding_hosts_with_spam_filter {
-		priority = high;
 <?php
-foreach ($rows as $host):
-?>
-		ip = "<?=$host;?>";
-<?php
-endforeach;
-?>
-		apply "default" {
-			actions {
-				reject = 999.9;
-				greylist = 999.8;
-			}
-		}
-		symbols [
-			"WHITELIST_FORWARDING_HOST"
-		]
-	}
-<?php
-}
-
-try {
-	$stmt = $pdo->query("SELECT `host` FROM `forwarding_hosts` WHERE `filter_spam` = 0");
-	$rows = $stmt->fetchAll(PDO::FETCH_COLUMN);
-}
-catch (PDOException $e) {
-	$rows = array();
-}
-
-if (!empty($rows)) {
-?>
-	whitelist_forwarding_hosts {
-		priority = high;
-<?php
-foreach ($rows as $host):
-?>
-		ip = "<?=$host;?>";
-<?php
-endforeach;
-?>
-		want_spam = yes;
-	}
-<?php
-}
 
 /*
 // Start custom scores for users

data/conf/rspamd/local.d/force_actions.conf

@@ -9,4 +9,14 @@ rules {
     expression = "CLAM_VIRUS & !MAILCOW_WHITE";
     honor_action = ["reject"];
   }
+  WHITELIST_FORWARDING_HOST_NO_REJECT {
+    action = "add header";
+    expression = "WHITELIST_FORWARDING_HOST";
+    require_action = ["soft reject", "reject"];
+  }
+  WHITELIST_FORWARDING_HOST_NO_GREYLIST {
+    action = "no action";
+    expression = "WHITELIST_FORWARDING_HOST";
+    require_action = ["greylist"];
+  }
 }

data/conf/rspamd/local.d/multimap.conf

@@ -9,3 +9,14 @@ RCPT_WANTS_SUBJECT_TAG {
   filter = "email:addr"
   map = "redis://RCPT_WANTS_SUBJECT_TAG"
 }
+
+WHITELISTED_FWD_HOST {
+  type = "ip";
+  map = "redis://WHITELISTED_FWD_HOST"
+}
+
+KEEP_SPAM {
+  type = "ip";
+  map = "redis://KEEP_SPAM"
+  action = "accept";
+}